Series

Blogs

China – New rules on supply chain security and measures to counter extraterritorial jurisdiction

Article|

21 May 2026

What is Decree 834 and Decree 835?

On 31 March 2026, China's State Council published the Regulations on the Security of Industrial and Supply Chains (Decree 834), followed on 7 April 2026 by the Regulations on Countering Improper Extraterritorial Jurisdiction by Foreign States (Decree 835).

Both took effect immediately and have already been enforced. On 15 May 2026, China's Ministry of Justice (MoJ) issued its first formal determination under Decree 835, finding that the European Commission's cross-border investigation into Nuctech under the EU's Foreign Subsidies Regulation (FSR) constituted improper extraterritorial application of foreign law.

Why were Decree 834 and Decree 835 introduced now?

These Decrees form part of a broader trend. China has been steadily building a legal framework to respond to foreign sanctions, export controls, and other measures it considers overreaching.

This framework began with the Unreliable Entity List (UEL) in 2020, followed by its Blocking Rules, and the Anti-Foreign Sanctions Law (AFSL) in 2021, and the AFSL's implementing regulations in 2025.

Decree 834 and Decree 835 elevate key countermeasures to the level of China’s highest legislative body and introduce new enforcement powers – emphasising the Chinese central government’s desire to rearm in reaction to an increasingly contested geopolitical cross-border trade environment.

How does Decree 834 seek to enhance supply chain security?

Decree 834 aims to protect the security and resilience of China's industrial and supply chains. It introduces risk-monitoring and early-warning systems alongside new investigatory and enforcement powers.

Restrictions on supply chain information-gathering: Article 13 prohibits illegal supply chain investigations and information-gathering by foreign entities in China. This is relevant for multinationals conducting supply chain due diligence — for instance, under the EU Corporate Sustainability Due Diligence Directive. Standard questionnaires and on-site inspections should be reviewed to avoid soliciting sensitive information (e.g., important data, core data, or state secrets) that could attract scrutiny under national security rules.
Investigations into foreign entities: Article 15 targets foreign companies or individuals that sever normal trading relationships or impose selective restrictions. The threshold is lower than under the UEL's market conduct limb, which requires 'serious harm' to Chinese entities' interests. Under Article 15, a mere 'threat' of damage to supply chains could suffice to open an investigation.
Mandatory compliance with countermeasures: Article 16 requires Chinese organisations and individuals to comply with any countermeasures imposed by the Chinese authorities. Penalties include import and export restrictions, data-related restrictions, and entry and residency restrictions. In practice, Chinese counterparties may be reluctant to engage in, or continue, certain commercial activities with foreign entities subject to countermeasures. Multinationals should factor this into counterparty engagement strategies and prepare for potential disruption to in-country cooperation.

How does Decree 835 counter foreign extraterritorial jurisdiction?

Decree 835 targets foreign organisations and individuals that implement or assist in implementation of measures which the Chinese authorities consider to have been imposed through improper extraterritorial jurisdiction.

Extraterritorial jurisdiction: Article 4 empowers the Chinese authorities to exercise jurisdiction over conduct occurring outside its borders, provided there is an "appropriate connection" to China and a basis in Chinese law, international treaties, or the principle of reciprocity. Where both China and a foreign state assert jurisdiction over the same conduct, Article 4 envisages resolution through diplomatic channels, treaty negotiation, or dialogue between the states’ relevant authorities. The term "appropriate connection" is not defined, leaving its scope to be clarified through future practice or implementing guidance.
Identification of improper foreign measures: Under Article 6, the MoJ is charged with leading an inter-agency group to assess whether foreign measures are appropriately imposed against Chinese interests, considering: (i) consistency with international law; (ii) the strength of the connection between the foreign state and the regulated conduct; and (iii) whether the measure harms China's sovereignty, security, development interests, or the rights of Chinese citizens and organisations.
Consequences: Two principal enforcement tools are available under Decree 835.
- Prohibition orders. First, authorities can order a specific entity to stop implementing a particular foreign measure. Violating such an order can result in disqualification from government procurement tenders, import and export restrictions, blocks on data exports, entry and residency restrictions for personnel, fines, and criminal liability.
- Malicious entity list: Secondly, Article 8 establishes a new list targeting foreign organisations and individuals that "promote" or participate in foreign measures judged to have improper extraterritorial jurisdiction. Designation does not require prior action against a Chinese entity — mere promotion of or participation in such measures suffices. The word "promote" casts a wide net, potentially capturing lobbying, public advocacy, or urging others to sever ties with Chinese entities. Once listed, a range of measures can be imposed, including entry restrictions, asset freezing, transaction and data flow restrictions, import and export restrictions, investment restrictions, and fines. Countermeasures can extend to entities controlled by or affiliated with a listed party, creating real exposure for multinational groups.

What are the implications of the Nuctech enforcement case?

As noted above, the MoJ has issued its first determination under Decree 835, targeting the EU Commission’s enforcement of the FSR against Nuctech, a partly Chinese state-owned security inspection equipment company being investigated in the EU on suspicion of having received Chinese government subsidies that distorted competition in the EU internal market.

This determination carries significant precedential weight: it signals that similar information-gathering activities by foreign regulators — whether under the FSR, the Digital Markets Act, or other instruments — risk triggering countermeasures where they require disclosure of data or documents situated in China without a genuine jurisdictional nexus.

We have previously analysed the EU-China data disclosure dilemma arising from the Nuctech case in detail here.

Who is at risk?

Any business that restricts or severs normal commercial relationships with Chinese counterparties — whether to comply with foreign sanctions, export controls, or other regulatory requirements — faces potential exposure under these Decrees. This is the same core conduct already regulated under the UEL, AFSL, and Blocking Rules, but the new Decrees broaden the enforcement toolkit and lower the threshold for triggering an investigation. ESG and sustainability-related data aggregation platforms and their users, including quant funds and other investors, are also within scope to the extent their data handling processes involve information gathered from Chinese supply chains.

What does this mean for businesses in practice?

These Decrees do not fundamentally alter the risk landscape for businesses already alert to China's countermeasures framework.

The core obligations remain the same: avoid discriminatory treatment of Chinese counterparties, do not blindly apply foreign sanctions within China, and monitor list designations. The new Decrees reinforce those obligations at a higher level and introduce more coordinated enforcement.

Many key terms — including "interrupting normal transactions," "improper extraterritorial jurisdiction," and the scope of "promotion" — remain undefined. No implementing guidelines have been issued, creating uncertainty about how the regime will operate in practice.

This is not, however, unfamiliar territory. The UEL has operated without sector-specific guidelines since 2020, and the AFSL went through similar uncertainty between 2021 and the issuance of its implementing regulations in March 2025. Enforcement under both has been deliberate and geopolitically calibrated rather than indiscriminate. However, recent trends suggest an expanding scope, with non-military commercial actors increasingly in regulators' sights.

What actions should businesses take?

Businesses with China operations should consider the following steps:

Compliance gap analysis: Review existing compliance processes to confirm they address the UEL, AFSL, and Blocking Rules. If they do, the new Decrees are unlikely to require a fundamental overhaul — but addressing any specific action points identified below would remain prudent.
Counterparty screening: Extend counterparty screening to include the PRC sanctions lists (the new malicious entity list and the UEL) alongside US, EU, and UK sanctions lists.
Chinese law assessment: Where a transaction decision is driven by foreign compliance obligations — particularly terminating or suspending dealings with a Chinese counterparty — conduct a Chinese law assessment before acting, and explore exemption and licensing options for both sides in parallel.
Supply chain due diligence: Review supply chain audit and due diligence programmes in light of Decree 834's restrictions on information-gathering in China, and take legal advice on structuring such programmes to minimise exposure.
Ongoing monitoring: Monitor implementing guidelines as they are issued. The scope of these instruments will become clearer over time, and businesses should be ready to update their assessments accordingly.

We are actively advising clients on the implications of these new rules and their interaction with existing compliance frameworks. Please do not hesitate to contact us should you have any questions.

China – New rules on supply chain security and measures to counter extraterritorial jurisdiction

Share this:

What is Decree 834 and Decree 835?

Why were Decree 834 and Decree 835 introduced now?

How does Decree 834 seek to enhance supply chain security?

How does Decree 835 counter foreign extraterritorial jurisdiction?

What are the implications of the Nuctech enforcement case?

Who is at risk?

What does this mean for businesses in practice?

What actions should businesses take?

Share this:

China – New rules on supply chain security and measures to counter extraterritorial jurisdiction

What is Decree 834 and Decree 835?

Why were Decree 834 and Decree 835 introduced now?

How does Decree 834 seek to enhance supply chain security?

How does Decree 835 counter foreign extraterritorial jurisdiction?

What are the implications of the Nuctech enforcement case?

Who is at risk?

What does this mean for businesses in practice?

What actions should businesses take?

China – New rules on supply chain security and measures to counter extraterritorial jurisdiction

Share this:

What is Decree 834 and Decree 835?

Why were Decree 834 and Decree 835 introduced now?

How does Decree 834 seek to enhance supply chain security?

How does Decree 835 counter foreign extraterritorial jurisdiction?

What are the implications of the Nuctech enforcement case?

Who is at risk?

What does this mean for businesses in practice?

What actions should businesses take?

​

Share this:

China – New rules on supply chain security and measures to counter extraterritorial jurisdiction

​

What is Decree 834 and Decree 835?

Why were Decree 834 and Decree 835 introduced now?

How does Decree 834 seek to enhance supply chain security?

How does Decree 835 counter foreign extraterritorial jurisdiction?

What are the implications of the Nuctech enforcement case?

Who is at risk?

What does this mean for businesses in practice?

What actions should businesses take?