For decades, foreign businesses have been keen to enter the Chinese market. While US businesses are bracing themselves for the possible impact of the recent Executive Orders on the ban of the mobile applications "TikTok" and "WeChat", companies that wish to tap into the Chinese market should also understand the restrictions imposed by the PRC law.

Restrictions imposed by the US

On 6 August 2020, the US President Donald Trump signed two Executive Orders (the "Executive Orders") to address the threat posed by "TikTok" and "WeChat" on the national security, foreign policy and economy of the United States.

Under the Executive Orders, "transactions made by any person or with respect to any property, subject to the jurisdiction of the United States, with ByteDance Ltd, Tencent Holdings Ltd and their subsidiaries" shall be prohibited. The Secretary of Commerce will have to identify such transactions.

However, on 19 September 2020, Trump approved "in concept" a deal where Oracle and Walmart would purchase up to 20% of the cumulative stake in TikTok Global. Such purchase would allow TikTok to continue its operation in the US.

Whilst the world is keeping a close eye on how these events will unfold, the potential deal reminds us of the possible solutions to comply with different regulations when businesses intend to tap into the Chinese market.

PRC regulations

(1) Restrictions imposed by the PRC Entry Barrier

Overseas tech companies can tap into the Chinese market by way of importation, which is governed by the Regulations on the Administration of Technology Import and Export of the PRC promulgated in 2001. Under the Regulations, technologies fall into one of the following 3 categories: (i) prohibited; (ii) restricted; and (iii) free. "Prohibited" technologies shall not be imported (Article 9), whereas "restricted" technologies may be imported under a licensing mechanism (Article 10). As for "freely importable" technologies, registration of the import agreement is required.

Tech companies that wish to enter the Chinese market by investing or merging with Chinese tech firms shall comply with the Foreign Investment Law ("FIL"). Under the FIL, foreign investors are prohibited from investing in industries that are listed on the "Negative List" unless they have fulfilled additional conditions. Pursuant to Category 7 of the Negative List 2020 (which is related to the telecommunications market), no foreign company shall hold more than 50% shareholding in a telecommunications business. Fundamental telecommunications business shall be controlled by a Chinese entity.

(2) The Great Firewall

Even if a US tech firm has successfully entered the Chinese market, it should be aware of legislations designed for state censorship and surveillance over cyber operation and data flow.

(i) Cybersecurity Law

In 2016, the Cybersecurity Law was passed in the PRC. For network operators, Article 28 stipulates that they should "provide technical support and assistance to public security organs and national security organs that are safeguarding national security and investigating criminal activities in accordance with the law".

Data transfer and collection are essential aspects of most tech companies. Article 37 requires that all personal information and/or important data received and generated by "critical information infrastructure operators" in the course of operation in the PRC must be stored domestically in the PRC. Security assessment is required where data is transferred outbound in course of business operations.

(ii) Encryption Law

Following the introduction of the Cybersecurity Law, the Cryptography Law enacted in 2019 appeared to have relaxed the limitations imposed on foreign-produced commercial encryption products. For instance, Article 23 expressly advocates "for the international standardization of commercial cryptography, participation in drafting international standards on commercial cryptography, and advancing conversion for use between Chinese and foreign standards on commercial cryptography".

Article 28 authorizes the State Council department for Commercial Affairs and the State Cryptography Administration to implement an import and export control mechanism that scrutinizes commercial encryptions for the purpose of protecting national security and public interest.

(3) "Tit-for-Tat" policies

On 3 July 2020, the National People's Congress issued a draft Data Security Law aiming to set rules for data space participants and monitor trade more closely.

Under the Data Security Law, if any nation employs discriminatory, restrictive or other similar measures against the PRC in relation to data, technology trade or investment, the PRC government may employ corresponding policies in return (Article 24).

Recently, the Ministry of Commerce promulgated the Provisions on the Unreliable Entity List in response to the US sanction. Such provisions aim to blacklist foreign firms or individuals who (i) endanger national sovereignty, security of development interests in China; or (ii) suspend normal transactions with or implement discriminatory measures against any entity of China (Article 2). The PRC government will forbid any blacklisted entities from trading, investing and employing foreign staff in China.

Is there any better arrangement?

In light of the above restrictions, US tech companies have started to look for more research and development outside the US or move their corporation out of the country. Over the years, wholly foreign-owned enterprises ("WFOE") with Hong Kong shareholder(s) have been welcome by the PRC government. Therefore, instead of entering the PRC market as a US company or a foreign incorporated company, US tech companies may consider a HK-PRC WFOE holding structure, which can reduce operation risks.

Further, to play safe, US tech companies may have to consider setting up a separate data storage facility in the PRC. In fact, the mainland branch of iCloud is operated by a local Chinese firm, GCBD (AIPO Cloud (Guizhou) Technology Co. Ltd). Such arrangement allows Apple to continue its iCloud services to clients in the Mainland China.

Sometimes, adjustments may have to be made. In 2017, China's Ministry of Industry and Information Technology announced that all developers offering Virtual Private Networks ("VPNs") must obtain a license from the government. In response to the announcement, Apple removed around 25,000 VPN apps that would violate the new national regulation.


Undoubtedly, China is an attractive place for running business due to its massive market and potential rapid growth. US companies should not only be aware of the restrictions imposed by the US government, but also those imposed by the Chinese government. It is highly recommended that US companies should seek professional advice in order to set up a company structure that can comply with both US and Chinese laws in order to facilitate their business operations in China.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.