China Newsletter | Q2 2025/Issue No. 64

This China Newsletter provides an overview of key developments in the following areas:

1. Antitrust
   • Latest Development in China's Anti-Unfair Competition Law
2. Compliance
   • The SAMR Issues Medical Advertising Supervision Guidelines
3. Corporate
   • China Further Clarifies Rules on Using Reserve Funds and Non-Monetary Capital Contribution
4. Data Privacy & Cybersecurity
   • The CAC Released Draft Amendment to the Cybersecurity Law for Public Comment
   • The TC260 Releases Two Compliance Guidelines for Personal Information Protection Audit
   • China's Central Bank Releases New Data Security Regulation
   • New National Standards for Sensitive Personal Information Processing
   • China Proposes Updated Regulations on Exporting Automobile-Generated Data
5. Foreign Investment
   • Three Authorities Jointly Issue the Market Access Negative List (2025 Edition)
   • China Proposes New Foreign Exchange Policies to Boost Cross-Border Investment and Financing
   • China's New Tax Incentive Policy for Foreign Investors' Domestic Reinvestment

Antitrust

Latest Development in China's Anti-Unfair Competition Law 2025

年《反不正当竞争法》修订要点解读

On June 27, 2025, China passed the second major revision of its Anti-Unfair Competition Law (AUCL), which takes effect on Oct. 15, 2025. This update reflects China's commitment to addressing challenges in the digital economy while strengthening traditional competition rules. These changes introduce new compliance requirements, but may also offer opportunities for companies looking to protect their business interests.

Key Updates in the 2025 AUCL Revision

The 2025 revision introduces several changes to regulate competition in both digital and traditional markets:

1. Regulating Internet Activities: The revised AUCL targets unfair practices in the digital economy, particularly:
   • Illegal Data Acquisition: Businesses are prohibited from using fraudulent, coercive, or technical means (e.g., web crawlers) to illegally obtain or use data from other businesses if it harms their rights or disrupts market order. Key criteria include whether the data use creates "substantial substitution" of services or unreasonably increases operational costs.
   • Malicious Transactions (Reverse Brushing): The law bans practices like fake reviews, fraudulent transactions, or malicious returns that harm competitors or disrupt fair competition.
2. Platform Operator Responsibilities: Online platforms, such as e-commerce sites or app stores, face new obligations:
   • Ban on "Race-to-the-Bottom" Pricing: Platforms cannot force or indirectly coerce merchants to sell below cost, addressing "vicious competition." Violations may lead to fines ranging from RMB 50,000- RMB 2 million, with higher penalties for severe cases.
   • Active Management: Platforms must establish fair competition rules, set up complaint mechanisms, and actively monitor and address merchants' unfair practices. Failure to do so may result in joint liability for damages under related laws, such as the Civil Code or E-Commerce Law.
3. Abuse of Relative Advantage: A new provision regulates large enterprises (even those without market dominance) that abuse their advantages—such as financial strength, technology, or industry influence—to impose unfair terms or delay payments to smaller businesses (SMEs). Offenders are given a "limit period amendment" to correct violations before facing fines up to RMB 5 million.
4. Protecting Commercial Identifiers: The 2025 revision of AUCL expands protection for new commercial identifiers, such as online usernames and app icons, and addresses confusion caused by:
   • Using another's trademark or well-known mark in a business name or as a search keyword.
   • Other actions that mislead consumers about a company's identity or offerings.
5. Stricter Anti-Bribery Rules: Both bribe-givers and takers now face penalties. Individuals may face a monetary fine up to RMB 1 million for violation.
6. Long-Arm Jurisdiction: Unfair acts done abroad that disturb the Chinese market may be pursued in China.
7. Enhanced Enforcement: The 2025 revision introduces several updates in enforcement measures:
   • Interview: Authorities now can hold "interviews" with suspected violators to encourage compliance without formal investigations, seeking to balance enforcement with fairness.
   • Adjusting Monetary Fines: The 2025 revision also adjusts the upper and lower limits of the monetary fines to certain violations:

Considerations for Businesses

• Brand and Marketing: Run a trademark/keyword search of Chinese brand names, social-media handles, app icons and seek to ensure contracts with agencies ban unauthorized use of third-party marks.
• Anti-Bribery: Expand policies to cover receiving as well as giving bribes. Record all discounts, commissions, and hospitality in company books.
• Online Sales: Audit platform stores for fake reviews, phantom orders, and malicious returns. Review platform agreements for below-cost pricing clauses.
• Supply-Chain and Payments: Check payment terms with Chinese SME suppliers—seek to avoid onesided or delayed terms.
• Cross-Border Campaigns: Confirm that overseas promotions targeting Chinese buyers comply with the AUCL.
• Governance: Train legal representatives and senior managers on personal liability risks.

Compliance

The SAMR Issues Medical Advertising Supervision Guidelines

市场监管总局制发《医疗广告监管工作指南》

The State Administration for Market Regulation (SAMR) issued the Medical Advertising Supervision Guidelines, which comprise 18 articles and are based on relevant laws and regulations to standardize medical advertising oversight. The guidelines clearly state that only legally established medical institutions are permitted to publish medical advertisements. If an advertisement is released without prior review but contains basic information consistent with the institution's practice license, no penalty will be imposed. However, if the content is misleading or inconsistent with licensing information, enforcement action will be taken. Advertisements that imitate the names of well-known hospitals will also be subject to investigation. Ads published after the expiration of their review certificate may be exempt from penalties if the content remains consistent with both the certificate and the institution's actual operations.

Minor modifications to advertisement content—such as changes in background design, font color, or the addition or removal of accurate contact details—are generally not considered violations. Where the content falls within the scope of publicly disclosed information, is supported by valid documentation, or accurately reflects the structure of a medical alliance, penalties may be reduced, mitigated, or waived altogether. In cases where no penalty is imposed, educational guidance will be provided.

In terms of enforcement, the use of spokespersons for endorsements is subject to penalties under Article 58 of the Advertising Law. False or impersonated endorsements that constitute criminal offenses will be referred to public security authorities. Advertisements making definitive claims about efficacy, especially those involving serious diseases, will face heavier penalties. Fabricated or distorted scientific theories, as well as false claims about key institutional information, may also be treated as criminal offenses and referred to law enforcement. Medical advertisements targeting minors, including cosmetic ads that promote appearance anxiety or recommend non-treatment services, will be penalized under Article 57 of the Advertising Law. The use of absolute language (e.g., "guaranteed cure") will be addressed in accordance with relevant enforcement guidelines.

If a single advertisement contains multiple violations that constitute one offense, penalties will not be duplicated. However, if the violations represent distinct offenses, penalties may be combined depending on the circumstances. Entities that are not licensed medical institutions but claim to provide medical services may be investigated for practicing without a license and referred to health authorities. Internet platforms that fail to verify advertisers and allow non-medical entities to publish medical ads will be penalized under Article 63 of the Advertising Law, and in severe cases, may be ordered to suspend related services.

Corporate

China Further Clarifies Rules on Using Reserve Funds and Non-Monetary Capital Contribution

关于公司法、外商投资法施行后有关财务处理问题的通知

On June 27, 2025, China's Ministry of Finance issued new guidelines for financial compliance requirements under the revised Company Law (which took effect July 1, 2024) and Foreign Investment Law (which took effect in 2020). Here's what foreign investors and foreign invested enterprises (FIEs) should keep in mind:

1. FIE-Specific Funds Transitions
   • Beginning Jan. 1, 2025, FIEs must stop allocating new funds to reserve funds (储备基金), bonus and welfare funds (职工奖励及福利基金), and venture expansion funds (企业发展基金) (collectively Three Funds). Any post-2025 allocations must be reversed.
   • Reserve fund balances should be reclassified into statutory common reserves, while venture expansion fund balances should be reclassified into discretionary common reserves.
   • Bonus and welfare funds should be used for the purposes, conditions, and procedures determined at the time of allocation.
2. Non-Monetary Asset Contributions
   • Valuation: Contributions of non-monetary assets (e.g., equity, land use rights, intellectual property, etc.) must undergo independent valuation by third-party appraiser;
   • Due Diligence: Companies must assess risks affecting asset rights and are encouraged to seek legal opinions when necessary.
3. Using Common Reserves to Offset Losses
   • Basis: Companies may offset losses using capital reserves, limited to the negative undistributed profits in the audited prior-year financial statements (no earlier than 2024).
   • Sequence: Losses must be offset with the following resources in order:
     • statutory common reserves;
     • discretionary common reserves;
     • capital reserves from non-monetary contributions (e.g., intellectual property, equity, land use rights); and
     • capital injections via debt exemptions or donations (monetary/non-monetary).
   • Restrictions:
     • Shareholder-specific capital reserves cannot be used without shareholder consent.
     • Contingent capital reserves require finalization before use.
   • Procedures:
     • The company board should review and approve the loss offset plan and submit to shareholders' meeting for approval.
     • Notify creditors/public within 30 days of shareholder resolution (except certain financial institutions).
     • Disclose amounts in financial statement notes under "Undistributed Profits."
   • Retroactive Compliance: Adjustments required for actions since July 1, 2024, if non-compliant.

Data Privacy & Cybersecurity

The CAC released Draft Amendment to the Cybersecurity Law for Public Comment

国家网信办就《网络安全法（修正草案）》再次征意

The Cyberspace Administration of China (CAC) released the Cybersecurity Law of the People's Republic of China (Draft Amendment for Second Public Comment) (Draft) and solicited public comments through April 27, 2025.

Compared to the current Cybersecurity Law, the Draft proposes the following key changes:

• Enhanced Legal Responsibilities for Cybersecurity Operations
  • Higher Penalties for General Network Operators (Non-CII Operators)
    First-time violations that previously lacked clear fine amounts would now carry fines of ¥10,000– ¥50,000. If an operator fails to rectify or causes harmful consequences, fines increase to ¥50,000 - ¥500,000. Responsible individuals may be fined ¥10,000 - ¥100,000 (up from ¥5,000 - ¥50,000).
  • More Detailed Penalties for Critical Information Infrastructure (CII) Operators
    If a CII operator fails to fulfill its cybersecurity obligations, both the current Cybersecurity Law and the Draft provide that a first-time violation may result in a warning. If the CII operator refuses to rectify the violation or causes harmful consequences, fines range from ¥100,000 to ¥1 million, and responsible individuals may be fined ¥10,000 to ¥100,000.
    
    Meanwhile, the Draft adds higher penalties for aggravated outcomes:
    • For serious consequences, such as large-scale data breaches or a partial loss of CII functionality, fines range from ¥500,000 to ¥2 million, authorities may suspend the business, and responsible personnel may be fined ¥50,000 to ¥200,000.
    • For extremely serious consequences, such as the complete loss of major functions, fines range from ¥2 million to ¥10 million, while directly responsible personnel may be fined ¥200,000 to ¥1 million.
  • New Penalties for Unsafe Product Sales
    Selling or providing critical network equipment or cybersecurity products that are not certified or tested may result in a warning and confiscation of products and illegal gains.
    
    • If illegal gains exceed ¥100,000: additional fine of one to three times the gains;
    • If gains are below ¥100,000: fine of ¥30,000 - ¥100,000
• Adjustments to Information Security Responsibilities
  • Consolidated Content Management Rules
    Under the current Cybersecurity Law, penalties for failing to manage prohibited information have been comparatively light in some cases.
    The Draft tightens enforcement measures, permitting public reprimands and increased fines ranging from ¥50,000 to ¥500,000. For uncorrected or serious violations, fines may rise to ¥500,000 – ¥2 million, and authorities may suspend business operations. Responsible personnel may be fined ¥50,000 - ¥200,000.
    In cases resulting in particularly severe impact or consequences, fines may range from ¥2 million to ¥10 million, with responsible individuals facing penalties of ¥200,000–¥1 million.
  • Clarified Responsibilities for Service Providers
    According to the Draft, providers of electronic messaging services and application download services who fail to fulfill their cybersecurity management obligations would be penalized under the provisions applicable to network operators.
  • Personal Information and Cross-Border Data Transfer
    The Draft shifts the Cybersecurity Law's personal information protection and cross-border data transfers to a referential liability framework. Conduct such as disseminating prohibited content, violating personal information rights, or unlawful cross-border data transfer would be sanctioned under applicable laws, including the Data Security Law and the Personal Information Protection Law.
  • Leniency for Minor or First-Time Offenses
    Consistent with the Administrative Penalty Law, penalties may be mitigated or waived where a network operator proactively reduces harm, promptly rectifies minor violations, or commits a firsttime violation with limited impact.
    
    

To view the full article, click here.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.