China Legal Update – March 24th 2026, China News

On 24 February 2026, the State Administration for Market Regulation (“SAMR”) issued the Provisions on the Protection of Trade Secrets under Decree No. 126 (the “Provisions”), which will enter into force on 1 June 2026.

The Provisions further implement the Anti-Unfair Competition Law and reflect a broader regulatory trend in China: adapting trade secret protection to increasingly digitalised business operations, including remote working, data-driven business models, digital collaboration tools and cross-border information flows.

The adoption of the Provisions responds in large part to the digitalisation of business relationships and working methods. It highlights the practical shift the Provisions introduce for companies operating in China: trade secret protection is now expected to rely not only on contractual undertakings, but also on effective internal controls, digital traceability and sound management of sensitive information.

II.   Key highlights

1.  Broader scope of protected information

The Provisions confirm that trade secrets consist of commercial information that is not known to the public, has commercial value, and is protected by corresponding confidentiality measures adopted by the rights holder.

They cover in particular:

Technical information, including structures, raw materials, formulas, materials, samples, styles, processes, methods, data, algorithms, computer programs and code; and

Business information, including creative, management, sales, financial, planning and customer-related information, as well as other information connected with business activities.

Importantly, the Provisions expressly include algorithms, computer programs, code and data within the scope of protected technical information. They also clarify that protected customer information may extend beyond basic identification details and include transaction habits, intentions and transaction content.

This confirms that the new regime is intended to address the growing value of digital and intangible business assets.

2.   Stronger emphasis on effective confidentiality measures

The Provisions also broaden the concept of reasonable confidentiality measures. In addition to contractual protections, they refer to practical safeguards such as permission-based access controls, data anonymisation and the retention of operation logs, including in remote working and cross-border collaboration scenarios.

This is an important development for businesses. The Provisions suggest that confidentiality clauses in employment contracts or standalone non-disclosure agreements may no longer be sufficient on their own. Companies may now be expected to show that they exercise effective control over access to sensitive information through technical and organisational measures.

In practice, businesses should be able to demonstrate how access rights are allocated, how sensitive files are monitored, whether download activity is traceable, and whether internal systems allow suspicious handling of confidential information to be identified.

The Provisions therefore place greater emphasis on practical confidentiality measures and evidence of control, in line with the increasing digitalisation of internal workflows and information management.

3.  More detailed rules on infringing conduct

The Provisions also provide further detail on conduct that may constitute infringement of trade secrets.

They reiterate that operators may not obtain trade secrets through theft, bribery, fraud, coercion, electronic intrusion or other improper means.

First, electronic intrusion is expressly identified as an improper means, including unauthorised access to a rights holder’s digital office systems or the use of malicious software to obtain confidential information.

Second, it may also be unlawful to access, possess or copy, without authorisation or beyond the authorised scope, documents, materials or other media containing trade secrets, or from which trade secrets may be derived. In a digital environment, this may include design documents, flow charts, technical documentation or raw data sets.

Third, where there is evidence that the information used by a suspected infringer is substantially the same as the rights holder’s trade secret, and that the suspected infringer had the opportunity to access it, the market supervision authorities may find that infringement is established unless the suspected infringer can prove a lawful source.

III.  Practical implications for businesses

The Provisions make clear that businesses should move beyond a purely formal approach and review whether their current systems are suited to the digital environment in which they operate.

In light of the new rules, companies may wish to:

1. Identify and classify protected information more comprehensively

Businesses should review the scope of their core trade secrets and ensure that assets such as algorithms, data, software, source code and commercially sensitive digital records are properly identified.

2. Reinforce confidentiality measures in operational terms

Companies should assess whether their internal controls are sufficient in practice, especially in remote working and cross-border collaboration settings. This may include access control policies, anonymisation tools, system logging, restrictions on copying or downloading, and closer governance over digital repositories and shared platforms.

3. Align legal, HR, IT and compliance practices

Trade secret protection can no longer be treated as a purely contractual issue. Employment contracts, confidentiality undertakings, onboarding and offboarding procedures, employee training and internal investigation procedures should be reviewed in light of the new requirements.

4. Prepare for enforcement and evidentiary needs

Companies should also consider whether they are in a position to prove the existence of trade secrets, the measures taken to protect them, and the circumstances of any suspected misuse.

IV.  Conclusion

The Provisions reflect a clear development in China’s approach to trade secret protection. They take into account the growing role of digital tools and systems in the creation, storage and circulation of commercially sensitive information. For companies operating in China, the key issue is no longer simply whether confidentiality obligations exist on paper, but whether sensitive information is effectively identified, protected and traceable in practice. Ahead of the entry into force of the Provisions on 1 June 2026, businesses would be well advised to assess whether their current arrangements meet these expectations.