Core Tip:

The “misleading sales” determined by financial regulatory authorities is not equivalent to “fraud” under civil law. People’s courts should review whether it constitutes “fraud” in accordance with the law, based on the specific circumstances of each case, the elements of fraud, and the standard of proof, rather than merely relying on the conclusion of “misleading sales” determined by regulatory investigations to revoke an already established and effective insurance contract.

Case Background:

In disputes over “policy cancellation” between the policyholder and the insurer, policyholders often allege “improper conduct” during the sales process and file complaints with financial regulatory authorities, in an attempt to pressure the insurer into achieving a full refund. Given that some insurance institutions do indeed have flaws in their sales processes, after investigation by financial regulatory authorities, a conclusion that “misleading sales” has occurred may be reached.

After obtaining the regulatory determination conclusion, policyholders usually claim that the insurer has committed fraud and request the People’s Court to revoke the insurance contract and refund the full premium in accordance with Article 148 of the Civil Code[1]. In the current context of the prevalence of “black market for policy cancellation,” some insurers, in order to avoid regulatory investigations, are forced to process full refunds, thereby suffering losses.

There is much controversy in judicial practice regarding whether the regulatory determination conclusion of “misleading sales” cited by policyholders can be accepted by the People’s Courts and used to determine fraud and revoke the insurance contract. Based on the authors’ experience in handling similar cases, this article will discuss from the perspective of insurance companies to provide references for their defense in lawsuits.

Discussion and Analysis:

  1. The Nature of the Regulatory Determination of Misleading Sales

The National Administration of Financial Regulation (NAFR), directly under the State Council, is formed on the basis of the China Banking and Insurance Regulatory Commission (CBIRC). The local regulatory bureaus function as dispatched administrative entities under the Administration. According to the Reform Plan of the Party and the State Institutions issued by the Central Committee of the Communist Party of China and the State Council in March 2023, the National Financial Regulatory Administration of China will be in charge of regulating the financial industry except the securities sector, strengthening institutional supervision, conduct supervision, functional supervision, penetrative supervision, and continuous supervision to maintain the legality and stability of the financial industry. Therefore, the National Financial Regulatory Administration of China and its local bureaus serve as administrative authorities.

Upon receipt of policyholder allegations regarding misleading sales practices during insurance contract formation, financial regulatory authorities usually issue an Investigation Opinion Letter Concerning Banking and Insurance Regulatory Violations (hereinafter referred to as the “Investigation Opinion Letter”). Such Investigation Opinion Letter routinely contains the following determination:

“Regarding the matter of misleading sales by a certain company as reflected in the letter, … after investigation, it is found that a certain company has engaged in misleading sales, in violation of Article 131(1) of the Insurance Law.”

In practice, the Opinion Letter shall include the following administrative remedy notice at the end: “If you are not satisfied with this reply, you may either apply for an administrative reconsideration to the National Financial Regulatory Administration of China within 60 days of receiving this reply letter, or file a lawsuit before the People’s Court with jurisdiction over the financial regulatory bureau’s location within six months from the date of receipt of this reply letter.”

Based on the above, in accordance with Article 18 of the Interpretation II of the Supreme People’s Court[2] on Several Issues Concerning the Application of the Insurance Law of the People’s Republic of China, the Investigation Opinion Letter issued by local financial regulatory bureaus is a public document made by administrative authorities in accordance with the law, and the People’s Courts generally accept it, unless the insurance institution provides contrary evidence to overturn the relevant determination.

II. Whether the Regulatory Determination of Misleading Sales Can Prove Fraud and Have the Evidentiary Power to Revoke the Insurance Contract

1. The Essential Difference Between Regulatory “Misleading Sales” and Civil “Fraud”

    The authors hold that while the Investigation Opinion Letter determines that the insurer engaged in misleading sales practices at the time of underwriting, such regulatory investigation opinion is formulated from the perspective of industry management, in accordance with insurance industry regulatory provisions, and with the fundamental purpose of regulating the professional behavior of insurance practitioners and maintaining the order of the insurance industry. It emphasizes the improper sales language used by insurance practitioners in the process of recommending insurance products to policyholders. It should be based on the Guidelines for the Determination of Misleading Sales of Personal Insurance and Article 165 of the Insurance Law to hold insurance institutions and agency sales institutions administratively responsible, and does not involve the evaluation of the effectiveness of the insurance contract concluded by insurance practitioners.

    Therefore, the authors further believe that the “misleading sales” determined in the Investigation Opinion Letter and the “fraud” determined in civil litigation differs in legislative purpose, legal basis, effectiveness level, elements of composition, and standard of proof, as well as legal consequences:

    DifferencesAdministrative Determination of “Misleading Sales”Civil Litigation Determination of “Civil Fraud”
    Legislative PurposeTo regulate the business conduct of insurance agents and brokers, protect the legitimate rights and interests of policyholders, insured persons, and beneficiaries, and maintain the order of the insurance industry.To implement the principle of freedom of contract, allowing the right of revocation to be exercised by the party whose expression of intent is not genuine or accurate, thereby realizing the will and interests of the revoking party and eliminating the harm caused by defective expressions of intent.
    Legal BasisGuidelines for the Identification of Misleading Sales Behavior in Life Insurance: “If a life insurance company, insurance agency, or personnel engaged in insurance sales have any of the behaviors stipulated in Articles 5 and 6 of the Guidelines, it can be determined as the behavior of ‘deceiving policyholders, insured persons, or beneficiaries’ as stipulated in Article 116 or Article 131 of the Insurance Law.”Civil Code: ” Where a party by fraudulent means induces the other party to perform a civil juristic act against the latter’s true intention, the defrauded party has the right to request the people’s court or an arbitration institution to revoke the act.”
    Effectiveness LevelDepartmental regulatory documentLaw
    Elements of CompositionIt is sufficient to have implemented the illegal behaviors stipulated in Articles 5 and 6 of the Guidelines for the Identification of Misleading Sales Behavior in Life Insurance.The following four elements must be present simultaneously: 1. The fraudulent party has the intention to defraud; 2. The fraudulent party has committed a fraudulent act; 3. The defrauded party falls into an internal error due to the fraud; 4. The defrauded party makes an erroneous expression of intent due to the internal error.  
    Standard of Proof/To reach the standard of proof that excludes reasonable doubt
    Legal ConsequencesIn accordance with Article 165 of the Insurance Law, administrative responsibility is imposed on the offender.The effectiveness of the contract concluded is negated, and the defrauded party is granted the right to revoke.

    Therefore, the determination of “misleading sales” as an administrative violation by insurance practitioners in the Investigation Opinion Letter does not equate to a determination that the insurance institution and its practitioners engaged in deceptive conducts at the time of concluding the insurance contract, nor does it establish fraud by the insurance institution.

    The People’s Courts should still exercise their judicial power independently to review whether the evidence provided by the policyholder can prove that “the insurance institution and its practitioners engaged in deceptive conducts, had fraudulent intent, and the policyholder entered into the insurance contract under a material misunderstanding,” and should also review whether the evidence provided by the policyholder regarding the fraudulent facts meets the “beyond reasonable doubt” standard of proof.

    2. Significant Disputes in Judicial Practice on the Relationship Between “Misleading Sales” and “Civil Fraud”

    There are significant disputes in judicial practice regarding the relationship between the regulatory determination of “misleading sales” and the establishment of civil fraud:

    Viewpoint 1: If the financial regulatory authorities determine that “misleading sales” has occurred, it indicates that the insurance company engaged in deceptive behavior at the time of underwriting, constituting fraud. Relevant judicial cases include:

    • In case (2024) YU 87 Min Zhong 1914, the Chengdu-Chongqing Financial Court held that:

     According to the facts determined in the Investigation Opinion Letter Concerning Banking and Insurance Regulatory Violations, Luo Mou indeed engaged in behaviors such as signing on behalf of others, concealing sales, failing to inform important terms, giving gifts, and fabricating the annual income of the policyholder… The National Financial Regulatory Administration of China’s Liangjiang Regulatory Bureau, which issued this evidence, is the regulatory authority of the insurance industry and has professional and authoritative judgment capabilities. Its determination based on relevant evidence is a manifestation of performing regulatory functions. In the absence of contrary evidence sufficient to overturn it, the first-instance court accepted it in accordance with the law. Accordingly, it was determined that Luo Mou, a third party, did indeed engage in concealing sales and failing to inform important terms when selling insurance products… and the Personal Insurance Contract signed between Deng Mou and a certain company was legally revoked.

    • In case (2016) Shan 01 Min Zhong 8496, the Intermediate People’s Court of Xi’an, Shaanxi Province held that:

     As a consumer, Yang Mou was entitled to make an informed decision on whether to purchase insurance products and which insurance products to purchase. The Shaanxi Regulatory Bureau of the China Banking and Insurance Regulatory Commission found that the staff of a certain company “exaggerated the future uncertain returns on the insurance product purchased by Yang Mou beyond the contractual guarantee,” this behavior violated Article 6(1) of Guidelines for the Determination of Misleading Sales of Personal Insurance, which stipulates that “life insurance companies, insurance agencies, and personnel engaged in insurance sales activities shall not engage in the following deceptive behaviors: (1) Exaggerating insurance liability or insurance product returns.” The staff member of a certain company engaged in deceptive conduct when selling the involved insurance product to Yang Mou.

    Viewpoint 2: The regulatory determination of “misleading sales” does not equate to civil fraud, and the People’s Courts should independently review based on the elements of fraud. Relevant judicial cases include:

    • In case (2023) Jing 74 Min Zhong 1338, the Beijing Financial Court held that:

    Although the Investigation Opinion Letter determined that “a certain company engaged in behaviors such as exaggerating insurance liability and returns, promoting stop sales, promising to seek improper benefits for others, irregular publicity, irregular explanation, giving benefits outside the contract, poor management of service materials, and failure to provide dividend notices,” these behaviors fall within the scope of regulation by the insurance regulatory authorities. The existence of illegal behaviors does not necessarily mean that the relevant behaviors constitute fraud against Li Mou.

    • In case (2023) Jing 0119 Min Chu 1013, the Yanqing District People’s Court of Beijing held that:

    The Investigation Opinion Letter determined that the businessperson Sun Mou engaged in irregular or improper sales behaviors during the sale of insurance, which falls within the scope of regulation by the insurance regulatory authorities. Therefore, Li Mou’s claim that the two defendants engaged in fraudulent behavior lacks rational basis and is not accepted by this court.

    • In case (2023) Lu 1002 Min Chu 5093, the Huancui District People’s Court of Weihai held that:

    Despite the Investigation Opinion Letter determined that a certain company engaged in misleading sales behavior, this opinion letter is just an industry management regulation. The “misleading sales” mentioned in it is a determination made by the CBIRC as the industry’s main department from the perspective of industry management, and it does not necessarily equate to “fraud” under civil law. Fraud requires that the defrauded party, due to the fraud, falls into a mistaken belief and, as a result, makes an erroneous expression of intent. However, in this case, the court’s investigation revealed that Qu Mou entered into a personal insurance contract in June 2017 and has continuously paid premiums for 6 years. During this period, he also added insurance premiums multiple times and received dividends, which sufficiently demonstrated that his decision to enter into the contract was made voluntarily and was not induced by fraudulent conduct.

    III. Key Points for Insurance Companies to Respond When Policyholders Demand Full Refunds Based on Regulatory Investigation Conclusions

    Given that the Investigation Opinion Letter issued by the financial regulatory authorities carries a certain degree of probative force in proving fraud, insurance companies should actively defend themselves in lawsuits: Although there may be improper sales practices, it does not lead to the policyholder falling into an erroneous understanding and enter into the insurance contract, and the conclusion of the relevant insurance contract is the true expression of the policyholder’s intent.

    Moreover, it is suggested that insurance companies refine their defense opinions and organize evidence from the following eight aspects:

    1. Whether the insurer or its sales have provided detailed explanations to the policyholder regarding matters closely related to the policyholder and the insured, such as the name of the insurance product, the name of the insurance company, insurance liability, exclusions, insurance amount, insurance period, payment period, loss on surrender, cooling-off period, etc.
    2. Whether the policyholder has signed the Insurance Contract Receipt and confirmed that the insurer has clearly explained and interpreted the contents of the insurance contract to the policyholder.
    3. Did the insurer conduct a follow-up call with the policyholder? During the call, did the policyholder confirm that they understood the product brochure, application tips, and contract terms, especially the insurance liability and exclusions, and confirm the insurance period, payment period, and monthly premium amount?
    4. In the case of multiple insurance contracts, are the types of insurance and agency sales personnel the same?
    5. Whether the policyholder had previous multiple insurance experiences, and whether the types of insurance purchased are the same as the involved insurance.
    6. Whether the irregular sales conduct was sufficiently misleading to induce the policyholder to make an erroneous decision.
    7. Whether the policyholder has continuously paid premiums for many years, and whether they have added insurance premiums multiple times and received dividends during this period.
    8. After initially concluding the insurance contract, whether the policyholder has subsequently purchased other insurance products in the same manner.

    Conclusion:

    In recent years, malicious complaints and the “black market for policy cancellation” have seriously disrupted the normal functioning of the insurance market and the reputation of the insurance industry. The former China Banking and Insurance Regulatory Commission, the National Financial Regulatory Administration of China, and the Insurance Association of China have repeatedly carried out special actions against “black market for policy cancellation” and issued consumer risk warnings, but it is still difficult to effectively eradicate such illegal activities.

    If insurance institutions can actively and effectively defend themselves in lawsuits, it would positively influence the regulatory authorities’ efforts to combat the “black market for policy cancellation,” as well as contribute to the development of the local insurance industry and the overall order of the national insurance market.

    (Declaration: This article represents the views of the authors only and should not be regarded as a formal legal opinion or suggestion issued by Beijing AnJie Broad Law Firm. If you need to reprint or quote any content of this article, please indicate the source.)

    [1] Article 148 of the Civil Code: Where a party by fraudulent means induces the other party to perform a civil juristic act against the latter’s true intention, the defrauded party has the right to request the people’s court or an arbitration institution to revoke the act.

    [2] Article 18 of the Interpretation II of the Supreme People’s Court on Several Issues Concerning the Application of the Insurance Law of the People’s Republic of China: The people’s court shall examine a written conclusion on a traffic accident or a written conclusion on a fire, among others, made by an administrative agency in accordance with law and confirm its corresponding weight of evidence, unless it can be overturned by any evidence to the contrary.

    Following the release of the Guidelines for the Pilot Filing of Real Estate Private Investment Funds (Trial) (commonly referred to as “Circular No. 4”) by the Asset Management Association of China (AMAC) in February 2023, real estate funds have garnered significant attention in both private investment and insurance sectors. While real estate funds are not a new concept for insurance companies, uncertainties persist regarding their classification, the applicability of regulatory requirements, and how changes introduced by Circular No. 4 align with existing regulations. In this context, we aim to provide a concise overview of key practical issues related to real estate investments by insurance companies.

    I. Should an investment in a real estate fund be categorized as a real estate-related financial product or as an indirect equity investment?

    According to the Notice on Strengthening and Improving the Proportional Supervision of Insurance Fund Utilization, domestic real estate assets primarily include physical real estate, infrastructure investment plans, real estate investment plans, real estate-related insurance asset management products, and other financial instruments linked to real estate. The regulatory framework overseen by the China Banking and Insurance Regulatory Commission (“CBIRC”) does not explicitly categorize real estate funds as a distinct type of real estate-related financial product. Consequently, before 2022, the classification of real estate funds was unclear.

    Given that most insurance companies have equity investment management capabilities, and considering that the requirements for fund managers’ professional personnel and managed asset balances are relatively lower for indirect equity investments compared to real estate-related financial products, insurance companies generally classified real estate funds as indirect equity investments rather than as real estate-related financial products.

    At the end of 2021, the CBIRC clarified the nature and applicable regulatory framework for real estate funds through its official Q&A platform. According to the CBIRC’s response, “Private equity funds invested in by insurance companies, where the underlying assets are real estate, should be classified as real estate financial products and must comply with the Tentative Measures for Investment in Real Estate by Insurance Funds (“Circular No. 80”). These investments are not subject to the Interim Measures for the Administration of Insurance Funds’ Equity Investment (“Circular No. 59”).” In other words, when insurance companies invest in real estate funds, both the investors and fund managers, as well as the funds and their investment targets, must adhere to the requirements for real estate financial products outlined in Circular No. 80 and Circular No. 59. They are not required to comply with the regulations governing equity investments.

    II. Alignment Between Insurance Companies’ Investment in Real Estate Funds and the New Provisions of AMAC

    A. Are real estate funds invested by insurance companies required to be classified as “Real Estate Private Investment Funds”?

    As to whether the real estate funds invested by insurance companies must be “private equity investment funds in real estate” (“pilot funds”), Circular No. 4 and the Explanatory Notes on the Draft of the Guidelines for the Pilot Filing of Real Estate Private Investment Funds (Trial) provide a relatively clear answer.

    According to the aforementioned documents, fund managers participating in the pilot program are permitted to conduct real estate investments in accordance with Circular No. 4. For those not participating in the pilot, existing business models and filing requirements remain unchanged, allowing them to continue making equity investments in sectors like affordable housing, commercial real estate, and infrastructure under the current self-regulatory framework overseen by the AMAC. Consequently, real estate funds invested in by insurance companies are not required to be part of the pilot program.

    B. Classification of Project Types Such as Logistics Parks and Industrial Parks

    Article 2 of Circular No. 80 stipulates that insurance companies’ investments in infrastructure-related real estate must comply with the Measures for the Administration of Indirect Investment in Infrastructure Projects by Insurance Funds and related provisions, while investments in non-infrastructure real estate and related financial products are governed by Circular No. 80. This makes it necessary to distinguish between infrastructure and real estate projects. However, the CBIRC and the AMAC differ in their classification criteria. 

    For example, regarding logistics parks, the CBIRC stated in an October 2022 response that under the Tentative Measures for Investment in Real Estate by Insurance Funds, insurance companies may invest in qualified real estate-related financial products. Investments in logistics properties through private equity funds must comply with Circular No. 80 and other regulatory provisions.” This indicates that the CBIRC classifies logistics parks as non-infrastructure real estate, whereas Circular No. 4 includes storage and logistics projects, ports, and industrial parks under infrastructure. If insurance companies invest in infrastructure projects like ports as defined by Circular No. 4, whether this constitutes an investment in real estate financial products remains unclear. 

    C. Debt-to-Equity Ratio for Insurance Companies Investment in Real Estate Funds

    1. From the perspective of insurance fund regulation, are investments in real estate funds required to comply with the 40% cap on debt investments?

    According to Circular No. 59, “If an insurance company invests in real estate through the equity of a project company, the project company may use its own assets as collateral for financing, such as obtaining loans from its insurance company shareholders, provided that the financing amount does not exceed 40% of the total project investment.”

    In our view, based on a literal interpretation, this provision primarily applies to cases where insurance funds make direct equity investments in real estate project companies. Investments made through funds do not necessarily fall under this framework.

    2. For insurance companies’ investment in pilot funds, debt-to-equity ratio restrictions may no longer apply under specific conditions

    Under Circular No. 4, a fund providing loans to its invested enterprises must comply with the following requirements:

    • The fund contract must explicitly allow such loans, and the necessary decision-making procedures must be followed.
    • The loan’s maturity date must not extend beyond the fund’s liquidation date.
    • If the fund includes individual investors, it must hold at least 75% equity in the invested enterprise, with the equity contribution accounting for no less than one-third of the total investment (i.e., the maximum equity-to-debt ratio can reach 1:2).
    • If the fund consists solely of institutional investors, it must either hold at least 75% equity in the invested enterprise or hold at least 51% equity while the enterprise provides guarantees. In such cases, the debt investment amount may be determined by the fund contract.

    Thus, if a real estate fund invested by insurance companies has only institutional investors and meets the investment ratio requirements and other stipulated provisions, the debt investment ratio is unrestricted. 

    3. Insurance funds’ investment in non-pilot funds remain subject to the 20% debt investment cap

    According to the Several Provisions on Strengthening the Regulation of Private Investment Funds, private funds engaging in lending activities must adhere to the following rules:

    • The maturity date of such loans must not exceed the exit date of the corresponding equity investment.
    • The fund’s assets used for lending must be limited to 20% of the total contributed capital.
    • The loan term must be restricted to one year or less.

    Therefore, if insurance companies invest in non-pilot funds, those funds must still comply with the above restrictions.

    In today’s ever-changing digital ecosystem, the proliferation of false information and even malicious contents has emerged as one of the most pressing challenges to the cyberspace integrity.  In recent years, China’s internet regulator and judicial authorities have put efforts in regulating and monitoring malicious network contents. 

    I. Administrative Approach & Latest Initiative

    On April 15, 2025, the Cyberspace Administration of China (the “CAC”) has launched a nationwide campaign to crack down on malicious marketing in the short video sector.  This three-month initiative, so-named “Clear and Bright·Crackdown on Malicious Marketing Chaos in the Short-Video Field” (the “CAC’s Initiative”), aims to foster a healthier and more trustworthy online environment.

    The campaign will target the following four categories of misconduct.

    1. Malicious staged fake scenarios:

    • Fabricating pitiable personas, claiming false identity of new occupations group and staging emotionally manipulative content to exploit public sympathy for financial gain
    • Fabricating elite personas or dramatic life stories and exaggerating “rags-to-riches” narratives to gain attention, internet traffic and profit
    • Writing fake tragic scripts under the guise of promoting rural development or poverty alleviation

    2. Dissemination of false information:

    • Deceptive editing through “cut-and-paste” or “quoting out of context”
    • Exaggerating family conflicts, workplace disputes or violent incidents to incite social anxiety and provoke group antagonism
    • Using deepfakes and altered audio or visuals to fabricate stories
    • Pseudo-scientific popularization or interpreting content, or fake experts or impersonate academic or professional institutions to maliciously fabricate and disseminate misleading information concerning economic, legal, historical, medical and other professional fields

    3. Violations of public order and social morality:

    • Harassing strangers during outdoor “pickup” or street interviews
    • Soft-pornography through suggestive titles, attire, or gestures, etc.

    4. Improper diversion of internet traffic:

    • Use of gimmicks such as “emotional communication”, “traditional Chinese culture”, “traditional Chinese medicine for health cultivation” and ‘getting rich quickly” to lure the irrational consumption of specific groups such as the elderly
    • Use of exaggerated and sensational “Title Party” copywriting such as “exposing industry secrets”, “exposing industry insiders”, “reporting industry fraud” and “I was blocked by the industry” to attract internet fans
    • Publish of false contents like “anti-counterfeiting”, “evaluation” and “shop exploration” content which mislead users’ awareness of relevant brand image, commodity quality and service level

    The CAC has outlined the following enforcement approaches targeting the foregoing misbehaviors.

    1. Platform accountability: requiring short video service platform to enhance content moderation, strengthen content review mechanisms, improve recommendation algorithms and traffic distribution systems, and ensure users have access to clear channels for reporting problematic content

    2. Severe penalties: committing to strict punishment for problematic platforms and accounts, including public exposure of representative cases for deterrent effect

    3. Sustainable governance: emphasizing long-term governance through improved labeling, monetization controls, and reporting channels to curb malicious marketing

    Notably, the CAC’s Initiative builds upon some earlier regulations like the Provisions on the Governance of Network Information Content Ecology which first prohibited fraud of internet traffic and fake account registration.[1]  The goal is to protect the legitimate rights and interests of netizens and promote the healthy and orderly development of the industry. 

    It is widely noted that China is home to a vast short video market.  As of June 2024, the number of short video users reached 1.05 billion, accounting for 95.5 percent of the country’s total internet population.[2]  The timing of the CAC’s Initiative reflects regulators’ recognition of short-video platforms’ growing influence, particularly their role in shaping and remodeling user behavior, political opinions, and social values, as well as the increasing malicious marketing practices in the short video sector.  For instance, on April 10, 2025, police in Chengdu, Sichuan province, detained two short video account operators after multiple videos went viral showing men confessing romantic feelings to other men on the Chengdu subway.   Authorities further found that the creators were not genuinely interested in men and that the content was largely fabricated to generate online traffic.  Police warned that fabricating content for online traffic in ways that violate laws and regulations will be punished.[3]  By targeting specific manipulation tactics rather than content viewpoints, therefore, the campaign aims to restore authenticity to online discourse while preserving legitimate expression. 

    II. Judicial Approach & Landmark Case Overview

    The first case in terms of resolving the dispute in relation to manipulating the “internet water army”, was selected as one of the Top Ten Cases of the People’s Courts in 2024 (the “2024 Case”).  In this case, a series of innovative legal application standards and liability determination schemes are put forward, which further activates the public interest litigation system and sparks in-depth discussion on the governance of “dissemination of false information on the internet” through artificial or technical intervention.

    From September 2019 to May 2022, a Chinese citizen whose family name is Yang (“Yang”) used the platform developed by several companies registered by him and further recruit many part-time workers to act as the “internet water army”.  By manipulating the “internet water army”, he engaged in paid business like conducting positive praise, forwarding and commenting on the publicity of film and television works, online videos, game works and commodities designated by customers, and publishing specific contents of specific works and commodities on relevant network platforms according to customer requirements without verifying the authenticity of information.  Yang and his companies also deleted posts by means of “complaint and reporting” on the information publishing platform to reduce the spreading of negative information for specific works and commodities.  Yang and his companies have preserved more than 1,200 internet accounts and fabricated more than 240,000 pieces of information through the business model like “forwarding positive praise” and “direct distribution”, the revenue generated from which reached more than RMB 8.96 million.  In the meanwhile, they have fabricated more than 1,200 pieces of information through “complaint and reporting” mechanism, the revenue generated from which reached more than RMB190,000.  Moreover, Yang and his companies provide paid deletion services for the purpose of making profits, and their acts of disrupting market order have been found to constitute the crime of illegal business operation by the court’s criminal judgment, and they shall be investigated for criminal responsibility.

    The People’s Procuratorate of Binjiang District, Hangzhou City, Zhejiang Province, also filed a civil public interest lawsuit against Yang and his companies on the grounds of network tort liability disputes.  After a public hearing, Hangzhou Internet Court held that the act of disseminating false information on the internet constitutes not only the act of disseminating fabricated, fictitious and distorted information, but also the act of interfering with the presentation of information by means of artificial or technical means, such as traffic fraud, false registered accounts and manipulation of user accounts.  The acts of the defendants have disrupted the network public opinion environment and the order of internet integrity, destroyed the operation order of relevant industries and markets, damaged the public’s right to know and choose, and should bear relevant civil tort liability.  Hangzhou Internet Court finally ordered the defendants to apologize publicly in the state-level media, delete the false information that had been published, cancel false accounts of the “internet water army” up to more than 1,200, and ordered compensation for public interest damages totaling RMB1 million, given the tort nature, duration, scope of impact, harm and other factors.

    Notably, this civil judgment complemented the prior criminal convictions for the paid takedown services, demonstrating a multi-pronged legal approach.  According to the Decision of the Standing Committee of the People’s Congress of Zhejiang Province on the Governance of False Information on the Internet, the prosecutorial authorities should explore and develop the path of public interest litigation in the field of network false information governance.[4]  To tackle the 2024 Case, judicial authorities intervene in the cyberspace governance by means of “public interest litigation”, which expands the path of monitoring false information spread on the internet.

    In the 2024 Case, the court has also clarified several issues concerning the internet disinformation.  Firstly, it determines that the network false information refers to the information presented in the form of words, numbers, images, audio and video or symbols, which is inconsistent with the facts or fabricated, disturbs the political, social and economic order or infringes on the legitimate rights and interests of others.[5]  The court expansively interpreted “false information” including not just factually inaccurate content but also “artificially manipulated data fraud”.

    Secondly, the court emphasized the cumulative societal harm of such operations, noting that while individual consumers might suffer small losses, the aggregate damage to public interests was substantial. The judgment identified social harms caused by network false information, which encompasses (i) damaging the interests of individual personality, (ii) destroying the trust and stability of the network society, (iii) destroying the ecological order of network information content, and (iv) disrupting the normal operation order of the market.[6]

    Last but not the least, the calculation of damage of compensation in the judgement merits our attention.  Rather than merely considering direct quantifiable losses in general civil tort disputes, the court calculated the damage of compensation based on multiple factors including duration, social impact, profits, and costs associated with governing and repairing the damaged network ecology. 

    III. Key Takeaways for Internet Platform Compliance Practice

    The evolving regulatory landscape, exemplified by the 2024 Case and the CAC’s Initiative, creates both risks and responsibilities for businesses operating online. Companies should (i) understand the full spectrum of potential legal liabilities including civil liability, administrative penalties and even the criminal liabilities in severe situations caused by acts relating to the internet disinformation and (ii) implement robust compliance programs to mitigate exposure to misbehaviors pursuant to relevant laws and regulations.  We present the following measures for business parties’ consideration:

    1. Marketing authenticity protocols:

    • Prohibit paid or incentivized reviews lacking clear disclosure
    • Establish verification systems for user-generated content claiming product experience
    • Maintain clear and complete archives of promotional collaborations with influencers

    2. Algorithmic governance:

    • Avoid engagement metrics manipulation through artificial boosting
    • Ensure recommendation algorithms don’t preferentially amplify paid/promoted content
    • Implement safeguards against “filter bubbles” that might reinforce false narratives

    3. Partner/vendor due diligence:

    • Conduct due diligence through third-party marketing firms experienced in compliance practices
    • Monitor affiliate networks that may involve in prohibited tactics like use of “internet water army”
    • Include anti-disinformation clauses in collaboration agreement/vendor contracts

    4. Employee training:

    • Educate staff on laws and regulations on a regular basis
    • Establish whistleblower channels for reporting concerns
    • Conduct regular audits of marketing practices

    5. Crisis preparedness:

    • Develop response plans for inadvertent disinformation incidents
    • Designate compliance officers who are familiar with ever-evolving governance standards
    • Maintain documentation for demonstrating good-faith compliance efforts

    In addition, regarding various industrial sectors, business parties should take industry-specific considerations into account.  For instance, companies engaged in e-commerce should conduct scrutiny on review systems and product claims, while entertainment companies should put efforts on risks brought by artificial popularity metrics and fan mobilization. 

    Both the CAC’s Initiative and the 2024 Case serve as a reminder that compliance is about avoiding penalties as well as maintaining the integrity of network ecology.  As courts increasingly recognize the societal costs of information pollution, businesses contributing to or insufficiently preventing such harm may face reputational and legal consequences.  This governance approach combining clear prohibitions, platform accountability, and public education, offers a model for addressing the internet disinformation without undue censorship.  As the legal consequences for information pollution grow more severe, legal and ethical information practices must become core to corporate strategy.  The emerging legal environment, therefore, presents both risks and opportunities for businesses.  Those who prioritize authentic engagement, transparent metrics, and rigorous compliance will not only avoid regulatory action but also earn consumers’ trust. 

    [1] See article 24 of the Provisions on the Governance of Network Information Content Ecology.

    [2] See Xinhua Agency, China to crack down on malicious short video content, China Daily (April 15, 2025).

    [3] See a warning notice issued by Chengdu Public Security Bureau Rail Transit Branch on April 10, 2025.

    [4] See paragraph 2, article 18 of Decision of the Standing Committee of the People’s Congress of Zhejiang Province on the Governance of False Information on the Internet.

    [5] See Chen Zengbao, Judicial Response to False Information on the Internet — — Reflections on the First Case of Manipulating “Internet Water Army”, Digital Law, No. 5, 2024.

    [6] See supra note 5.

    On January 3, 2025, the Ministry of Public Security held a press conference in Beijing to report the results of the special crackdown on insurance fraud crimes jointly conducted by the Ministry of Public Security and the National Financial Regulatory Administration and announced ten typical cases. This special crackdown has launched more than 40 nationwide campaigns, filing and investigating over 1,400 insurance fraud cases, dismantling more than 300 professional criminal gangs, with the total amount involved exceeding RMB 1.5 billion, fully reflecting the determination and effectiveness of the police in combating insurance fraud crimes[1].

    This article will focus on the legal provisions of insurance fraud and the ten typical cases announced by the Ministry of Public Security, summarizing the constitutive elements and common case scenarios of insurance fraud, and analyzing the focus of the special crackdown for reference by relevant practitioners.

    I. Legal Provisions on Insurance Fraud

    Insurance fraud is stipulated in Article 198 Criminal Law under Chapter 3 “Crimes of Disrupting the Order of the Socialist Market Economy”, Section 5 “Financial Crimes”. Therefore, the legal interests protected by this crime are the market economic order in the insurance field and the property rights of the insurer. Specifically, insurance fraud includes the following main constituents:

    1. Objective Behavior

    Article 198 of the Criminal Law stipulates the following five types of insurance fraud:

       (1) Fabricating insurance objects,

       (2) Fabricating false causes for the occurrence of insurance accidents or exaggerating the extent of losses,

       (3) Fabricating insurance accidents that have not occurred,

       (4) Intentionally causing property loss insurance accidents,

       (5) Intentionally causing the death, disability, or illness of the insured.

    In addition, appraisers, certifiers, and property assessors who intentionally provide false certificates to support others to defraud shall be treated as accomplices for insurance fraud.

    2. Subject

    The subjects of insurance fraud include individuals and companies. The insured, the policyholder, and the beneficiary can all constitute crimes.

    3. Amount

    This case is an amount-based crime. Cases involving amounts over RMB 50,000 should be filed and prosecuted[2]. The standards for “large amounts”, “huge amounts”, and “particularly huge amounts” need to be judged in conjunction with the provisions of provincial high courts and procuratorates.

    Some provincial high courts have established special amount standard for insurance fraud. For example, Jiangsu provincial rules provide that the amount standard for “large amounts”, “huge amounts” and “particularly huge amounts” for insurance fraud shall be below RMB 100,000, between RMB 100,000-1,000,000, and over RMB 1,000,000[3]. Guangdong, Zhejiang, Tianjin provincial rules provide that the amount standard shall be below RMB 100,000, between RMB 100,000 to 500,000, and over RMB 500,000 respectively[4]. Companies committing insurance fraud would be subject to an amount standard 5 times greater than individual cases.

    II. Typical Case Analysis

    The ten typical cases of insurance fraud announced by the Ministry of Public Security share the characteristics of professionalism, gang involvement, and full industry coverage. Not only are traditional insurance types such as personal injury insurance and car insurance involved, but also new insurance types such as employer liability insurance, group accident insurance, freight insurance, goods return insurance, and agricultural insurance suffer fraudulent claims. Some crimes have established internal organization, connecting the entire chain of insurance claims, with internal and external collusion. This indicates that with the development of the social economy, the methods of insurance fraud crimes are also “advancing with the times”.

    Through the analysis of the above typical cases, we summarize the following new forms of insurance fraud for your reference:

    1. Using Luxury Cars and High-Grade Car Coats to Fabricate Accidents and Defraud Insurance Money

    Many car owners invest heavily in changing the color of their vehicles or purchasing high insurance for luxury cars. Criminals manipulate such luxurious behaviors, buying second-hand luxury cars as prop cars at low prices, creating traffic accidents in places without surveillance at night (Zhejiang Province Hou et al. Suspected of Car Insurance Fraud), or conspiring with car repair shops to fabricate repair receipts and payment records for high-grade car coats to defraud insurance money (Guangdong Province Luo et al. Suspected of Car Coats Insurance Fraud).

    Unlike traditional car insurance repeated claims, this type of luxury car insurance may stipulate a higher compensation amount in the insurance contract. Also, there do exist luxurious consumption behaviors in luxury car market, making the fraudulent behaviors highly concealed. Criminals can fabricate a few accidents and defraud huge insurance amounts. The abovementioned car coat insurance fraud case involved an amount of over RMB 9 million, manifesting the seriousness of such fraud.

    2. Using E-commerce Platform Return and Exchange Rules to Defraud Insurance Money

    Many large e-commerce platforms provide insurance services such as freight insurance and goods return insurance to compensate for the cost of goods returns and repairs after online shopping. However, criminals exploit the loopholes in such insurance claims, using new insurance types or “extended warranty replacement” rules, playing various roles in different places to fabricate returns and exchanges to defraud insurance money (Fujian Province Cai X Wen Suspected of New Types of Insurance Fraud).

    This case shows that insurance fraud has closely followed the development of the insurance industry, exploiting claim loopholes in new types of insurance to defraud insurance payouts. Such new types of insurance are typically provided by insurance companies affiliated with e-commerce platforms who may lack sufficient experience in dealing with insurance fraud. Following the pursuit of efficient claim reviews driven by the service-oriented mindset of e-commerce platforms, these insurance companies could easily fall into the traps set by criminals.

    3. Using Employee Injury to Defraud Insurance Money

    Employer liability insurance is a kind of commercial insurance that covers the legal liabilities of employers to employees[5]. The insured are usually employees in high-risk industry, and the employers desire to limit their liability in the case of work-related injuries.

    However, the compensation for employer liability insurance usually relies on the compensation agreement reached between the employer and the employee, which leaves room for criminal behaviors. Some criminals exploit existing work injury incidents and induce employees to sign deceptive compensation agreements to defraud insurance payouts (Jiangsu Certain Plastics Company Suspected of Employer Liability Insurance Fraud). Others use low premiums as bait to induce high-risk industry companies to authorize the criminals to purchase employer liability insurance on their behalf. In the case of an incident, the criminals fabricate compensation agreements, receipts, or exaggerate losses and make repeated claims to defraud payouts (Anhui Lu et al. Suspected of Employer Liability Insurance Fraud). Some criminals even maliciously exploit injured employees after handling claims, embezzling and withholding the compensation funds, which seriously infringed the rights and interests of the insured and beneficiaries (Sichuan Du et al. Suspected of Employer Liability Insurance and Group Accident Insurance Fraud).

    4. Defrauding Insurance Premiums Under the Pretext of Free Insurance

    To promote insurance products, insurance companies usually agree to certain commission rewards for insurance brokerage companies. Some insurance brokerage companies exploit loopholes in contract terms, making false promises and recruiting members under the disguise of first year premium free. Later, the criminals provide the initial premium by themselves and induce the members to fabricate policyholder information and insurance intentions by recommending 30-year term life insurance to their family, friends, and acquaintances. In doing so, criminals exploit the “first-year commission higher than the first-year premium” clause in the brokerage cooperation agreement with the life insurance company to defraud high commissions. The amount involved is as high as RMB 1.2 billion (Beijing Certain Insurance Brokerage Company Suspected of Insurance Commissions Fraud).

    5. Repeated Insurance and Claims Exploiting Data Policy of Insurance Companies

    Two typical cases involving personal accident insurance fraud exploited the lack of data sharing between different insurance companies. Criminals repeatedly purchase personal accident insurance from multiple insurance companies, fabricating hospitalization records, medical records, or accidents to defraud claim payments (Shanghai Li X Hong et al. Suspected of Personal Injury Insurance Fraud, Shandong Hou X et al. Suspected of Personal Injury Insurance Fraud). These cases took advantage of the loopholes in insurance companies’ review processes for small claims, using repeated insurance and repeated claims to defraud substantial compensation payments.

    6. Agricultural Insurance Fraud

    With the development of modern agriculture, some large farms may insure their livestock. After insuring with multiple insurance companies, criminals intentionally cause the death of the livestock and conspire with the insurance company’s claims adjusters to fabricate inspection sites, defrauding agricultural insurance compensation (Xinjiang Zhang et al. Suspected of Agricultural Insurance Fraud).

    III. Focus of Insurance Fraud Crackdown

    Through the analysis of the above cases, we can find that the focus of the police authority in combating insurance fraud crimes mainly includes the following aspects:

    1. Focus on Cracking Down Gang-related and Professional Insurance Fraud

    The ten cases announced are all committed by organized groups, covering the entire process of insurance underwriting, brokerage, and claims handling. Criminals designed meticulous schemes to target every stage of the insurance claims process. Some cases involve collusion with employees of the insurance industry to jointly defraud claim payments.

    As criminal activities cover the entire insurance claims process, the materials submitted to insurance companies for claims are usually complete and comprehensive, significantly concealing the criminal activities and increasing the difficulty of the insurance companies to review these fraudulent claims.

    In response, the public security authorities, in coordination with financial regulatory departments, have organized industry-wide inspections and efficient collaboration. They have established over 500 cooperation mechanisms and built more than 220 integrated anti-fraud collaboration platforms, providing strong support in information sharing, lead coordination, and case investigation[6]. These efforts have effectively enhanced the efficiency and capability in investigating organized and professional insurance fraud cases.

    2. Expanding the Scope to Cover All Insurance Types

    Apart from traditional personal accident insurance and auto insurance, the special crackdown also focuses on innovative insurance such as employer liability insurance, freight insurance, goods return insurance, and agricultural insurance, as well as fraudulent activities by insurance brokerage companies to obtain commissions.

    Driven by the need to promote their products, insurance companies may prioritize claims efficiency or sales performance over strict review standards, consequently falling into the scam of the criminals. Therefore, public security authorities and financial regulatory departments work closely together, keeping track of the latest developments in the insurance industry, and precisely targeting frauds related to innovative insurance products and high commissions. This effectively purifies the insurance market environment and maintains the order of the financial market.

    3. Using High-Tech Means to Crack Down on Repeated Claims

    The announced cases of personal accident insurance fraud involved multiple policies and repeated claims. Criminals exploited the lack of information sharing between small and medium-sized insurance companies or internet insurance companies to defraud claim payments, a situation that can be accurately identified through big data screening.

    Li Youxiang, Director of the Inspection Bureau of the National Financial Supervision and Administration, stated at the Ministry of Public Security’s press conference that the Financial Supervision Administration will establish an anti-fraud action plan of “data aggregation—big data modeling—clue identification.” This will guide financial regulatory departments at all levels to strengthen the construction of collaboration mechanisms with public security authorities, refine collaboration content, and solidify the foundation for the coordination of administrative and criminal enforcement, continuously improving the insurance fraud risk management system. This indicates that financial regulatory departments will further employ technology to enhance the ability to identify criminal clues, providing significant support and assistance to public security authorities in combating insurance fraud crimes[7].

    IV. Summary

    Our team has also handled multiple insurance fraud-related cases. For example, a foreign enterprise and a Chinese company conducted “trade in name, financing in reality” transactions while taking out trade credit insurance. When the counterparty failed to repay, the foreign enterprise applied for trade credit insurance claims, obtaining huge insurance compensation. The court ruled that the foreign enterprise knowingly fabricated insurance objects, committing insurance fraud.

    We advise all companies to pay special attention to whether the insurance types match, whether the insurance content is genuine, and whether the claims are legal and compliant when insuring and claiming, to avoid falling into the scope of criminal regulation of insurance fraud.

    Through the above analysis, we can find that insurance fraud has severely disrupted the order of the financial market. The organized and professional nature of such crimes not only causes significant losses to insurance companies but also affects the legitimate claims of ordinary policyholders. Our team will promptly track typical cases and enforcement updates related to insurance fraud to provide you with more professional legal services.

    [1] The Ministry of Public Security held a press conference to report on the effectiveness of the joint deployment of the Ministry of Public Security and the State Administration of Financial Supervision to carry out special measures to crack down on insurance fraud, https://www.mps.gov.cn/n2254536/n2254544/n2254552/n9908722/index.html

    [2] Article 51, Supreme People’s Procuratorate and Ministry of Public Security Regulation on the Filing and Prosecution Standard for Criminal Cases within the Jurisdiction of Public Security.

    [3] See Jiangsu Provincial High People’s Court, Jiangsu Provincial People’s Procuratorate, Jiangsu Provincial Department of Public Security released Meeting Minute for Enhancing Management of Economic Crimes.

    [4] See Guangdong Provincial High People’s Court Guiding Opinion on Relevant Specific Issues Relating to Managing Crimes of Disrupting the Order of the Socialist Market Economy; Zhejiang Provincial High People’s Court Opinion on the Sentencing Conditions and Amount Standard for Certain Crimes; Tianjin Municipal High People’s Court, Tianjin Municipal People’s Procuratorate, Tianjin Municipal Department of Public Security, Tianjin Municipal Department of Justice released Opinion on the Amount Execution Standard and Sentencing Conditions Standard for Certain Crimes under the Criminal Law.

    [5] Employer Liability Insurance Disputes: Can Third Party Claim Insurance Pay?, wechat public account “Shanghai High Court” article published on March 6, 2025.

    [6] Ibid. at n 1.

    [7] Ibid.

    On January 23, 2025, the Anti-Monopoly and Anti-Unfair Competition Commission under China’s State Council officially released the PRC Anti-Monopoly Guidelines for the Pharmaceutical Sector (“the Pharmaceutical Guidelines”). From release of the draft for public comments on August 9, 2024, to its formal issuance on January 23, 2025, it took only around six months. The Pharmaceutical Guidelines is composed of 7 chapters including 55 articles, fully encompassing traditional Chinese medicine, chemical drugs, and biological products, and addressing various parts of the value chain such as manufacturing and commercial practices.

    This article interprets key provisions of the Pharmaceutical Guidelines and analyzes frequent anti-monopoly risks in China for pharmaceutical companies, with the view to share some insights based on the real-life enforcement and judicial cases.

    I. More Tolerant Approach to Joint R&D Agreements Does Not Mean Absence of Risks

    Compared to the draft, the final version of the Pharmaceutical Guidelines adopts a more permissive stance toward reasonable restrictions in joint R&D agreements. Article 11 of the Pharmaceutical Guidelines deletes the third and fourth sub-paragraphs in the draft, which stated “restricting R&D activities in fields unrelated to the joint R&D agreement” and “restricting R&D activities in fields related to the joint R&D agreement after its completion”. These changes exclude such conducts from per se illegal horizontal monopoly agreements, signaling enforcement authorities’ tolerant stance to some extent. Additionally, Article 18 clarifies that joint R&D activities suspected of constituting monopoly agreements may seek exemption under Article 20 (1) of the Anti-Monopoly Law (“AML”), e.g., technical improvement and new product development.

    These amendments indicate that joint R&D agreements are not automatically exempt from anti-monopoly regulation. However, anti-monopoly enforcement authorities tend to conduct a case-by-case analysis when scrutinizing such agreements. If an agreement embodies restrictions on members’ R&D activities beyond its scope, the authorities may examine whether such restrictions are necessary to achieve efficiency or other legitimate objectives, whether the duration and scope of the restrictions are reasonable, and whether less restrictive alternatives exist that would have a lesser impact on competition, in order to determine whether the agreement constitutes a monopolistic agreement.

    That said, we recommend pharmaceutical companies to proceed with caution when entering into joint R&D agreements. When drafting agreements that include R&D restrictions, it is crucial to carefully assess whether such restrictions are indispensable for the joint R&D, whether their duration and conditions exceed reasonable limits, and to rigorously evaluate their actual impact on market competition in the specific context.

    II. Special Provisions and Considerations for Pay-for-delay   

    In the Saxagliptin Tablets case, the Supreme People’s Court (“SPC”) ruled on the application for withdrawal of appeal and made the first preliminary anti-monopoly review of reverse payment agreements for pharmaceutical patents. The SPC affirmed that courts have the authority to assess whether agreements resembling reverse payment agreements violate the AML and clarified the scope and methodology for such reviews.

    The Pharmaceutical Guidelines explicitly states in Article 13 that reverse payment agreements may constitute horizontal monopoly agreements. First, Article 13 establishes that there is an actual or potential competitive relationship between the originator drug patent holder and the generic drug applicant. It defines a reverse payment agreement as an arrangement in which “the originator drug patent holder, without justifiable reasons, provides or promises to provide direct or indirect financial compensation to the generic drug applicant, who in turn makes non-competitive commitments, such as refraining from challenging the validity of the originator drug’s patent rights, delaying entry into the relevant market, or refraining from selling generic drugs in specific regions”. Furthermore, Article 13(2) of the Pharmaceutical Guidelines outlines the factors to be considered when determining whether a reverse payment agreement constitutes a monopoly agreement, including: (1) whether the financial compensation provided or promised by the originator drug patent holder to the generic drug applicant is significantly higher than the costs associated with resolving the originator drug patent disputes and lacks a reasonable justification; (2)whether the agreement effectively extends the market exclusivity period of the originator drug patent holder or hinders or impedes or delays the entry of generic drugs into the relevant market; (3) other factors that exclude or restrict competition in the relevant market. Compared with the draft, the final version of the Pharmaceutical Guidelines removes the consideration of “the likelihood of the originator drug patent being declared invalid if the generic drug applicant files a patent invalidation request”.

    Regarding reverse payment agreements, Article 20 of the Explanations of the Supreme People’s Court on Several Issues Concerning the Application of Law in the Trial of Civil Disputes Involving Monopolies (“the Anti-Monopoly Law Judicial Interpretation”) clarifies that an agreement between a generic drug applicant and an originator drug patent holder constitutes a horizontal monopoly agreement if it meets the following conditions: (1) the originator drug patent holder provides or promises to provide unjustifiable financial or other forms of compensation to the generic drug applicant; and (2) the generic drug applicant commits to refraining from challenging the validity of the originator drug patent or delaying entry into the relevant market. Compared with the Anti-Monopoly Law Judicial Interpretation, the Pharmaceutical Guidelines further refines the criteria for determining whether the compensation is “unjustifiable”, specifically, “whether it is significantly higher than the costs reasonably associated with resolving the originator drug patent disputes and lacks a reasonable justification”. Meanwhile, the Pharmaceutical Guidelines adopts a more general description of the effects of reverse payment agreements, rather than specifying specific behavioral manifestations such as “committing not to challenge” as listed in the Anti-Monopoly Law Judicial Interpretation. These distinctions indicate that the Pharmaceutical Guidelines places greater emphasis on the substance and competitive effects of reverse payment agreements.

    In light of this, we recommend pharmaceutical companies to proceed with caution when entering into settlement agreements between originator drug companies and generic drug companies in the context of patent infringement disputes. Particular attention should be given to assessing the likelihood of the originator drug patent being declared invalid, the presence of financial compensation, the existence of justifiable reasons, whether the compensation is significantly higher than dispute resolution costs, whether the generic drug applicant is required to refrain from challenging the patent, and whether the agreement effectively extends the market exclusivity period of the originator drug company or impedes market entry.

    III. Risks of Price Maintenance in the Pharmaceutical Distribution Sector

    The pharmaceutical distribution sector has consistently been a focal point for anti-monopoly enforcement and judicial scrutiny in China. Typical cases, such as the Yangtze River Pharmaceutical Case, Zizhu Pharmaceutical Case, and Hainan Yishun Case, all involve such practices.

    The Pharmaceutical Guidelines specifically stipulates fixed resale prices and minimum resale price restrictions (Resale Price Maintenance) in Articles 14 and 15, clarifying the risks of “unfair price manipulation” that may arise in pharmaceutical distribution practices. First, Article 14(1) stipulates the general circumstances under which a vertical price monopoly agreement is established, including: (1) Fixing price levels, price fluctuation ranges, or setting a minimum resale price for drugs through written agreements, oral agreements, price adjustment letters, price maintenance notices, or other means; (2)Indirectly fixing resale prices or establishing minimum resale prices by fixing or limiting profit margins or other transaction-related fees such as discounts, rebates, or handling fees.

    Second, Article 14(2) clarifies the specific ways in which price-fixing agreements are implemented, including:

    • Punitive measures, such as reducing rebates or discounts, imposing penalties or requiring deposits for breach of contract, refusing to supply goods, or terminating agreements;
    • Incentive measures, such as providing rebates or discounts, prioritizing supply, or offering additional support;
    • Monitoring and supervision, such as examining the sales records and invoices of transaction counterparts, engaging third-party monitors, or utilizing data analytics and algorithms.

    Third, Article 14(3) establishes the presumption rule for determining whether a pharmaceutical company and its transaction counterpart have reached an RPM arrangement. The anti-monopoly enforcement authorities presume that such agreements exclude or restrict competition and thus constitute a monopoly agreement, unless the pharmaceutical companies can present evidence demonstrating that the agreement does not have such effects. The Pharmaceutical Guidelines also provides guidance on the types of evidence pharmaceutical companies may collect, including:

    • The agreement does not restrict intra-brand competition or create cumulative adverse competitive effects;
    • The agreement does not restrict inter-brand competition or create cumulative adverse competitive effects;
    • The agreement does not lead to higher drug prices, reduced drug supply, or increased market entry barriers.

    These provisions align with Article 22 of the Anti-Monopoly Law Judicial Interpretation, which outlines the SPC’s approach in assessing whether RPM arrangements exclude or restrict competition. Specifically, the following factors are considered:

    • The market power of the defendant in the relevant market and the cumulative adverse competitive effects of the agreement;
    • Whether the agreement increases market entry barriers, hinders more efficient business models, or restricts intra-brand or inter-brand competition;
    • Whether the agreement has pro-competitive effects, such as preventing free-riding, promoting inter-brand competition, maintaining brand image, improving pre-sales or after-sales services, or fostering innovation, and whether these effects are necessary to achieve.

    Based on the above provisions, Article 22 of the Anti-Monopoly Law Judicial Interpretation takes pro-competitive effects into account when evaluating RPM arrangements. Combined with the Pharmaceutical Guidelines, this framework provides pharmaceutical companies with clearer direction in collecting both defensive and countervailing evidence.

    Finally, Article 15 of the Pharmaceutical Guidelines further clarifies circumstances that do not constitute vertical price monopoly agreements, including: (1) where a pharmaceutical company entrusts an agent to sell drugs and determines the sales price or other transaction conditions related to the agency business; (2) where a pharmaceutical company bids or negotiates prices under centralized drug procurement rules, and its transaction counterpart sells drugs to terminal medical institutions at the agreed-upon price within the procurement framework; (3) where a pharmaceutical company retains control over the sales and promotion of drugs and sets the sales price, while its transaction counterpart provides only auxiliary services such as importation, delivery, invoicing, and technical support.

    With regard to the risks of RPM in the pharmaceutical distribution sector, we believe that the risk is relatively low in cases involving agency relationships, centralized procurement, and intermediary services. However, RPM is kindly of presumed illegal in practice, whether implemented directly or indirectly, and thus carries significant legal risks.

    Given the relatively strict standard of burden of proof required for pharmaceutical companies to demonstrate that an agreement does not exclude or restrict competition, we recommend that companies continuously collect and retain favorable evidence in their daily operations in accordance with the Pharmaceutical Guidelines and the Anti-Monopoly Law Judicial Interpretation.

    IV. “Organization” and “Substantial Assistance” in Monopoly Behaviors in the Pharmaceutical Sector

    Based on the new provisions regarding the illegality and legal liability of “organization” and “provision of substantial assistance” in monopoly agreements, introduced in the 2022 revision of the AML, the Pharmaceutical Guidelines delineates and refines provisions addressing behaviors that may constitute “organization” and “substantial assistance” in the pharmaceutical sector.

    • Online trading platforms or third-party operators that exercise decisive control over the scope, primary content, or implementation conditions of monopoly agreements formed or executed by pharmaceutical entities;
    • Organizing, coordinating, or facilitating the acquisition or exchange of competitively sensitive information among competing pharmaceutical companies, thereby enabling the conclusion or execution of Monopoly Agreements;
    • Providing material support, establishing critical facilitative mechanisms, or delivering other substantive assistance for the conclusion or execution of monopoly agreements via price-monitoring services or the strategic use of platform rules, data analytics, and algorithmic tools.

    In light of these provisions, we strongly advise operators of online pharmaceutical trading platforms and price-monitoring service providers to exercise heightened caution regarding the sharing of competitively sensitive information with other market participants.

    V. Determination of Excessive pricing in the Pharmaceutical Sector

    Unfairly high pricing (excessive pricing) is the most-frequent-fined abusive behavior in the pharmaceutical sector. Among the 15 cases of abuse of market dominance in the pharmaceutical sector from 2015 to date, 9 cases involve excessive pricing.

    No.Case NameRelevant MarketParties InvolvedType of BehaviorPenalty
    1Abuse of market dominance by Jiangxi Xiangyu Pharmaceutical Co., Ltd. (2024)China-wide Iodized Oil Active Pharmaceutical Ingredient (API) MarketDistributorUnfairly High PriceFines: 4% of 2019 sales of the party involved
    2Abuse of market dominance by Shanghai No.1 Biochemical & Pharmaceutical and Others (2023)China-wide Injectable Polymyxin B Sulphat MarketWuhan Huihai, Wuhan Kede and Minkang: API distributors Shanghai B&P: Formulation ManufacturerUnfairly High PriceConfiscation of illegal gains; Fines: 8% of 2022 sales of Wuhan Huihai and Wuhan Kede; 3% of 2022 sales of Minkang Pharmaceutical and Shanghai B&P
    3Abuse of market dominance by Tianjin Jinyao Pharmaceuticals Co., Ltd. (2023)China-wide Carmustine Injection MarketManufacturerUnfairly High PriceConfiscation of illegal gains; Fines: 2% of 2019 sales
    4Abuse of market dominance by Northeast Pharmaceutical Group Co., Ltd. (2023)China-wide Levocarnitine API MarketManufacturerUnfairly High PriceFines: 2% of 2018 sales
    5Abuse of market dominance by Nanjing Ningwei Pharmaceutical Co., Ltd. (2021)China-wide Chlorpyrifos API MarketDistributorUnfairly High Price, Imposing Unreasonable ConditionsConfiscation of illegal gains; Fines: 4% of 2019 sales
    6Abuse of market dominance by Shangqiu Xinxianfeng Pharmaceutical Co., Ltd. (2021)China-wide Phenol API MarketDistributorUnfairly High PriceConfiscation of illegal gains; Fines: 1% of 2016 sales
    7Abuse of market dominance by Shandong Kanghui Pharmaceutical Co., Ltd. et al. (2020)China-wide Injectable Calcium Gluconate API MarketDistributorUnfair High Price, Imposing Unreasonable ConditionsConfiscation of illegal gains; Fines:10%, 9%, and 7% of 2018 sales respectively
    8Abuse of market dominance by Hunan Erkang Pharmaceutical Management Co., Ltd. and Others (2018)China-wide Chlorpheniramine API MarketHunan Erkang: Distributor Henan Jiushi: ManufacturerUnfairly High Price, Tying, Refusal to TradeConfiscation of illegal gains; Fines: 8%, 4% of 2017 sales of the respective parties involved
    9Abuse of market dominance by Tianjin Handwei Pharmaceutical Co., Ltd. and Others (2017)China-wide Pharmaceutical Grade Isoniazid API MarketManufacturerUnfairly High Price, Refusal to TradeFines: 2% of 2016 sales in the relevant market

    The Pharmaceutical Guidelines further refines the factors for determining unfair high-priced sales of drugs, including:

    • The sales price of the drug is significantly higher than that of other companies selling the same or comparable drugs under the same or similar market conditions;
    • The sales price of the drug is significantly higher than the price charged by the same company for the same or comparable drugs in different regions under identical or similar market conditions;
    • The sales price of the drug is significantly higher than the price charged by the same company for the same or comparable drugs at different times under identical or similar market conditions;
    • The sales price of the drug is increased beyond the normal range while the cost remains stable;
    • The price increase of the drug is significantly higher than the cost increase when the cost rises;
    • The sales price of the drug is improperly inflated through fictitious transactions or layer-by-layer price increases.

    In anti-monopoly enforcement practice, authorities typically comprehensively assess these factors to determine whether a pharmaceutical company has engaged in excessive pricing. For example, in the case of abuse of market dominance by Shanghai No.1 Biochemical & Pharmaceutical and Others, the Shanghai Municipal Administration for Market Regulation identified unfair pricing practices including: (1) The price-to-cost ratio of Polymyxin B Sulfate for Injection was significantly higher than that of other formulations on the same production line; (2) Unjustified price escalation through layered price increases in API sales transfers; (3)Domestic prices for Polymyxin B Sulfate for Injection were substantially higher than those in other countries/regions during the same period.

    In light of this, we recommend that pharmaceutical companies continuously monitor market competition dynamics, their own market power, and shifts in market share; rigorously evaluate pricing and price adjustment strategies to avoid unfairly high-priced conduct.

    VI. Patent Hopping May Also Constitute Abuse of Market Dominance

    Patent hopping, also known as product hopping, refers to a strategy whereby a company secures new patent protections through modifications or updates to an existing product as its original patent nears expiration, thereby extending market exclusivity and blocking generic competition. Patent hopping is categorized into two forms: “hard hopping” and “soft hopping”. Hard hopping occurs when the originator pharmaceutical company discontinues sales of the original patented drug shortly after launching the new patented product, typically before generics enter the market. Soft hopping involves maintaining the original patented drug on the market while introducing a new patented version. Patients and physicians retain the freedom to choose the original drug, though the new version may offer optimized efficacy, reduced side effects, or other enhancements that incentivize preference for the updated product.

    The Pharmaceutical Guidelines explicitly stipulates that a pharmaceutical patent holder with a dominant market position may engage in abusive conduct if it obtains a new drug patent by modifying existing patented technical solutions (e.g., reformulating a drug) and implements product hopping (e.g., discontinuing sales or repurchasing original patented drugs) to transition to the new patented drug, thereby obstructing effective competition from generic drug operators. Key factors for analyzing product hopping include:

    • Whether the new patented drug fails to substantially enhance therapeutic use, efficacy, or safety compared to the original;
    • Whether generic operators had planned to launch competing drugs during the transition from the original to the new patented product;
    • Whether the transition hinders or delays generic market entry or effective competition;
    • Whether the transition substantially limits options for patients and physicians;
    • Whether legitimate reasons exist for the transition (e.g., public health benefits).

    There have been no anti-monopoly enforcement cases involving patent hopping in China. However, the EU and the US have had multiple practices regarding the illegality of patent hopping. For example, in the US cases of Abbott Labs v. Teva Pharms, Walgreen Co. v. AstraZeneca Pharmaceuticals L.P., Mylan Pharma Inc. v. Warner Chilcott Pub. Ltd.. Especially in New York ex rel. Schneiderman v. Actavis PLC, the distinction between hard and soft hopping behaviors was proposed. In the EU, there are cases such as Omeprazole and Gaviscon. For example, in the Omeprazole case, the European Commission found that AstraZeneca’s abusive patent behavior included:

    • Securing a Supplementary Protection Certificate for Losec (Omeprazole) by submitting “misleading information” to patent offices in Germany, Belgium, Denmark, and other jurisdictions prior to the expiration of the drug’s patent term;
    • Revoking the marketing authorization for Losec capsules in Denmark, Norway, and Sweden, while concurrently filing for new patent rights on Losec tablets.

    Regarding patent hopping, we recommend that operators exercise vigilance against high-risk practices during patent strategy planning, such as: (1) directly discontinuing sales of the legacy patented drug from the market; or (2) extending patent exclusivity through non-substantive modifications to hinder generic drug entry. Key factors for assessing substantive modifications include whether the new drug patent changes its use, efficacy, or safety profile of the drug. Non-substantial modifications may include formulation changes, combination drugs, dosage adjustments, marginal expansion of indications, non-critical manufacturing process adjustment and minor route-of-administration modifications. In addition, operators should continuously monitor the enforcement activities of market supervision authorities regarding patent hopping behaviors.

    VII. Collective Abuse of Dominance Requires Caution

    One of the key innovations in the Pharmaceutical Guidelines is the introduction of the concept of “collective abuse of dominance”, which is worthy of the attention of pharmaceutical companies. Article 29 of the Pharmaceutical Guidelines stipulates that “where two or more pharmaceutical companies engage in drug production or distribution activities in a collaborative manner and abuse their dominant market position through coordinated conduct, anti-monopoly enforcement authorities may, based on case-specific circumstances, deem such pharmaceutical companies as joint perpetrators of abuse of dominant market position.” The existence of such collaboration can be assessed from multiple perspectives: (1) whether the companies participate in or control the same or different segments of the pharmaceutical supply chain; (2) whether they divide roles in drug procurement, production, or sales; (3) whether their respective actions are indispensable to the implementation of monopolistic conduct; (4) whether they jointly obtain and distribute monopoly profits.

    It should be noted that the concept of “collective abuse of dominance” introduced in the Pharmaceutical Guidelines represents a departure from traditional anti-monopoly enforcement theories such as the “single economic entity” doctrine and “abuse of collective dominance”. The “single economic entity” theory treats multiple entities as a unified entity with a common intent. The “abuse of collective dominance” theory applies when multiple entities collectively holding dominant positions in the same relevant market engage in abusive conduct, with all entities operating within the same segment of the pharmaceutical supply chain. However, the Pharmaceutical Guidelines explicitly defines “collective abuse of dominance” to apply even when the involved entities operate in different segments of the supply chain.

    The analysis and application of “collective abuse of dominance” have been observed in the case of Abuse of Market Dominance by Shanghai No.1 Biochemical & Pharmaceutical and Others. In this case, Wuhan Huihai controlled the supply of the API for injectable polymyxin B sulfate by establishing agency relationships and offering benefits to other companies to prevent them from selling the API. Shanghai No.1 Biochemical & Pharmaceutical (“Shanghai B&P”) reached an agreement with Wuhan Huihai, whereby Wuhan Huihai would supply the API, Shanghai B&P would manufacture the formulation, and Wuhan Huihai would be granted exclusive distribution rights for the formulation. Shanghai B&P charged a processing fee, while both parties jointly determined bidding strategies. Through their close collaboration, Shanghai B&P and Wuhan Huihai sold injectable polymyxin B sulfate at inflated prices and shared monopoly profits. In this case, although Wuhan Huihai was both the API supplier and the formulation distributor, while Shanghai B&P was the formulation manufacturer, the two entities operated in different segments of the industry chain. Nevertheless, anti-monopoly enforcement authorities applied the concept of “collective abuse of dominance” and ultimately determined that Wuhan Huihai and Shanghai B&P were joint perpetrators of the abuse of dominant market position.

    In light of this, we suggest pharmaceutical companies to closely monitor market competition dynamics, shifts in market power, and changes in market share. Even when cooperating with upstream or downstream operators, they should carefully assess whether their conduct could be deemed an abuse of dominant market position to mitigate legal risks.

    *Thanks to intern Zhao Jiawen for her contribution to this article.

    Tracey Tang and Art Dicker

    Artificial intelligence has become a central pillar of China in its drive to become an advanced economy.  The development of AI has enjoyed tremendous government support, benefitting from a large population and data collected in China through various digital platforms.  As such, China has been at the forefront of adopting national legislation governing AI to give guidance to companies and to create a safe environment for its adoption. In addition to imposing restrictions on the development and use of AI in China, these regulations aim to present the government’s pro-growth attitude towards AI and delineate the roles and responsibilities of various stakeholders in AI governance.

    The United States has relied more on existing agencies expanding their existing scope to cover AI use and development, by and large encouraging its dynamic private sector to develop AI through entrepreneurship. 

    In this article, we look deeper and compare the approaches to regulation and law enforcement activities in both countries.

    Transparency  and Fair Competition when Using Algorithms  

    China has been proactive in looking at the design and deployment of algorithms.  The focus in particular has been on the application of algorithm-powered recommendation technologies, including AIGC, personalized push,   automated decision-making, and other relevant online services. 

    One of the key regulations has been the Administrative Provisions on Algorithm Recommendations for Internet Information Services promulgated in 2021 (Algorithm Regulation).  It enables the Cyberspace Administration of China (CAC) to require platforms to be more open and transparent about the recommendation systems they use and publicize the basic principles, purpose and major mechanisms of the algorithm in use. In addition, it allows users to be able to opt-out of the algorithm to avoid profiling.  In case the algorithm may have a significant impact on a user’s rights or interests, the service provider must provide reasonable explanations and will be held liable for any misuse.  Details of the algorithms have to be filed with the CAC if the services can shape public opinions, so that (in theory), they can be looked at for potential biases and abuse.

    On the protection of public interests, the Algorithm Regulation specifically empathizes the importance of protecting vulnerable groups. In particular, businesses shall tailor the algorithm-powered recommendations for minors and elders according to their specific needs as well as their mental and physical conditions, and shall avoid using algorithms to make minors addictive to online services (e.g. video games or video streaming) or expose elders to telecommunication frauds. When using algorithms to assign tasks to contract workers, workers’ rights to obtain compensation and rest must be protected.

    On the promotion of fair competition in online services, the Algorithm Regulation prohibits businesses from using algorithms to interfere, undermine or impose unreasonable restrictions on other businesses.

    The U.S. does not have a law focused on algorithms.  Certain government agencies instead use their existing authority to try to protect the public.  For example, the Federal Trade Commission (FTC) can police “unfair or deceptive practices” that might be related to misleading claims about the capabilities of AI, or how use of AI can lead to discriminatory outcomes. 

    There have also been some attempts to legislate directly on AI.  For example, a bill called the Algorithmic Accountability Act has been introduced in Congress which would mandate developers to audit AI systems for bias and privacy risks.  But to date, this legislation has not been adopted.  Finally, there have also been voluntary guidelines proposed, for example, by the National Institute of Standards and Technology (NIST) and its proposed AI Risk Management System which would have developers adopt best practices for managing risk and promoting transparency in their algorithms.

    Data Protection and Privacy

    AI and personal data go hand in hand.  China has developed a comprehensive set of regulations governing data, and this has been useful to adapt to the need for oversight of AI as well.  The data regulation framework consists of the Cybersecurity Law, which mandates network operators to store certain data within China, the Data Security Law which lays out how data related to national security should be protected, and the Personal Information Protection Law, which is similar to Europe’s GDPR and sets forth the need for obtaining user consent and limiting use of individual’s data. When using data to develop or apply AI technologies, businesses must comply with all applicable data protection regulations.  Businesses that offer AI-powered tools to edit biometric information of a person (such as face or voice) must remind users to notify and seek separate consent from that person.

    The U.S., by contrast, does not have an overarching set of data regulations.  There is merely a mix of laws which govern how different types of data should be handled by industry.  For example, certain medical data is regulated by the Health Insurance Portability and Accountability Act (HIPAA).  Certain financial records data is governed by the Gramm-Leach-Bliley Act (GLBA). 

    States have also stepped into the void – the California Consumer Privacy Act (CCPA) provides some protection to California residents on how AI systems can collect and manage personal data.  Virgina and Colorado have their own unique data privacy laws and requirements as well.

    Copyrights

    One point where China and the U.S. differ is on whether works generating using AI can be copyrighted.  The U.S. has consistently taken the position that copyrights are for original works of authorship.  Authorship has been interpreted by courts and the U.S. Copyright Office to mean having a human creator.  This traces back to the Naruto v. Slater case in which it was determined that a work made by a non-human (monkey) cannot be copyrighted.  This has been extrapolated by courts and the U.S. Copyright Office to mean works without meaningful human authorship, such as AI generated content, are not able to enjoy copyright protection. 

    One relatively recent decision was “Zarya of the Dawn” in 2023 in which the Copyright Office ultimately determined that a graphic novel which had contained images using an AI image generator distinguished between the text arrangement that went along with the images (which was copyrightable) and the images themselves where were not.  Notably though, substantial editing of content originally generated by AI may turn the content into a work that can be copyrighted.

    Unlike in the US where consensus has almost been reached on the copyrightability of AI generated content, in China it remains very controversial when it comes to whether the courts may grant copyright protection to content generated by AI. This is especially true when a plaintiff claims it has put substantial efforts to cause the creation of the AI generated content in dispute. On the one hand, there is no authority in China like the U.S. Copyright Office that has power and responsibility to issue its authoritative opinions on the copyrightability of certain works; on the other hand, Chinese courts seem to take different views in different cases when deciding whether a specific work generated by AI is copyrightable. A few court judgements recognized the AI generated images at issue are entitled to copyright protection because they meet the statutory standards of a work under China Copyright Law—the process of inputting quite complicated prompts and using AI tools to generate, modify and polish the images can be regarded as human’s intellectual activities while AI software is equivalent to a tool (e.g. a camera) which assists human authors to create works. However, these cases are likely to have very limited influence on future ones, as China does not follow a case law system; moreover, some judgements became final without review by higher courts, and the courts’ controversial reasoning has drawn significant criticism.

    Enforcement and Penalties

    While some might argue the more relaxed approach the U.S. takes is important to foster innovation using AI, one might also argue that having a comprehensive set of regulations governing AI at a national level would provide needed clarity to businesses engaged in developing and using AI.

    In reality, in both the U.S. and China, multiple government agencies are involved in regulating the space and in particular, enforcement.  In China, the mix of enforcement agencies includes the CAC and the Ministry of Public Security, among others.  Under the Personal Information Protection Law, violations can include up to RMB 50 million (approx.. US$7 million) or 5% of the previous year’s revenue.  The Data Security Law can also include penalties, and may lead to businesses being forced to temporarily or permanently shut down.

    Enforcement in the U.S. is, as expected, a combination of efforts at the state and federal levels.  The FTC can impose fines against companies found to be engaging in unfair or deceptive practices.  It can also enforce consent orders that place long-term restrictions on how organizations use data.  The Food and Drug Administration (FDA) enforces special rules for AI powered medial devices, for example.  Developers must demonstrate efficacy and safety through approval pathways such as premarket submissions or De Novo classifications.  The Securities and Exchange Commission (SEC) and the Commodity Futuers Trading Commission (CFTC) also watch over robo advisory and AI use in trading.

    States often have their own enforcement, for example, the Illinois Biometric Information Privacy Act (BIPA), which allows private lawsuits to police AI data policies.

    Going Forward

    Rules on AI for both China and the US continue to evolve. For example, in both China and the U.S., Chinese cities and provinces and U.S. states are adopting biometric privacy laws (for example, on facial recognition) to address AI-related data collection.

    More regulation on fairness of algorithms vis-à-vis consumers is also expected.  Chinese regulators have been out ahead on this front, and the US FTC has also made prominent warnings against biased AI.  Expect fairness audits and transparent reporting to eventually become the norm.

    It is becoming clear that even though China and the United States have their own distinctive legal structures, both recognize that AI calls for robust oversight for use of personal data and algorithms in particular.  It would  not be surprising if in fact, the two approaches even started to converge a bit over time.

    Art Dicker is Managing Partner of Parkwyn Legal, a boutique U.S. law firm focused on helping Chinese companies expand in the U.S.  Art lived and worked in China for 16 years and is fluent in Mandarin.

    Abstract

    This article analyses the definition, regulatory framework, and compliance challenges surrounding Sensitive Personal Information (SPI) under China’s Personal Information Protection Law (PIPL) and related standards. For enterprises, accurately identifying SPI within their data ecosystems is critical to the PIPL compliance efforts. Organisations must continually assess risks tied to data practices, particularly amid challenges posed by big data and algorithmic profiling.

    The definition of SPI

    Sensitive personal information (SPI) in China is defined by Article 28 of the Personal Information Protection Law (PIPL) as:

    Sensitive personal information refers to personal information that, once leaked or illegally used, will easily lead to infringement of the human dignity or harm to the personal or property safety of a natural person, including biometric recognition, religious belief, specific identity, medical and health, financial account, personal location tracking and other information of a natural person, as well as any personal information of a minor under the age of 14.

    It can be observed from this definition that the core definition of SPI is risk-based and involves assessing whether a hypothetical leak or the illegal use of such information will “easily lead to the infringement of human dignity or harm” to a person or property.

    The definition also contains some very high-level examples of categories of personal information (PI) that legislators believe are included within the scope of SPI. Such examples do not appear to function as a limitation on the scope of SPI and seem to merely serve an illustrative function.

    The implications of processing SPI

    The intended or actual processing of SPI creates various compliance obligations that a PI processor must fulfil to comply with the PIPL. Those compliance obligations include:

    • Being transparent (PIPL, Article 7).
    • Implementing strict protection measures (PIPL, Article 28).
    • Seeking separate consent (PIPL, Article 29).
    • Explaining the necessity of processing (PIPL, Article 30).
    • Explaining the impact of processing (PIPL, Article 30).
    • Providing adequate notices (PIPL, Articles 17 and 30).
    • Making regulatory filings (PIPL, Article 38; Provisions on Promoting and Regulating Cross-border Data Flows)
    • Conducting Personal Information Protection Impact Assessments (PIPL, Article 55).

    Please note that any failure to comply with the PIPL can result in regulators demanding a third-party audit of processing activities or issuing penalties.

    In an age of big data and algorithms that can identify whether someone is pregnant from their online browsing activities, the definition of SPI creates major practical problems with significant knock-on effects.

    GB/T 35273-2020

    Since SPI entails stricter processing obligations, identifying SPI has long been a key concern for enterprises.

    Even before the release of the PIPL, GB/T 35273-2020 “Information security technology— Personal information security specification” had already provided definitions for PI and SPI, along with examples of relevant scenarios.

    It is commonly considered that the PIPL is supplemented by the recommended national standard GB/T 35273-2020, which provides a classification table in Annex B that identifies data elements that are considered SPI as follows:

    CategoryTypical Examples
    Personal property informationBank account, authentication information (password), bank deposit information (including amount of funds, payment and collection records), real estate information, credit records, credit information, transaction and consumption records, bank statements, etc., and virtual property information such as virtual currency, virtual transaction and game CD Keys.
    Physiological and health informationThe records generated in connection with medical treatment, including pathological information, hospitalisation records, physician’s instructions, test reports, surgical and anaesthesia records, nursing records, medicine administration records, drug and food allergy, fertility information, medical history, diagnosis and treatment, family illness history, history of present illness, history of infection.
    Personal biometric informationPersonal genes, fingerprint, voice print, palm print, auricle, iris, facial recognition features, etc.
    Personal identity informationID card, military officer certificate, passport, driver’s license, employee ID, social security card, resident certificate, etc.
    Other informationSexual orientation, marriage history, religious preference, undisclosed criminal records, communications records and content, contacts, friends list, list of chat groups, records of whereabouts, web browsing history, precise location information, accommodation information, etc.

    While GB/T 35273-2020 is merely a recommended national standard without legal force, it is highly respected and referred to in the Standard Contract for Outbound Transfer of Personal Information issued by the Cyberspace Administration of China (CAC) in Schedule 1 as follows:

    “(V) Types of exported sensitive personal information (refer to the Information Security Technology — Personal Information Security Specification of GB/T 35273 and relevant standards, if applicable)…”

    While the Annex B table can be considered more comprehensive than Article 28 of the PIPL, it is certainly not exhaustive.

    Practice Guide to Identifying SPI

    In September 2024, the National Technical Committee 260 on Cybersecurity of Standardisation Administration of China (TC260) issued the normative standards document TC260-PG-20244A, “Cyber Security Standards Practice Guide – A Guide to Identifying Sensitive Personal Information” (SPI Guide). The SPI Guide provides additional guidance concerning SPI and common examples of SPI.

    Key criteria for identifying SPI under the SPI Guide

    The SPI Guide elaborates on the risk assessment criteria that should be considered to identify SPI. According to Article 3 a) of the SPI Guide, if any of the following criteria can be met in the event PI is leaked or illegally used, such PI should be considered SPI:

    PI is likely to cause a natural person’s human dignity to be infringed

    It seems that an infringement of human dignity needs to be probable (as opposed to possible), as indicated by the word “likely”, for this criterion to apply.

    Human dignity is a very high-level concept not defined within the PIPL. The notes within the SPI Guide suggest that:

    Note 1: Situations that likely lead to the infringement of an individual’s personal dignity include “doxxing,” illegal intrusion into online accounts, telecom fraud, damage to personal reputation, and discriminatory differential treatment. Discriminatory differential treatment may result from the leakage of information related to an individual’s specific identity, religious beliefs, sexual orientation, particular diseases, or health conditions.

    It is worth noting that human dignity appears to be an umbrella concept within the SPI Guide that includes other rights with their own characteristics. For instance, the right to privacy is protected within Chapter 6 of the Civil Code and is described within Article 1032 as follows:

    Privacy is the undisturbed private life of a natural person and his private space, private activities, and private information that he does not want to be known to others.

    Given the use of cross-references within the SPI Guide’s concept of human dignity, the scope of SPI may be more uncertain and wider than many previously thought.

    PI is likely to cause a natural person’s personal safety to be jeopardised

    The word “likely” is used once more for this criterion. It seems that an infringement of personal safety needs to be probable (as opposed to possible), as indicated by the word “likely”, for this criterion to apply.

    Given that human dignity includes “the right to life, body, [and] health”, it seems that this criterion overlaps somewhat with “PI is likely to cause a natural persons’ human dignity to be infringed”.

    The note within the SPI Guide suggests that:

    Note 2: For example, the leakage or illegal use of personal whereabouts and track information may pose a threat to their personal safety.

    The note within the SPI Guide is somewhat limited in scope and may be of limited practical use.

    In practice, PI processors will need to identify all possible risks arising from the leakage or illegal use of PI. If any of those risks likely lead to an individual being physically harmed, then the PI should be classified as SPI.

    PI is likely to cause a natural person’s property safety to be jeopardised

    The word “likely” is used for this criterion as well. As such, the probability of harm to property appears to be all that is required for this criterion to apply.

    The note within the SPI Guide suggests that:

    Note 3: For example, disclosure or illegal use of financial account information may cause property losses to the personal information subject.

    While clear, this example is rather narrow. In such circumstances, we believe that assessing this criterion would, in practice, require an understanding of property and the connection between such property and PI.

    Highest protection standard for data combinations

    The SPI Guide suggests that it is necessary to consider whether PI is SPI on both an item-by-item basis and as a whole after combination. It then states that if a combination of PI is identified as SPI, that combination of data should be protected as SPI.

    Article 3 c): It is necessary to consider both the identification of individual sensitive personal information and the overall attributes of multiple general personal information elements when aggregated or combined. An analysis should be conducted to assess the potential impact on personal rights if such information is leaked or misused. If the conditions described in 3 a) are met, the aggregated or combined personal information should be identified and protected as sensitive personal information.

    Commonly used SPI

    The SPI Guide describes and provides examples of the following categories of SPI:

    CategoryDescriptionTypical examples
    Biometric InformationThis refers to PI about biometric identification information and PI about the physical, biological or behavioural characteristics of a natural person obtained through technical processing, which can identify a natural person alone or in combination with other PI.Personal gene, face, voice print, gait, fingerprint, palmprint, eye print, auricle, iris and other biometric information.
    Information on Religious BeliefsThis refers to PI about an individual’s religion, religious organisation and religious activities.  PI about the religion you believe in, the religious organisations you join, your position in the religious organisations, the religious activities you participate in, and special religious practices.
    Specific Identifying InformationThis refers to PI that significantly impacts the human dignity or social evaluation of an individual or PI that is otherwise inappropriate to disclose, especially PI that may lead to social discrimination.PI such as the identity of persons with disabilities, occupational identity information unsuitable for disclosure, etc.
    Medical and Health InformationThis refers to PI about an individual’s medical visits and physical or mental health status.  Health status information related to personal physical or psychological injury, illness, disability, disease risk or privacy, such as symptoms, past medical history, family history, infectious disease history, medical examination reports, fertility information, etc. PI collected and generated during medical services such as disease prevention, diagnosis, treatment, nursing, and rehabilitation, such as medical visit records (such as medical opinions, hospitalisation records, medical orders, surgical and anaesthesia records, nursing records, medication records), inspection data (such as inspection reports, examination reports), etc.
    Financial Account InformationThis refers to PI about personal bank, securities, and other accounts, as well as account capital transactions.  Personal account number and password of a bank, securities, fund, insurance, provident fund and other accounts, joint provident fund account, payment account, bank card track data (or chip equivalent information), payment marking information based on account information, personal income details and other PI.
    Whereabouts and Tracking InformationThis refers to continuous trajectory information formed by an individual’s changes in geographic location, activity locations, and movement patterns over a specific period. (Except for specific professions (such as food delivery workers and couriers) where such information is necessary for fulfilling service obligations.)Continuous accurate location trajectory data, vehicle driving trajectory data, and individual activity trajectory data.
    PI of Minors under the Age of 14PI of minors under 14 years of age.  PI of minors under the age of 14
    Other Sensitive PIIn addition to the above, other common PI that meet the above criteria should be treated as SPI.Precise positioning information, ID photos, sexual orientation, sexual life, credit information, criminal record information, photos or video information showing private parts of the individual’s body, etc.

    The descriptions and examples of SPI in the SPI Guide provide some additional guidance that should help PI processors better understand the nature of SPI. However, the SPI Guide also emphasises that if there is sufficient justification and evidence demonstrating that the processed PI does not meet the conditions outlined in 3 a) (See above.), it may not be classified as SPI.

    Special Lists Issued by Free Trade Zones and Industry Regulators

    The Beijing Free Trade Zone, Shanghai Free Trade Zone, and Hainan Free Trade Zone have issued negative lists applicable to data export activities, which include some examples of PI and SPI. These negative lists reflect the official stance of the relevant regulatory authorities, particularly the local CAC in each free trade zone.

    We believe these examples can serve as useful references for enterprises in determining what qualifies as SPI.

    Conclusion

    As mentioned above, various regulations provide examples of SPI, including GB/T 35273-2020, the SPI Guide, and other lists issued by Free Trade Zones and industry regulators. However, since these regulations are issued by different authorities, discrepancies in the samples of SPI sometimes occur. For example, GB/T 35273-2020 classifies an ‘ID card’ as SPI, whereas the SPI Guide only considers ‘ID card photos’ as SPI; GB/T 35273-2020 includes ‘web browsing history’ as SPI, while the SPI Guide does not.

    To minimise the impact of such discrepancies on the identification of SPI, enterprises need to systematically analyse their PI business context and processing methods to accurately analyse the risk associated with human dignity, personal safety, and property safety.

    The identification of SPI is a basic PIPL compliance activity that all organisations must undertake on an ongoing basis to better understand their PIPL obligations. A failure to identify SPI may suggest the compliance framework of an organisation is inadequate and can result in an organisation failing to comply with its obligations under the PIPL, which generally include:

    • Being transparent.
    • Implementing strict protection measures.
    • Seeking separate consent.
    • Explaining the necessity of processing.
    • Explaining the impact of processing.
    • Providing adequate notices.
    • Making regulatory filings.
    • Conducting Personal Information Protection Impact Assessments.

    A failure to implement any of the above compliance obligations can result in the regulator taking enforcement action or demanding a third-party audit of all PI processing activities.

    On March 13, 2025, a set of regulations on tackling foreign-related intellectual property (“IP”) cases were issued by the State Council (the “New IP Regulations”)[1].  The New IP Regulations will take effect on May 1, 2025.

    The New IP Regulations include 18 articles, which clarify that relevant government departments should (i) strengthen overseas IP information inquiry and warning services, (ii) offer guidance and IP right protection assistance to individuals and organizations in key areas of foreign-related IP disputes, and (iii) share experiences and practices through typical case studies.[2]

    In addition, the New IP Regulations emphasize the role of enterprises, calling for enterprises to (i) enhance their awareness of the rule of law, (ii) establish their internal rules, and (iii) step up efforts on educating IP talent and building the IP talent pool, so as to reinforce their IP application and give stronger protection to their own IP rights.[3]

    Furthermore, the New IP Regulations underscore the importance of easy and efficient services in handling such cases, encouraging commercial mediation organizations, arbitration institutions and law firms to join the effort to expand the channels for dispute resolution.[4]

    1. Background & Purposes

    In recent years, China has witnessed a significant surge in foreign-related IP disputes, which also reflects its growing integration into the global economy and the increasing complexity of international trade.  According to a 2024 survey by the China Intellectual Property Research Society, by the end of 2023, Chinese enterprises, as the defendant, were involved in 364 overseas IP litigation cases, affecting 2,452 companies.  Notably, Guangdong Province led with 896 cases, followed by Zhejiang, Fujian, and Jiangsu, highlighting the challenges faced by China’s most economically active regions.[5]  For instance, one of the key trends is the rise of non-practicing entities (NPEs), which have become major plaintiffs in patent infringement cases against Chinese companies. These entities often exploit legal loopholes to file lawsuits, putting pressure on Chinese enterprises to settle out of court.[6] 

    To address ongoing risks posed by the increasing complexity of international IP litigation like the rise of NPEs, China has taken proactive measures to strengthen its IP protection framework.  On July 29, 2024, the Ministry of Justice issued a circular to solicit public opinions on the Provisions of the State Council on the Handling of Foreign-related IP Disputes (Draft for Public Consultation) (the “Draft Version”).  The New IP Regulations were finalized upon the Draft Version, regarded as China’s first administrative document that systematically standardizes the handling of foreign-related IP disputes, which reflect China’s continuous efforts in handling foreign-related IP disputes, which will serve as a robust backbone for domestic enterprises going global. 

    • Main Contents
    • Various Parties’ Role & Responsibility

    As noted in part 1 of this article, the New IP Regulations focus on specifying the roles and responsibilities of both governmental authorities and private parties such as enterprises and individuals.  The details on this front are presented below:

    PartiesRoleResponsibilities
    IP administrative departmentsCoordinate and manage the IP matters nationwide; offer guidance and relevant services to enterprises and citizens involved in foreign-related IP disputescollect and release information regarding overseas IP legal systems in a timely fashion, improve the public service system for IP information and provide the services of overseas IP information inquiry for the public[7]
    optimize the services of overseas IP information inquiry by keeping track on changes of foreign IP legal systems as well as conducting analyze and study on typical cases, so as to offer early warning for the public[8]
    streamline the workflow of handling such cases and provide guidance for dispute settlement[9]
    Enterprises, organizations & Individualsactively or passively involved in foreign-related IP disputes when conducting business overseasEnterprises: (i) strengthen awareness of rule of law, (ii) set up and improve internal rules and regulations, (iii) strengthen the reserve of IP talent, (iv) intensify the IP protection and application[10] and (v) set up overseas IP dispute funds to protect foreign-related IP rights and reduce enterprises’ costs for maintaining IP rights[11]
    Other organizations: encouraged to conduct public services like establishing foreign-related IP right protection and assistance platforms and service hotlines and offering consulting and training services[12]
    Enterprises, other organizations and individuals: making efforts to resolve foreign-related IP disputes through expedient and efficient channels like reconciliation, meditation, and arbitration[13]

    As mentioned in part 1 of this article, compared to the Draft Version, several articles in relation to technical issues on handling foreign-related IP cases have been added in the finalized version of the New IP Regulation, details of which are summarized below:

    • Service of documents and collection of evidence: pursuant to the New IP Regulation, the service of documents, as well as investigation and evidence collection in China, should be carried out in accordance with (i) the international treaties to which China is a party or has acceded and (ii) the Civil Procedure Law of the PRC and the Law of the PRC on International Judicial Assistance in Criminal Matters.[14]
    • Offering evidence/materials to foreign parties: where organizations or individuals in China are (i) engaged in overseas IP-related litigation, or (ii) subject to relevant investigations by foreign judicial or law enforcement authorities, needing to provide evidence or relevant materials to foreign parties, such party shall comply with laws and administrative regulations on the protection of state secrets, data security, personal information protection, technology export control, and judicial assistance. Where an approval from the competent authorities is required by law, the relevant legal procedures shall be followed.[15]
    • Investigation by commerce department: The competent commerce department may initiate investigation into and take necessary measures against the following matters: (i) where any import of goods infringes upon IP rights and disrupts the order of foreign trade, (ii) where an IP rights holder prevents the licensee from challenging the validity of the IP right in a license agreement, or imposes mandatory package licensing, or includes an exclusive grant-back clause in the license agreement, thereby disrupting the fair competition order of foreign trade, and/or (iii) where other countries or regions fail to grant national treatment to Chinese citizens or organizations in IP protection, or fail to provide adequate and effective IP protection for goods, technology, or services originating from China.[16]
    • Countermeasures against unfair treatment: If any foreign entities fail to grant national treatment to Chinese citizens and organizations or fail to provide adequate and effective IP protection, the commercial departments under the State Council can conduct investigations and take necessary measures in accordance with the relevant laws such as the Law on Foreign Relations of the PRC, the Law of the PRC on Countering Foreign Sanctions and so forth.  Also, when foreign countries use IP disputes as a pretext to (i) constrain or suppress China, or (ii) impose discriminatory and restrictive measures on Chinese citizens and organizations, the relevant departments of the State Council can take appropriate countermeasures and restrictive measures in response.[17]
    • Discriminatory restrictive measures forbidden: No organization or individual can implement or assist in implementing any discriminatory restrictive measures imposed by foreign countries against Chinese citizens or organizations on the pretext of IP disputes.  Where an organization or individual violates the preceding paragraph and infringes upon the legitimate rights and interests of Chinese citizens or organizations, the said Chinese citizens or organizations may file a lawsuit with the people’s court to request cessation of such infringement as well as compensation for losses.[18]
    • Other measures for protection of national interests: Relevant governmental departments under the State Council shall (i) strengthen coordination and cooperation, and (ii) take corresponding measures against those who utilize IP disputes to endanger China’s sovereignty, security, or development interests in accordance with relevant laws such as the National Security Law of the PRC, the Law on Foreign Relations of the PRC, the Law of the PRC on Countering Foreign Sanctions and so forth.  Any party abusing IP rights to exclude or restrict competition or engage in unfair competition shall be subject to measures in accordance with relevant laws such as the Anti-Monopoly Law of the PRC, the Anti-Unfair Competition Law of the PRC, and so forth.[19]

    Based upon the summary above, it is noted that the New IP Regulation will be conducive to safeguarding national security and development interests, particularly reflected by the countermeasures to be taken by relevant governmental authorities when foreign countries use IP disputes as a pretext to constrain or suppress China or impose discriminatory and restrictive measures on Chinese citizens or organizations.

    Notably, the Chinese government unveiled the New IP Regulations aiming to handle cases for protection of IP rights related to foreign matters in a move to provide efficient and convenient resolution mechanisms and services for citizens and organizations involved in such disputes.  Meanwhile, China is building up its international image and the credibility of its judicial system through dealing with high-profile foreign-related IP cases and by upholding equal protections while hearing foreign-related IP disputes no matter where litigants are from.

    As more and more Chinese enterprises are expanding their business abroad, it is critically important to proactively adjust their IP application plans, so as to mitigate potential dispute risks when competing with foreign business partners and reduce losses they may have to suffer from overseas IP disputes.  Facing challenges brought by the current global IP landscape and governance, to avoid potential risks posed by foreign-related IP disputes and to further reduce costs associated with cross-border IP rights protection, the domestic enterprises could consider:

    • formulate compliance plans in relation to technology exports and cross-border data transfer,
    • keep track of local IP laws in real time by directly cooperating with overseas partners or with the assistance from legal expertise,
    • put efforts into IP talent education while working with relevant authorities in providing legal training for and introducing IP laws to enterprises going global by sharing experiences and practices through case studies, and
    • work with law firms and legal expertise having a deep understanding of the technical background and commercial demands of domestic enterprises as well as capacity of drawing on the resources of overseas cooperation platforms to avoid strategic mistakes caused by cultural or judicial differences.

    Looking ahead, while foreign-related IP disputes remain a significant hurdle for Chinese enterprises when they operate business worldwide, the country’s evolving legal and strategic responses are trying to offer a promising path forward.  By continuing to enhance its IP protection mechanisms and fostering international cooperation, China is well-positioned to navigate the complexities of the global IP landscape and will continue to secure its place as a leader in innovation and trade.  The enterprises, individuals and related organizations, on the one hand, shall pay attention to the updated requirements in newly issued regulations when dealing with foreign-related IP cases.  On the other hand, each of them shall keep track of IP regimes and policies in various jurisdictions through information platforms established by relevant governmental authorities and organizations in accordance with the New IP Regulations. 

    [1] The full name of the New IP Regulations is the Provisions of the State Council on the Handling of Foreign-related IP Disputes. 

    [2] See article 2, 4, 5 and 6 of the New IP Regulations. 

    [3] See article 11 of the New IP Regulations.

    [4] See article 7 and 8 of the New IP Regulations.

    [5] See China Intellectual Property Society, National Center for Guidance on Overseas Intellectual Property Dispute Resolution: 2024 Investigation of Overseas Intellectual Property Disputes involving Chinese Enterprises, June 2024. 

    [6] See supra note 5.

    [7] See article 4 of the New IP Regulations.

    [8] See article 5 of the New IP Regulations.

    [9] See article 6 of the New IP Regulations.

    [10] See paragraph 1 of article 11 of the New IP Regulations.

    [11] See article 9 of the New IP Regulations.

    [12] See article 10 of the New IP Regulations.

    [13] See article 7 of the New IP Regulations.

    [14] See article 12 of the New IP Regulations.

    [15] See article 13 of the New IP Regulations.

    [16] See article 14 of the New IP Regulations.

    [17] See article 15 of the New IP Regulations.

    [18] See article 16 of the New IP Regulations.

    [19] See article 17 of the New IP Regulations.

    China’s Personal Information Protection Law (“PIPL”), enacted in 2021, establishes a structured regulatory framework for cross-border transfers of personal information (“PI”). Depending on the volume, sensitivity and context of PI being exported, exporters may face varying levels of compliance obligations. For instance, small-scale exports of non-sensitive PI may be exempt from formal applications to the Cyberspace Administration of China (“CAC”), while larger or more sensitive transfers may require a CAC-prepared standard PI transfer contract (“Standard Contract”) or a CAC-organized data security assessment (“Data Security Assessment”).

    For multinational corporations (“MNCs”) operating in China, navigating these requirements can seem daunting. However, with the right approach, compliance is achievable and manageable. 

    We recently supported an MNC in successfully securing an approval for a Data Security Assessment. Through the application process, we gained firsthand experience in engaging with both provincial and national levels of CAC. This was a valuable opportunity to better understand CAC’s approach to exercising its authority under the PIPL and its interpretation of relevant regulations.

    Notably, the number of successfully completed Data Security Assessments remains relatively low (only 285 as of December 2024), making this experience particularly rare and insightful.

    This article summarizes our experience and provides a guide to key aspects of cross-border PI compliance, focusing on:

    1. Understanding the key regulatory requirements for PI export
    2. Identifying the appropriate level of compliance through a data audit
    3. Preparing for the impact assessment and application with CAC
    4. Maintaining post-approval compliance

    1.  Understanding the Regulatory Landscape: A Moving Target

    PIPL provides the legal foundation for cross-border PI transfers, but the regulatory environment continues to evolve. Key requirements under PIPL Article 38 include:

    • Passing a CAC-organized Data Security Assessment.
    • Signing a CAC-Standard Data Transfer Contract with the overseas recipient.
    • Obtaining PI protection certification from a professional institution.

    Condition 3 (certification) is a less commonly used. Our focus is on Conditions 1 (Data Security Assessment) and 2 (Standard Contract).

    When Standard Contracts are Required

    The Measures for Personal Information Export Standard Contract (2022) (“Standard Contract Measures”) (Article 4) outline scenarios requiring a Standard Contract with foreign recipients and its filing with CAC, including:

    • The exporter is not a Critical Information Infrastructure (CII) operators.
    • Handling PI of fewer than 1 million individuals in China.
    • Exporting sensitive PI of fewer than 10,000 individuals within a calendar year.
    • Exporting non-sensitive PI of fewer than 100,000 individuals within a calendar year.

    When Security Assessments Are Required

    The Measures for Security Assessment of Data Exports (2022) (“Security Assessment Measures”) (Article 4) specify scenarios requiring mandatory CAC risk assessments, including:

    • Exporting important data.
    • CII operators or processors handling PI of over 1 million individuals.
    • Exporting sensitive PI of 10,000 individuals or non-sensitive PI of 100,000 individuals within a calendar year.

    Regulatory Relaxations Under the 2024 Provisions

    The Provisions on Promoting and Standardizing Cross-Border Data Flows (2024) (“the Provisions”) introduce exemptions to ease compliance burdens for certain categories of data transfers. Businesses falling under these categories are exempt from Security Assessments or Standard Contracts:

    • Contractual necessity: For activities like cross-border shopping, payment processing, shipping, or services such as hotel bookings and visa applications.
    • Employment management: For cross-border human resource management, such as processing employee information for global payroll or benefits.
    • Emergency situations: To protect an individual’s life, health, or property in emergencies.
    • Low-volume, non-sensitive transfers: Non-sensitive PI of fewer than 100,000 individuals annually.

    These changes are consolidated in the Regulations on the Management of Network Data Security, enacted shortly after the Provisions. The table below summarizes the regulatory requirements before and after the relaxation:

    Level of ComplianceBefore the RelaxationAfter the Relaxation
    Exemption applies (internal compliance is still required)No exemptionSatisfying the necessity requirements in the three stipulated scenarios; orLow-volume, non-sensitive transfer
    Standard ContractExporting sensitive PI < 10,000 individuals or non-sensitive PI < 100,000 individuals within a calendar yearExporting sensitive PI < 10,000 individuals or non-sensitive PI < 1 million individuals within a calendar year
    Data Security AssessmentHandling PI of over 1 million individuals; or   Exporting sensitive PI ≥ 10,000 individuals or non-sensitive PI ≥ 100,000 individuals within a calendar year.  Handling PI of over 1 million individuals; or   Exporting sensitive PI ≥ 10,000 individuals or non-sensitive PI ≥ 1 million individuals within a calendar year.

    2. Conducting a Comprehensive Data Audit: The Cornerstone of Compliance

    A successful compliance strategy begins with a detailed data audit, which involves:

    • Evaluating the purpose, volume, and sensitivity of PI exports.
    • Assessing the security capabilities of both the exporter and the foreign recipient.
    • Reviewing legal agreements to ensure alignment with regulatory requirements.

    The first point is critical, as the three elements correspond to the three key determinants of compliance obligations imposed on MNCs:

    • Purpose – The necessity of the PI export must be justified. Unnecessary PI cannot be exported.
    • Volume – Higher volumes of PI exports trigger stricter compliance requirements. For example, an MNC handling PI of over 1 million individuals must undergo a Data Security Assessment, even if exporting just one piece of PI.
    • Sensitivity – MNCs can now benefit from the Provisions and export more PI. But sensitive PI exports are subject to stricter rules. Even a very small volume of sensitive PI export may require a Standard Contract.

    If PI is deemed sensitive and the export volume reaches certain thresholds, the MNC must arrange a corresponding Security Assessment or Standard Contract to be filed with CAC. The MNC must also justify the necessity of the PI export, often by demonstrating how the transfer is essential to its business operations. Common justifications include:

    • Global customer relationship management (e.g., membership systems).
    • Cross-border analytics to improve customer experiences.
    • Compliance with international legal or contractual obligations.

    3. Preparing PIPIA and CAC application: Building a Strong Justification

    Even if an exemption under the Provisions applies, MNCs are not waived from preparing Personal Information Protection Impact Assessment (“PIPIA”) to document compliance efforts. After the data audit, if an MNC determines that a CAC application is not required, it is advisable to engage a reputable, independent and domestic third party to prepare a PIPIA. This serves as a critical record in case of future regulatory challenges.

    If no exemption applies, the next step is determining whether to pursue a Standard Contract or a Security Assessment. Under the Provisions, non-sensitive PI benefits from relaxed thresholds, allowing annual exports of up to 1 million individuals’ data under a Standard Contract. In contrast, sensitive PI exports remain strictly regulated. Exporting sensitive PI of even one individual requires a Standard Contract, while exports exceeding 10,000 individuals annually trigger a mandatory Data Security Assessment.

    Accurate classification PI is therefore pivotal. Misclassification could lead to unnecessary assessments or, worse, regulatory non-compliance.

    According to PIPL Article 28, sensitive PI is defined as data that, if leaked or misused, could harm an individual’s dignity, personal safety, or property. This includes:

    • Biometric data
    • Religious beliefs
    • Political opinions
    • Health and medical information
    • Financial account details
    • Location tracking data
    • Information about minors under 14 years old

    If an MNC exports sensitive PI of between 1-9999 individuals in a calendar year, a Standard Contract must be signed with its overseas recipient, usually its headquarters outside China. Since the terms are standard, the application process is straightforward, requiring submission of the signed contract and a PIPIA to the provincial CAC. Approval typically takes 10 working days.

    For exports exceeding 10,000 sensitive PI individuals annually, a Security Assessment is required. The MNC must submit the following documents to the provincial CAC, which will forward them to the national CAC for approval:

    • Application form
    • Data Export Risk Self-Assessment Report
    • Data contract between exporter and foreign recipient
    • Other supporting materials as required

    National CAC is legally required to complete the assessment within 45 working days from a formal acceptance. But prior to it, MNCs should expect to respond to multiple rounds of inquiries from both provincial and national CACs.

    4. Embracing Post-approval Compliance: A Continuous Journey

    Securing PI export approval is a significant milestone, but the journey doesn’t end there. Both Security Assessment Measures and Standard Contract Measures stipulate that any changes to the conditions recorded in the CAC application require a new application. Additionally, a Security Assessment is valid for only two years, requiring renewal even if no changes occur.

    MNCs are encouraged to take the following measures to ensure full and continuous compliance with PIPL:

    • Implement Ongoing Risk Monitoring: Establish mechanisms for continuously monitoring data security risks and promptly addressing any emerging threats.
    • Conduct Regular Security Audits: Periodically assess data security posture to identify and rectify vulnerabilities.
    • Invest in Robust Security Technologies: Leverage encryption, data masking, and access control technologies to safeguard data.
    • Cultivate a Culture of Security Awareness: Regularly train employees on data security best practices.

    Conclusion: MNC’s PI Compliance in China is Achievable and Manageable

    While China’s PI export regulations may appear stringent, they are designed to protect individuals’ privacy without unduly burdening businesses. Recent relaxations under the Provisions demonstrate a pragmatic approach to balancing security and business needs.

    For MNCs, successful compliance hinges on:

    • Understanding regulatory requirements and staying updated on changes.
    • Conducting thorough data audits to determine the appropriate level of compliance.
    • Engaging proactively with CAC authorities to address inquiries and justify data export activities.

    Our experience assisting an MNC through the Data Security Assessment process underscores that compliance is both achievable and manageable with the right preparation and expertise. By adopting a structured approach and leveraging professional guidance, MNCs can confidently navigate China’s data export regulations and ensure their operations remain compliant and secure.

    In short, while the process requires effort, it is far from insurmountable. With clear guidelines, practical exemptions, and a collaborative approach, MNCs can successfully meet China’s personal information compliance requirements and continue to thrive in one of the world’s most dynamic markets.

    As Chinese insurance companies expand their overseas operations, the frequency of insurance disputes in foreign jurisdictions has also increased. In addition to traditional litigations and institutional arbitrations, there are various alternative dispute resolution methods available for resolving international insurance disputes. One such method is arbitration under relevant rules of insurance industry association.

    Recently, AnJie Broad assisted a Chinese P&C insurance company in defending a reinsurance arbitration under the ARIAS US arbitration rules. Throughout the case, we assisted the client navigate multiple reinsurance claims involved in the dispute, engaging in proactive communication with opposing counsel to request a stay of the arbitration proceedings. This effort brought our client valuable time to continue processing the claims. Ultimately, with our assistance, the parties reached an amicable settlement, avoiding the negative consequences of a hasty loss in an overseas trial.

    This article draws on our experience handling this case to provide an introduction to the basics of ARIAS US arbitration. We aim to offer guidance to Chinese insurance companies facing potential overseas disputes, helping them avoid the losses that can arise from rushed and disorganized responses to foreign disputes.

    I. Introduction to ARIAS US

    ARIAS stands for the AIDA Reinsurance and Insurance Arbitration Society, which is the international association for reinsurance and insurance arbitration under the International Insurance Law Association (AIDA).

    AIDA (Association Internationale de Droit des Assurances) is a global organization that brings together lawyers, academics, regulators, and others with an interest in comparative insurance law and regulation. Founded in 1960 in Luxembourg, AIDA has since expanded to include approximately 50 national branches. The organization is dedicated to advancing the understanding and practice of international insurance law.

    (Logo of AIDA)

    ARIAS US is the U.S. branch of ARIAS. Founded in 1994 and based in Chicago, ARIAS US is a non-profit organization committed to improving the arbitration process for both international and domestic insurance and reinsurance markets in the United States. ARIAS US has certified a group of qualified arbitrators, enabling parties involved in disputes to appoint professionals who can resolve disagreements in an efficient and expert manner.

    (Logo of ARIAS US)

    As of now, ARIAS has a total of seven global branches, including the US branch, as detailed below:

    BranchTime of Foundation
    ARIAS-UK1991
    ARIAS-US1994
    CEFAREA ARIAS France1995
    ARIAS Germany2006
    ARIAS LATAM2011
    ARIAS ASIA (Hong Kong)2017
    ARIAS-Ireland2021

    Bylaw of ARIAS US describes the its objectives as follows:

    • To promote the integrity of the private dispute resolution process, particularly in the insurance and reinsurance industry.
    • To promote just awards in accordance with industry practices and procedures.
    • To certify objectively qualified and experienced individuals to serve as arbitrators.
    • To provide training sessions in the skills needed to be certified as arbitrators.
    • To propose model rules of arbitration proceedings and model arbitration clauses.
    • To promote high ethical standards in the conduct of arbitration proceedings.
    • To foster the development of arbitration law and practice as a means of resolving national and international insurance and reinsurance disputes in an efficient, economical and just manner.

    Therefore, we can see that ARIAS US is not a traditional arbitration institution. Instead, it serves as a specialized dispute resolution body under the umbrella of the industry association. In other words, it does not offer arbitration case management services typically provided by arbitration institutions. Rather, its mission and function are to support arbitration activities for the parties involved, enhancing the overall dispute resolution standards within the insurance industry. Its activities include formulating arbitration rules, providing a candidate panel of arbitrators, and offering training for arbitrators. The organization’s objectives strongly reflect its role as a service-oriented industry association.

    Since ARIAS US does not manage or intervene in arbitration cases, the arbitration proceedings conducted under the ARIAS US rules fall under the category of “ad hoc arbitration”, which is a common practice in international arbitration. Ad hoc arbitration, in contrast to institutional arbitration, is a system where the parties, in accordance with their arbitration agreement, independently establish the arbitration tribunal. Even when a permanent arbitration institution is involved, the institution does not manage the procedural aspects; instead, the parties agree on a temporary procedure or refer to specific arbitration rules, or they may authorize the tribunal to determine its own procedures. Ad hoc arbitration and institutional arbitration are two different types within the arbitration framework. PRC domestic arbitration bodies like CIETAC and BAC are examples of institutional arbitration.

    Compared to institutional arbitration, ad hoc arbitration offers more flexibility to meet the parties’ specific needs. The parties can freely agree on and select the arbitration rules, and they can also design, amend, or supplement the temporary arbitration rules according to their preferences or authorize others to do so. Arbitration conducted under the ARIAS US arbitration rules reflects a strong element of party autonomy, which will be further described below.

    II. Introduction to ARIAS US Arbitration Rules

    As mentioned earlier, one of the key functions of ARIAS US is to provide arbitration rules for the resolution of insurance and reinsurance industry disputes. The organization has developed the following arbitration rules:

    • ARIAS US Rules for the Resolution of U.S. Insurance and Reinsurance Disputes
    • ARIAS US Neutral Panel Rules for the Resolution of U.S. Insurance and Reinsurance Disputes
    • ARIAS US Streamlined Rules for the Resolution of U.S. Insurance and Reinsurance Disputes
    • ARIAS US Panel Rules for the Resolution of Insurance and Contract Disputes

    The four sets of arbitration rules mentioned above are broadly similar, though each has its own distinct features, offering parties flexibility to choose the most appropriate set for their specific situation.

    For example, the ARIAS US Rules for the Resolution of U.S. Insurance and Reinsurance Disputes is the standard set of rules for ARIAS US, characterized by its broad applicability and suitability for most insurance and reinsurance dispute cases. The ARIAS US Neutral Panel Rules for the Resolution of U.S. Insurance and Reinsurance Disputes establishes a more complex procedure for the appointment of arbitrators compared to the standard rules. The ARIAS US Streamlined Rules for the Resolution of U.S. Insurance and Reinsurance Disputes are designed for cases involving disputes under USD 1 million, and under such rules, a sole arbitrator will handle the case. The ARIAS US Panel Rules for the Resolution of Insurance and Contract Disputes introduces ARIAS US’s assistance in the arbitrator appointment process, enabling parties to designate arbitrators smoothly and facilitating the progression of the arbitration process.

    It is worth noting that, with the exception of the streamlined rules, the other three sets of ARIAS US arbitration rules contain the following provisions:

    “These Rules are not intended to supersede any express contractual agreement between the Parties. Accordingly, the Parties may agree on any rules or procedures not specified herein, or may alter these Rules by written agreement. These Rules shall control any matters not changed by the Party-agreed procedures.”

    The Panel shall have all powers and authority not inconsistent with these Rules, the agreement of the Parties, or applicable law.”

    It is evident that the intention behind ARIAS US’s arbitration rules is not to compel parties to strictly adhere to its procedural framework. On the contrary, these rules reflect a high degree of respect for party autonomy, allowing parties to modify the arbitration rules as needed to facilitate the arbitration process. At the same time, the tribunal holds significant authority in managing and advancing the arbitration proceedings.

    Therefore, we advise insurance companies to be mindful that, in specific cases, even if the parties have selected particular arbitration rules, they should also give due attention to any specific procedural provisions outlined in the disputed agreements or arbitration clauses. In cases where the parties’ agreement conflicts with the arbitration rules, the parties’ agreement should take precedence.

    III. Introduction to the ARIAS US Arbitration Process

    Taking the ARIAS US Rules for the Resolution of U.S. Insurance and Reinsurance Disputes as an example, the arbitration process under ARIAS US generally consists of the following stages:

    1. Commencement of Arbitration and Respondent’s Reply

    The ARIAS US arbitration process is initiated when the claimant sends a Notice of Arbitration to the respondent. Once the respondent or its designated representative receives the claimant’s Notice of Arbitration, the arbitration proceedings officially commence.

    The Notice of Arbitration shall include the following details: (1) Petitioner and the name of the contact person to whom all communications are to be addressed (including telephone and e-mail information); (2) Respondent against whom arbitration is sought; (3) contracts at issue; and (4) a short and plain statement of the nature of the claims and/or issues. In addition, the Claimant shall appoint one arbitrator in its Notice of Arbitration.

    It is important to note that, unlike traditional institutional arbitration, initiating arbitration under the ARIAS US arbitration rules does not require the claimant to send any notification directly to ARIAS US itself. ARIAS US also typically does not intervene in the arbitration proceedings or send any notifications to the respondent regarding the initiation of the arbitration. This may be unfamiliar to domestic insurance companies that are accustomed to arbitration institutions managing the arbitration process.

    In the recent case we have handled, the Notice of Arbitration was sent by the overseas claimant to the brokers handling the reinsurance business disputed, thus completing the service to the domestic respondent and initiating the arbitration. Throughout the entire case, no ARIAS US personnel were involved.

    Furthermore, the Arbitration Rules explicitly state that the claims set out in the Notice of Arbitration may be amended prior to the Organizational Meeting. Any amendments made after the Organizational Meeting must be approved by the tribunal.

    Once the respondent receives the Notice of Arbitration, they are required to respond within 30 days. The response shall include: (1) identification of the entities on whose behalf the Response is sent and the name of the contact person to whom all communications are to be addressed (including telephone and e-mail information); (2) designation of the Respondent’s Party-appointed arbitrator, in accordance with ¶ 6.3; (3) a short and plain response to the Petitioner’s statement of the nature of its claims and/or issues; and (4) a short and plain statement of any claims of the Respondent. Additionally, the respondent shall appoint one arbitrator in its response.

    The respondent’s reply may be amended prior to the Organizational Meeting. Any modifications made after the Organizational Meeting require the tribunal’s consent.

    2. Establishment of the Tribunal

    According to the Arbitration Rules, both the claimant and respondent must each appoint one arbitrator within 30 days after the arbitration proceedings commence. If no appointment is made within this time, the other party may appoint the second arbitrator.

    For the respondent, this 30-day period begins from the date they receive the Notice of Arbitration. As such, the respondent faces a relatively tight timeline, as they must complete a range of tasks within 30 days, including reviewing the arbitrator panel list and candidate arbitrators’ backgrounds, selecting and connecting an arbitrator, and completing the appointment process—all without the assistance of an arbitration institution. This can be a significant challenge for parties unfamiliar with ARIAS US arbitration.

    In the recent case we have handled, the domestic insurance company failed to appoint an arbitrator within 30 days of receiving the Notice of Arbitration. The claimant then attempted to appoint the second arbitrator on behalf of the respondent, which would have resulted in a substantial procedural disadvantage to the respondent.

    However, after carefully reviewing the relevant reinsurance policy disputed, we discovered that the policy set a 45-day deadline for appointing arbitrators in case of a consolidated arbitration. Since the claimant alleged to file a consolidated arbitration against the respondent and we intervened before the 45-day deadline had expired, we raised an objection to the claimant and successfully completed the respondent’s arbitrator appointment within this timeframe. The claimant ultimately accepted our position and recognized the arbitrator appointed by the respondent.

    Regarding arbitrator qualifications, the Arbitration Rules specify that arbitrators must be current or former officers or executives of insurance or reinsurance companies and must be certified by ARIAS. Currently, ARIAS US has certified more than 100 arbitrators for appointment.

    Once the parties have appointed one arbitrator each, the two party-appointed arbitrators shall select an Umpire within 30 days of the appointment of the second arbitrator.

    As for arbitrator fees, the Arbitration Rules state that the appointing party shall bear the costs of its selected arbitrator, while the fees for the Umpire shall be shared equally between both parties.

    3. Pre-Hearing Procedures: Organizational Meeting and Discovery

    The arbitrators will convene a pre-hearing Organizational Meeting to confirm key arbitration matters, including reviewing the qualifications of the arbitrators and officially confirming the tribunal’s establishment, determining the arbitration schedule, and clarifying the disputed issues. After the Organizational Meeting, the fundamental process and schedule of the arbitration will be set, and the tribunal’s establishment will be confirmed.

    Following the meeting, the parties will proceed with discovery according to the schedule confirmed in the Organizational Meeting. The tribunal will lead the discovery process.

    4. Arbitration Hearing

    The Arbitration Rules does not provide extensive details on procedures of the hearing. Instead, it grants the tribunal significant discretion. The Arbitration Rules state that “The Panel shall not be obligated to follow the strict rules of law or evidence”. This highlights that decisions regarding the procedures of the hearing will largely depend on the tribunal’s discretion.

    Additionally, the Arbitration Rules specifies that the parties may agree on the tribunal’s discretion as follows:

    “The Panel Shall interpret this contract as an honorable engagement, and shall not be obligated to follow the strict rules of law or evidence. In making their Decision, the Panel shall apply the custom and practice of the insurance and reinsurance industry, with a view to effecting the general purpose of the this contract.”

    We can see that the Arbitration Rules encourage the tribunal to adopt a “substance over form” approach in its rulings, emphasizing that the tribunal should address issues in accordance with the practices and customs of the insurance and reinsurance industry. This aligns with the rule requiring arbitrators to be professionals with industry experience in the insurance sector.

    For foreign parties, this rule offers a dual effect. On the one hand, it alleviates concerns about unfamiliarity with U.S. insurance laws, enabling a more confident approach to the proceedings. On the other hand, it places significant demands on the legal counsel’s understanding of insurance industry practices, particularly those specific to the U.S. insurance market.

    5. Issuance of the Arbitral Award

    The Arbitration Rules specifies that the tribunal should generally render its award within 30 days after the hearing concludes. The tribunal’s decision is made by a majority vote, with the minority in disagreement deferring to the majority’s ruling.

    As for the scope of arbitral award, the Arbitration Rules stipulates that: “The Panel is authorized to award any remedy permitted by the Arbitration Agreement or subsequent written agreement of the Parties. In the absence of explicit written agreement to the contrary, it is within the Panel’s power to award any remedy allowed by applicable law, including, but not limited to: monetary damages; equitable relief; pre- or post- award interest; costs of arbitration; attorney fees; and other final or interim relief”.

    Therefore, we can see that the tribunal also enjoys considerable autonomy regarding the scope of the arbitral award.

    Regarding the form of the award, the tribunal typically issues a simple award that outlines the outcome of the case, usually without including a detailed reasonings. However, the arbitration rules also stipulate that: “If both Parties request a written rationale for the Panel’s final award, the Panel shall provide one. If one Party requests a written rationale but the other party objects, the decision whether to issue one is at the Panel’s discretion.”

    In conclusion, based on the above Arbitration Rules, we can observe the following significant characteristics of arbitration under the ARIAS US Arbitration Rules:

    • Parties’ agreements prevail
    • Emphasis on Industry Practices
    • Simple Procedure and Fast Pace
    • Tribunal-led Process

    IV. Enforceability of ARIAS US Awards in Mainland China

    For respondents in mainland China, a key concern regarding ARIAS US arbitration cases is whether the arbitral award can be enforced in mainland China.

    Since both China and the U.S. are parties to the Convention on the Recognition and Enforcement of Foreign Arbitral Awards (the New York Convention), parties can apply to PRC courts to recognize and enforce an arbitral award made in the U.S.

    According to the Notice of the Supreme People’s Court on the Enforcement of Foreign Arbitral Awards under the New York Convention, if there are no special circumstances such as invalid arbitration agreement, serious flaws in the arbitration procedure, overstepping jurisdiction, defects in the award’s validity, or violations of China’s public policy, PRC court will generally recognize and enforce foreign arbitral awards. In addition, according to the Supreme People’s Court’s Provisions on the Judicial Review of Arbitration Cases, if a PRC court intends to refuse recognition of a foreign arbitral award, it must report the decision to the higher PRC court and the Supreme People’s Court for approval. Therefore, the likelihood of a PRC court rejecting the recognition and enforcement of a foreign arbitral award is relatively low.

    It is worth noting that although the arbitration under the ARIAS US rules is ad hoc arbitration rather than institutional arbitration, according to Article 543 of the Interpretation of the Civil Procedure Law of the People’s Republic of China, arbitration awards made by an ad hoc tribunal outside of China can still be recognized and enforced by PRC courts in accordance with the New York Convention. Therefore, the ad hoc nature of the ARIAS US arbitration does not affect the recognition and enforcement of related arbitral awards by PRC courts.

    V. Conclusion and Insights

    From the above, it is evident that the arbitration under the ARIAS US rules differs significantly from the arbitration procedures typically encountered by domestic insurance companies. However, this difference does not affect the enforceability of the arbitral award in mainland China. Therefore, insurance companies involved in such arbitration cases should still give these matters due attention.

    Furthermore, since the arbitration process is fast-paced, once involved in a dispute, we recommend that insurance companies engage professional lawyers as soon as possible to safeguard their procedural and substantive interests and avoid potential losses resulting from unfamiliarity with international arbitration rules.