March 24, 2026

China Raises the Stakes on Trade Secret Protection: What Companies and Counsel Need to Know About the New Rules

Yuanmei Lu, Zhenye Wang Sheppard, Mullin, Richter & Hampton LLP + Follow Contact LinkedIn Facebook X Send Embed

[co-author: Yanlong Li]

On February 24, 2026, the State Administration for Market Regulation (“SAMR”) officially issued the Provisions on the Protection of Trade Secrets (the “Provisions”), which will take effect on June 1, 2026. The Provisions repeal the Several Provisions on Prohibiting Infringement of Trade Secrets issued in 1995 (the “1995 Rules”), ending nearly 30 years of application. Expanded from 12 articles to 31, this revision represents the most significant overhaul of China’s trade secret protection regime in thirty years. This article outlines the key changes and their practical implications for businesses operating in or with China.

1. Expanded Scope of Trade Secrets: Aligned with the Digital Economy

The 1995 Rules were enacted before the internet era, at a time when trade secret misappropriation typically meant an employee walking out the door with paper blueprints, a competitor bribing an insider for a chemical formulas, and the theft of a physical customer rolodex. The commercial landscape today looks nothing like that, and the Provisions respond accordingly.

The Provisions define trade secrets as business information — encompassing both technical information and commercial information — that is not publicly known, carries commercial value, and is subject to reasonable confidentiality measures taken by the rights holder.

• Technical information: The Provisions expressly enumerate the types of technical information that qualify for protection, including structures, formulas, materials, samples, processes, methods, data, algorithms, computer programs, and code. This enumeration is significant in practice. AI model training datasets, algorithm iteration records, and user behavioral analytics can now unambiguously qualify for trade secret protection — a position that was genuinely contested under the prior framework and frequently litigated without a clear legal basis.
• Commercial information: On the commercial side, protectable information includes ideas, management methods, sales strategies, financial data, business plans, samples, customer information, and other business-related data. Notably, customer information is specifically and broadly defined to include not only names, addresses, and contact details, but also transaction habits, purchase intentions, and the content of prior dealings. This closes a significant gap in the 1995 Rules, under which a competitor could argue – sometimes successfully – that basic client contact information was “publicly available” and therefore unprotectable. Rights holders will find it considerably easier to protect their customer relationships going forward. One of the most practically meaningful expansions in the Provisions is the express extension of protection to interim research results and failed experimental data, provided these meet the commercial value standard. This has particular significance for life sciences, advanced materials, and technology companies, where the research and development cycle is long and the value of negative results is well-understood. The previously common defense that “this was merely a failed experiment with no commercial value” will be far more difficult to sustain under the new framework.

2. Clearer Rules on Infringing Conduct

The Provisions set out specific categories of prohibited conduct with a precision the 1995 Rules never achieved. The drafting is clearly responsive to the most frequently disputed scenarios in practice.

Employee Departures and Unauthorized Data Transfer

The Provisions explicitly provide that misappropriation includes downloading or transferring trade secrets - without authorization, beyond the scope of authorization, or after authorization has expired - to personal email accounts, cloud storage platforms, or other devices or systems outside the rights holder’s control.

This is an important shift. Under the new framework, the act of unauthorized downloading itself constitutes misappropriation. Companies no longer need to wait until confidential information has been used, disclosed to a third party, or caused demonstrable loss before taking action. This significantly enhances the ability of rights holders to intervene at an early stage — for example, upon discovering the data transfer during an exit interview or a forensic IT review.

Poaching with Improper Intent

The Provisions also address the increasingly common practice of a competitor deliberately hiring an employee precisely to obtain the former employer’s confidential information — what practitioners sometimes call “hiring for secrets.”

Specifically, the Provisions prohibit inducing others to misappropriate trade secrets through explicit or implicit offers of money, promotion, or other benefits. They further prohibit providing funding, technology, equipment, or other material support to a person who is known or should reasonably be known to be misappropriating trade secrets.

Liability under the Provisions therefore extends not only to the departing employee, but also to the competitor that recruits them with knowledge - actual or constructive - that the employee intends to bring along confidential information. Such competitors now face direct administrative penalties, giving enforcement authorities a meaningful tool to address a practice that has long operated in a legal grey zone.

Legitimate Activities That Do Not Constitute Infringement

The Provisions also take care to delineate the boundaries of legitimate competitive activity. The following do not constitute infringement: independent development or discovery; reverse engineering of products obtained through legitimate public channels; and an employee's use, in subsequent employment, of the general skills, knowledge, and industry experience accumulated during their prior role.

3. Lower Barriers to Enforcement

Presumption of Infringement

One of the most consequential procedural changes in the Provisions is the establishment of a presumption of infringement. Where a rights holder demonstrates that the information used by the alleged infringer is substantially identical to the claimed trade secret, and that the alleged infringer had access to such trade secret, the market regulation authority may find infringement - unless the alleged infringer can prove the information was lawfully obtained or used.

This burden-shifting mechanism is a material improvement for rights holders. Previously, the obligation to affirmatively prove misappropriation - and to link it to a specific act, person, or channel - placed an often-insurmountable evidentiary burden on companies that had limited visibility into what a departing employee or a competitor had done with their information. Under the new framework, the alleged infringer must now affirmatively establish a legitimate source for the information in question.

Administrative Penalties

For violations of the Provisions, market regulation authorities at or above the county level may order the infringer to cease the unlawful act, confiscate illegal gains, and impose a fine of between RMB 100,000 and 1,000,000. For serious cases, the fine may range from RMB 1,000,000 to 5,000,000.

It should be noted that administrative enforcement under the Provisions operates alongside, and does not replace, civil litigation and criminal prosecution as available enforcement channels. Rights holders will need to make a considered decision as to the most appropriate forum - or combination of forums - depending on the nature of the misappropriation, the remedies sought, and the speed of action required.

4. Conclusion

The enactment of the Provisions marks the beginning of a new stage in the administrative protection of trade secrets in China. The boundaries of protection are clearer, enforcement tools are more robust, and the barriers to asserting rights have been materially reduced.

Companies are encouraged to review their existing confidentiality agreements, employee onboarding and offboarding procedures, IT access controls, and internal data governance policies in light of the new framework before the June 1, 2026 effective date.

Send Print Report

Latest Posts

• Cookies, “Significant Risk,” and 2026 CCPA Assessments
• Massachusetts Settlement Targets Mortgage-Backed “Homeowner Benefit” Agreements
• Thirteen AGs Sue Major Installment Lender Over Add-On Packing; Former CFPB Attorneys Lead the Charge
• California Court Orders CFPB to Continue Requesting Federal Reserve Funding
• FTC Eyes New Rulemaking on Hidden Fees in Rental Housing See more »

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
Attorney Advertising.

©
Sheppard, Mullin, Richter & Hampton LLP

Written by:

Sheppard, Mullin, Richter & Hampton LLP Contact + Follow Yuanmei Lu + Follow Zhenye Wang + Follow more less

PUBLISH YOUR CONTENT ON JD SUPRA

• ✔ Increased readership
• ✔ Actionable analytics
• ✔ Ongoing writing guidance Join more than 70,000 authors publishing their insights on JD Supra

Start Publishing »

Published In:

China + Follow Corporate Counsel + Follow Enforcement Actions + Follow Government Agencies + Follow Intellectual Property Protection + Follow Misappropriation + Follow New Legislation + Follow New Regulations + Follow Regulatory Oversight + Follow Regulatory Reform + Follow Regulatory Requirements + Follow State Administration for Market Regulation (SAMR) + Follow Trade Secrets + Follow Administrative Agency + Follow Intellectual Property + Follow International Trade + Follow more less

Sheppard, Mullin, Richter & Hampton LLP on:

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra: Sign Up Log in ** By using the service, you signify your acceptance of JD Supra's Privacy Policy.* - hide - hide