The Manus Decision: China’s First AI Security Review Block and Implications for Cross-Border AI Investment

In April 2026, China’s National Development and Reform Commission (NDRC) blocked the acquisition of Manus, a Chinese-founded AI agent startup, by a major US technology company. This was the first publicly confirmed use of China’s foreign investment security review mechanism to unwind a cross-border AI transaction. The decision has significant implications for US venture capital funds, strategic acquirers, and institutional allocators with exposure to China-origin technology companies.

This LawFlash analyzes the regulatory logic behind the decision, the structural dynamics that led to it, and the bilateral risk framework that investors must now navigate.

KEY TAKEAWAYS

• Origin over domicile. Offshore restructuring no longer insulates China-origin technology from Chinese regulatory jurisdiction. Both China and the United States now apply a “substance over form” approach, looking through corporate structures to the origin of the underlying technology.
• Restructuring redistributes risk. The contractual mechanisms commonly used to restructure China-origin companies for US investment—entity dissolution, team relocation, market separation—do not eliminate regulatory risk. They may redistribute it between jurisdictions, creating exposure on both sides simultaneously.
• Bilateral convergence. Each jurisdiction’s assertion of authority over restructured entities provides evidence to the other that the entity has not truly left its original regulatory perimeter. The result is a convergence that narrows the space for compliant cross-border structuring.

THE REGULATORY ACTION

The transaction involved Manus, a Chinese-founded AI agent company that had undergone a complete offshore restructuring: the original Chinese entity was dissolved, the core team relocated to Singapore, and a new Cayman/Singapore holding structure was established. The company subsequently raised US-dollar venture funding and entered into an acquisition agreement with a major US technology company at a valuation of approximately $2 billion.

China’s NDRC initiated a security review of the Manus acquisition under the Measures for the Security Review of Foreign Investment, [1] which review concluded with a formal order requiring the transaction to be unwound and the pre-deal state restored—despite the original Chinese entity having been dissolved and the team having physically relocated.

The decision established a critical principle: the NDRC looked through Manus’s offshore structure and focused on the origin of the technology, i.e., where it was developed, where the engineering team accumulated its expertise, and how the intellectual property was transferred out of the original Chinese entity. Because these factors pointed to China, the NDRC asserted jurisdiction regardless of the company’s current domicile.

UNDERSTANDING THE REGULATORY LOGIC

Why the Security Review Mechanism

China’s regulators chose the security review mechanism over export controls for a practical reason: the existing technology export control catalog does not specifically cover AI agents, large language models (LLMs), or generative AI systems. [2]

The security review mechanism operates on a broader principles-based standard—“important information technology that may affect national security”—and does not require regulators to identify a specific controlled technology. It also provides the power to order a completed transaction unwound while export controls do not.

Three Institutional Interests

The decision serves three durable institutional interests that are likely to persist regardless of the political climate. First, it addresses the concern that domestic R&D investment—supported by public funding, university research programs, and talent development infrastructure—could be extracted through corporate restructuring for exclusive use abroad.

Second, it preserves the credibility of the security review regime itself; a successful exit would have established a replicable template for circumvention. Third, it reflects a broader international trend toward regulatory reciprocity in technology investment screening, a principle that both major jurisdictions now apply. [3]

Enforceability

A natural question for investors is whether such decisions can be enforced against parties that have relocated offshore. The answer depends on the degree of remaining nexus between the parties and China.

Enforcement leverage may include the acquirer’s ongoing commercial interests in the Chinese market (supply chain relationships, revenue streams, market access), the founders’ personal and familial ties within China, and the company’s residual operational connections (employees, data, customer relationships).

The practical implication is that enforceability is not binary but rather proportional to the parties’ remaining China nexus. Transactions involving founders with no personal ties to China and acquirers with no Chinese commercial exposure present a different risk profile than those where significant connections remain.

For most China-origin AI companies some combination of these nexus points will exist, making enforcement a credible risk rather than a theoretical one.

THE STRUCTURAL DYNAMIC: HOW INVESTOR PRACTICES INTERACT WITH REGULATORY RISK

The Pressure Chain

The implementation of US outbound investment rules in January 2025 [4] has created a cascading effect through the investment chain. Institutional allocators face increasing scrutiny over “China exposure” in their alternative investment portfolios. This pressure flows to GPs, who in turn require portfolio companies with Chinese origins to restructure as a condition of investment or continued support.

The result is a structural incentive for China-origin companies to undertake aggressive offshore restructurings—dissolving domestic entities, relocating teams, and severing market access—to access US capital. This pattern has now been observed across multiple high-profile AI companies over the last several years, suggesting a systemic phenomenon rather than an isolated occurrence.

Contractual Mechanisms and Their Regulatory Implications

Three categories of contractual mechanisms are commonly employed in these restructurings, each designed to reduce US regulatory exposure but each carrying potential implications under Chinese law:

• Regulatory trigger clauses. Provisions requiring share repurchase if the company becomes subject to adverse regulatory action. While protective of investor downside, these create incentives for aggressive restructuring steps that may themselves attract regulatory attention.
• Relocation requirements. Requirements for key personnel to physically relocate outside of China and for domestic operations to be wound down. This addresses US concerns about technology access but directly engages the interests that China’s security review is designed to protect.
• Market separation. Requirements to cease serving the Chinese market, which may include blocking domestic IP addresses, removing local-language interfaces, and discontinuing local payment acceptance. This demonstrates separation for US regulatory purposes but may be viewed as evidence of coordinated technology extraction under Chinese regulatory frameworks.

The critical observation is that these mechanisms do not eliminate regulatory risk but instead redistribute it between jurisdictions. Reducing exposure on one side may simultaneously increase exposure on the other. If the Chinese side blocks an exit, the investor’s position is impaired regardless of the contractual protections negotiated at entry.

THE BILATERAL FEEDBACK LOOP

The most significant structural consequence of this decision is the feedback loop it creates between the two regulatory regimes.

Prior to this decision, a reasonable argument existed that once a China-origin company completed its offshore restructuring, it was no longer a “covered foreign person” under the US outbound investment rules. The company had formally severed its Chinese ties. US investors could arguably participate without triggering notification or prohibition requirements.

This decision fundamentally complicates that argument. By demonstrating that China retains—and is willing to exercise—the authority to reach back and unwind transactions involving restructured companies, the decision establishes that these entities remain subject to Chinese governmental authority.

This creates a logical basis for US regulators to conclude that the entity has not truly exited the Chinese regulatory perimeter, and that investments in it may still carry the national security concerns the outbound rules were designed to address. [5]

The result is a convergence: China asserts continued jurisdiction based on technological origin, the United States may treat China’s assertion as evidence that the entity remains effectively Chinese, and the company is caught between two regulatory systems with no restructuring path that fully satisfies both. For investors, this means the regulatory risk associated with China-origin AI companies may increase—not decrease—after a restructuring because the restructuring itself draws attention from both sides.

This convergence also has implications at the fund level. If regulators on either side determine that a fund systematically facilitated restructurings designed to circumvent their respective rules, the fund itself—not just the portfolio company—may face scrutiny. This represents a category of risk that is not captured by traditional portfolio risk models.

PRACTICAL CONSIDERATIONS FOR INVESTORS

Enhanced Due Diligence

Due diligence must now extend beyond the current corporate structure to investigate the “jurisdictional origin” of the technology: where the core IP was developed, where the engineering team built its expertise, and how intellectual property was transferred to the current entity. If the answers point to China, the asset carries embedded bilateral regulatory risk regardless of its current domicile.

Bilateral Regulatory Planning

For transactions with a meaningful China nexus, investors should seriously consider building bilateral regulatory conditions into transaction agreements. On the China side, this may involve security review clearance or a determination of nonapplicability.

On the US side, it may involve confirmation that the transaction does not trigger outbound investment restrictions and, where applicable, CFIUS prefiling for exit transactions. The appropriate level of formality will depend on the specific risk profile, but ignoring either jurisdiction entirely is no longer advisable.

Minority Investment Risk

While the Manus decision involved a full acquisition, minority investors should not assume they are outside the risk perimeter. On the China side, the Security Review Measures do not require a change of control to trigger jurisdiction—an investment that confers “material influence” over a target’s personnel, finances, technology, or operations may be sufficient.

On the US side, the outbound investment rules apply to equity investments broadly, not just acquisitions, and may require notification or trigger prohibition depending on the nature of the target’s AI activities.

For venture capital funds, the practical risks are distinct. A minority investor in a restructured China-origin company faces the possibility that a post-closing regulatory action on either side could impair the investment’s value, block exit paths (including IPO or strategic sale), or create compliance exposure for the fund itself.

Unlike an acquirer, a minority investor typically lacks the control rights to manage or mitigate the regulatory response. This asymmetry between exposure and control is a category of risk that warrants specific attention in fund-level due diligence and investment committee processes.

Proportionate Risk Assessment

Not every transaction involving a China-origin company carries the same level of risk. The degree of regulatory exposure is proportional to several factors: the sensitivity and “frontier” nature of the technology, the degree of remaining personal and commercial nexus between the parties and China, the profile and visibility of the transaction counterparty, and the political salience of the sector at the time of the transaction, among others. This applies equally to minority investments and full acquisitions.

Investors should calibrate their approach accordingly rather than applying a uniform framework to all China-origin investments.

Proactive Engagement

For transactions that clearly fall within scope, proactive engagement with relevant regulatory authorities on both sides is advisable. On the China side, the Security Review Measures allow for voluntary filing. [6]

On the US side, engagement procedures vary by program. For inbound investment under the Committee on Foreign Investment in the United States (CFIUS), while the Committee does not issue advisory opinions as to whether a transaction raises national security concerns or constitutes a covered transaction, a prefiling mechanism is available to streamline the review process.

Regarding the US Treasury Department’s Outbound Investment Security Program, although the COINS Act directs Treasury to establish an advisory opinion procedure, this has not yet been implemented; currently, there is no advisory opinion process or prefiling mechanism available for outbound transactions. While formal consultation channels are not yet open, parties should closely monitor Treasury’s published FAQs and, where applicable, explore opportunities to seek a "National Interest Determination" for transactions with significant strategic value.

The cost of early engagement is almost always lower than the cost of a post-closing unwind, particularly given the feedback loop described above where each jurisdiction’s actions may inform the other’s analysis.

Alternative Structures

Both acquisitions and minority investments in companies with significant Chinese R&D origins face heightened scrutiny. Investors and companies should explore structures that present a lower regulatory profile: technology licensing arrangements; investment in specific, nonsensitive business lines or geographic segments; joint ventures with appropriately ring-fenced IP; convertible instruments with regulatory condition precedents; or structured partnerships that limit the degree of influence over the target’s core technology.

CONCLUSION

The era of frictionless cross-border AI transactions, built on the assumption that corporate restructuring could cleanly resolve jurisdictional questions, is over. Both China and the United States now apply a substance-over-form approach to technology investment screening and both have demonstrated willingness to exercise post-closing unwind authority. These are rational regulatory responses to legitimate national security concerns on both sides.

For investors, the imperative is to recognize that bilateral regulatory risk is now a permanent feature of cross-border AI investment and not just a transitional friction that restructuring can resolve. Pricing this risk accurately, building appropriate protections into transaction structures, and engaging proactively with regulatory authorities on both sides are no longer optional best practices but rather baseline requirements for responsible investment in this space.