Multinational enterprises adeptly allocate insurance resources on a global scale. However, China’s laws and regulations impose restrictions on overseas insurance arrangements, requiring policyholders to navigate regulatory compliance challenges, particularly in insurance and foreign exchange regulation, when selecting coverage for their Chinese subsidiaries. Drawing on practical experience, this article examines the insurance and foreign exchange regulation risks multinational enterprises might face when an overseas parent company acts as the policyholder, arranging insurance for its Chinese subsidiaries.

(I) Insurance Regulation

According to Article 7 of the Insurance Law, “legal persons and other organizations within the People’s Republic of China that need to obtain domestic insurance shall purchase insurance from insurers within People’s Republic of China.” However, the Insurance Law and related regulations do not explicitly define what constitutes “domestic insurance.” The former China Insurance Regulatory Commission (CIRC) has issued several letters to clarify the application of Article 7 of the Insurance Law, which can be referenced as follows:

Letter on the Interpretation of Provisions in the Insurance Law (Yin Jian Ban Han [2002] No. 112)

From the wording of Article 6 of the Insurance Law, it can be understood that the requirement to purchase insurance from domestic insurance companies contains two conditions: First, the policyholder or the insured is a domestic legal entity or organization; second, the insurance is primarily for insurance objects within China.

Letter on the Interpretation of Article 7 of the New Insurance Law (Yin Jian Ban Han [2003] No. 19)

The interpretation of Article 7 of the new Insurance Law should focus on two aspects: First, the domestic legal entity or other organization is the policyholder paying the insurance premium; second, the insurance subject and risk are located within China.

Letter on the Interpretation of Article 7 of the Insurance Law (Yin Jian Ting Han [2009] No. 124)

According to the Letter on the Interpretation of Provisions in the Insurance Law (Yin Jian Ban Han [2002] No. 112), the Insurance Law requires that insurance be purchased from domestic insurance companies when the policyholder or the insured is a domestic legal entity or organization, and the insurance object is located within China.

Based on the above letters, the situation where insurance should be purchased from domestic insurance companies requires that both conditions are met: (1) the policyholder or the insured must be a domestic legal entity or organization, and (2) the insurance subject must be located within People’s Republic of China. Regarding the scenery we will discuss here,  the policyholder is an oversea entity, the premium is paid by the oversea parent company, the insured is a domestic entity, and the insurance subject is usually located within China. From the literal understanding, since both the insured and the insurance subject are within China, this model could theoretically be considered as falling under the scope of “domestic insurance”.

However, since only one of the insured parties is a domestic company and the policyholder is an oversea parent company, so this could be deemed as not “domestic insurance”. Therefore, the compliance risk is relatively low. Based on the currently available information, no penalty cases for this scenario have been identified through public information research.

(II) Foreign Exchange Regulation

Under the abovementioned model, the Chinese subsidiary will share premiums payment with the parent company and may receive insurance benefit from the oversea insurer when an insured event occurs. The analysis of these capital inflows and outflows is as follows:

First, the nature of such payment and receipt need to be clarified. According to the Q&A section on the official website of the State Administration of Foreign Exchange (SAFE), service trade foreign exchange receipts and payments refer to the current account foreign exchange receipts and payments other than those related to goods trade, collectively known as service trade foreign exchange transactions. Specifically, service trade foreign exchange transactions include: (1) transactions under the following categories: transportation services, travel, construction, insurance services, financial services, telecommunications, computer and information services, other commercial services, cultural and entertainment services, etc.; (2) primary income (earnings), including wages, investment income, and other primary income; (3) secondary income (current transfers), including donations, non-life insurance compensation, social security, and other secondary income. Thus, premiums shared by the Chinese subsidiary and insurance benefits received from overseas insurers both fall under the category of service trade foreign exchange transactions. No prohibitive foreign exchange regulations on the outflow of shared premiums or the inflow of insurance claims have been identified.

However, the foreign exchange transactions in this model still need to comply with the relevant requirements for service trade foreign exchange transactions. According to Article 49 of the Circular on the Current Account Foreign Exchange Business Guidelines (2020 Edition), “For service trade foreign exchange transactions of a single amount equivalent to $50,000 or less, banks are generally not required to review transaction documents. For foreign exchange transactions where the nature of funds is unclear, the bank must require domestic institutions and individuals to submit transaction documents for reasonable review. For service trade foreign exchange transactions of a single amount exceeding $50,000 (exclusive of $50,000), the bank should confirm that the transaction documents align with the transaction entity, amount, and nature stated in the foreign exchange application.” Therefore, for premiums shared with the parent company and insurance benefits received from overseas, if the transaction amount is $50,000 or less, the bank generally does not need to review the transaction documents; if the amount exceeds $50,000, the transaction documents should be submitted for bank review.

In addition, for foreign exchange outflows from the Chinese subsidiary to share premiums with the parent company, Article 49 also stipulates, “(1) Costs of advance payments or shared expenses between related domestic and foreign entities should generally not exceed 12 months.”  the Chinese subsidiary should pay attention to the relevant time limit requirements when remitting shared premiums, ensuring that the remittance is made within 12 months.

In conclusion, multinational enterprises engaging in cross-border insurance arrangements for their Chinese subsidiaries must carefully navigate both insurance and foreign exchange regulatory risks. While the structure of having an overseas parent company as the policyholder and a domestic subsidiary as the insured (coinsured) can be a cost-effective and efficient way to manage risks, it must be done in compliance with China’s regulatory frameworks.

In recent years, the AnJie Broad insurance team has handled several arbitration cases in the United States, the United Kingdom, and other jurisdictions involving reinsurance contract disputes, all of which concerned situations where Chinese companies, acting as reinsurers, assumed risks from overseas. Owing to the technical complexity inherent in international reinsurance business—often compounded by excessively long retrocession chains, incomplete documentation, and missing information during the ceding process—different parties may later interpret the scope of the reinsurer’s assumed risk differently following a loss. For example, there may be disputes as to which specific policy is deemed to have been ceded. This article presents observations and views primarily based on disputes arising from the coexistence of local policies and global policies commonly encountered in international reinsurance transactions.

For multinational enterprises, which typically have locations, operating offices, and factories around the world, business activities are subject not only to domestic risks but also to risks faced by their subsidiaries, affiliates, and branches located in various jurisdictions subject to different policies, regulations, and sometimes special rules applicable to foreign companies. This reality has driven international insurance companies to develop integrated global risk solutions for such multinationals. One such solution is the Controlled Master Program (“CMP”). This program generally combines a Master Policy issued in the home country of the multinational enterprise with a series of Local Policies issued in regions where the enterprise has risk exposure. In an ideal scenario, the terms of the Master Policy and the Local Policies would be completely consistent; however, in practice, they often are not. Due to differing legal and regulatory requirements across countries, variations in the risks involved, and differences in the insured’s local operating circumstances, even if the vast majority of the terms contained in the Master Policy and Local Policies are consistent, significant differences usually exist. Moreover, with respect to the selection of the insurer issuing the Local Policy, international insurers may leverage their global resources and networks by issuing local policies through their subsidiaries, affiliates, or partner local insurers. By adopting the CMP, an insurer can provide a multinational enterprise with both an integrated global insurance solution and, at the same time, tailor policy designs to specific local needs, thereby meeting the enterprise’s unified yet diversified insurance requirements worldwide.

Both the Master Policy and the Local Policies almost invariably contain “Difference in Conditions” (DIC) and “Difference in Limits” (DIL) clauses. The DIC clause typically provides that if a claim is made under the Local Policy but its terms do not apply or are insufficient to cover the loss, the broader coverage under the Master Policy will then apply. The DIL clause generally stipulates that if the limits of the Local Policy are exhausted, the higher limits of the Master Policy may be used to cover the claim. More importantly, both the Master Policy and the Local Policies typically specify that if a loss from a single insured event falls within the coverage scope of both policies, the Local Policy will serve as the primary responder. Only once the Local Policy’s limits are exhausted or its coverage is otherwise insufficient will the Master Policy respond to any remaining uncovered loss.

On the face of these provisions, the contractual language appears clear: when a loss resulting from a risk falls under the coverage responsibilities of both the Local Policy and the Master Policy, the Local Policy should pay first, with the Master Policy serving only as supplementary coverage. Such a provision can resolve the complex issues of double insurance or overlapping coverages that might arise with two or more policies. However, in international reinsurance transactions—especially among Chinese insurers—when ceding CMP risks, the reinsurance slip typically only lists the Master Policy number and records risk information identical to that of the Master Policy, with no reference to the Local Policy or the CMP as a whole. Consequently, in the event of a loss, because the Local Policy is contractually obligated to respond first, the insured and the insurer usually settle and agree upon the claim under the Local Policy. But when the original insurer or the cedant forwards the settlement agreement and the corresponding loss adjuster’s report to the reinsurer for contribution, the reinsurer may contend that it only assumed risk under the Master Policy—not under the Local Policy. Although there is a certain commercial linkage between the Local Policy and the Master Policy, they remain legally independent policies. If an incident falls within the coverage of both policies, yet the loss is entirely settled under the Local Policy (i.e., the Master Policy’s coverage is not triggered), the reinsurer is well within its rights to argue that because its assumed liability under the Master Policy has not been activated, it need not bear any responsibility at the reinsurance layer.

In a recent case handled by AnJie Broad, an in-depth examination of the parties’ true intent at the time of reinsurance contract formation revealed that both the ceding company and the ceded company did not limit their understanding of the ceded risk merely to the Master Policy but, in fact, intended to include the entire global integrated risk program—the CMP. For instance, during the retrocession phase of that case, the ceding company, via its broker, sent an email to the reinsurer that effectively ceded the entire CMP as the risk, discussing a global reinsurance arrangement without limiting the scope solely to the Master Policy or deliberately distinguishing between the Master Policy and the Local Policy. However, in the final reinsurance slip, due to insufficient clarity—for example, listing only the Master Policy number without expressly stating that the reinsurer was assuming the entire CMP—the reinsurer, based on the plain language of the slip, interpreted its assumed risk as confined solely to that under the Master Policy; i.e., only losses paid under the Master Policy would trigger its liability. Particularly when the underwriting and claims functions are handled by different personnel within a company, it is difficult to expect the reinsurer’s claims department to fully understand the true intent of the underwriting personnel when the reinsurance contract was originally concluded.

It should be noted that under Chinese law, when interpreting reinsurance contracts, the principle of contra proferentem under Article 30 of the Insurance Law (which works to the detriment of the insurer) does not apply. Reinsurance contracts are generally regarded as commercial contracts between two equally sophisticated and professional parties that have engaged in extensive negotiations; hence, the general rules of contract interpretation apply. As stipulated in Article 142 of the Civil Code of PRC, “the meaning of an expression shall be determined in light of the words used, in conjunction with the relevant clauses, the nature and purpose of the conduct, trade usages, and the principles of good faith.” Therefore, in typical cases where no other evidence can more clearly demonstrate that the true intent of the parties was to cede the entire global risk program (CMP), the content stated in the reinsurance slip will directly form the basis for determining the parties’ rights and obligations, including the scope of assumed risk. This is why reinsurers often contend that, since the reinsurance slip only contains the Master Policy number and related information, losses occurring under the Local Policy should not trigger their liability. However, the customary practices between the parties may also serve as an interpretative method, and the reinsurer’s past practices in settling claims might be used as a basis for determining liability in future similar cases.

Disputes regarding the relationship between the Local Policy and the Master Policy may further arise from several additional aspects:

As mentioned above, while the Master Policy and the Local Policy are commercially linked, they remain two legally independent policies, with different insured parties and insurers. Moreover, the risks insured, the limits of indemnity, deductibles, and exclusion clauses may vary. Although an insurer may design the Master Policy and the Local Policy with the intention of having the Local Policy pay first and then supplement any deficiency with the Master Policy, the sequence-of-payment clauses (such as the DIC, DIL, and Local Policy-first payment clauses) are often only stipulated in the Master Policy and not in the Local Policy. This may lead the insurer of the Local Policy to deny the applicability of the DIC, DIL, and Local Policy-first payment clauses contained in the Master Policy, thereby asserting that the Local Policy and the Master Policy constitute two “parallel policy structures” rather than an “umbrella policy structure,” with both insurers bearing losses in accordance with the principles of double insurance or insurance concurrence.

Furthermore, additional issues arise when the Master Policy expressly excludes “U.S. policies” from the definition of Local Policy, without a clear provision as to which specific policy or which insurer’s policy is meant by “U.S. policy.” This ambiguity can ultimately result in a situation where, after a loss is settled under the so-called “U.S. policy,” no link can be established between the indemnity under that “U.S. policy” and the Master Policy, thereby increasing the risk of reinsurer denial.

In summary, the CMP integrated global risk solution provided by international insurers to multinational enterprises is now widely applied. Both domestic Chinese insurers and reinsurers participate in these arrangements either directly or indirectly. However, regardless of how industry practitioners interpret such arrangements, it is imperative that the parties accurately and unambiguously incorporate their true intent into the contract; otherwise, disputes can easily arise. As noted above, while interpretative tools such as contextual interpretation, purposive interpretation, and reference to industry practice can be employed to ascertain the parties’ true intent, these methods are often less reliable than a clear and unequivocal contractual provision in delineating the parties’ rights and obligations. This is especially true for complex international reinsurance transactions, where both insurers and brokers must fully recognize the critical importance of the contractual text and endeavor to preemptively address potential risks or disputes during the underwriting stage.

Introduction

In the digital age, data is a vital asset, and its security is of the utmost importance, particularly within the financial services industry which is relied on by all levels of society.

The National Financial Regulatory Administration (“NFRA”) has introduced the Measures for Data Security Management of Banking and Insurance Institutions (“2024 FinSec Measures”; effective 27 December 2024), nine months after having consulted public opinions in March 2024. The 2024 FinSec Measures are designed to strengthen data and financial security, promote the rational development and use of data, protect the rights and interests of natural and legal persons, and safeguard national security and public interests (Article 1).

The 2024 FinSec Measures build upon a robust legal framework that includes:

  • Cybersecurity Law of the People’s Republic of China (“2016 CSL”)
  • Data Security Law of the People’s Republic of China (“2021 DSL”)
  • Personal Information Protection Law of the People’s Republic of China (“2021 PIPL”)
  • Banking Regulation Law of the People’s Republic of China
  • Law of the People’s Republic on Commercial Banks
  • Insurance Law of the People’s Republic of China
  • Other laws and regulations

(Article 1.)

The 2024 FinSec Measures target the following types of banking and insurance entities:

“… policy banks, commercial banks, rural cooperative banks, rural credit cooperatives, financial asset management companies, finance companies of enterprise groups, financial leasing companies, automotive finance companies, consumer finance companies, currency brokerage companies, trust companies, wealth management companies, insurance companies, insurance asset management companies, and insurance group (holding) companies established within the territory of the People’s Republic of China.”

They also apply mutatis mutandis to other financial institutions in the banking and insurance sectors and financial holding companies established with the approval of the NFRA, entities managed by the NFRA, as well as financial organisations established with the approval of local financial regulatory authorities (Article 80).

(The above entities are collectively referred to as “Institutions” below.)

Key Provisions and Principles

The 2024 FinSec Measures are based on several core principles and operational requirements. We discuss some key provisions and principles below:

Definitions and Scope

The 2024 FinSec Measures begin by defining key terms (Article 3) including:

  • Data” refers to records of information in electronic or other forms. This aligns with the definition of data in the 2021 DSL.
  • Data Processing” refers to activities including collection, storage, use, editing, transmission, provision, sharing, transfer, disclosure, deletion, and destruction of data. This roughly aligns with the definitions of processing found in the 2021 PIPL and 2021 DSL.
  • Data Security” refers to managing and controlling Data Processing activities and data application scenarios through necessary measures, ensuring that data is effectively protected and lawfully always utilised, as well as possessing the capability to ensure continuous security. This aligns with the definition provided by the 2021 DSL.
  • Data Subjects” refers to natural persons identified by data or their guardians, or enterprises, institutions, social organisations or other organisations. While this definition is not controversial, it is novel in terms of Chinese data legislation, as it is the first time that this concept is legally defined.
  • Personal Information” refers to various information recorded in electronic or other forms related to an identified or identifiable natural person, excluding information that has been anonymized. This aligns with the definition found in the 2021 PIPL. In context, Personal Information is a category of Data.  

High-Level Principles

Institutions are expected to abide by laws and regulations, respect social morality and ethics, observe business ethics and professional ethics, act in good faith and with integrity, fulfil Data Security protection obligations, assume social responsibilities, and not undermine national security, political security, financial security, or public interests, or infringe upon the lawful rights and interests of individuals or organisations (Article 6).

Moreover, Institutions must adhere to the principles of legality, legitimacy, necessity, and good faith when collecting data, define the purposes, methods, scope, and rules of data collection and processing, and ensure Data Security and traceability during collection. Institutions must not collect data from Data Subjects beyond the scope of consent unless allowed to by law (Article 24). It is interesting to note that the concept of Data Subjects, as defined in the 2024 FinSec Measures also includes legal persons. We understand that consent in the context of legal persons refers to any authorisation granted in agreements with Institutions.  

Governance Framework

For effective data governance, Institutions must establish a structured risk-based Data Security framework in alignment with the Institution’s development goals, which cover the entire data lifecycle, and comply with the Multi-level Protection Scheme (Article 5).

Organisational Roles

Institutions should define the responsibilities of the board, senior management, specialised departments (Article 9) and business segments (Article 12). Leadership roles should be clearly defined, with internal Party structures and the board of directors or board of supervisors holding primary accountability for Data Security (Article 10).

Institutions are expected to have specialised departments that centrally manage Data Security. The specific obligations of those specialised departments are outlined in detail within Article 11 of the 2024 FinSec Measures. Information technology departments are described separately from centralised Data Security departments, and their responsibilities appear to be limited to the technical aspects of Data Security, including the development of baseline security controls, establishing technical standards, ensuring the implementation of the technical measures, establishing technical management mechanisms, and organising technological research (Article 14).

Risk management, internal control and compliance, and audit departments are expected to incorporate the requirements of the 2024 FinSec Measures into internal controls and audits (Article 13).

Moreover, each business segment’s Data Security responsibilities and management requirements shall be defined following the principle that those “who manage the business manage the data and Data Security of that business” (Article 12). This is regarded as a noteworthy regulatory development as it clearly requires data management and Data Security roles to be distributed along business lines.  

Training and Awareness

Institutions are expected to organise Data Security awareness promotion and training to enhance employees’ awareness and skills in Data Security protection (Articles 11 and 15). Moreover, they should establish a “sound Data Security culture” (Article 15), which could be a more challenging task, and conduct regular emergency response drills (Article 68).

Data Classification and Management

Data classification and grading are central to the 2024 FinSec Measures. Data is categorised as core, important, sensitive, and general (based on their risk levels from highest to the lowest), each with specific handling requirements (Article 16), and the following characteristics:

  • Core data can, for discussion purposes, be understood as a special class of especially sensitive important data.
  • Important data refers to data covering a specified field, group, or region, or data reaching a certain level of precision and scale, the leakage, tampering, or destruction of which may directly endanger national security, economic operation, social stability, or public health and safety.
  • Sensitive data refers to data that, the leakage, tampering, or destruction of which may have a certain impact on economic operation, social stability, or public interests, or may significantly impact the organisation itself or individual citizens.
  • General data is any data that is not core data, important data or sensitive data.

Institutions are required to maintain dynamic data inventories and implement security measures appropriate to their data’s classification (Article 19). This requirement, combined with the risk-based approach to categorising data, essentially requires data to be reviewed and assessed on an ongoing basis.

We note that China already has detailed national standards for classifying data in the financial industry, such as JR/T 0197-2020, issued by the PBoC, which contains a 5-level classification standard that could be leveraged to support compliance with the 2024 FinSec Measures. It should be noted that important data is identified based on the relevant catalogues published by the regulatory authority. We understand many local financial industry regulators are actively reaching out to Institutions that they supervise as part of their efforts to formulate important data catalogues.

Lifecycle Data Security

Data Security management spans the entire lifecycle of data. Institutions must develop robust systems to manage data from acquisition to disposal (Article 20). This includes data mapping, conducting risk assessments for Data Processing activities (Article 22) and ensuring compliance with regulations governing external data sharing and outsourcing (Articles 26, 30 and 61).

Given the assessment requirements under the 2024 FinSec Measures, the Personal Information protection impact assessment templates issued by the CAC or contained in national standard GB/T 39335-2020 might provide a starting point for Institutions to begin structuring their assessment activities.

Third-party Risk Management

Under the 2024 FinSec Measures, external data procurement should be centrally approved and backed by a robust procurement process to ensure that the Data has been acquired and will be provided in accordance with the law (Article 26). It should be noted that Institutions are already subject to broad and detailed procurement obligations under the Regulatory Measures for Risks in the Outsourcing of Information Technology by Banking and Insurance Institutions (2021), which were issued by the predecessor to the NFRA. As such, the 2024 FinSec Measures appear to offer some additional clarity and emphasis to the existing regulatory framework.

Firewalls

In the context of the 2024 FinSec Measures, firewalls have the extended meaning of data isolation. Institutions are expected to implement firewalls to prevent other organisations within their group (i.e., affiliates, parents, subsidiaries, etc.) from accessing Data (i) without the consent of the Data Subject or (ii) unless permitted by law (Article 29). Strictly speaking, this should not be viewed as controversial under pre-existing law, given that entities within a group would typically have independent legal existence and compliance obligations. However, the firewall requirement does appear to be somewhat novel because it seems to extend the Data rights of natural persons (i.e., consent to transfers of Personal Information under Article 23 of the PIPL) to legal persons. We understand that the consent of legal persons would typically be contained in contracts with Institutions. 

Technical Protections

The 2024 FinSec Measures require Institutions to implement cybersecurity measures tailored to a diverse range of environments (Article 39). Article 43 requires Institutions to control access to sensitive data, important data and core data (using rules and technology), and ensure Data use is necessary and secure. All processing, except for general Data Processing, must be logged. Logs must be kept for up to 3 years and audited at least every six months.

Secure storage and transmission are mandated (Article 45). In particular: “Personal identity authentication data shall not be stored, transmitted, or displayed in plaintext.” According to financial industry standard JR/T 0197-2020 issued by the PBoC, “personal identity authentication data” is defined as the information relied upon for personal identity authentication, the leakage of which can cause serious harm to the property safety of the Data Subject, including bank card magnetic stripe data, card verification codes, bank card passwords, payment passwords, account login passwords, etc.  

Personal Information Protection

Personal Information protection is a critical focus of the 2024 FinSec Measures. Institutions must obtain explicit and informed consent before processing Personal Information unless provided for by law (Article 54). They must adhere to the principle of necessity, collecting only the minimum information required to achieve the financial business processing purpose (Article 55). Excessive data collection is prohibited, and transparency is emphasised through rules (i.e., privacy policies) for informing individuals about their Data Processing (Article 56).

Risk Monitoring and Incident Response

Risk monitoring and incident response mechanisms are provided in the 2024 FinSec Measures. Data breaches must immediately be reported to the NFRA (Article 63). Article 69 elaborates on the reporting timescale by stating, among other things, that Institutions “shall report a Data Security incident to the NFRA or its local offices within two hours of its occurrence, and submit a formal written report within 24 hours after the incident.” It is unclear whether separate reports still need to be made to other authorities. However, it would be prudent to assume that such reports are still required.

Institutions must continuously monitor for threats, including unauthorised access or data breaches, and have systems and procedures in place to deal with such threats (Article 64).

Incidents are graded based on their severity, with clear guidelines for containment and remediation (Article 67).

In the event of a Data Security incident, Institutions are expected to have robust reporting and emergency response systems in place and take appropriate post-mortem activities (Article 68).

Institutions need to conduct Data Security risk assessments annually, while audit departments should conduct comprehensive Data Security audits at least every 3 years and conduct special audits after major Data Security incidents (Article 66). While the specific content of audits is not prescribed, it is possible at present to conduct Data Security audits based on various standards.

Where third-party Data Security audits occur, Institutions are barred from using products provided by those third-party auditors for an undefined time. This presumably prevents an auditor from having a conflict of interest.

Regulatory Oversight and Compliance

The NFRA supervises compliance with the 2024 FinSec Measures, conducts inspections, and enforces penalties for non-compliance (Article 70).

The NFRA is obliged to develop an important and core data catalogue (Article 71). It is unclear when this catalogue will be issued. However, if the NFRA takes the same approach as the CAC, then any data not listed in the catalogue will not be important or core data.

Regulatory Filing and Reporting Obligations

It is important to note the triggers for certain regulatory filing and reporting obligations and their timelines required by the 2024 FinSec Measures:

  • Security incidents: Institutions shall report a Data Security incident to the NFRA or its local offices within 2 hours of its occurrence and submit a formal written report within 24 hours after the incident. In the case of a particularly major Data Security incident, Institutions shall immediately take disposal measures, inform users as required, and report the incident to the NFRA or its local offices, as well as to the local public security authorities. Institutions shall report on the progress of the disposal every 2 hours until the disposal is completed. Upon having disposed of a Data Security incident, Institutions shall submit a report, including an assessment and summary of the disposal and related improvements, within 5 working days to the NFRA or its local offices (Article 69).
  • Transfers and outsourcing: Institutions shall report data sharing, outsourced processing, trading and data transfers involving batches of sensitive data, important data or core data to the NFRA or its local offices within 20 working days before the processing activity or execution of the contract unless otherwise provided by law (Article 73).
  • Annual report: Institutions shall submit a Data Security risk assessment report for the previous year to the NFRA or its local offices before 15 January each year. The annual report should describe Data Security governance, technical protection, Data Security risk monitoring and disposal measures, Data Security incidents and their disposal, outsourced and joint processing, outbound cross-border data transfers, Data Security assessments and reviews, and Data Security-related complaints and their handling, among other things (Article 74).

We note that the timelines associated with these reporting obligations could be challenging. To meet these requirements, Institutions are advised to prepare relevant policies and templates to support regulatory filings and promptly begin filing procedures once filings are triggered.  

Penalties

Under Article 77, and in line with the Banking Regulation Law and the Insurance Law,  the NFRA and its local offices may issue correction orders and impose fines of up to CNY500,000 for banks and CNY300,000 for insurers if they violate the 2024 FinSec Measures. In more severe cases, or if corrections are not promptly made, the institutions may face suspension or business license revocation. Directly responsible directors, executives, and other personnel can also be subject to disciplinary actions, fines, and disqualification from their roles for a period up to life.

It is worth noting that a violation of the 2024 FinSec Measures  may also be subject to penalties under the 2016 CSL, 2021 DSL or 2021 PIPL if said violation also violates those laws.

Implications for Financial Institutions

The 2024 FinSec Measures represent a significant step towards strengthening Data Security in the financial sector and developing a culture of security and compliance. Essentially, they require Institutions to establish and maintain a comprehensive and robust data governance, data security and data compliance framework. Institutions will need to invest in the mandated corporate governance, legal compliance activities, technology, training, and process optimisation to align with these regulations.

Fully complying with the 2024 FinSec Measures will also help financial institutions foster trust among customers and stakeholders, reduce operational risks associated with data breaches, and enhance competitive advantage in a data-driven economy.

A Note providing an overview of the legal framework governing AI ethics in China. The Note examines the role of governmental and non-governmental organisations, addresses key ethical issues such as privacy, transparency, bias, and accountability, and discusses China’s participation in global AI governance initiatives. It covers professional responsibility in AI development, AI-induced negligence, and challenges in the legal framework. The Note also suggests future directions for AI ethics in China, including the potential development of a comprehensive AI law and national standards.

By the mid-2010s, China (PRC) emerged as a global leader in AI research and development (R&D), with local tech companies investing heavily. Since 2023, China has witnessed an explosion in AI R&D, fuelled by significant investments from industry giants such as Alibaba, Baidu, ByteDance, and Tencent.

This growth is driven by significant government support, massive data pools, widespread adoption, and relatively high quantities of research papers and patents. These advancements occur amidst increasing global technological competition.

As AI becomes more integrated into daily life, concerns about privacy, security, employment, and social stability lead the Chinese government, academic institutions, and tech companies to consider ethical frameworks that guide AI development and use.

This Note provides an overview of the legal framework governing AI ethics in China, examines the role of governmental and non-governmental organisations, addresses key ethical issues such as privacy, transparency, bias, and accountability, and discusses China’s participation in global AI governance initiatives. It covers professional responsibility in AI development, AI-induced negligence, and challenges in the legal framework. The Note also suggests future directions for AI ethics in China, including the potential development of a comprehensive AI law and national standards.

Emergence of AI Ethics as a Concern

In the 2010s, as AI technologies became more integrated into daily life, concerns about their ethical implications emerged. The Chinese government, academic institutions, and tech companies recognised the need for frameworks to guide ethical AI development and use, addressing issues of privacy, security, employment, and social stability.

During this period, high-profile incidents involving the misuse of facial recognition technology, data privacy concerns, and targeted advertising abuse highlighted the potential risks of unchecked AI development.

The overall environment in China during the late 2010s likely contributed to widespread concerns about ethics in science and technology.

In July 2019, the government established the National Science and Technology Ethics Committee (国家科技伦理委员会) (National Ethics Committee) to promote the development of a more comprehensive, ordered and co-ordinated governance system for science and technology.

The National Ethics Committee set up a subcommittee for AI, formally incorporating AI into the national science and technology ethics regulatory system (see AI Subcommittee of the National Ethics Committee).

Measures for the Review of Science and Technology Ethics (Trial)

AI science and technology are developing faster than laws and regulations.

Against this background, the Ministry of Science and Technology (MOST) promulgated the Measures for the Review of Scientific and Technological Ethics (Trial) 2023 (2023 Ethics Measures) to ensure that entities fully assess the ethical implications of their AI scientific R&D activities, among other things.

Ethical Review Requirements

Under the 2023 Ethics Measures, entities conducting AI R&D in sensitive ethical areas must set up an ethics review committee (Article 4).

The measures propose that ethics review committees should adhere to the following guidelines:

  • Composition and appointment. Committees must consist of at least seven members appointed for terms of up to five years, with the possibility of re-appointment (Article 7).
  • Expertise requirements. Members should include peer experts with relevant scientific and technical backgrounds, as well as those in ethics, law, and other related fields (Article 7).
  • Diversity and inclusion. Committees should include members of different genders and individuals from outside the unit. It is essential to include members familiar with local conditions for ethnic autonomous areas. (Article 7.)
  • Integrity and co-operation. Members should have a good track record of integrity and co-operate with other tasks arranged by the committee (Article 8).

AI R&D should undergo an ethics risk assessment before initiation.

Ethics review committees should review AI R&D activities within the scope of the 2023 Ethics Measures. The scope includes:

  • Scientific and technological activities that do not directly involve humans or experimental animals but may pose ethical risks and challenges. For example, in areas such as life and health, the ecological environment, public order, and sustainable development.
  • Other scientific and technological activities that require ethics reviews in accordance with laws, regulations, and relevant national provisions.

(Articles 2 and 9.)

Expert Re-Evaluation

Certain AI R&D activities are subject to expert re-evaluation, which is a type of government ethics review. Activities include:

  • Research on synthesising new species that significantly impact human life and values, the ecological environment, and so on.
  • Research related to introducing human stem cells into animal embryos or foetuses, and their subsequent development into individuals in animal utero.
  • Fundamental research involving alterations to the genetic material or genetic patterns of human germ cells, fertilised eggs, and pre-implantation embryos.
  • Clinical research on invasive brain-computer interfaces for treating neurological and mental health disorders.
  • Developing human-machine fusion systems that strongly impact human subjective behaviour, psychological emotions, and overall well-being.
  • Developing algorithm models, applications, and systems that have the ability to mobilise public opinion, shape social awareness, or influence behaviour.
  • Developing highly autonomous decision-making systems for scenarios involving human safety and health risks.

(Article 25 and Appendix, 2023 Ethics Measures.)

Conducting an Ethics Review

An ethics review committee must check:

  • Whether the proposed AI R&D complies with scientific and technological ethics principles. The participating personnel, research infrastructure, and facility conditions must also meet relevant requirements.
  • Whether the AI R&D may generate new or useful information, have scientific or social value, improve human welfare, or realise sustainable social development. There should also be a reasonable risk-to-benefit ratio. Risk control and incident response plans should be scientific, appropriate and viable.
  • Whether AI R&D recruitment schemes involving human research participants are fair and reasonable, and personal privacy data, biometric and other sensitive information is processed following personal information (PI) protection laws. Informed consent processes must also be compliant and appropriate.
  • That reviews for scientific and technological activities involving data and algorithms:
    • cover data collection, storage, processing, and use activities;
    • cover the R&D of new data technologies;
    • comply with relevant national regulations on data security and PI protection; and
    • have reasonable data security risk monitoring, emergency response plans, ethical risk assessments, and user rights protection measures, as appropriate.
  • That conflict-of-interest statements and management plans are reasonable.

(Article 15, 2023 Ethics Measures.)

Ethical Compliance

Under the 2023 Ethics Measures, entities must:

  • Establish an ethics review committee.
  • Provide necessary staff, office space, and funding for performing ethics reviews.
  • Take measures to ensure that ethics review committees can independently conduct ethical review work.

(Article 4.)

Ethics review committees must:

  • Abide by China’s constitution, laws and regulations, and ethical norms of science and technology.
  • Develop and improve management systems and work standards.
  • Provide ethics consultations and guide personnel in conducting ethics risk assessments.
  • Conduct ethical reviews and track and supervise the entire process of AI R&D.
  • Determine whether AI R&D falls within the scope of key scrutiny.
  • Organise training for committee members and personnel.
  • Accept and assist in investigating complaints and reports.
  • Register, report, and co-operate with relevant departments for regulatory work.

(Articles 5 and 8.)

To ensure compliance with the 2023 Ethics Measures, entities should create and implement several internal policies, procedures, and guidelines.

Entities have a clear legal obligation to consider ethical issues. However, the legal framework for ethics in AI can be considered vague and fragmented.

This could result in:

  • Ethics committees facing difficulties when making decisions.
  • Different ethics committees and regulators reaching inconsistent conclusions on ethical issues.

National Policies Addressing AI Ethics

This section covers the key policies, opinions, and guidelines governing the AI ethical landscape in China.

Due to significant overlaps, some principles within the mentioned documents are not addressed. However, novel or interesting concepts are discussed.

2017 AI Plan

The release of the Next Generation Artificial Intelligence Development Plan 2017 (2017 AI Plan) by the State Council was a seminal moment for AI in China.

The 2017 AI Plan:

  • Sets ambitious goals for China to become the world leader in AI by 2030.
  • States the need for ethical standards in AI development and calls for integrating ethical considerations into AI research, development, and deployment.
  • Emphasises the importance of formulating laws, regulations, and ethical norms to promote the development of AI.

It sets out specific requirements, including:

  • Strengthening research on legal, ethical, and social issues related to AI.
  • Establishing a legal and ethical framework to ensure the healthy development of AI.
  • Accelerating the research and formulation of relevant safety management regulations in areas such as autonomous driving and service robots.

The 2017 AI Plan calls for research on:

  • Legal issues related to civil and criminal liability confirmation.
  • Privacy and property protection.
  • Information security in AI applications.

It also emphasises the need to establish a system of accountability and clarity on legal subjects, rights, obligations, and responsibilities concerning AI.

Additionally, the 2017 AI Plan calls for:

  • Developing ethical norms and a code of conduct for AI R&D personnel.
  • Enhancing the assessment of potential AI benefits and risks.
  • Establishing solutions for emergencies in complex AI scenarios.

It advocates for active participation in global AI governance and research on major international AI issues (such as robot alienation and safety supervision). It also encourages international co-operation in AI laws, regulations, and international rules to collectively address global challenges.

2019 Beijing AI Principles

In 2019, a group of Chinese academic institutions led by the Beijing Academy of Artificial Intelligence released the Beijing AI Principles 2019 (2019 BJ Principles).

These principles provided one of the first comprehensive ethical frameworks for AI in China, addressing fairness, transparency, privacy, and security issues.

The 2019 BJ Principles were significant because they reflected a growing awareness within China’s AI community of aligning AI development with ethical norms.

2019 AI Principles

The Chinese government issued the Next Generation AI Governance Principle 2019 (2019 AI Principles) shortly after the 2019 BJ Principles.

The 2019 AI Principles aim to guide AI governance in China. They comprise eight main principles:

  • Harmony and friendliness.
  • Fairness and justice.
  • Inclusivity and sharing.
  • Respect for privacy.
  • Safety and controllability.
  • Shared responsibility.
  • Open collaboration.
  • Agile governance.

The 2019 AI Principles incorporate directives on respecting privacy, ensuring security, and promoting transparency and accountability in AI systems. These principles also emphasise the importance of international co-operation in AI ethics.

2020 Education Opinions

To implement the 2017 AI Plan, several government departments issued the Several Opinions on the Construction of Double First-Class Universities to Promote the Integration of Disciplines and Accelerate the Cultivation of Postgraduates in the Field of AI 2020 (2020 Education Opinions).

This move represents a form of governmental intervention in the higher education system aimed at accelerating AI development.

The 2020 Education Opinions mandate:

  • Strengthening AI research ethics education (Chapter 2, Article 3).
  • Promoting relevant international standards and ethical norms (Chapter 4, Article 11).
  • Cultivating talent prepared for global AI governance (Chapter 4, Article 11).

2021 AI Code of Ethics

The National Next Generation Artificial Intelligence Governance Expert Committee (国家新一代人工智能治理专业委员会) (AI Expert Committee), established under MOST in 2019, issued the Ethical Norms for Next Generation Artificial Intelligence 2021 (2021 AI Code of Ethics).

The code is non-binding but influential. It encourages entities to adopt ethical considerations throughout the entire AI life cycle, in order to:

  • Promote fairness, justice, harmony and safety.
  • Prevent issues such as prejudice, discrimination, and privacy and data leaks.

(Article 1.)

The 2021 AI Code of Ethics emphasises the following key principles:

  • Enhancing human well-being.
  • Promoting fairness and justice.
  • Protecting privacy and safety.
  • Ensuring controllability and reliability.
  • Enhancing accountability.
  • Improving ethical literacy.

(Article 3.)

The code also provides guidelines for management, R&D, supply, and usage practices.

Overall, it encourages the responsible development of AI technologies, stresses the need to protect individual rights, and promotes fairness. It is considered a step towards safely integrating AI into society.

2022 Judicial Opinions

China began using and testing AI within its judicial system in the late 2010s.

The Opinions of the Supreme People’s Court on Regulating and Strengthening the Judicial Application of AI 2022 (2022 Judicial Opinions) provide guidance for regulating and strengthening the application of AI in the judicial field.

It espouses the basic principles of:

  • Safety and legality. This principle contains an interesting concept to “promote harmony and friendship between man and machine.” This is uncommon in many ethical frameworks relating to AI, and though not explicitly stated, “friendship” could suggest the recognition of AI having some degree of personhood.
  • Fairness and justice. This requires ensuring that AI products and services are free from discrimination and prejudice. Technological interventions, including model or data deviations, should not compromise the fairness of trial processes and outcomes.
  • Auxiliary adjudication. The explanation of this principle clearly states that AI should be used to support judges, not replace them.
  • Transparency and trustworthiness. This requires that every aspect of AI systems is interpretable, testable, and verifiable.
  • Public order and good customs. This refers to integrating core socialist values (CSVs) into the entire process of judicial AI technology.

2022 CPC Opinions

On 20 March 2022, the General Office of the Communist Party of China Central Committee and the State Council jointly issued the Opinions on Strengthening the Governance of Science and Technology Ethics 2022 (2022 CPC Opinions).

The 2022 CPC Opinions outline the values and behavioural norms that scientific research, technological development, and other similar activities should follow.

Opinion 2 sets out the following ethical principles:

  • Improve human well-being.
  • Respect for the right to life. (While this principle does not prohibit animal experimentation, such practices must be reduced, replaced and optimised where possible.)
  • Adhere to fairness and justice.
  • Take reasonable control of risks.
  • Be open and transparent.

Opinion 4 elaborates further on ethical considerations:

  • Item 2 proposes the exploration of ethical certification measures.
  • Item 3 recommends strengthening ethics laws pertaining to AI and elevating crucial ethical norms to the status of law.

2023 Research Guidelines

In December 2023, the Department of Supervision of MOST issued the Guidelines on Code of Conduct for Responsible Research 2023 (2023 Research Guidelines). The guidelines set out scientific ethics and academic research norms that should generally be followed during scientific research.

While the 2023 Research Guidelines are not AI-focused, they provide that:

  • Generative AI (GenAI) may not be listed as a co-author (Section 4.7).
  • GenAI must not be directly used to generate scientific research project application materials (Section 1.1(2)).
  • Content marked as AI-generated by other authors should not generally be cited as original literature. Where it does need to be cited, an explanation should be provided. (Section 3.4).)
  • Peer reviewers should be careful when using AI during the review process (Section 5.3(6)). The consent of the review activity organiser should be obtained in advance (Section 6.1(7)).
  • Authors should disclose whether they use GenAI (Section 5.3(3)).

Standardised Guidelines for Ethical Governance of AI 2023

The Standardised Guidelines for Ethical Governance of AI 2023 was prepared to implement the 2022 CPC Opinions.

It derives the following ten ethical guidelines for AI from the principles stated in the 2022 CPC Opinions:

Ethic Principles in the 2022 CPC OpinionsEthical Guidelines for AI
Improving human well-beingHuman-oriented
Sustainability
Respect for the right to lifeCollaboration
Privacy
Adhere to fairness and justiceFairness
Sharing
Reasonable control of risksSecurity
Safety
Be open and transparentTransparency
Accountability

Legal Framework for AI Ethics in China

The Chinese legal framework governing AI ethics is contained in a patchwork of laws and regulations, including:

The Chinese government indicates that it is in the process of drafting a general AI law (see Legal Update, State Council Releases 2024 Legislative Plan). It is unclear when this law will be finalised.

2016 CSL

The 2016 CSL applies to:

  • The construction, operation, maintenance, and use of networks.
  • The supervision and administration of cybersecurity by network operators (who are defined as network owners, administrators, and network service providers).

Due to the nature of AI, businesses operating in the AI sector often fall within the definition of network operators.

The 2016 CSL requires network operators to:

  • Abide by laws and administrative regulations.
  • Show respect for social moralities.
  • Follow business ethics.
  • Act in good faith.
  • Perform the obligation of cybersecurity protection.
  • Accept supervision by the government and social public.
  • Undertake social responsibilities.

(Article 9.)

Some concepts within Article 9 can be the subject of dispute. For instance:

  • Business ethics are a recurring topic in unfair competition litigation.
  • Good faith can be an issue in contract disputes.

2021 DSL

The 2021 DSL applies to data handling activities carried out in China and the security of such activities (Article 2).

Given the broad definition of data, the 2021 DSL applies to virtually all business entities in China. Due to its comprehensive scope and the nature of AI, it seems that all businesses in the AI sector are subject to the 2021 DSL.

The 2021 DSL provides that during data handling activities, entities must (among other things):

  • Observe laws and administrative regulations.
  • Respect social public morals and ethics.
  • Follow commercial and professional ethics.
  • Uphold sincerity and trustworthiness.
  • Fulfil data security protection obligations.
  • Undertake social responsibilities.

(Article 8.)

While the requirements of the 2021 DSL are similar to those of the 2016 CSL, the ethical requirements in the 2021 DSL appear to be slightly wider in scope. However, the extent of this expansion remains unclear.

2021 PIPL

The 2021 PIPL applies to:

  • PI processing activities in China.
  • Certain PI processing activities targeting individuals in China.

While the 2021 PIPL does not explicitly mention ethics or morals, it incorporates several high-level principles that can be interpreted as ethical guidelines.

For instance, Article 5 provides that PI should be processed in accordance with the principles of lawfulness, legitimacy, necessity and good faith, and not in any manner that is misleading, fraudulent, or coercive.

Article 24 contains specific obligations applicable to AI ethics. It states that:

  • Where PI processors use automated decision-making to process PI, they must:
    • ensure transparency in the decision-making process;
    • ensure fairness and impartiality of the results; and
    • avoid implementing unreasonable differential treatment of individuals regarding transaction prices or other terms.
  • Where automated decision-making is used in business marketing or information push services, individuals must be provided with:
    • an option to opt out of targeting based on their personal characteristics; or
    • an easily accessible method to refuse such information.
  • If an automated decision significantly impacts an individual’s rights and interests, the individual has the right to:
    • request an explanation from the PI processor; and
    • refuse decisions made solely through automated processes.

Though not explicitly stated, Article 24 suggests the ethical principles of transparency, fairness, impartiality, non-discrimination, and autonomy when using AI to process PI.

2019 AUCL

The 2019 AUCL was enacted to promote the healthy development of the socialist market economy.

It aims to:

  • Encourage and protect fair competition.
  • Prevent acts of unfair competition.
  • Safeguard the legitimate rights and interests of business operators and consumers.

(Article 1.)

When carrying out production or business activities, a business operator must:

  • Follow the principles of voluntariness, equality, fairness, and good faith.
  • Abide by laws and observe business ethics.

(Article 2.)

In the context of AI training, the following actions are generally considered to violate the aforementioned principles:

  • Ignoring a website’s Robots.txt file or user agreements.
  • Overusing or misusing scraped data.
  • Disrupting or hindering the normal operation of legitimate online services or products.

In practice, the concept of business ethics became a point of discussion under the 2019 AUCL and its 2017 and 1993 predecessors in several litigations involving data and algorithms. Notably, several cases highlighted this concept, as illustrated below.

Yi Zhong Min Chu

In Yi Zhong Min Chu [2013] No. 2668, Company A accused Company B of violating the Robots protocol on Company A’s website by crawling and providing content from Company A’s website as search results to users.

One of the key disputes between the two parties was whether B’s non-compliance with the Robots protocol constituted a violation of business ethics.

Before this case, 12 search engine service companies in Beijing, through the China Internet Association, jointly established the Internet Search Engine Service Self-Discipline Convention 2012.

The convention explicitly stipulates the following provisions, which were adopted by the Beijing First Intermediate People’s Court:

  • Restrictions on search engine crawling should be based on industry-recognised reasonable justifications.
  • Robot protocols should not be used for unfair competition.

(Article 8.)

The court recognised this convention as an industry consensus among leading search engine companies, which are highly representative and dominate much of the market. This reflects the industry’s recognised business ethics and standards of behaviour.

However, the court also opined that the healthy development of the market requires an orderly market environment and fair market competition rules as safeguards.

The court further observed that Company B, in launching its search engine services, published the content and setting methods of the Robots protocol on its website. This action, the court reasoned, indicates that the entire internet industry, including Company B, recognises and complies with the Robots protocol.

Consequently, the court held that the Robots protocol should be recognised as:

  • A prevailing rule in the industry.
  • The business ethics that should be followed in the search engine industry.

Shanghai 73 Min Zhong

In Shanghai 73 Min Zhong [2016] No. 242, the court ruled against the defendant, a website operator, who had used a significant amount of information from the plaintiff’s platform without permission in a violation of recognised business ethics.

This unauthorised use substantially replaced the plaintiff’s products and services, causing harm to their interests.

The court further held that:

  • When assessing the business ethics of commercial transactions, it is essential to consider the interests of operators, consumers, and the public comprehensively.
  • Unfairness can be directed at actions that improperly infringe on consumer interests or harm public interests, as well as competitors, which may also be considered unfair.
  • In determining unfair competition in specific cases, judgments must be based on the standards of honesty and creditworthiness, considering the impact of the behaviours on competitors, consumers, and the public.

2021 Recommendation Algorithm Regulations

The 2021 Recommendation Algorithm Regulations were enacted to:

  • Regulate recommendation algorithm activities in internet-based information services.
  • Promote CSVs.
  • Safeguard national security and public interests.
  • Protect the legitimate rights and interests of citizens, legal persons, and other organisations.
  • Promote the sound and orderly development of internet-based information services.

(Article 1.)

Recommendation algorithm-based service providers should:

  • Abide by laws and regulations.
  • Respect social morality and ethics.
  • Observe commercial and professional ethics.
  • Follow the principles of being fair and equitable, open and transparent, scientific and reasonable, and act in good faith.
  • Conduct science and technology reviews.
  • Not set up algorithm models that:
    • promote user addiction;
    • encourage excessive consumption; or
    • violate laws, regulations, ethics, or morals.

(Articles 4, 7 and 8.)

2021 Science Law

In January 2022, the 2021 Science Law came into effect. It strengthens the ethical framework for science and technology, including AI, by enhancing ethics review, assessment, and supervision systems.

The 2021 Science Law contains the following key ethical provisions:

  • Science and technology personnel must adhere to academic norms and ethical codes, maintain professional integrity, and act in good faith. Fraud and support for superstition are strictly prohibited. (Article 67.)
  • China enhances intellectual property (IP) rights protection, ethics in science and technology, and security review mechanisms in international scientific research co-operation (Article 82).
  • China improves research integrity, supervision systems, and governance structures for science and technology ethics (Article 98).
  • A committee on science and technology ethics is established to enhance institutional norms, ethics education, and research. Entities involved in science and technology must take primary responsibility for conducting ethics reviews. (Article 103.)
  • R&D activities that harm national security, public interests or human health, or violate research integrity and ethical standards are prohibited. Serious violations must be recorded in a database of dishonest conduct. (Article 107.)
  • Anyone violating the 2021 Science Law, including its ethical guidelines, must make corrections. Authorities may withdraw funding and confiscate illegal gains. In serious cases, they may publicly disclose violations, impose penalties, and ban individuals from participating in funded or licensed activities for a period. (Article 112.)

2019 Network Content Provisions

The 2019 Network Content Provisions stipulate information content requirements in cyberspace based on CSVs.

Online content producers should avoid creating, reproducing, and disseminating:

  • Eleven types of illegal information.
  • Nine types of harmful information.

(Articles 6-7.)

2023 GenAI Measures

Under Article 4 of the 2023 GenAI Measures, the provision and use of GenAI services must adhere to all applicable laws, regulations, social morals, and ethical standards.

This includes compliance with the following requirements:

  • Adherence to CSVs, prohibiting the generation of content that:
    • incites subversion of state power;
    • overturns the socialist system;
    • harms national security and interests;
    • damages the national image;
    • incites separatism;
    • undermines national unity and social stability;
    • promotes terrorism, extremism, ethnic hatred, national discrimination, violence, or obscenity; and
    • spreads false or harmful information prohibited by laws and regulations.
  • Taking effective measures during algorithm design, training data selection, model generation and optimisation, and service provision to prevent discrimination based on nationality, beliefs, country of origin, region, gender, age, occupation, health, and other factors.
  • Respecting IP rights, business ethics, and preserving trade secrets.
  • Refraining from using advantages in algorithms, data, and platforms to engage in monopolistic and unfair competition practices.
  • Respecting the legitimate rights and interests of others, refraining from harming the physical and mental health of others, and avoiding violations of others’ rights to image, reputation, honour, privacy, and PI.
  • Implementing effective measures based on the service type characteristics to enhance the transparency of GenAI services and improve the accuracy and reliability of generated content.

Selected National Standards and Guidelines

China has a growing list of national standards that provide practical guidance on regulatory compliance issues and best practices concerning AI development, deployment, and use.

Some of these national standards provide guidance on ethical issues and include:

2021 AI Ethics Risk Prevention Guidelines

In January 2021, TC260 released the 2021 AI Ethics Risk Prevention Guidelines, providing guidance on:

  • The ethical use of AI.
  • The prevention of security risks associated with AI.

The guidelines require that an ethical safety risk analysis is done before AI-related activities are begun. The analysis must address five risk categories:

  • Uncontrollability risk. AI behaviour and impact exceed the predetermined, understood, and controllable scope.
  • Sociability risk. AI is unreasonably used, including abuse and misuse.
  • Infringement risk. AI infringes on basic human rights, including personal, privacy, and property rights.
  • Discrimination risk. AI influences fairness and justice with subjective or objective biases towards specific human groups.
  • Responsibility risk. Inappropriate behaviour of various parties related to AI, with unclear responsibilities.

2024 Basic GenAI Requirements

Appendix A to the 2024 Basic GenAI Requirements lists 31 safety risks. Under these requirements, the concept of safety should be construed broadly from the perspective of multiple stakeholders.

Appendix A is structured into the following sections:

  • A.1: Content in contravention of the CSVs.
  • A.2: Discriminatory content.
  • A.3: Commercial violations.
  • A.4: Infringement of the legitimate rights and interests of others.
  • A.5: Non-compliance with safety requirements of specific service types.

While many provisions in Appendix A could be characterised as ethical issues, the term ethics is only used in the phrase “violation of business ethics” (for more information, see 2019 AUCL).

2024 AI Framework

In September 2024, TC260 released the AI Safety Governance Framework 2024 (2024 AI Framework).

The framework outlines seven types of AI safety risks. This includes three ethical risks:

  • Exacerbation of social discrimination and widening of the intelligence divide. AI can collect and analyse human behaviours, social and economic status, and individual personalities. This data could be used to label and categorise groups of people and lead to:
    • systematic and structural social discrimination;
    • increased prejudice; and
    • widening intelligence divides among groups and regions.
  • Challenges to the traditional social order. AI development and application may significantly change production tools and relations. This could:
    • accelerate the reconstruction of traditional industry modes;
    • transform traditional views on employment, fertility, and education; and
    • challenge the stability of traditional social orders.
  • Becoming uncontrollable. The fast development of AI technologies means there is a risk of AI:
    • acquiring external resources;
    • self-replicating;
    • becoming self-aware;
    • seeking external power; and
    • attempting to seize control from humans.

To address these risks, the 2024 AI Framework proposes two response measures:

  • Filtering training data. Outputs should be verified during algorithm design, model training and optimisation, service provision, and other processes to prevent discrimination based on ethnicity, beliefs, nationality, region, gender, age, occupation, and health factors.
  • Ensuring AI safety. AI systems applied in key sectors (such as government departments, critical information infrastructure, and areas directly affecting public safety) should be equipped with highly efficient emergency management and control measures.

Role of Governmental and Non-Governmental Organisations

Chinese Association for Artificial Intelligence (CAAI)

The Chinese Association for Artificial Intelligence (CAAI), founded in 1981, is the only national-level academic association in intelligence science and technology officially authorised by China’s Ministry of Civil Affairs.

Article 3 of the CAAI Charter 2014 aims to promote AI science and technology development by adhering to China’s constitution, laws, regulations, state policies, social morals and customs.

The CAAI has an AI Ethics and Governance Working Committee.

Cyberspace Administration of China (CAC)

The Cyberspace Administration of China (CAC) is the central regulatory body overseeing internet policies, cybersecurity, PI protection, and data security in China.

The CAC plays a critical role in shaping China’s digital landscape, including its approach to AI. It has issued several regulations governing AI development, deployment, and use in China.

AI and algorithmic services related to public opinion or social mobilisation must be filed with the CAC (Article 17, 2023 GenAI Measures; Article 23, Provisions on Administration of Algorithmic Recommendation in the Internet Information Service 2021; Article 19, Administrative Provisions on Deep Synthesis in Internet-based Information Services 2022 (2022 Deep Synthesis Provisions, with effect from 10 January 2023)).

National Data Administration

In 2023, the National Data Administration was established to advance:

  • The planning and building of a digital China.
  • A digital economy.
  • A digital society.

Though its remit appears relevant to AI, it has yet to impact AI ethics.

Chinese Academy of Social Sciences (CASS)

The Chinese Academy of Social Sciences (CASS) is China’s premier academic organisation and comprehensive research centre for philosophy and social sciences.

It organises symposiums on AI and AI ethics, and its researchers regularly publish articles on AI.

AI Subcommittee of the National Ethics Committee

In July 2019, China established the National Ethics Committee and set up a subcommittee for AI.

According to the Party and State Institutional Reform Plan 2023, the role of the National Ethics Committee will transition from a co-ordinating body under the State Council to an academic and professional expert committee within MOST.

The AI subcommittee is responsible for:

  • Drafting guiding documents.
  • Organising academic seminars.
  • Facilitating in-depth discussions and exchanges among domestic and international experts and entrepreneurs.

On 2 February 2024, the AI subcommittee released the Ethical Guidelines for Brain-Computer Interface Research.

AI Expert Committee

In 2019, MOST established the AI Expert Committee to advance the development plan proposed in the 2017 AI Plan. The committee comprises experts and scholars from academic institutions, research units, and technology enterprises.

The AI Expert Committee released important guiding documents that expand upon China’s AI governance framework and action guidelines. These include:

AI Ethical Issues Under Chinese Law

Personal Freedom and Human Dignity

The Civil Code of the PRC 2020 (2020 Civil Code, with effect from 1 January 2021) protects natural persons’ personal freedom and human dignity (Article 109).

Many ethicists would refer to these as intrinsic rights. Many ethical and legal frameworks contain instrumental rights to support intrinsic rights.

Privacy and PI Protection

Privacy

Privacy can be regarded as an instrumental right that contributes to personal freedom and human dignity. This is because the act of monitoring an individual can impact how they exercise their personal freedom. The 2020 Civil Code recognises this phenomenon (Article 990(2)).

The 2020 Civil Code grants privacy rights (Articles 110 and 990). Article 1032 of the code provides:

“A natural person enjoys the right to privacy. No organisation or individual may infringe upon the other’s right to privacy by prying into, intruding upon, disclosing, or publicising another’s private matters.”

PI Protection

The 2021 PIPL contains generic provisions to protect the PI of individuals (and, by extension, their privacy). It also contains provisions concerning the processing of PI through automated decision-making (Article 24) (see 2021 PIPL).

GenAI

The 2023 GenAI Measures require that the provision and use of GenAI services must not infringe on personal privacy, as well as PI rights and interests (Article 4(4)).

Moreover, relevant agencies and personnel involved in the safety assessment and supervision of GenAI services must keep personal privacy and PI confidential (Article 19).

Transparency and Explainability

Transparency and explainability are concepts that appear in multiple legal sources and ethical frameworks for AI, including:

  • The 2023 Ethics Measures.
  • The 2024 Basic GenAI Requirements.
  • The 2023 Ethics Measures.
  • The 2019 BJ Principles.
  • The 2019 AI Principles.
  • The 2022 Judicial Opinions.
  • The 2021 PIPL.

They are perhaps most relevant where AI is employed to make decisions that have a material impact on an individual’s rights and interests.

Under the 2021 PIPL, individuals have the right to demand an explanation of how AI-driven decisions are reached (Article 24). However, the required level of detail for such explanations remains unclear.

GenAI services should be transparent under the 2023 GenAI Measures (Article 4(5)).

The 2024 Basic GenAI Requirements set out the following requirements for transparency:

  • Service providers should publicly disclose the target audience, scenarios, and purposes of the services on the homepage and other prominent locations. They should also disclose the usage of basic models.
  • Users should be provided with the following information in easily accessible locations (such as the homepage and service agreements):
    • service limitations;
    • brief information about the models, algorithms, and other relevant matters; and
    • the PI collected and its purpose concerning the service.
  • The above information should be disclosed in supporting documents where the GenAI service is provided through a programmable interface.

(Article 7(b).)

The People’s Bank of China also issued an industry standard that instructs financial institutions on how to disclose AI algorithm use to users (see Guidance on Information Disclosure for Financial Applications Based on AI Algorithms (JR/T 0287-2023)). The standard also provides examples of disclosures in its appendix.

Bias and Fairness

Under Chinese law, the terms bias and fairness have ambiguous meanings and are often treated similarly. Certain forms of bias and unfairness may be legally permissible, while others are not.

The law generally prohibits biased and unfair conduct in specific situations, particularly those involving deliberate or accidental actions related to protected characteristics.

Bias and unfairness may arise where a proxy value closely related to a protected characteristic affects the decisions of a decision-maker. For example:

  • Gender discrimination. Gender-based discrimination is often intertwined with factors predominantly associated with one gender, such as taking maternity leave. Consequently, penalising an individual for taking maternity leave may constitute gender discrimination.
  • Other forms of discrimination. Certain discriminatory practices may be less obvious. In China, some online platforms display different prices or offer varying discounts based on user characteristics and profiles. For example, a platform may show higher prices to Apple phone users than Android users. These characteristics could serve as proxy values for age, region, and so on.

The debate continues over whether these practices are legitimate business strategies, or unethical and potentially fraudulent behaviour.

Under the 2024 Basic GenAI Requirements and 2023 GenAI Measures, prohibited forms of bias and unfairness include:

  • Ethnic discrimination.
  • Discrimination based on beliefs.
  • Nationality-based discrimination.
  • Discrimination based on regional origin.
  • Gender discrimination.
  • Age discrimination.
  • Occupation-based discrimination.
  • Health-based discrimination.
  • Monopolistic behaviour or unfair competition.

Accountability

AI systems are tools created and provided by persons (natural and legal) that produce outputs at the behest of persons.

The many different individuals that might be involved in the creation, provision, and use of an AI system include:

  • Researchers.
  • Developers.
  • Ethics boards.
  • Regulators.
  • Vendors and suppliers.
  • Users.

It is widely recognised that AI system outputs can materially and negatively impact the rights and interests of an individual. Therefore, it seems appropriate to make at least one person accountable for the consequences of AI outputs. However, it can be difficult to say who should be accountable to individuals harmed by AI where numerous stakeholders are involved in creating, providing, and using an AI system.

Given the accountability problems associated with AI, the following rules assign obligations and liability to specific individuals:

  • A PI processor must explain automated decisions reached by processing PI to PI subjects whose rights and interests are significantly affected upon request. Individuals have the right to reject such decisions (Article 24, 2021 PIPL).
  • Service providers must ensure PI is processed in accordance with laws and regulations (Article 51, 2021 PIPL; Articles 7 and 11, 2023 GenAI Measures).
  • No person may use deep synthesis technology to infringe the rights of another person (Article 6, 2022 Deep Synthesis Provisions).
  • Certain AI service providers are responsible for the information security of their AI systems (Article 7, 2022 Deep Synthesis Provisions; Article 9, 2023 GenAI Measures).
  • Certain AI service providers are responsible for the outputs of the systems they provide (Articles 8-11, 2022 Deep Synthesis Provisions; Article 9, 2023 GenAI Measures).
  • Certain AI service providers must employ effective measures to protect minors from overreliance or addiction to AI (Article 10, 2023 GenAI Measures).
  • Business operators are prohibited from using AI to engage in monopolistic practices or abuse their dominant status (Articles 9 and 22, 2022 AML).
  • Road and demonstration test applicants should follow rules and be accountable for accidents involving smart, connected vehicles (Article 6, Administrative Rules on Intelligent and Connected Vehicle Road Testing and Demonstration Application (Trial) 2021).
  • AI medical device registrants should assume responsibility for the safety and effectiveness of medical devices throughout their development, production, operation, and use in accordance with the law (Article 13, Regulations on Supervision and Administration of Medical Devices 2021).

Censorship and AI

China operates an extensive censorship system that covers internet content, among other forms of media. China requires the censorship of both AI training data and AI outputs. Such training data and outputs are typically scraped from and provided online.

The 2019 Network Content Provisions stipulate that producers of online content are prohibited from creating, duplicating, or disseminating information that:

  • Contradicts the foundational principles outlined in China’s constitution.
  • Risks national security, reveals state secrets, attempts to subvert state authority, or disrupts national unity.
  • Harms the dignity or interests of the nation.
  • Distorts, defames, or dishonours the legacy and spirit of heroic martyrs, or disrespects the martyrs by insulting, defaming, or otherwise infringing upon their names, images, reputation, or honour.
  • Promotes terrorism or extremism or incites engagement in terrorist or extremist activities.
  • Instigates ethnic hatred or discrimination or threatens national solidarity.
  • Undermines the state’s religious policies or disseminates heresy and superstitious beliefs.
  • Disseminates false information or disrupts the economic and social order.
  • Spreads content that is obscene, pornographic, gambling-related, or violent, promotes murder and terror, or aids in criminal activities.
  • Insults or defames individuals, violating their reputation, privacy, or other legal rights and interests.
  • Includes any other content that is forbidden by laws and administrative regulations.

(Article 6.)

Online content producers must also avoid creating, reproducing, or spreading information that:

  • Employs sensationalist headlines that significantly misrepresent the content.
  • Sensationalises gossip, scandals, and misconduct.
  • Inappropriately comments on natural disasters, major accidents, and other catastrophes.
  • Contains sexual innuendo or provocation that could lead to sexual associations.
  • Displays graphic violence, horror, or cruelty that may cause distress.
  • Incites discrimination against groups or regions.
  • Promotes vulgar, obscene, or tasteless content.
  • May lead minors to imitate dangerous behaviours, violate social ethics, or develop poor habits.
  • Otherwise negatively impacts the health of the online environment.

(Article 7.)

Appendix A of the 2024 Basic GenAI Requirements lists several types of security risks. These risks can be considered derivatives of Articles 6 and 7 of the 2019 Network Content Provisions.

Responsibility and Negligence in AI

Professional Responsibility in AI Development

Individuals involved in AI development can be considered scientific and technological personnel.

The 2021 Science Law states that scientific and technological personnel should:

  • Be patriotic, innovative, truth-seeking, dedicated, and collaborative.
  • Ahere to the spirit of craftsmanship.
  • Observe academic and ethical norms in all kinds of scientific and technological activities.
  • Abide by professional ethics, and be honest and trustworthy.
  • Refrain from fraudulent practices in scientific and technological activities.
  • Avoid participating in or supporting superstition.

(Article 67.)

Legal Framework Governing Negligence

China has not yet established clear rules regarding liability for the actions of AI.

In SCLA v AI Company [2024] Guangzhou Internet Court (Yue 0192 Min Chu No.113), the court provided valuable guidance for determining the liability of AI and related service providers.

The court:

  • Held that the AI service provider failed to implement appropriate technical preventive measures. This allowed users to generate images containing elements of other copyright holders, which constituted IP infringement.
  • Assessed the need for compensation and found the AI service provider liable due to:
    • the absence of a complaint reporting mechanism;
    • a failure to alert users to potential risks; and
    • AI-generated images not being clearly identified.
  • Determined that the provider did not fulfill its duty of care and exhibited subjective fault.

Consequently, the AI service provider was ordered to pay RMB10,000 in compensation to the plaintiff.

For more information, see Practice Note, AI-Generated Content and Copyright (China): SCLA v AI Company.

AI in Other Professions: Law and Accounting

Law

Under the Law of the PRC on Lawyers 2017 (2017 Lawyers Law), the law firm employing a lawyer is liable for the lawyer’s wrongdoing where a party suffers losses. The law firm may seek recourse against the lawyer if the lawyer acted intentionally or with gross negligence (Article 54).

There are no exemptions or safe harbours covering the use of AI under the 2017 Lawyers Law. As such, lawyers should:

  • Ensure the quality of all work they produce.
  • Clearly explain any limitations or constraints on their work.
  • Provide disclaimers as appropriate.

Accounting

Under the Accounting Law of the PRC 2024 (2024 Accounting Law), the person in charge of an entity:

  • Is responsible for the authenticity and completeness of the accounting practice and the accounting documents of the entity (Article 4).
  • Should ensure the truthfulness and completeness of financial and accounting reports (Article 21).

There are no exemptions or safe harbours covering the use of AI under the 2024 Accounting Law.

Under the Specification for Accounting Informatisation 2024 (with effect from 1 January 2025), entities must stipulate the following in procurement contracts for accounting information services:

  • Service content.
  • Service quality.
  • Service duration.
  • Data security.
  • Other rights and responsibilities.

(Article 15.)

Entities conducting accounting informatisation involving AI should comply with relevant laws and regulations and respect social morals, ethics, and morality (Article 44).

Accounting software is regulated under the Specification for Basic Functions and Services of Accounting Software 2024 (with effect from 1 January 2025).

According to Article 42, where accounting software service providers are responsible for user accounting data being leaked or damaged, they must be responsible for restoration and compensation as stipulated.

However, the other liability of accounting software providers to users for AI-related issues is still unclear. As such, liabilities between parties will typically be determined by contract.

Preventative Measures and Best Practices

Methods for preventing or mitigating AI-induced negligence include:

  • Ensuring a qualified human is the ultimate decision-maker.
  • Providing qualified human decision-makers with adequate resources to manually fulfil their role.
  • Conducting a thorough risk assessment as a part of procurement activities.
  • Using well-drafted contracts to allocate liability and clearly define service standards.

Global Co-operation on AI Ethics

Global AI Governance Initiative

In October 2023, China proposed the Global AI Governance Initiative.

The initiative states that the development of AI should prioritise the well-being of humanity, ensure social security, respect human rights, and support sustainable development.

It also promotes:

  • The principles of fairness and non-discrimination in data acquisition, algorithm design, technology development, product development, and application.
  • An ethics-first approach, emphasising AI ethics guidelines, norms, and accountability mechanisms, supported by review systems.
  • The principles of broad participation, consensus, and incremental development.

Bletchley Declaration

On 1 November 2023, the Bletchley Declaration was published. China is a signatory of the declaration, along with 28 countries and the EU.

Ethical principles covered in the Bletchley Declaration include human rights, transparency, explainability, accountability, fairness, regulation, safety, human oversight, ethics, bias mitigation, privacy, and data protection.

The Bletchley Declaration emphasises focusing on risk identification and creating policies based on these identified risks.

For more information, see Practice Note, Key AI Regulatory Considerations in China: Bletchley Declaration.

Enhancing International Co-operation on AI Capacity-Building

On 1 July 2024, the United Nations General Assembly adopted a consensus resolution proposed by China and co-sponsored by over 140 countries (see UNGA: UNGA Adopts China-Proposed Resolution to Enhance International Cooperation on AI Capacity-Building).

Framework Convention on AI

The Council of Europe’s Framework Convention on Artificial Intelligence is an international treaty legally binding its signatories (see Council of Europe: The Framework Convention on Artificial Intelligence).

It is monitored through a Conference of the Parties to ensure signatories’ adherence. China is not a signatory. However, given that several major economies are signatories, it will likely have some indirect impact in China.

AI Ethics Challenges

Gaps in the Current Legal Framework

In China’s current legal framework, there are several unclear issues, including:

  • Unclear ethical obligations. Terms such as bias and discrimination are not clearly defined, which leads to uncertainty in their interpretation and application.
  • Absence of a GenAI Law. There is no overarching AI law in China. As a result, different regulators are responsible for regulating AI within their specific areas of competence.

This fragmented approach complicates compliance efforts, particularly for organisations with diverse interests across multiple sectors.

Balancing Innovation and Regulation

Regulators face the challenge of balancing innovation with regulation. An example of this can be found in the drafting process of the 2023 GenAI Measures.

The initial draft of the 2023 GenAI Measures, issued by the CAC, proposed that any entity or individual providing GenAI services should assume the responsibilities of the content producer. This caused significant controversy and raised concerns within the AI industry.

The explicit liability provisions were omitted from the finalised version of the 2023 GenAI Measures issued by the CAC and other regulators. This suggests that issues raised by one regulator may later attract the attention of other regulators and that regulators are trying to balance innovation and regulation.

Chinese laws and regulations are typically published for public consultation (Article 74, Legislation Law of the PRC 2023). This process provides stakeholders, including those in the AI industry, with an opportunity to voice their opinions on the governance of AI technology.

Future Directions

Many experts and scholars suggest that China should formulate a comprehensive AI law outside the existing legal framework for regulating AI.

To this end, two draft AI laws were released:

  • On 19 March 2024, experts from seven universities released the Artificial Intelligence Law (Scholar’s Draft) (人工智能法(学者建议稿).
  • On 16 April 2024, institutions including the Law Institute of the Chinese Academy of Social Sciences drafted and published the Artificial Intelligence Model Law 2.0 (Expert Draft).

Both drafts propose certain requirements for AI ethics. For example, Article 42 of the Expert Draft stipulates that:

  • An AI ethics review committee should be established for AI R&D activities that involve sensitive areas, as determined by the national AI authority.
  • AI ethics reviews should be conducted under relevant national regulations.
  • Other AI developers, providers, and users are encouraged to establish AI ethics review committees based on actual circumstances.

The State Council, in its Legislative Work Plan for 2023 and 2024, stated its intention to prepare to submit the draft AI law to the Standing Committee of the National People’s Congress for deliberation. For more information, see Legal Updates, State Council Releases 2024 Legislative Plan and State Council Releases 2023 Legislative Plan.

In terms of national standards, on 5 June 2024, the Ministry of Industry and Information Technology and other departments issued the Guidelines for the Construction of National AI Industry Comprehensive Standardisation System (2024 Edition).

The guidelines outline the following objectives:

  • By 2026, develop more than 50 new national and industry standards and improve the AI standard system covering seven key areas, including:
    • basic commonality;
    • key technologies; and
    • the safety and governance of AI products and services.
  • Standardise ethical governance requirements for the entire lifecycle of AI, including:
    • AI ethics risk assessments;
    • ethical governance technology requirements and evaluation methods for fairness and explainability of AI; and
    • AI ethics review standards.

Voluntary deregistration of a company in China is a rigorous process that involves multiple steps and requires adherence to detailed legal provisions. Beyond the statutes, understanding practical implementation nuances is crucial for navigating the procedure effectively. This guide provides a detailed overview of the legal framework, procedural steps, special provisions for foreign-invested enterprises (FIEs), challenges, and practical considerations associated with voluntary deregistration. By carefully navigating these steps and considerations, businesses can better position themselves to comply with regulations and address stakeholder concerns effectively.

1. Overview of Voluntary Deregistration

A company in China cannot simply cease operations; it must formally terminate its legal existence through the deregistration process. This involves the following key stages:

(a) Declaration of dissolution.
(b) Formation of a liquidation group.
(c) Asset liquidation and debt settlement.
(d) Submission of a liquidation report.
(e) Deregistration with the relevant authorities.

The primary goal of this process is to safeguard the interests of creditors, employees, shareholders, and other stakeholders while ensuring compliance with tax and regulatory obligations.

2. Procedural Step

Step 1: Resolution of Dissolution

The decision to dissolve must be approved by a resolution of the company’s shareholders. A two-thirds majority vote is required under the Company Law of the People’s Republic of China. Alternatively, all shareholders may sign a unanimous written resolution.

Once the resolution is passed, the company must publish the dissolution notice within ten days on the National Enterprise Credit Information Publicity System (“NECIPS”).

Step 2: Formation of the Liquidation Group

The board of directors is responsible for appointing a liquidation group within 15 days of the dissolution decision. The liquidation group shall consist of directors by default unless the company’s articles of association or a shareholder resolution specifies otherwise. The leader of the liquidation group shall be appointed by a resolution of the company’s shareholders from among the group members.

Failure to form a liquidation group may result in court intervention, with the court appointing an external liquidation administrator. The liquidation group must, within 10 days of its formation, announce the names of its members and leader via the NECIPS.

Step 3: Notification to Creditors and Debt Claim Submission

The liquidation group must notify known creditors within 10 days of its formation and publish a public announcement on NECIPS or in a newspaper within 60 days. The public notice must include the following details:

  • The notice period.
  • Contact person for debt claims.
  • Contact information.
  • Address for submitting claims.

Creditors must submit their claims within 30 days of receiving the notice or within 45 days from the public announcement date if they were not directly notified. Creditors’ claims should specify the nature of the debt and include supporting documentation. The liquidation group is responsible for maintaining a registry of all submitted claims.

No repayments to creditors are permitted during the debt claim submission period.

Step 4: Liquidation Activities

While accepting claims from creditors, the liquidation group will simultaneously undertake other critical activities related to the company’s liquidation. These responsibilities include the following key actions:

A. Asset Valuation and Inventory Compilation

  • Identify and appraise company assets.
  • Compile a comprehensive asset-liability statement and property inventory.
  • Apply to the court for bankruptcy proceedings if assets are insufficient to cover debts.

B. Liquidation Plan Development

  • Develop a detailed liquidation plan based on the asset and liability assessment.
  • Submit the plan for approval to the shareholders. If the liquidation group is court-appointed, the plan must instead be submitted to the court for approval.

C. Execution of the Approved Liquidation Plan

  • Resolve unfinished business activities.
  • Handle matters related to deregistration of branches, exit of external investments, and disposal of pledged equity.
  • Settle employee wages, social insurance contributions, and administrative fines.
  • Pay customs and tax dues, including any penalties and overdue amounts, and handle necessary tax documentation.
  • Clear outstanding debts and claims.
  • Liquidate/sell the remaining assets after settling the company’s debts.

During the liquidation period, the company remains in existence but must not engage in activities unrelated to the liquidation.

Step 5: Distribution of Remaining Assets

After settling liquidation expenses, employee wages, social insurance fees, statutory compensation, and outstanding taxes and debts, any remaining assets are distributed to shareholders based on their capital contributions. Shareholders cannot receive distributions of remaining assets until all debts are cleared as required by law.

Step 6: Final Liquidation Report and Confirmation

Upon completion of the liquidation process, the liquidation group must prepare a detailed liquidation report and submit it for confirmation to the shareholder or the court. The confirmation of the liquidation report requires the approval of shareholders representing at least two-thirds of the voting rights.

Step 7: Deregistration with Authorities

After completing the liquidation process, the liquidation group must apply for deregistration with the relevant authorities, addressing the following steps:

A. Tax Deregistration

The company must apply to the tax authorities for deregistration. During this process, the tax authorities will conduct a preliminary review to check for any outstanding matters. If unresolved issues are identified, the tax authorities will issue a Tax Matters Notification to the company, specifying the pending issues. The company must resolve all outstanding matters before proceeding with the tax deregistration. Once the review is complete and no issues remain, the tax authorities will issue a Tax Clearance Certificate.

B. Customs Deregistration (if applicable)

Companies involved in customs-related activities must apply for deregistration of their customs registration. Any outstanding taxes (including late fees), penalties, or other unresolved matters must be settled before the customs deregistration can be processed.

C. Business Deregistration with the Relevant Branch of Market Supervision and Administration Bureau

The liquidation group must apply to the relevant branch of the Market Supervision and Administration Bureau (the “company registration authority”) for deregistration within 30 days of completing the liquidation. The following documents must be submitted:

  • Application for deregistration.
  • Resolution or decision for deregistration.
  • Confirmed liquidation report.
  • Tax Clearance Certificate.

If the company has been issued a physical business license, both the original and duplicate copies must be returned to the company registration authority. After applying for deregistration, the company is prohibited from engaging in any production or business activities unrelated to the deregistration process.

D. Social Insurance Deregistration

The company must apply for social insurance deregistration within 30 days of completing its deregistration with the company registration authority. All outstanding social insurance fees, late fees, and penalties must be cleared before the deregistration is processed.

Step 8: Closure of Bank Accounts and Disposal of Seals

The company must close all bank accounts and render its official seals void. These actions mark the final step in terminating the company’s operational footprint.

3. Simplified Deregistration Procedures

A. Eligibility

Companies may qualify for simplified deregistration if:

  • No liquidation proceedings are necessary due to the absence of unresolved debts or financial obligations.
  • No outstanding liabilities exist, including debts, employee wages, social insurance fees, statutory compensation, or taxes (including late fees and penalties).
  • No unaddressed violations or compliance issues are pending.
  • Shareholders have provided or are willing to provide a written guarantee affirming the truthfulness of the above conditions, accepting joint liability for any false claims.

B. Preliminary Procedures

Before initiating a simplified deregistration process, a company must also first complete the deregistration of its branches and settle all outstanding tax and customs obligations. Additionally, the company may verify with the company registration and tax authorities its eligibility to waive the requirement for a tax clearance certificate. This waiver may apply if the company has not engaged in any taxable transactions or business operations since its establishment.

C. Application Process for Simplified Deregistration

The company must submit an “Application for Deregistration of Enterprises” duly signed by the legal representative and a written commitment signed by all shareholders to the company registration authority.

The commitment and deregistration application must be published on the NECIPS platform for a 20-day public notice period. During this time:

  • Creditors, stakeholders, or relevant authorities may raise objections.
  • Tax authorities will conduct a review and raise objections if there are unresolved tax or social insurance issues.

If no outstanding matters are identified, the application can proceed without delays. After the 20-day notice period, if no objections have been raised, the company may complete the deregistration process within the following 20 days. During and after the notice period, the company is prohibited from engaging in any activities unrelated to deregistration.

D. Post-Deregistration Steps
After completing the simplified deregistration process, the company must also complete social insurance deregistration and close all bank accounts and dispose of official seals.

4. Foreign-Invested Enterprises (FIEs): Special Provisions

FIEs face unique deregistration requirements beyond standard procedures. These include:

A. Approvals Related to Negative List or Licensing Requirements
FIEs involved in sectors listed under the Foreign Investment Negative List or requiring industry-specific licenses may need prior approval before deregistration.

B. Reporting with the Ministry of Commerce (MOFCOM)
FIEs are required to submit a deregistration report to the Ministry of Commerce (MOFCOM). However, submitting deregistration documentation to the company registration authority fulfills this requirement, as the latter forwards relevant data to MOFCOM, eliminating the need for separate submissions.

C. Deregistration with Foreign Exchange Administration

FIEs must deregister their basic foreign exchange information registration with designated foreign exchange banks before deregistration is complete. This step typically occurs after the liquidation announcement period and before the business license is canceled. Required documents include:

  • For standard deregistration: a copy of the liquidation announcement. For simplified deregistration: a printout of the no-objection notice from NECIPS with the company’s official seal.
  • A signed statement confirming that all corporate debts and liabilities have been fully settled and that no equity (or investment interests) is subject to freezing, pledges, or mortgages.
  • Tax Clearance Certificate, if applicable.

D. Outbound Fund Transfers

For liquidations involving outbound transfers of remaining assets, FIEs must complete tax clearance in compliance with relevant regulations. They are also required to submit a liquidation audit report, prepared by a certified accounting firm, to the designated foreign exchange bank handling the transfer. This report must detail any gains distributed to foreign shareholders. If the company plans to apply for tax treaty benefits, pre-approval may be necessary before obtaining tax clearance and completing the foreign exchange settlement.

E. Closure of Foreign Exchange Accounts

Foreign exchange accounts must be closed before invalidating the company’s official seals. Companies may choose to close these accounts either concurrently with outbound fund transfers or after the transfers have been completed.

5. Challenges and Practical Considerations

A. Preliminary Self-Audit

Before initiating the deregistration process, companies are strongly advised to perform a thorough self-audit. This process helps uncover and address potential issues that might impede or complicate deregistration. Key steps include:

  • Assessing Deregistration Feasibility: Evaluate the potential costs and challenges of deregistration. For example, companies with complex legacy issues, such as property disputes or unresolved debts, should carefully analyze the risks of proceeding.
  • Reviewing Historical Audits: Confirm whether all required audits for previous years have been completed. This will have implications on tax clearance and other regulatory processes.
  • Checking Regulatory Status: Ensure the company has not been listed as an irregular operation or abnormal entity due to non-compliance, such as failing to file annual reports.
  • Updating Registration Records: Ensure that all required registration updates, such as changes to legal representatives or directors, have been properly recorded with the relevant authorities. For instance, if the legal representative has changed but this update has not been officially registered, it could hinder the deregistration process with the company registration authority. This is because the deregistration forms must be signed by the legal representative currently recorded in the system, who may also be required to personally verify their identity during the process.
  • Resolving Tax Issues: Confirm that the company’s tax account is in good standing and not marked as “abnormal.” Address any missing filings or unresolved tax matters, ensuring that credentials such as accounts and passwords are accessible.
  • Evaluating Financial and Legal Obligations, and Anticipating Bankruptcy Risks: Assess assets, liabilities, and contracts, using the latest balance sheet as a baseline. Determine whether there is any likelihood of insolvency or bankruptcy based on the company’s financial condition.

The purpose of this audit is to identify and resolve potential challenges in advance, ensuring a smooth and efficient deregistration process. By proactively addressing matters such as employee terminations, intellectual property disputes, real estate issues, or the disposal of international investments, companies can develop effective strategies to mitigate risks and avoid delays. This thorough preparation not only streamlines the liquidation and deregistration process but also safeguards the company against unforeseen liabilities.

B. Ongoing Obligations Before Completing Liquidation

Companies must continue submitting annual reports to the company registration authority on time and maintain a fixed contact address. Failure to do so may result in the company being listed in the abnormal business directory by the company registration authority. Companies must also continue to maintain proper bookkeeping, conduct audits, and file tax returns on a regular basis.

6. Conclusion

Voluntary deregistration is a meticulous process requiring strict adherence to statutory requirements and practical foresight. The operational details may be subject to updates, and specific requirements can vary across different regions. Companies are advised to engage legal, tax, and accounting professionals to navigate the complexities and ensure compliance. Proper planning and execution not only mitigate risks but also preserve the rights and interests of all stakeholders involved.

On 10 December 2024, the State Administration for Market Regulation (“SAMR”) released the Guidelines for Review of Horizontal Concentration of Undertakings (“Guidelines”). It is the first time that China publishes guidelines to display the detailed analytical framework, review approach and key considerations in the merger review procedure. The Guidelines were based on years of review experience accumulated in China and also reflects the most updated global economic dynamics and features.

The Guidelines embody 87 articles in total distributed in 12 chapters, covering all the core aspects such as evidence materials, market definition, market share and concentration degree, unilateral and coordinative effects, potential competition, market entry, buyer power and efficiency.

This article extracts and highlights those contents that have most practical significance for the merger filing, with the view to updating multinationals with the latest development in China’s merger review regime.

I. Crucial Principles Underlined

The Guidelines lay out a few key principles in the opening chapter that SAMR will usually stick to in its merger review. Particularly, it is underlined that the competition concerns that SAMR cares about in the merger review are those incurred specifically due to the concentration. It implicates that competition issues existing already before the concentration are not focus of the antitrust review.

Furthermore, the counterfactual analytical approach is stressed as one instrument of the merger review toolkit. Specifically, SAMR could compare the hypothetical market competition situation ex post the concentration, either with the competition situation ex ante the concentration, or alternatively with the foreseeable or possible market competition situation ex post the concentration with the assumption of no concentration. Whether or not a significant lessening of market competition would happen in the end through the counterfactual analysis matters for SAMR to issue its decision.

II. Consideration of Evidence Materials

The Guidelines are particularly beneficial in terms of explaining from what channels SAMR could collect evidence and how much importance that different types of evidence materials may carry. Specifically, China’s merger review agency (“agency”) may obtain evidence materials from concentration parties (“parties”), upstream suppliers, downstream customers or end consumers, relevant government departments, industry associations, competitors, and etc. They may also engage experts, scholars, third-party consulting agencies, who have no conflict of interest in the reviewed concentration, to provide specific opinions.

The formality to obtain evidence materials include but not limited to requesting stakeholders to assist in the merge review investigation, soliciting opinions in writing, sending questionnaires, surveys, symposiums, argumentation meetings, commissioned consultations, on-site research, etc.

The evidence materials related to the merger review mainly include:

  • commercial documents and records prepared by the parties;
  • transaction documents with binding effects, such as memorandums of understanding and share purchase agreement;
  • documents explaining the transaction purpose or efficiency that may arise from the concentration;
  • information and materials on the market competition and future development trends, such as market analysis or research reports, forecasts, consumer survey reports made by the parties or independent third parties;
  • information on how the parties and other stakeholders view competitors, such as internal documents evaluating or describing competitors, regular reports on business performance, including but not limited to monthly sales reports and other documents that can explain their business performance;
  • materials reflecting preferences and behaviors of customers, such as bidding records, actual customer conversions between suppliers, and relevant customer survey reports;
  • strategic documents and financial information, such as research and development plans, investment proposals, commercial feasibility analysis, financial reports;
  • materials on pricing strategies of the parties, such as price lists, sales forecasts and analysis, discount or rebate policies, past price fluctuations, and their influencing factors.

The agency will comprehensively evaluate all relevant evidence materials to determine their authenticity, relevance and probative value. The role of each evidence material may vary depending on their types, sources, collection methods, as well as significance on competition analysis elements and competition issues arising from the concentration. In general, evidence materials formed by the parties during the business operation are more persuasive than documents and materials specially produced for the concentration. Compared to the views of upstream suppliers and the parties, the opinions of downstream customers on concentration are more important in the eyes of the agency. The agency usually will not evaluate the competitive effects solely based on the views of an individual competitor.

IIIAnalysis From Perspectives of Market Share and Market Concentration

One instructive breakthrough is that the Guidelines clarify SAMR’s general approach to evaluating horizontal merger from the perspective of market share, which is summarized below:

  • for combined market share exceeding 50% post-transaction, anticompetitive effects would usually be presumed by SAMR unless the parties could provide evidence to rebut this presumption (“presumption of anticompetitive effects”).
  • for combined market share ranging from 25% to 50%, SAMR tends to scrutinize the transaction closely (“close scrutiny”); in particular, where the combined market shares fall between 35% and 50%, SAMR tends to consider anticompetitive effects likely (“likely anticompetitive effects”).
  • where combined market share ranges from 15% to 25%, SAMR usually would not find anticompetitive effects (“likely no anticompetitive effects”).
  • where the combined market share is below 15%, SAMR could presume no anticompetitive effects after ensuring the reasonableness of market definition and accuracy of market share data (“presumption of no anticompetitive effects”).

Market concentration is another crucial factor that SAMR looks into when reviewing a transaction. CRn and HHI are two commonly used indicators that SAMR often looks into when evaluating the market concentration degree and its changes incurred by the concentration, with the latter one is employed in practice more often and widely. The agency generally divided the market into three types:

  • low concentration market: HHI below 1000;
  • moderately concentrated market: HHI ranges from 1000 to 1800;
  • highly concentrated market: HHI above 1800.

The agency typically uses the following criteria to examine potential effects of concentration on competition:

  • where the HHI post concentration is lower than 1000 or Δ HHI is lower than 100, the agency generally does not consider that the concentration has or may have anticompetitive effects;
  • where the HHI post concentration ranges from 1000 to 1800, and Δ HHI is higher than 100, the agency tends to believe that the concentration has or may have anticompetitive effects, thus a comprehensive review is necessary;
  • where the HHI post concentration is higher than 1800, and the Δ HHI is between 100 and 200, the agency is more inclined to believe that the concentration has or may have anticompetitive effects, thus a comprehensive review is necessary.
  • where the HHI index post concentration is higher than 1800 and the Δ HHI is higher than 200, the agency usually presumes that the concentration has or may have anticompetitive effects, unless the parties can prove otherwise.

IVUnilateral and Coordinative Effects

Economic analysis tools are suggested when screening if unilateral effects may occur, such as quantitative analysis methods of the Upward Pricing Pressure (UPP), Gross Upward Pricing Pressure Index (GUPPI), and Merger Simulation.

For coordinative effects, if any of the following situations happens, the agency will tend to consider that the concentration is likely to produce coordination effects:

  • post concentration, the combined market share of the parties and another business operator in the relevant market reaches two-thirds, and each has a market share exceeding one tenth;
  • post concentration, the combined market share of the parties and two other business operators in the relevant market reaches three-quarters, and each has a market share exceeding one tenth;
  • the concentration will eliminate a business operator who may hinder market coordination or substantially eliminates that operator’s motivation to hinder market coordination.

V. Counteracting Factors

When anticompetitive effects are identified in the review of a concentration, SAMR usually will also look into whether any counteracting factors may exist, such as constraints from potential competition, easy market entry and buyer power. In practice, market entry can only effectively prevent or offset the potential adverse effects of a concentration on competition if the entry is possible, timely and sufficient.

The possibility of market entry refers to the chance that business operators can enter the relevant market and successfully impose competitive constraints on the concentrated entity after entry. When evaluating the possibility of market entry, factors such as market entry barriers, market operating conditions, and market development expectations should be considered.

The standard for determining the timeliness of market entry depends on the characteristics and dynamics of the market, as well as the specific production capacity of potential entrants. Normally, the agency believes it timely if market entry can be completed within two years.

The sufficiency of market entry means the ability of entrants to impose sufficient and effective competitive constraints on the concentrated entity. When conducting the evaluation, factors such as size, business scope and product substitutability will be considered overall. Usually, only when the entrant reaches a certain scale will it pose effective competitive constraints.

When determining whether market entry is possible, timely and sufficient, the agency can usually collect information and evidence materials from the following aspects:

  • past market entry and exit cases in relevant or similar markets;
  • plans for other competitors to enter the relevant market, and expansion plans of existing competitors; if there is any potential market entrant with necessary assets or motivations to enter the relevant market;
  • direct statistical data or information on market entry barriers, such as the financing scale, R&D investment and output needed for entering;
  • if scale economy is relevant, it is necessary to consider whether new entrants can reach sufficient scale in a timely manner to form effective competitive constraints, as well as the cost disadvantage when the minimum scale cannot be achieved;
  • the time required to recoup investment costs after entering the market;
  • the cost of exiting the market;
  • the impact of technological progress on market entry;
  • whether existing competitors in the market sign long-term contracts with downstream customers;
  • whether downstream customers have the ability and willingness to assist in entering new markets;
  • possible imported products or supply substitutes;
  • if the relevant regional market is the domestic market in China, the possibility of foreign suppliers entering the domestic market in China needs to be considered.

Having buyer power alone does not guarantee that anticompetitive influence can be effectively offset. When evaluating the buyer power, the agency usually focuses on the following three latitudes:

  • can business operators with buyer power exercise their buyer power to benefit other customers without buyer power as well;
  • when the business operator with buyer power is not the end consumer, can the benefits obtained through exercising buyer power be passed on to the end consumer;
  • do business operators with buyer power have sufficient motivation and willingness to exercise their buyer power.

The Guidelines also stress that the buyer power that existed before concentration may not necessarily continue after concentration, as concentration may lead to increased market control of the entity after concentration, or may eliminate important alternative suppliers. Therefore, the agency usually evaluates buyer power after concentration rather than before concentration.

VI. Failing Firm Defense and Government Subsidies

The failing firm theory is provided in the Guidelines for the first time, in line with the practice of key antitrust jurisdictions worldwide. When analyzing if the failing firm defense could be accepted, the agency will check whether the following three conditions are simultaneously met:

  • the business operator being acquired or merged is facing operational difficulties, and if not acquired or merged, it will exit the market in the short term;
  • there is no alternative solution that would cause less damages to competition than this concentration to prevent the aforementioned operators from exiting the market;
  • compared to the market exit, the potential anticompetitive effects that the concerned concentration may bring are weaker.

Responding to the EU FSR regulation, the Guidelines also touch upon the public subsidy in one provision generally. Specifically, if there is evidence to prove that domestic and foreign government subsidies obtained by the concentration parties may have adverse effects on competition in the relevant market, the agency may require the concentration parties to provide information on the government subsidies obtained and consider their adverse effects on fair competition.

VII. Conclusion

Notably, introduction of the Guidelines possesses appreciable practical significance for companies, which could enhance the review transparency, facilitate substantive self-assessment of businesses and improve predictability of the review decision. Companies that engage with complex and difficult deals are suggested to conduct a prior self-assessment based on the Guidelines. 

—— Judicial Practice and Evaluation of the Impact of the “Implementing Measures for the Administration of Company Registration” on Removal Registration Disputes

In order to implement the new requirements for company registration stipulated in the newly revised “Company Law” and the “Provisions of the State Council on Implementing the Registered Capital Registration System of the People’s Republic of China Company Law,” on December 20, 2024, the State Administration for Market Regulation published the “Implementing Measures for the Administration of Company Registration“, effective from February 10, 2025. In response to the execution difficulties concerning past effective judicial judgments involving company registration matters, the “Implementing Measures for the Administration of Company Registration” clearly states that companies are obligated to cooperate with changes for registered filing items such as shareholders, directors, supervisors, senior management, and legal representatives as specified in effective legal documents. The company registration authorities have the duty to assist in enforcement and make public announcements. The introduction of the “Implementing Measures for the Administration of Company Registration” provides practical and effective protection for individuals seeking removal from identity registrations like shareholders, directors, supervisors, senior management, and legal representatives, bridging the “last mile” gap in disputes over removal registration.

In this article, we will analyse the background and filing conditions for disputes over removal registration, focusing on the key points of court rulings in cases of legal representative removal registration lawsuits, and evaluate the impact of the “Implementing Measures for the Administration of Company Registration” on improving mechanisms for assisting in the execution of removal based on practical experience.

1. Background for Removal Registration Disputes

In recent years, disputes involving legal representatives requesting removal from registration have significantly increased. Some cases arise because the legal representative no longer wishes to continue serving; others involve nominal holders who do not wish to be named due to risk considerations or individuals who were registered as legal representatives without their knowledge. Since these individuals typically neither control the company and or possess necessary documents for changing company registration, they are unable to independently apply for a change in registration without the cooperation of shareholders and the company. Therefore, they would have no choice but to resort to judicial relief by filing a suit.

Prior to the Supreme People’s Court’s retrial ruling in case(2020)最高法民再88号[1], there was controversy within judicial practice regarding whether removal registration disputes met the conditions for court acceptance. The Supreme People’s Court pointed out in that case that if the people’s court does not accept the plaintiff’s lawsuit, the plaintiff would expose to a legal risk which continues to exist without any remedy, so the plaintiff’s suit for the change of legal representative registration can be accepted by the people’s court. Thereafter, removal registration disputes became an effective judicial remedy for directors, supervisors, senior management, and legal representatives to protect their rights.

2. Key Points of Rulings – Loss of Appointment Basis and Exhaustion of Internal Remedies

a. Whether the Basis for Holding Office Still Exists

When hearing cases of removal registration disputes, courts focus on whether the removal requester still a reasonable basis for has continuing to hold the relevant position. Therefore, it is necessary for the removal requester to clarify the basis for serving as a director, supervisor, senior management, or legal representative of the company and the legal relationship with the company, which has already terminated.

From the legislative purpose of the “Company Law“, directors, supervisors, senior management, or legal representatives should have substantial relevance to the company. Taking the relatively special role of legal representatives as an example, Article 10 of the “Company Law” clearly specifies the basis for appointing legal representatives, i.e., determined through the articles of association within the limits allowed by law. A legal representative must agree to serve as a director or manager executing company affairs on behalf of the company, thereby becoming a legal representative according to the provisions of the articles of association. Conversely, if the director or manager serving as legal representative resigns, it should be considered that he or she also resigns as legal representative.

This is because, regardless of whether the legal representative is a director or manager of the company, it is commonly held that a principal-agent legal relationship exists between the legal representative and the company. According to Article 933 of the “Civil Code“, both parties to a mandate contract have the right to arbitrary termination. Therefore, the legal representative also has the right to unilaterally terminate his or her position in the company, thereby dissolving the substantive connection with the company.

Therefore, if the removal requester has resigned from the positions of director or manager, they have lost the substantive basis for continuing to serve as the company’s legal representative. This point has been reflected in multiple precedents, such as (2023)浙0109民初17918号[2], (2023)赣0730民初1692号[3], and (2020)渝0103民初11853号[4], among others.

b. Whether All Internal Remedies Have Been Exhausted

Although the removal requester has a litigable interest, it does not mean that the court completely interferes with the company’s self-governance affairs but seeks a balance between the two interests. The judiciary remains cautious and restrained towards such matters, only considering judicial intervention when conflicts between the removal requester and the company cannot be resolved through internal self-governance mechanisms or when all internal remedies have been exhausted without resolution. Therefore, whether the removal requester has exhausted internal company remedies is a critical consideration in adjudicating such cases.

Regarding how to exhaust internal company remedies, for companies operating abnormally, such as being listed in the business abnormality directory or having their business licenses revoked, the court may likely recognize that the removal requester has no possibility of internal relief. For normally operating companies, the court may make different determinations based on the specific position of the removal requester in the company. For instance, for legal representative with roles such as chairman, executive director, or even shareholders, the court generally reviews whether the removal requester has convened boards or shareholders’ meetings regarding their resignation and re-election issues and whether they could not convene all shareholders to discuss the replacement of successors. For removal requesters holding only managerial positions, it is generally believed that at least they need to express their resignation wishes and removal requirements to the company explicitly, and if there are no results or refusal within a reasonable period. Such as in (2023)沪02民再23号[5],(2023)渝0114民初1057号[6],(2022)京02民终2059号[7].

3. Impact of the “Implementing Measures for the Administration of Company Registration” on the Mechanism for Assisting in the Execution of Removal

In recent years, even if the court supports the removal of registration matters, the prevailing party might still face execution deadlocks, where market supervision departments insisted on not processing the removal due to the lack of a successor. For example, in case(2023)沪0109执2407号案[8], during the execution process, the court issued a notice of assistance in execution to the Hongkou District Market Supervision Bureau of Shanghai, requesting assistance in handling the removal registration procedures. The bureau replied that the legal representative is part of the market entity registration matters, and since there is no information about a new legal representative, it cannot assist in processing the change.

In response, the “Implementing Measures for the Administration of Company Registration” will strengthen the responsibility of companies to comply with effective legal documents concerning past effective judicial judgments involving company registration matters. For companies failing to fulfill obligations within the deadline, the court can take compulsory measures according to law. It also clarifies the assisting obligations of registration authorities in removal execution. Furthermore, it requires the disclosure of removal information through the National Enterprise Credit Information Publicity System to enhance transparency.

Previously, Shanghai, Beijing, and other places have already introduced similar regulations. For instance, the Shanghai Market Supervision Bureau issued the “Several Measures for Deepening Reform of Operating Entity Registration Management and Optimizing the Business Environment” (沪市监注册〔2024〕61号) on February 23, 2024, and the Beijing Market Supervision Bureau released the “Notice on Issuing the ‘One Standard Four Dimensions’ Registration Promotion Measures for High-Quality Development of Operating Entities” (京市监发〔2024〕65号) on July 17, 2024, both clarifying the obligation of registration authorities to assist in the execution of removal registration.

Therefore, the aforementioned provisions on the obligation of company registration authorities to assist in enforcement have provided a feasible solution for the issue of handling the extinguishment of registration. Even if there are situations where the person subject to enforcement does not cooperate in processing enterprise information registration, company registration authorities still have the statutory obligation to assist the court in publicizing removal information in relevant company registrations, thereby achieving the effect of informing the public about the change registration matters. This system will resolve the connection issues between the court and company registration authorities during the execution of related judgments and help unify the different attitudes of company registration authorities across regions regarding removal registration. It provides effective implementation measures for the successful results of removal applicants, effectively resolving the dilemma faced by legal representatives and directors, supervisors, and senior management in smoothly stepping down in the market economy, realizing the legal effect of “removal”. It offers strong judicial support for optimizing the business environment and creates a more stable, fair, transparent, and predictable commercial environment for market participants.

Thanks to interns Jin Yicheng and Qi Zili for their contributions to this article!

Notes:

[1] 王惠廷请求变更公司登记纠纷再审民事裁定书,最高人民法院,(2020)最高法民再88号,2020.04.29裁判

[2] 王建国、杭州坤睿置业有限公司请求变更公司登记纠纷一审民事判决书,浙江省杭州市萧山区人民法院,(2023)浙0109民初17918号,2023.12.18裁判

[3] 赵立与赣州梁宁置业有限公司请求变更公司登记纠纷一审民事判决书,江西省宁都县人民法院,(2023)赣0730民初1692号,2023.05.25裁判

[4] 光大安石(北京)资产管理有限公司与重庆悠游光石企业管理有限公司等请求变更公司登记纠纷一审民事判决书,重庆市渝中区人民法院,(2020)渝0103民初11853号,2021.05.27裁判

[5] 饶军平与上海海韵商务咨询有限公司等请求变更公司登记纠纷审判监督民事判决书,上海市第二中级人民法院,(2023)沪02民再23号,2023.07.13裁判

[6] 李某某与彭水某某地产开发有限公司,重庆某某地产发展有限公司请求变更公司登记纠纷一审民事判决书,重庆市黔江区人民法院,(2023)渝0114民初1057号,2023.06.30 裁判

[7] 韬蕴(北京)影视投资管理有限公司与谢谦请求变更公司登记纠纷二审民事判决书,北京市第二中级人民法院,(2022)京02民终2059号,2022.02.28裁判。

[8] 倪岳与上海添一投资有限公司与公司有关的纠纷执行裁定书,上海市虹口区人民法院,(2023)沪0109执2407号,2023.08.31裁判

A Brief Analysis on the AI Safety Governance Framework

1. Background and Structure of AI Framework

    On September 9, 2024, the National Technical Committee 260 on Cybersecurity of Standardization Administration of China (“TC260”) has promulgated the AI[1] Safety Governance Framework (V1.0) (the “AI Framework), which aims to implement the Global AI Governance Initiative and promote consensus and coordinated efforts on AI security governance among governments, international organizations, companies, research institutes, civil organizations, and individuals, effectively preventing and mitigating AI security risks.[2]

    On October 18, 2023, the Cyberspace Administration of China has issued the Global AI Initiative (the “AI Initiative”), which puts forward to an open, fair and efficient approach to the development, security and governance of AI, intending to harness the transformative technologies for the benefit of humanity.[3]  According to the preface of the AI Framework, the AI Framework has been formulated to implement the AI Initiative, which highlights that the principles of development and security shall be equally guaranteed and facilitated, reflecting China’s commitment to addressing frontier AI safety issues and showcasing its proactive stance in shaping a secure AI landscape. 

    In general, the AI Framework, for one thing, identifies the AI-related security risks.  For another, it stipulates several measures that all stakeholders involved, like technology research institutions, product and service providers, users, governmental agencies, and social organizations should take to prevent and respond to those risks. 

    In order to thoroughly address the security concern in relation to AI, the structure of AI Framework encompasses the following aspects:

    • Safety/security risks;
    • Technical countermeasures;
    • Comprehensive governance measures; and
    • Safety guidelines for AI development and application.

    2. AI Security Risks and Proposed Measures

    In the main body of the AI Framework, it outlines AI-related risks and proposed solutions, which consists of technical measures, comprehensive governance measures as well as guidelines on guaranteeing the security regarding the development and application of AI. 

    To begin with, considering the risk sources of AI mainly come from two parts, the AI Framework presents AI-related security risks in dual aspects.  One part is the security issues originated from the AI technology itself, such as models and algorithms, training data and data output, as well as the AI system, which are categorized as the inherent safety risks in the AI Framework. 

    In addition to the inherent safety risks, during the AI application process, there are risks in respect of personal information leakage, misuse of AI technology, expanding effects of information cocoons, exacerbation of social bias and discrimination, and even the potential uncontrollability of AI, etc., which are classified as the safety risks in AI application. 

    Despite security risks and challenges brought by AI and posed in its application, there is no doubt that the coordination and unity of AI development is emphasized, and it has also reached the consensus that the stagnation of development is the biggest insecurity.[4]  Thus, the countermeasures at both technical levels and other aspects are stated in the AI Framework, aiming to build an agile and collaborative governance system, and ensuring that technology develops in an orderly manner under human control and serves the growing needs to the mankind.[5] 

    Below is a table attached to the last section of the AI Framework showing the AI-related security risks and the technical measures as well as comprehensive governance measures corresponding to each risk. 

    Safety risksTechnical countermeasuresComprehensive governance measures
    Inherent safety risksRisks from models and algorithmsRisks of explainability4.1.1(a)Advance research on AI explainability Create a responsible AI R&D and application system
    Risks of bias and discrimination4.1.1(b)
    Risks of robustness4.1.1(b)
    Risks of stealing and tampering4.1.1(b)
    Risks of unreliable output 4.1.1(a)(b)
    Risks of adversarial attack4.1.1(b)
    Risks from dataRisks of illegal collection and use of data4.1.2(a)Improve AI data security and personal information protection regulations
    Risks of improper content and poisoning in training data 4.1.2(b)(c)(d)(e)(f)
    Risks of unregulated training data annotation4.1.2(e)
    Risks of data leakage4.1.2(c)(d)
    Risks from AI systemsRisks of exploitation through defects and backdoors4.1.3(a)(b)Strengthen AI supply chain security Share information, and emergency response of AI safety risks and threats
    Risks of computing infrastructure security4.1.3(c)
    Risks of supply chain security4.1.3(d)
    Safety risks in AI applicationsCyberspace risksRisks of information and content safety4.2.1 (a)Implement a tiered and category-based management system for AI applicationEstablish a traceable management system for AI servicesIncrease efforts to train talent in AI safety and securityEstablish and improve mechanisms for AI safety and security education, industry self-regulation, and social supervisionPromote international exchange and cooperation on AI safety governance
    Risks of confusing facts, misleading users and bypassing authentication4.2.1 (a)
    Risks of information leakage due to improper usage4.2.1 (b)
    Risks of abuse for cyberattacks4.2.1 (a)
    Risks of security flaw transmission caused by model reuse4.2.1 (a) (b)
    Real-world risksInducing traditional economic and social security risks4.2.2 (b)
    Risks of using AI in illegal and criminal activities4.2.2 (a) (b)
    Risks of misuse of dual-use items and technologies4.2.2 (a) (b)
    Cognitive risksRisks of amplifying the effects of “information cocoons”4.2.3 (b)
    Risks of usage in launching cognitive warfare4.2.3 (a) (b) (c)
    Ethical risksRisks of exacerbating social discrimination and prejudice, and widening the intelligence divide4.2.4 (a)
    Risks of challenging traditional social order4.2.4 (a) (b)
    Risks of AI becoming uncontrollable in the future4.2.4 (b)

    With respect to the comprehensive governance measures, the AI Framework states a series of measures to tackle security risks posed in AI developing and application processes, offering chance for multi-stakeholders to participate and collaborate in the governance process.  For example, according to the AI Framework, the research on the transparency, trustworthiness, and error-correction mechanism in AI decision-making process shall be organized and conducted, based on the machine learning theory, training methods and human-computer interaction, thereby enhancing the explainability and predictability of AI systems while avoiding malicious consequences generated from unintended decisions made by AI.[6] 

    Furthermore, security risks in relation to the AI development and application is inevitably associated with data and network security, personal privacy, and intellectual property issues.  To coordinate with existing laws and regulations, the AI Framework follows the currently adopted practice in those areas.  For example, a tiered and category-based management mechanism should also be employed in AI application, which imposes requirements for specific users utilizing AI technologies in specific scenarios, as a way of effectively preventing the abuse of AI system.[7] 

    3. Guidelines and Practical Advice

    It is worth noting that, in the last part of the AI Framework, several guidelines are offered for various market players engaged in AI developing and application processes, including the model and algorithm developers, AI services providers, users in Key Areas,[8] and general users. 

    With respect to practitioners developing AI model and algorithm or providing AI-related services, the guidelines are directed to pertinent phases of each practicing process.  The AI model and algorithm developers, for instance, shall take the following measures: participating in internal discussions, organizing expert evaluations, conducting technological ethical reviews, listening to public opinions, communicating and exchanging ideals with potential target audiences, and strengthening employee safety education and training at key stages such as requirement analysis, project initiation, model design and development and training data selection and use.[9] 

    Regarding users either in the Key Areas or from a broad sense, safety guidelines are provided for raising the public awareness of AI-related security issues especially in terms of personal information and privacy protection, prevention of critical information leakage, and improving network security capabilities.[10] 

    As a practical matter, practitioners could adopt and further implement those guidelines during its daily practice and operation in developing and applying AI.  There are several pieces of practical advice merit attention:

    • Always keep in mind the redlines set by laws and regulations in terms of network safety, information security, personal information and privacy, and intellectual property protection during the AI developing and applying processes.
    • Establish and embrace mechanisms in respect of risk tracking, internal review, self-testing and evaluation as well as internal reporting mechanisms to prevent AI’s inherent security risks.
    • Ongoing trainings are required for both the AI developers and public users, for promoting awareness and engagement in ensuring secure AI development and application.     

    On a separate note, and particularly for purposes of eliminating AI-related security risks, not only the guidelines under the AI Framework should be borne in mind, but also the tiered and classification-based requirements for protecting data sources like the personal information under the current laws and regulations such as the Network Security Law, the Data Security Law and the Personal Information Protection Law, should also be complied with and implemented, so as to avoid any security risks (including but not limited to the data leakage and abuse), ensuring the safe and steady application and development of AI. 

    Additionally, as mentioned above, AI is closely intertwined with security and development policies.  As the core driver of the fourth industrial revolution, AI plays an irreplaceable role in both development and security.[11]  For AI to reach its full potential, it is widely recognized that governments should be thoughtful about protecting citizens, while also creating room for the positive innovation that AI can bring.[12]  The current PRC legal system addresses such inter-connected issue through a spectrum of laws, regulations, guidelines, opinions and so forth. 

    In order to fully take advantage of the cutting-edge technology, maximizing its benefits brought to key industrial sectors, the laws and regulations focus more on the application of AI technology in relevant industrial sectors to further promote the AI development, facilitating the actual application in particular scenarios.[13]  For instance, on June 18, 2024, the National Medical Products Administration of People’s Republic of China issued the List of Typical Application Scenarios of Artificial Intelligence for Drug Governance (the “AI Drug List”), presenting fifteen application scenarios that can play a leading demonstration role, possess characteristic of development potential, address pain points during the work, and tailor to more urgent needs.[14] 

    In conclusion, the AI Framework identifies risks at both AI developing and application levels which practitioners should pay attention to in their customary practice.  To deal with those risks and accompanying challenges, relevant practitioners could embrace and implement the measures and guidelines set forth in the AI Framework at certain stage throughout the AI development and application process.  What’s more, regarding a specific industrial sector, it is also worth noting and complying with the specialized sets of rules governing the security and development of AI technology in that field. 

    [1] AI stands for artificial intelligence. 

    [2] See the preface of the AI Framework. 

    [3] See the second paragraph of the AI Initiative.

    [4] See Alibaba Group, China Electronics Standardization Institute, Alibaba Cloud, and Alibaba Damo Academy, Generative Artificial Intelligence Governance & Practice White Paper (October 31, 2023).

    [5] See supra note 4.

    [6] See section 5.6 of the AI Framework. 

    [7] See section 5.1 of the AI Framework.

    [8] According to the AI Framework, the Key Areas refer to the governmental departments, critical information infrastructure, and areas directly affecting the public security and peoples’ health and safety.  

    [9] See section 6.1(a) of the AI Framework. 

    [10] See section 6.3 and 6.4 of the AI Framework.

    [11] See Han Na, China promotes coordination of AI governance, China Daily (July 2, 2024).

    [12] See Catherine Jewell, Artificial intelligence: the new electricity, WIPO Magazine (June 2019).

    [13] See Xiangxiang Ma, A Substantial Move to Advance AI Application in Pharmaceutical Industry — A Brief Analysis on the List of Typical Application Scenarios of Artificial Intelligence for Drug Governance (July 1, 2024),  https://www.lexiscn.com/mnl/detail.php?meta_content_id=3618.

    [14] See supra note 13.

    The Impact of Recent US Financial Institution Sanctions on Chinese Financial Institutions and Suggestions for Response

    The impact of US Presidential Executive Order No 14114 on Chinese financial institutions

    On 22 December 2023, the President of the United States signed Executive Order No 14114 to amend Executive Order No 14024 and Executive Order No 14068. Executive Order No 14114 authorises sanctions against foreign financial institutions that engage in or facilitate any significant transactions or transactions on behalf of or for the benefit of operators in the technology, defence, and related material sectors of the Russian Federation’s economy, as designated under Section 1(a)(i) of Executive Order No 14024, or in any other sector of the Russian economy as determined by the Secretary of the Treasury in consultation with the Secretary of State. It also targets those that engage in or facilitate significant transactions involving the Russian military-industrial complex or provide any services, including the sale, supply, or transfer of certain items or classes of items determined by the Secretary of the Treasury in co-ordination with the Secretary of State and the Secretary of Commerce, directly or indirectly to the Russian Federation.

    The term “foreign financial institution” as defined in Executive Order (EO) No 14114 refers to any foreign entity that is engaged in the business of:

    • accepting deposits;
    • making, granting, transferring, holding, or brokering loans or credits;
    • purchasing or selling foreign exchange, securities, futures or options; or
    • procuring purchasers and sellers thereof, as principal or agent.

    It includes:

    • depository institutions;
    • banks;
    • savings banks;
    • money services businesses;
    • operators of credit card systems;
    • trust companies;
    • insurance companies;
    • securities brokers and dealers;
    • futures and options brokers and dealers;
    • forward contract and foreign exchange merchants;
    • securities and commodities exchanges;
    • clearing corporations;
    • investment companies;
    • employee benefit plans;
    • dealers in precious metals, stones, or jewels; and
    • holding companies, affiliates, or subsidiaries of any of the foregoing.

    Regarding the so-called “significant transaction”, according to No 1151 of the Frequently Asked Questions of the Office of Foreign Assets Control (OFAC) of the US Treasury Department, OFAC may consider all facts and circumstances when determining whether one or more transactions are “significant”. Generally, the following factors can be partially or completely considered:

    • the size, number, and frequency of the transactions;
    • the nature of the transactions;
    • the level of awareness of management and whether the transactions are part of a pattern of conduct;
    • the nexus of the transactions to persons sanctioned pursuant to EO 14024, or to persons operating in Russia’s military-industrial base;
    • whether the transactions involve deceptive practices;
    • the impact of the transactions on US national security objectives; and
    • such other relevant factors that OFAC deems relevant.

    Therefore, if a Chinese financial institution’s client is an operator in the aforementioned specific industries or has engaged in any significant transactions involving the Russian military-industrial complex, the provision of services by the Chinese financial institution to that client, such as opening accounts for operators in specific economic sectors of the Russian Federation, both inside and outside of Russia, transferring funds, or providing other financial services, could very likely result in sanctions by the United States. Assisting companies or individuals in evading US sanctions against the Russian military-industrial complex could also result in sanctions, including helping to establish alternative or non-transparent payment mechanisms, altering or removing customer names or other relevant information from the payment field, obfuscating the true purpose of the payment or the payer, or taking measures to conceal the ultimate purpose of the transaction to evade sanctions. For foreign financial institutions that engage in the aforementioned actions, the United States can impose the following sanctions:

    • prohibit the opening of, or prohibit or impose strict conditions on the maintenance of, correspondent accounts or payable-through accounts in the United States; or
    • block all property and interests in property that are in the United States, that hereafter come within the United States, or that are or hereafter come within the possession or control of any United States person of such foreign financial institution, and provide that such property and interests in property may not be transferred, paid, exported, withdrawn, or otherwise dealt in.

    The impact of the US “Iran–China Energy Sanctions Act of 2023” on Chinese financial institutions

    On 23 April 2024, the “Iran–China Energy Sanctions Act of 2023” officially took effect. In fact, the “Iran–China Energy Sanctions Act of 2023” is an amendment to Section 1245(d) of the National Defense Authorization Act for Fiscal Year 2012, which “imposes sanctions on the Central Bank of Iran and other Iranian financial institutions”. Section 1245(d)(1)(A) of the National Defense Authorization Act for Fiscal Year 2012 authorises the President of the United States to impose sanctions on foreign financial institutions that knowingly engage in or facilitate any significant financial transactions with the Central Bank of Iran or other Iranian financial institutions designated by the Treasury Secretary, including prohibiting the opening of correspondent or payable-through accounts in the United States, prohibiting the maintenance of such accounts, or imposing strict conditions on the maintenance of such accounts.

    According to Section 1245(h) of the National Defense Authorization Act for Fiscal Year 2012, the United States Code, and the Comprehensive Iran Sanctions, Accountability, and Divestment Act of 2010, a “correspondent account” is an account established to accept deposits from a foreign financial institution, make payments on behalf of a foreign financial institution, or handle other financial transactions related to that institution. A “payable-through account” refers to an account opened by a foreign financial institution at a custodial institution, including transaction accounts, through which the foreign financial institution allows its customers to directly or through sub-accounts engage in banking activities related to US banking. The term “financial institution” includes:

    • insured banks;
    • commercial banks or trust companies;
    • private bankers;
    • foreign bank agencies or branches in the United States;
    • any credit union;
    • thrift institutions;
    • brokers or dealers registered with the Securities and Exchange Commission under the Securities Exchange Act of 1934;
    • brokers or dealers in securities or commodities;
    • investment bankers or investment companies;
    • currency exchange, or businesses engaged in the exchange of currency, funds, or value that substitutes for currency or funds;
    • insurance companies; or
    • any business or agency that engages in any activity which the Secretary of the Treasury determines, by regulation, to be an activity which is similar to, related to, or a substitute for any activity in which any business described in this paragraph is authorised to engage.

    Section 1245 of the National Defense Authorization Act for Fiscal Year 2012 does not further clarify the meaning of “significant financial transaction”. Through this amendment, the “Iran–China Energy Sanctions Act of 2023” further clarifies the meaning of “significant financial transaction”, with Article 2(2) stipulating that the “significant financial transaction” under Section 1245(d)(1)(A) of the National Defense Authorization Act for Fiscal Year 2012 includes the following two types of transactions:

    • any transaction in which a Chinese financial institution is involved in the purchase of Iranian oil or petroleum products; and
    • any transaction in which a foreign financial institution is involved in the purchase of Iranian unmanned aerial vehicles (UAVs), UAV parts, or related systems.

    It is noteworthy that the determination of the above two types of “significant financial transactions” does not take into account the size, quantity, frequency, or nature of the transaction.

    It can be seen that the United States has expanded the scope of sanctions that may be imposed on Chinese financial institutions through the “Iran–China Energy Sanctions Act of 2023”. Once the United States determines that Chinese financial institutions have knowingly engaged in or facilitated any transactions involving the purchase of Iranian oil or petroleum products and Iranian unmanned aerial vehicles (UAVs), UAV parts, or related systems, regardless of the size, quantity, frequency, or nature of the financial transaction, Chinese financial institutions may be subject to US sanctions, thereby being unable to open or maintain correspondent or payable-through accounts through US financial institutions in the United States. The risk of Chinese financial institutions being subject to US economic sanctions has further increased.

    Suggestions for Chinese financial institutions on responding to recent US sanctions against financial institutions

    Convey compliance expectations to clients

    • Convey the relevant sanctions compliance requirements and risks to clients, inform them not to use their accounts to conduct business with designated individuals in specified industries or engage in any transactions involving the Russian military-industrial complex or Iranian oil and UAVs.
    • Share the list of certain items or classes of items subject to sanctions legal control with clients engaged in import and export, manufacturing, or any other related businesses.

    Conduct due diligence and compliance review of clients and related business and transactions

    • Conduct due diligence and compliance review of clients and related business and transactions to determine whether there are clients operating in specific sectors of the Russian economy, any clients conducting business with designated individuals in specific industries, clients that may be involved in selling, supplying, or transferring certain items to Russia, and clients involved in transactions related to Iranian oil or petroleum products or Iranian unmanned aerial vehicles (UAVs), UAV parts, or related systems.

    It should be noted that compliance review should also be conducted for non-US dollar currency transactions. According to OFAC’s Frequently Asked Questions No 1151, the sanctions stipulated in Executive Order No 14114 and No 14024 also apply to non-US dollar currency transactions conducted by foreign financial institutions.

    Incorporate sanctions risks into client risk grading and take corresponding sanctions response measures

    • Include the risks of US sanctions against foreign financial institutions in the client risk grading criteria and take different measures for clients with different risk ratings.
    • For clients not engaged in activities subject to sanctions control, obtain written statements from the clients stating that they are not operating in the specified industries, have not sold or transferred specific items to Russia, have not engaged in any transactions involving the Russian military-industrial complex, and have not been involved in transactions related to Iranian oil, UAVs, or related systems.
    • For clients engaged in high-risk activities or those who have not responded to relevant investigations, appropriate restrictive measures should be taken. These measures include restricting accounts, limiting the types of business allowed to be conducted, strengthening control over trade financing for specific client projects, and placing clients or counterparties on an internal “do not engage” watchlist, among others.

    Effectively implement sanctions compliance frameworks in daily operations

    Financial institutions should effectively implement sanctions compliance frameworks in their daily operations. Firstly, financial institutions should develop and improve effective sanctions compliance frameworks. The top management should provide clear support for the development and implementation of compliance frameworks and ensure the provision of necessary resources to integrate compliance requirements into the daily operations of the organisation. On this basis, a comprehensive risk assessment should be conducted to systematically analyse customers, products, services, supply chains, intermediaries, and counterparties, in order to identify and quantify potential sanctions compliance risks.

    Based on the results of the risk assessment, design and implement internal control measures, including developing clear policies and procedures aimed at preventing, identifying, reporting, and documenting activities that may violate sanctions. In addition, establish a comprehensive, independent, and objective testing and auditing mechanism to ensure timely identification and remediation of weaknesses and deficiencies in the sanctions compliance framework. In order to enhance the compliance awareness and ability of employees, regular training programmes should be carried out to ensure that all relevant personnel understand the importance of sanctions compliance and are able to master specific knowledge and skills related to their responsibilities.

    Ensure clear communication of policies and procedures related to sanctions compliance framework to relevant personnel, and effectively integrate these policies and procedures into the daily operations of the company. In addition, it is advisable to establish clear records of the implementation and execution of the above matters, in order to face potential investigations and provide a basis for proving the compliance of institutional operations.

    Finally, given the constantly changing sanctions regulations and market environment, the sanctions compliance framework should be regularly reviewed and updated to ensure that it can adapt to the latest developments in the external environment, including updates in regulatory requirements, changes in business models, and new market trends. The risk of violating sanctions regulations can be effectively reduced through continuous self-assessment and improvement, and appropriate remedial measures taken when necessary.

    1. Trends and Overview

    1.1 Sanctions Market

    In the past 12 months, the sanctions sector has undergone significant changes and growth, with a notable increase in US sanctions imposed on Chinese companies. This surge reflects the escalating geopolitical tensions between the US and China. The US has broadened its scope of sanctions to include more Chinese entities, citing reasons such as national security threats and human rights concerns.

    The COVID-19 pandemic has further intensified the global geopolitical competition and strengthened the sanctions policy. This heightened competition has led to an even stronger reliance on sanctions as a policy tool. Governments have used sanctions to exert pressure on adversaries. However, the pandemic has also disrupted supply chains and affected international trade. These disruptions have the potential to impact the implementation and effectiveness of sanctions measures in turn.

    1.2 Key Trends

    The US has persistently ramped up its efforts to impose sanctions on Chinese technology companies, particularly focusing on those operating in sectors that are considered critical to national security. In response to these increasing pressures, China has been actively working to bolster its export control system. This involves the development and enforcement of stringent regulations that govern the transfer of sensitive technologies and dual-use items. China has also been proactively devising and implementing anti-sanctions measures to counteract the impact of such restrictions. These measures are designed to protect Chinese companies from the adverse effects of sanctions and to maintain the stability of the domestic market.

    1.3 Key Industries

    The semiconductor and chip manufacturing industries have been severely affected by sanctions. The US has imposed stringent restrictions on exporting advanced AI chips and semiconductor manufacturing equipment to China. This move has had far-reaching implications, particularly for Chinese technology giants that are heavily dependent on these high-tech components to manufacture cutting-edge products.

    In the telecommunications sector, the ripple effects of US sanctions have been equally pronounced. Chinese telecommunications equipment manufacturers, who are at the forefront of developing and deploying 5G technology, have found their growth prospects significantly constrained. The sanctions have imposed limitations on their ability to access vital components and technology that are essential for the advancement of 5G infrastructure and services.

    1.4 Overview

    1.4.1 Types of Sanctions

    The types of sanctions implemented in China include:

    • visa restrictions;
    • asset seizure and restrictions;
    • trade and transactions restrictions;
    • fines; and
    • other necessary measures as deemed necessary by relevant Chinese authorities.

    1.4.2 Scope of Sanctions

    China’s sanctions law does not explicitly state that it has an extra-territorial effect; Chinese citizens, legal persons and other organisations within China’s jurisdiction must comply with sanctions imposed by the Chinese government.

    1.4.3 Domestic and/or Supranational Measures

    China’s sanctions are imposed at a domestic level empowered by domestic legislation. For example, the Law of the People’s Republic of China on Countering Foreign Sanctions stipulates that China can take countermeasures against discriminatory restrictive measures imposed by foreign countries.

    On the other hand, China also implements those sanctions mandated by the UN Security Council. The Foreign Relations Law of the People’s Republic of China also provides a legal basis for the implementation and compliance of United Nations Security Council sanctions and related measures within China. Article 35 clearly stipulates that the state shall take measures to implement binding sanctions resolutions and related measures made by the United Nations Security Council under Chapter VII of the United Nations Charter.

    2. Overview of Regulatory Field

    2.1 Primary Regulators

    The Ministry of Commerce and the Ministry of Foreign Affairs are the primary regulators for Sanctions in China. The Ministry of Commerce is responsible for import and export controls and trade-related sanctions. The Ministry of Foreign Affairs is responsible for the country’s foreign policy, including sanctions against foreign entities and individuals. Depending on the nature of the sanctions, other state departments, such as the public security department, may also be involved in the implementation of sanctions.

    2.2 Enforcement

    2.2.1 Enforcement Responsibilities

    In China, the enforcement of sanctions is primarily the responsibility of various state-level authorities, which work in co-ordination to implement and oversee sanctions-related activities. Primarily, the Ministry of Commerce is responsible for the supervision of foreign trade and economic co-operation, including the development and implementation of export controls and unreliable entity lists related to sanctions. The Ministry of Foreign Affairs is responsible for announcing and interpreting China’s sanctions decisions, and conducting diplomatic negotiations with other countries.

    In addition, according to the Law of the People’s Republic of China on Countering Foreign Sanctions, the relevant departments of the State Council may decide to include individuals or organisations who directly or indirectly participate in the formulation, decision-making, and implementation of discriminatory restrictive measures as stipulated in this Law in the list of countermeasures. The determination, suspension, modification or cancellation of the list of countermeasures, and countermeasures themselves shall be announced by an order issued by the Ministry of Foreign Affairs or other relevant departments of the State Council. According to Article 10 of the Law of the People’s Republic of China on Countering Foreign Sanctions, China has established a co-ordination mechanism for anti-foreign sanctions work. The relevant departments of the State Council should strengthen co-ordination and information sharing, and determine and implement relevant countermeasures in accordance with their respective responsibilities and tasks.

    According to the Provisions on the List of Unreliable Entities, China has established a working mechanism with the participation of relevant departments of central state organs, responsible for organising and implementing the unreliable entity list system. The Office of Work Mechanism is located in the competent commerce department of the State Council.

    2.2.2 Breaching Sanctions

    According to the Law of the People’s Republic of China on Countering Foreign Sanctions, any organisation or individual that fails to implement or co-operate in implementing the countermeasures will be subject to legal liability in accordance with the law, which does not exclude criminal liability. For example, if the breach of sanctions endangers national security or involves the disclosure of state secrets, it could be subject to criminal liabilities under the “Criminal Law of the People’s Republic of China”.

    Pursuant to the Law of the People’s Republic of China on Countering Foreign Sanctions, organisations and individuals within China are obligated to follow the countermeasures determined by the relevant state departments. Failure to comply with these measures can lead to administrative liabilities, including orders to cease the activities, fines, and potential restrictions or prohibitions on related activities.

    2.2.3 Mitigation

    China’s sanctions law does not explicitly stipulate any mitigating steps which can be taken to avoid or lessen penalties imposed as a result of breach of the sanctions.

    If a Chinese entity is subject to administrative penalties for violating sanctions laws, according to the Administrative Penalty Law of the People’s Republic of China, if the illegal act is minor and corrected in a timely manner without causing harmful consequences, no administrative penalty shall be imposed. Those who violate the law for the first time with minor consequences and make timely corrections may not be subject to administrative penalties. If the Chinese entity has sufficient evidence to prove that there is no subjective fault, no administrative penalty shall be imposed. Those who actively eliminate or mitigate the harmful consequences of illegal acts, voluntarily confess to illegal acts that the administrative organ has not yet mastered, and who have made meritorious contributions in co-operating with the administrative organ in investigating and punishing illegal acts shall be given lighter or mitigated administrative penalties.

    If a Chinese entity is criminally punished for violating sanctions laws and constituting a crime, according to the Criminal Law of the People’s Republic of China, if the Chinese entity voluntarily gives up the crime or automatically and effectively prevents the consequences of the crime during the process of committing a crime, those who have not caused damage shall be exempted from punishment; if damage is caused, the punishment shall be reduced. Criminals who have mitigating circumstances as stipulated by law shall be sentenced to a punishment below the statutory penalty. Those who voluntarily surrender after committing a crime and truthfully confess their crimes are considered to have surrendered themselves. For criminals who surrender themselves, the punishment may be lighter or mitigated; those who commit minor crimes may be exempted from punishment. Criminals who have exposed the criminal behaviour of others, which has been verified to be true through investigation, or who have provided important clues that have enabled investigators to solve other cases, etc, may be given lighter or mitigated punishment; those who have made significant contributions may have their punishment reduced or exempted.

    2.2.4 “Strict Liability”

    According to the Law of the People’s Republic of China on Countering Foreign Sanctions, if foreign countries violate international law and basic norms of international relations, use various pretexts or, based on their own laws to contain and suppress China, take discriminatory restrictive measures against Chinese citizens and organisations, and interfere in China’s internal affairs, China has the right to take corresponding countermeasures.

    The unreliable entity list mechanism under the Provisions on the List of Unreliable Entities targets foreign entities engaged in harming China’s national sovereignty, security, and development interests, or violating normal market trading principles, interrupting normal transactions with Chinese entities, or taking discriminatory measures against Chinese entities, seriously damaging the legitimate rights and interests of Chinese entities. The working mechanism will make a decision on whether to include the relevant foreign entities in the list of unreliable entities considering the degree of harm to China’s national sovereignty, security, and development interests, the degree of damage to the legitimate rights and interests of Chinese entities and whether it complies with international trade and economic rules.

    In short, whether the foreign entities conduct the above behaviours out of intent or negligence is not considered by the authorities according to the above-mentioned provisions.

    2.3 Licensing

    2.3.1 Derogation

    There is no licence permitting derogation from sanctions currently under sanctions law in China. The sanctions decisions made according to the Law of the People’s Republic of China on Countering Foreign Sanctions are final.

    However, according to the Provisions on the List of Unreliable Entities, a correction deadline can be set for foreign entities included in the list of unreliable entities, during which no sanction measures will be taken. Foreign entities could be removed from the list of unreliable entities if they correct their behaviours and take measures to eliminate the consequences within the correction period.

    2.3.2 Provision of Legal Services

    There is no general licence for the provision of legal services to designated persons currently under sanctions law in China. However, according to the Provisions on the List of Unreliable Entities, during the investigation conducted by the working mechanism, foreign entities may make statements and defend themselves.

    2.4 Reporting

    There is no explicit reporting obligations of sanctions violations currently under sanctions law in China. However, citizens and organisations shall report activities endangering China’s national sovereignty, security, and development interests stipulated in the Provisions on the List of Unreliable Entities since they have the obligation to report clues in a timely manner that endanger national security activities to the state security organisation according to the National Security Law of the People’s Republic of China.

    According to the Provisions on the List of Unreliable Entities, the working mechanism shall decide whether or not to investigate the acts of relevant foreign entities according to its functions and powers or the suggestions or reports from relevant parties.

    The Rules on Counteracting Unjustified Extra-territorial Application of Foreign Legislation and Other Measures issued by the Ministry of Commerce of China requires Chinese entities to truthfully report to the competent commerce department of the State Council within 30 days when encountering situations where foreign laws and measures prohibit or restrict their normal economic and trade activities with third countries (regions) and their citizens, legal persons, or other organisations.

    3. Recent and Future Legal Developments

    3.1 Significant Court Decisions or Legal Developments

    On 10 June 2021, the Law of the People’s Republic of China on Countering Foreign Sanctions officially came into effect, specifying the situations in which China has the right to take countermeasures, including:

    • foreign countries violating international law and basic norms of international relations, using various excuses or, based on their own laws to contain and suppress China, adopting discriminatory restrictive measures against Chinese citizens and organisations, and interfering in China’s internal affairs; or
    • foreign countries, organisations, or individuals committing, assisting, or supporting actions that endanger China’s sovereignty, security, and development interests.

    On 1 July 2023, the Foreign Relations Law of the People’s Republic of China began to be implemented officially. According to Article 33, China has the right to take corresponding countermeasures and restrictive measures against actions that violate international law and basic norms of international relations and endanger China’s sovereignty, security, and development interests.

    On 1 January 2024, the new Civil Procedure Law of the People’s Republic of China came into effect. Article 300 stipulates that if a court determines that an effective judgment made by a foreign court violates the basic principles of the laws of the People’s Republic of China or national sovereignty, security, or social public interests, it shall rule not to recognise and enforce it.

    3.2 Future Developments

    The US has been known to implement economic sanctions that can affect trade with China. There is a trend where sanctions are increasingly targeting technology and innovation sectors. The US has been expanding its controls on exports to China, particularly in high-tech sectors, and has been adding Chinese entities to its Entity List, which restricts their access to US technology and components without a licence. Companies in these sectors should be particularly vigilant and may need to invest in domestic R&D to reduce reliance on imported technology.

    There is another trend in the US sanctions regime, particularly focusing on the activities of foreign financial institutions and the expansion of the US government’s authority to impose sanctions on Chinese financial institutions through provisions like Executive Order No 14114 which amends previous orders to target a broader range of transactions and entities, or the Iran–China Energy Sanctions Act of 2023 explicitly defining what constitutes a “significant financial transaction”. This reflects a trend towards a more assertive and comprehensive approach to economic sanctions, with a focus on deterring activities that support Russia and Iran.

    China has been active in refining its export control laws and implementing anti-sanctions measures to protect its national interests and the legitimate rights and interests of its companies. The introduction of the Unreliable Entity List is a strategic move to counteract measures that harm Chinese companies. China will continue to formulate necessary administrative regulations and departmental rules, establish corresponding work systems and mechanisms, strengthen departmental co-ordination, and determine and implement relevant countermeasures and restrictive measures against actions that endanger China’s sovereignty, security, and development interests.

    Clients looking to do business in China should closely monitor these trends and work with legal and trade compliance experts to navigate the complex landscape of international sanctions and trade controls. It is also important to engage in proactive risk management and to be prepared for the potential impacts of sanctions on business operations.

    4. Delisting Challenges

    4.1 Process

    According to the Provisions on the List of Unreliable Entities, a correction deadline can be set for foreign entities included in the list of unreliable entities, during which no sanction measures will be taken. Foreign entities could be removed from the list of unreliable entities if they correct their behaviours and take measures to eliminate the consequences within the correction period. During the investigation conducted by the working mechanism, foreign entities may make statements and defend themselves.

    If a foreign entity is restricted or prohibited from engaging in import and export activities related to China, and Chinese enterprises, other organisations or individuals need to conduct transactions with the foreign entity under special circumstances, they can apply to the Office of the Working Mechanism, and with consent, they can conduct corresponding transactions with the foreign entities.

    4.2 Remedies

    The working mechanism under the Provisions on the List of Unreliable Entities can decide to suspend or terminate the investigation based on the actual situation; if there is a significant change in the facts on which the decision to suspend the investigation is based, the investigation may be resumed.

    The working mechanism may decide to remove the relevant foreign entities from the list of unreliable entities based on the actual situation. If a foreign entity corrects its behaviour and takes measures to eliminate the consequences of its behaviour within the specified correction period in the announcement, the working mechanism shall make a decision to remove it from the list of unreliable entities. Foreign entities can apply to be removed from the list of unreliable entities, and the working mechanism will decide whether to remove them based on the actual situation.

    4.3 Timing

    The Provisions on the List of Unreliable Entities do not specify a time limit to obtain de-listing. However, the decision to remove foreign entities from the list of unreliable entities should be announced. From the date of announcement, the sanctions measures taken in accordance with the Provisions on the List of Unreliable Entities shall cease to be implemented.

    5. cTrade and Export Restrictions

    5.1 Services

    China’s export or import control regimes are currently not country-specific. The Ministry of Commerce release the Catalogue of Technologies Prohibited or Restricted from Exporting in China and the Catalogue of Technologies Prohibited or Restricted from Importing in China, regularly.

    China implements sanctions mandated by the UN Security Council towards the Islamic State and Al-Qaeda, Yemen, Iraq, the Democratic Republic of Congo, South Sudan, Libya, Mali, Haitian gangs, Central Africa, and Al-Shabaab in Somalia.

    5.2 Goods

    China’s export and import control regimes are currently not country-specific. The Ministry of Commerce, the General Administration of Customs, and the Ministry of Ecology and Environment, in accordance with relevant laws and regulations, release the Catalogue of Prohibited Import Goods and the Catalogue of Prohibited Export Goods, regularly.

    China implements sanctions mandated by the UN Security Council towards the Islamic State and Al-Qaeda, Yemen, Iraq, the Democratic Republic of Congo, South Sudan, Libya, Mali, Haitian gangs, Central Africa, and Al-Shabaab in Somalia.

    6. Civil Litigation and Arbitration

    6.1 Force Majeure

    1. In a case of a Sales Contract Dispute, the seller, Company A, signed a procurement contract with the buyer, Company B, and Company A promised in Annex 3 that the goods did not come from Iran. Afterwards, Company B refused to make payment since Company A was unable to provide proof, while Company A filed a lawsuit claiming that Annex 3 violated the Law of the People’s Republic of China on Countering Foreign Sanctions and the Rules on Counteracting Unjustified Extra-territorial Application of Foreign Legislation and Other Measures, violated mandatory provisions of laws and administrative regulations, and should be deemed invalid.

    The court found that the statement was a unilateral commitment issued by Company A to Company B which should be considered as a true expression of Company A’s intention. Secondly, the main content of this document is that Company A promised that the goods did not come from Iran, not falling within the scope of the Law of the People’s Republic of China on Countering Foreign Sanctions and the Rules on Counteracting Unjustified Extra-territorial Application of Foreign Legislation and Other Measures. Therefore, Company A’s inability to provide relevant supporting documents to prove to Company B as to the source of the goods involved in the case constitutes a breach of contract.

    2. In a case of applying for recognition and enforcement of foreign arbitral awards, Company C applied to the court for recognition and enforcement of an arbitration award made by the Singapore International Arbitration Centre Arbitration Tribunal. The respondent, Company D, requested the court not to recognise and enforce the arbitration award because the law firm to which the chief arbitrator belongs has been sanctioned by the Chinese government, resulting in the arbitration award being unfair.

    Regarding the issue of whether the sanctions imposed by the Chinese government on the law firm to which the arbitrator belongs will affect the hearing of this case, the court believes that the sanctions are aimed at the law firm to which the chief arbitrator belongs and not at its arbitrator’s identity. This sanction is not within the scope of non-recognition as stipulated in the Convention on the Recognition and Enforcement of Foreign Arbitral Awards, is not related to the trial of this case, and there was no improper procedure. The issue of whether the recognition and enforcement of arbitration awards comply with the Rules on Counteracting Unjustified Extra-territorial Application of Foreign Legislation and Other Measures is also not related to this case, and the choice of arbitration is the result of the autonomy of the parties in this case.

    The court ultimately held that the award made by the Singapore International Arbitration Centre in question did not fall under the circumstances of non-recognition and enforcement under Article 5 of the Convention on the Recognition and Enforcement of Foreign Arbitral Awards, and shall be recognised and enforced.

    3. In conclusion, PRC courts tend to respect the autonomy of the contracting parties regarding the agreement of sanctions or export control terms on the condition that sanctions or export control terms do not fall within the jurisdiction of the PRC sanctions laws, including but not limited to the Law of the People’s Republic of China on Countering Foreign Sanctions, the Rules on Counteracting Unjustified Extra-territorial Application of Foreign Legislation and Other Measures, and the Export Control Law of the People’s Republic of China.

    6.2 Enforcement

    In judicial practice, PRC courts tend to evaluate whether sanctions constitute force majeure. That is to say courts tend to evaluate whether the obstacles cannot be reasonably foreseen at the time of contract formation and the consequences of obstacles cannot be reasonably avoided or overcome by the affected parties. If they do not constitute force majeure, the judgment should be executed accordingly. If the judgment or ruling is not voluntarily complied with, the court may take measures to enforce its decision.

    If the property of the person subject to enforcement within China has been pre-sealed, seized, or frozen by relevant Chinese departments in accordance with sanctions laws, and no property available for enforcement has been found through property investigation, the enforcement procedure may be terminated after the applicant for enforcement signs confirmation or the enforcement court forms a collegial panel to review and verify, and is approved by the President. After the termination of enforcement, if the applicant for enforcement discovers that the enforcee has property available for enforcement, they may apply for enforcement again.

    7. Designation, Compliance and Circumvention

    7.1 Executive Body

    According to the Provisions on the List of Unreliable Entities, China has established a working mechanism with the participation of relevant departments of central state organs, responsible for organising and implementing the unreliable entity list system. The Office of Work Mechanism is located in the competent commerce department of the State Council.

    According to the Law of the People’s Republic of China on Countering Foreign Sanctions, the relevant departments of the State Council may decide to include individuals or organisations who directly or indirectly participate in the formulation, decision-making, and implementation of discriminatory restrictive measures as stipulated in this Law in the list of countermeasures. The determination, suspension, modification or cancellation of the list of countermeasures, and countermeasures shall be announced by an order issued by the Ministry of Foreign Affairs or other relevant departments of the State Council.

    7.2 Scope of Designation

    There are similar provisions in China specifying the indirect designation of persons as a result of them being “owned or controlled” by a directly designated person. According to the Law of the People’s Republic of China on Countering Foreign Sanctions, the relevant departments of the State Council may decide to take countermeasures against the following individuals and organisations.

    • Spouses and immediate family members of individuals included in the list of countermeasures.
    • Senior management personnel or actual controllers of organisations included in the list of countermeasures.
    • Organisations where individuals listed on the countermeasures list serve as senior management personnel.
    • Organisations that are actually controlled, or involved in the establishment and operation, by individuals and organisations included in the countermeasures list.

    7.3 Circumvention

    7.3.1 Prohibiting Provisions

    According to the Law of the People’s Republic of China on Countering Foreign Sanctions, organisations and individuals within China shall implement countermeasures taken by relevant departments of the State Council, and otherwise they shall be dealt with by relevant departments of the State Council in accordance with the law, and their activities shall be restricted or prohibited.

    Any organisation or individual that fails to implement or co-operate in implementing countermeasures shall be held legally responsible in accordance with the law.

    7.3.2 Criminal Penalties

    If the circumvention of sanctions endangers national security or involves the disclosure of state secrets, it could be subject to criminal liabilities of life imprisonment or imprisonment for more than ten years under the Criminal Law of the People’s Republic of China.

    According to the Law of the People’s Republic of China on Countering Foreign Sanctions, no organisation or individual shall enforce or assist in enforcing discriminatory restrictive measures taken by foreign countries against Chinese citizens and organisations. If an organisation or individual conducts those behaviours and infringes upon the legitimate rights and interests of Chinese citizens or organisations, Chinese citizens or organisations may file a lawsuit with the People’s Court, demanding that they stop the infringement and compensate for the losses. Those who have the ability to execute judgments or rulings of the people’s court but refuse to do so, while the circumstances are serious, shall be sentenced to fixed-term imprisonment of not more than three years, criminal detention, or a fine. If the circumstances are particularly serious, the organisation or individual shall be sentenced to fixed-term imprisonment of not less than three years but not more than seven years and shall also be fined.