The Regulations on the Protection of Trade Secrets (hereinafter referred to as the “New Regulations”), issued as Order No. 126 of the State Administration for Market Regulation, will officially come into force on June 1, 2026. Meanwhile, the old regulation, the Provisions of the State Administration for Industry and Commerce on Prohibiting Infringement of Trade Secrets (promulgated by the former State Administration for Industry and Commerce), will be repealed simultaneously.

Based on the currently effective Anti-Unfair Competition Law of the People's Republic of China (Revised in 2023) and relevant judicial interpretations, this article integrates practical cases and implementation guidelines, focuses on the core differences between the New Regulations and the current legal system, and centers on the key change of improved operability of administrative complaints. It dissects the profound impacts of the New Regulations on enterprises’ commercial interests, management systems and market competitiveness, and provides directly implementable compliance and rights protection solutions to help enterprises make good use of the “new tool” for administrative rights protection and safeguard their core assets.

A core premise must be clarified: the New Regulations are not a “reconstruction” of the core rules on trade secret protection, but a “refinement, implementation and seamless connection” of the current legal system.

When the Anti-Unfair Competition Law was revised in 2019, the “practicality” requirement for trade secrets was removed, and the three core criteria for identification were established: “not known to the public, having commercial value, and subject to appropriate confidentiality measures”. However, the old regulation was not updated accordingly, which has long led to a “disconnect between administrative investigation and judicial judgment standards”, leaving enterprises in a dilemma of “protectable by justice but hard to pursue liability through administration”.

The core value of the New Regulations lies in breaking down the barriers between administrative and judicial protection, refining mature judicial rules into operational standards for administrative investigation, adapting to new pain points in trade secret protection in the digital economy era, and promoting enterprises to take the initiative to shift from “formal compliance” to “substantive prevention and control”. This is of great significance to enterprises whose core competitiveness relies on R&D, core technologies and exclusive operational data.

Compared with the old regulation, every revision in the New Regulations is directly related to the core interests of enterprises: the recovery of R&D investment, the management of core talents, the prevention of cooperation risks, the security of digital assets, and even the competitive landscape of enterprises in the market.

The following dissects the profound impacts and practical solutions of the New Regulations from five core dimensions combined with enterprise practice scenarios, highlighting the operability of administrative rights protection.

I. Unified Identification Criteria: Ending Dual Standards and Full Protection of Achievements in the Whole R&D Cycle

The current Anti-Unfair Competition Law and judicial interpretations have removed the “practicality” requirement, but the old regulation still retained it (information must have “determined applicability”). As a result, phased achievements in R&D, failed experimental data, unimplemented technical concepts, and other information of enterprises, although protectable through civil litigation, were difficult to pursue liability quickly through administrative channels.

This problem is particularly prominent in R&D-intensive enterprises (pharmaceuticals, the Internet, high-end manufacturing, new materials). Enterprises invest a large amount of capital and human resources in R&D; although early-stage failed data and iterative drafts cannot directly generate revenue, they help enterprises avoid R&D misunderstandings and shorten R&D cycles, constituting an important part of their core competitiveness. Once stolen, R&D investment will be directly wasted, and competitors can quickly catch up by using such achievements, squeezing the enterprise’s market space.

The New Regulations delete the “practicality” requirement, fully align with current legal standards, and further refine the identification boundaries:

It clarifies that “phased achievements, failed experimental data and technical solutions formed in production and business activities” all have commercial value;

It includes “new information formed by sorting out, improving and processing public information” into the scope of “not known to the public”.

This precisely fits the logic of forming enterprises’ core competitiveness: at present, the core advantage of most enterprises does not come from “creation from scratch”, but from exclusive processing, optimization and accumulation of public data and general technologies (e.g., user portrait analysis of e-commerce enterprises, process optimization schemes of manufacturing enterprises, R&D data summary of pharmaceutical enterprises).

Practical Impacts (Commercial and Management Dimensions)

Commercial dimension: The New Regulations enable “full-cycle protection” of enterprises’ R&D investment. Early-stage R&D achievements can be dual-protected by administration and justice, effectively reducing the “leakage risk” of R&D investment, improving the return rate of R&D investment, and encouraging enterprises to increase innovation input.

Management dimension: They push enterprises to take the initiative to establish/upgrade a “whole-process R&D data archiving and confidentiality system”, and no longer ignore the management of phased achievements and failed data, so as to avoid the loss of core assets due to management omissions.

This change is particularly beneficial to small and medium-sized enterprises (SMEs): SMEs have limited R&D investment and may not afford the loss of “early-stage achievements being stolen”; the implementation of the New Regulations reduces the protection cost of their R&D achievements and smooths the rights protection path.

Enterprise Practical Suggestions

Establish a whole-process R&D data management system, designate special personnel in the R&D department to classify and mark experimental data, technical concepts, failed cases and iterative versions as “top secret / confidential / secret”, and keep archiving records and modification traces. These shall serve not only as evidence for proving commercial value and non-public knowledge, but also as basic data for R&D investment accounting and achievement transformation.

For customer information and processed results of industry data, keep the whole-process traces of “data collection – screening – analysis – optimization”, clarify processing standards and original highlights, so as to avoid losing protection qualification due to failure to prove “processing value” (e.g., e-commerce enterprises’ user transaction habit analysis reports shall retain data sources, analysis models and optimization processes).

Combined with industry characteristics, sort out the scope of operational information that can be included in trade secrets, and distinguish between “trade secrets” and “public information” (e.g., ordinary customer names and public industry data do not belong to trade secrets, while customers’ transaction habits, cooperation intentions and exclusive demands belong to core operational secrets), so as to avoid missing protection or over-protection.

II. Upgraded Confidentiality Measures: Building a Solid Line of Defense for Substantive Prevention and Control

The current Anti-Unfair Competition Law and judicial interpretations only principledly require enterprises to “take appropriate confidentiality measures”, and the old regulation had looser requirements for confidentiality measures, only requiring “signing confidentiality agreements and establishing confidentiality systems”.

This has led many enterprises to fall into the “formal compliance trap” in practice:

They sign confidentiality agreements with employees but do not set access permissions for core data; they implement remote office work but do not restrict the transmission of confidential information via private devices; they sign confidentiality clauses with partners but do not control the transmission and use of data. Eventually, due to “unimplemented confidentiality measures”, core assets cannot be protected by law after leakage, and enterprises may even bear joint risks for “failing to perform confidentiality obligations”.

In response to the normalized trends of digital office work, cross-border collaboration and talent mobility, the New Regulations explicitly provide 8 statutory confidentiality measures, focusing on “substantive prevention and control adapted to the value of trade secrets and the nature of carriers”, and putting forward clear requirements for enterprises’ high-frequency business scenarios:

Remote office work and cross-border collaboration shall adopt permission classification, data desensitization and operation log retention.

Resigned employees shall return trade secret carriers, cancel system permissions and delete confidential information, and continue to bear confidentiality obligations.

Classified control and encryption shall be adopted for confidential equipment and premises.

This is highly consistent with enterprises’ actual business scenarios, and pushes enterprises to take the initiative to integrate confidentiality measures into daily management rather than staying in “paper provisions”. It is also a prerequisite for enterprises to succeed in administrative complaints for rights protection.

Practical Impacts (Commercial and Management Dimensions)

Commercial dimension: If enterprises fail to implement substantive confidentiality measures, the leakage risk of core assets (algorithms, codes, customer data, core processes) will increase significantly, which may lead to squeezed market share, damaged commercial reputation, and even a chain reaction of terminated commercial cooperation.

Management dimension: They push enterprises to take the initiative to establish/upgrade a confidentiality management system, integrating confidentiality measures into the whole scenarios of digital office work, employment management and cross-border cooperation. Although this will increase certain management costs in the short term, in the long run, it can effectively reduce leakage risks and avoid enterprises falling into operational crises due to a single leakage incident.

This change is a “rigid demand” for enterprises relying on remote office work and cross-border collaboration (the Internet, cross-border e-commerce, and multinational manufacturing): in the digital scenario, the transmission and storage of confidential data are more convenient, and the leakage risk is higher. The refined requirements of the New Regulations can help and guide enterprises to establish a “whole-process prevention and control system”.

Enterprise Practical Suggestions

Comprehensively rectify the digital office system, set three-level permissions for core data (algorithms, codes, customer transaction data, core technical solutions), clarify the access scope of different positions, keep operation logs for at least 1 year, so as to realize traceable and verifiable confidential operations. Prohibit employees from transmitting confidential data via private devices, private email, WeChat, etc., build an exclusive enterprise confidential transmission channel, and encrypt confidential information transmitted cross-border.

Improve the whole-process confidentiality management of employment:

Sign special confidentiality agreements with employees upon entry, clarifying the scope, term and liability for breach of confidentiality; conduct regular confidentiality training during employment, keep training records (sign-in sheets, training courseware, assessment results) to strengthen employees’ confidentiality awareness; establish a “confidentiality clearance” process upon resignation, take back office equipment, cancel system permissions, require employees to sign a Letter of Commitment on Confidentiality Obligations, clarifying the post-resignation confidentiality period (recommended no less than 2 years) and liability for breach, and check whether employees carry confidential materials.

For partners (suppliers, service providers, distributors), revise the confidentiality clauses in cooperation agreements, clarify the scope of use, transmission requirements and confidentiality term of confidential data, agree on “acceptance standards for confidentiality measures”, and regularly check the implementation of confidentiality by partners to avoid losses caused by partner leakage.

III. Strengthened Liability for Infringement: Forming a Closed-Loop Deterrence and Enhancing the Penalty Power of Administrative Rights Protection

The current Anti-Unfair Competition Law has explicitly listed acts infringing trade secrets, including improper means such as theft, bribery, fraud, coercion and electronic intrusion, as well as indirect infringement acts of abetting, inducing and assisting others in infringement.

However, the old regulation had a narrow definition of infringement acts, did not specify the specific circumstances of “electronic intrusion” and “indirect infringement”, and the maximum fine was only RMB 200,000, with insufficient connection with civil compensation under the Anti-Unfair Competition Law and criminal liability under the Criminal Law.

As a result, when enterprises encountered high-frequency infringement scenarios (hacker attacks, competitors “poaching” employees to induce leakage, third parties providing convenience with full knowledge of infringement), administrative liability pursuit was insufficient and failed to form an effective deterrence.

The New Regulations focus on filling the connection loopholes between the old regulation and current laws, and targetedly solving the pain point of “insufficient deterrence” in enterprises’ rights protection:

Clarify the specific circumstances of “electronic intrusion”, including invading enterprise systems, cloud disks, vulnerability attacks, unauthorized downloading and transmission of confidential data, etc., fitting the new characteristics of infringement in the digital era.

Refine the identification criteria for “abetting, inducing and assisting others in infringement”, clarifying that competitors who induce enterprise employees to leak secrets through high salaries or job promises, or third parties who provide technical, financial or equipment convenience with full knowledge of infringement, shall bear infringement liability.

Significantly raise the fine standards: RMB 100,000–1,000,000 for general cases, and RMB 1,000,000–5,000,000 for serious cases (reoffending within two years, causing major losses, harming national interests). Meanwhile, it clarifies that cessation of infringement measures shall continue until the trade secret loses confidentiality, forming an all-round liability pursuit closed loop of “administration + civil + criminal” with civil compensation (up to 5 times punitive damages) under the Anti-Unfair Competition Law and the crime of infringing trade secrets under the Criminal Law (fixed-term imprisonment of up to 10 years).

Practical Impacts (Commercial and Management Dimensions)

Commercial dimension: The New Regulations greatly increase the cost of illegal infringement, helping to curb malicious infringement, reduce the risk of leakage of enterprises’ core assets, and protect enterprises’ market competitiveness. Meanwhile, when infringed, enterprises can pursue liability through multiple channels to recover economic losses and avoid the possibility of falling into operational difficulties due to infringement.

Management dimension: They push enterprises to take the initiative to establish/upgrade an “infringement prevention and emergency response mechanism”, not only to prevent their own leakage, but also to guard against their own infringement risks – e.g., using unauthorized technical information from third parties, hiring employees of competitors and using their former employers’ trade secrets, etc., may violate the New Regulations and face heavy fines, civil compensation and even criminal liability. This requires enterprises to strengthen internal compliance self-inspection and standardize employment and cooperation behaviors.

Enterprise Practical Suggestions

Establish an enterprise information security prevention and control system, conduct regular system vulnerability detection to prevent electronic intrusion, and keep evidence for rights protection such as intrusion traces and data leakage records. Cooperate with professional network security institutions to build an emergency response mechanism, so as to quickly fix evidence and block leakage channels once leakage occurs.

Establish an infringement monitoring mechanism, focusing on monitoring competitors’ products, technologies and business models. If findings are substantially identical to their own trade secrets, timely investigate infringement clues (e.g., whether competitors’ core personnel are former employees of the enterprise, whether there is a cooperative relationship with the enterprise), fix evidence such as chat records, recordings and product comparison reports, and simultaneously file complaints with the market regulation departments at or above the municipal level with districts and initiate lawsuits to claim administrative fines and civil compensation.

Conduct internal compliance self-inspection, focusing on checking whether there are circumstances such as “using unauthorized information from third parties”, “hiring employees of competitors and illegally obtaining their former employers’ trade secrets”, “inducing others to leak secrets”, to avoid infringement due to negligence. For core trade secrets, establish a “confidentiality red line” system, clarifying internal penalties and external liability pursuit procedures after leakage, and strengthening the compliance awareness of employees and management.

IV. Optimized Rights Protection Path: Lowered Burden of Proof and Highly Operable Administrative Rights Protection.

The current Anti-Unfair Competition Law and judicial interpretations have established the presumption of infringement rule of “substantial identity + possibility of contact”, reducing the burden of proof for enterprises’ rights protection. However, the old regulation did not align with this rule, still requiring enterprises to bear the complete burden of proof for “existence of trade secrets + occurrence of infringement + improper means by infringers”.

This is extremely difficult for enterprises to prove: improper means (e.g., bribery, electronic intrusion, secret copying) are often concealed, and enterprises need to invest a lot of human and material resources to collect evidence. Most SMEs, lacking sufficient rights protection resources, have to “swallow their pride” even if infringed, eventually leading to continuous leakage of core assets and declining market competitiveness.

The New Regulations optimize the burden of proof rules, fully align with current judicial judgment standards, and explicitly establish the presumption of infringement rule of “substantial identity + possibility of contact”:

Where there is evidence that the information used by the alleged infringer is substantially identical to the obligee’s trade secrets, and the alleged infringer has the conditions to obtain the trade secrets (e.g., once holding a core position, having a cooperative relationship with the enterprise, or having the opportunity to contact confidential materials), infringement is presumed to be established, and the burden of proof shifts to the infringer to prove that its information was legally obtained (e.g., independent R&D, obtained from public channels).

Meanwhile, the New Regulations clarify the scope of preliminary evidence for obligees’ rights protection and support professional opinions issued by entrusted judicial appraisal institutions, further reducing the difficulty of proof and being consistent with judicial judgment standards.

In addition, the New Regulations upgrade the jurisdiction of technical secret cases to market regulation departments at or above the municipal level with districts, improving law enforcement professionalism, solving the problem of inconsistent standards between grassroots law enforcement and judicial judgments, shortening the rights protection cycle, and making administrative complaints gradually shift from “difficult proof, difficult filing” to “easy proof, quick investigation”, becoming one of the paths for enterprises to stop losses quickly.

Core Guiding Role of the New Regulations in Administrative Complaints on Trade Secrets:

As a departmental regulation issued by the State Administration for Market Regulation, the New Regulations have mandatory and practical guiding roles for administrative complaints on trade secrets, directly regulating the whole process of complaint acceptance, investigation and punishment, and bringing all-around benefits to enterprises.

Clarify acceptance standards to solve the problem of “nowhere to complain and difficult filing”: the New Regulations clearly define the preliminary evidence list for administrative complaints. Enterprises may meet the acceptance conditions by providing proof of the existence of trade secrets and infringement clues, greatly reducing the difficulty of filing.

Standardize investigation procedures to realize “quick loss stop and efficient rights protection”: upgraded jurisdiction helps improve law enforcement professionalism, and strengthened law enforcement means help quickly fix evidence and block infringement, with efficiency possibly exceeding civil litigation.

Unify penalty scales to ensure “strong liability pursuit and effective deterrence”: clarify classified fine standards, avoid inconsistent penalties and low fines across regions, and force infringers to stop using trade secrets.

Enterprise Practical Suggestions

Establish a trade secret evidence chain in advance, and designate special personnel to keep three core pieces of evidence:

Records of commercial information formation (e.g., modification records of R&D reports, data processing traces, business analysis reports).

Records of confidentiality measures implementation (e.g., confidentiality agreements, training records, permission setting records, operation logs).

Ledgers of contact personnel (including employees, partners, third-party institutions, clarifying contact scope, permissions and time) to support the proof of “possibility of contact”.

After discovering infringement, fix evidence immediately (e.g., screenshots of infringing information, product comparison reports, communication records), and entrust a judicial appraisal institution with legal qualification to issue appraisal opinions of “non-public knowledge + substantial identity” to improve the success rate of rights protection. Simultaneously initiate administrative complaints and civil litigation: administrative channels quickly block infringement, and judicial channels claim civil compensation, forming a joint force of “administrative liability pursuit + civil claims”.

Grasp the golden process of administrative complaints: submit complaint materials to the market regulation department at or above the municipal level with districts (preferring the place of infringement or the domicile of the infringer), prepare preliminary evidence and written complaints as required, cooperate with the investigation of law enforcement departments, and simultaneously connect with civil litigation to maximize recovery of losses.

V. Core Enterprise Compliance Actions (Upgraded Implementability)

Combined with the requirements of the New Regulations, the current Anti-Unfair Competition Law and relevant judicial interpretations, enterprises can complete the following 5 core rectifications according to their own needs, so as to avoid losing trade secret protection qualification or facing infringement risks due to compliance defects. Each item is combined with enterprises’ actual business scenarios to ensure implementability and verifiability:

Comprehensively sort out the scope of trade secrets, combined with their own industry characteristics and commercial layout, include whole-cycle R&D achievements (including failed data, phased concepts, iterative versions), data processing results (e.g., user analysis reports, industry data optimization schemes), in-depth customer information (transaction habits, cooperation intentions, exclusive demands), core processes, algorithm codes, etc. into the protection scope. Classify and mark confidentiality levels, clarify custodians and access permissions, and formulate a List of Trade Secrets to avoid missing protection of core assets due to unclear scope.

Revise confidentiality management systems, Implement the 8 confidentiality measures explicitly specified in the New Regulations, focusing on improving confidentiality rules for digital scenarios, cross-border collaboration and resigned employees. Add specific clauses such as “classified permission management”, “operation log retention” and “resignation confidentiality clearance”, clarify operational standards (e.g., log retention period, encryption method) to ensure operable systems and avoid formalism. Organize all-staff learning and keep learning records to ensure every employee knows the confidentiality requirements.

Revise labor contracts, cooperation agreements and confidentiality agreements, Supplement clauses such as “resignation confidentiality clearance”, “confidentiality training”, “prohibition of abetting infringement” and “infringement compensation”, clarify confidentiality obligations and liability for breach of all parties (e.g., compensation amount for employee leakage, liquidated damages for partner leakage), and connect with the liability pursuit requirements of the New Regulations and the Anti-Unfair Competition Law. Sign special confidentiality agreements with core position employees and partners to refine the confidentiality scope and liabilities.

Rectify the digital office system, Complete technical prevention and control measures such as classified permission setting for core data, operation log retention and data encryption. Prohibit the transmission of confidential data via private devices, private email, WeChat, etc., and build an exclusive enterprise confidential transmission channel. For confidential information in cross-border collaboration, adopt data desensitization, encrypted transmission and other measures, and clarify the confidentiality liability and inspection standards of cross-border collaborators.

Organize the trade secret evidence chain and conduct compliance training and self-inspection, establish an evidence file including information formation records, confidentiality measures implementation records, contact personnel ledgers, etc., and prepare for rights protection in advance. Conduct internal compliance training and self-inspection, focusing on training the core requirements of the New Regulations and infringement risk points, investigate their own leakage and infringement risks, and timely rectify found problems to avoid enterprises falling into passivity due to compliance defects.

Ⅵ. Conclusion (Practical Legal Tips)

It is foreseeable that the implementation of the 2026 version of the Regulations on the Protection of Trade Secrets will mark that China’s administrative protection of trade secrets has entered an era of “standardization and operability”.

Its core value is not “creating new rules”, but “unifying standards and refining implementation” – transforming the core rules of the current Anti-Unfair Competition Law and relevant judicial interpretations into operable and enforceable administrative protection standards, solving the long-standing problem of poor connection between administrative protection and judicial protection.

For enterprises, the New Regulations are not only an administrative guarantee for trade secret protection, but also a “weather vane” for enterprise compliant operation, both a “tool for rights protection” and a “compliance order”.

As core intangible assets of enterprises, the protection level of trade secrets directly determines enterprises’ market competitiveness and sustainable development capacity.

From a practical perspective, the core impact of the New Regulations lies in “promoting enterprises to take the initiative to establish/upgrade a confidentiality system”, shifting from the previous “passive rights protection” to “active prevention and control”, requiring enterprises to integrate trade secret protection into the whole process of R&D, operation, employment and cooperation, in line with the requirements of current laws and judicial interpretations.

The risk of trade secret leakage runs through the whole process of enterprise R&D, operation, employment and cooperation. The leakage of core trade secrets may have irreversible impacts on the enterprise’s market competitive position and return on R&D investment.

Enterprises should abandon the fluke mentality of “formal compliance”, take the initiative to build a three-dimensional confidentiality system of “system + technology + personnel”, and try to use administrative complaints as a possible “low-cost rights protection path” to safeguard core competitiveness.

If enterprises have questions in trade secret sorting, confidentiality system construction, infringement rights protection, and other aspects, they may seek professional legal support combined with their own industry characteristics and business scenarios to reduce compliance risks and achieve steady development in a fair competitive market environment.