To China

A guide for UK digital and tech businesses exporting to China, including the risks you should be aware of and how to manage them.

To China

A guide for UK digital and tech businesses exporting to China, including the risks you should be aware of and how to manage them.

Exporting to any unfamiliar market can be challenging. While the Chinese market can be difficult to navigate, the business environment and market access has improved.

On this page you’ll find all the information you need, including practical advice on how to get started, the risks you should be aware of and what you can do to manage them.

Before exporting to China, you might find it helpful to ask yourself the following questions.


Have I confirmed that my technology can be exported to China, and identified any specific market access restrictions for my sector?


Have I registered my intellectual property for the China market? This might include filing patents, registering trademarks or obtaining copyright protection.


Have I sought professional legal advice for legal, financial or HR matters?

If you have further questions about exporting to China, DIT and China Britain Business Council are available to help.

There are certain nuances you should be aware of when carrying out due diligence in China. Risk and strategic consulting firm Control Risks have provided the following questions to ask yourself when you are considering working with a Chinese partner.

Checking corporate filings is helpful, but superficial. Do not rely on global blacklist databases, as they rarely capture Chinese names accurately and can generate false positives.

Are they integral to my business and how much value do they add?

Ask a Chinese-speaking colleague or contact to spend some time on Baidu or Google researching the company. This will help to detect any issues of concern such as court cases, bribery allegations, or unexpected commercial or political ties.

Public records are limited in China. It is important to be aware that it is illegal to obtain full paper corporate filings held by the AMR business registration authorities (these contain financial data and other information beyond that in the public accessible online version), individual household registration records and a complete list of an individual’s corporate interests.

Control Risks is not the only organisation that provides this service. Control Risks are not endorsed or recommended by HMG. You should research whether this service provider will be suitable. HMG does not accept any liability arising to any person for any loss or damage suffered through using these service providers or this information.

Before exporting to China, you should be aware of the potential commercial risks to your business and how to mitigate them. This will help you protect your assets, data and IP – and ultimately improve your chances of long-term success in China.

Taking legal steps to protect your IP in China is important, but you should also consider your cybersecurity.

In September 2020 the then Foreign Secretary also warned of Chinese global cyber attacks. More information on this and previous announcements can be found here.

In July 2021 the UK joined like-minded partners to confirm Chinese state-backed actors were responsible for gaining access to computer networks via Microsoft Exchange servers.

The UK opposes and defends against the targeted theft of UK knowledge assets and expertise.

Asking yourself the following questions is a good way to start to address potential commercial risks:

China has recently shown considerable efforts in creating stronger intellectual property rights (IPR) protection systems. However, counterfeiting, trademark infringements and other IPR infringements remain major issues. For the most up-to-date information on IP rights, visit this page. This free, fast and easy-to-use online IP Health Check tool can also help you identify your IP assets and provide you with the next steps on how to protect them. IP rights are territorial. If you want your IP rights to be enforced in China, you need to ensure they’re registered there. For advice on registering and enforcing your rights within China, the Intellectual Property Office has a number of factsheets, and an IP attaché team in China which can offer advice on specific issues with registering and enforcing your IPR in China.

Have you put in place technical measures to limit access to that data, such as segregating sensitive networks from those accessible to the wider organisation and overseas parties? This also includes data related to the user base of your technology, for example personal data collected and generated by technologies in smart city infrastructures. You should also consider data sharing from an ethical perspective.

Following these principles will help to ensure any risks to your IP, data or knowledge assets are appropriately mitigated. The National Cyber Security Centre (NCSC) provides practical guidance and uses industry and academic expertise to nurture the UK’s cyber security capability. To protect your organisation in cyberspace, you can follow these ten steps. If you’re a business with 250 employees or fewer, there is advice on being cyber secure to suit your business. There are plenty of other ways you can begin to protect your business and improve your approach to cyber security.

China is developing the CSCS to improve company regulation. The system is administered by the Chinese government and involves three components: (i) rating companies against a range of metrics; (ii) collecting regular information and updating ratings accordingly; (iii) shaping company behaviour via incentives and sanctions. You should monitor the situation and ensure you are receiving legal advice when setting up in China. This document from the European Chamber provides more detail on the CSCS. See also this MERICS report for more information.

When partnering with Chinese companies, UK businesses should consider whether they are on the entity listings of other countries, for example the United States, especially if they are already doing business in those countries.

The Centre for the Protection of National Infrastructure (CPNI) and National Cyber Security Centre (NCSC) have produced guidance to help you start to identify and mitigate some of these risks.

Before exporting to China, there are a number of UK and Chinese laws you should be aware of. If you fail to adhere to these laws, even inadvertently, you could risk damage to your organisation’s assets and your ability to operate in China.

There are a number of potential pitfalls UK businesses need to avoid when entering the China market, investing in China, or trading with Chinese parties.

You should ensure you are compliant with the Modern Slavery Act and the UK Bribery Act (which applies to non-UK companies working in the UK and to UK companies working overseas). You should also ensure your company is GDPR compliant.

This guidance explains which type of exports need a licence, how to apply and what compliance responsibilities you’ll have. The Export Control’s Joint Unit (ECJU) page provides up to date information on obtaining an export license, export controls on dual use items and contact information for queries about export controls. This step-by-step guide to exporting goods to countries outside the EU includes advice on how to register your business for exporting.

You should be aware that on 8 December 2021, the UK announced a package of measures to update the export controls regime. This includes, firstly, revising with immediate effect the licensing criteria for strategic export controls, to be known as the Strategic Export Licensing Criteria. Secondly, the UK will be legislating to enhance the Military End-Use Control, amending the definition of “military end-use” to fully capture threats to national security, international peace and security, and human rights arising from the use of non-listed items by the military, police or security forces, or entities acting on their behalf, in an embargoed destination. This legislation came into force on 19 May 2022.

In addition, to address a longstanding anomaly, China has been added to the list of destinations subject to military end-use controls.

Nearly all products intended for sale in the local Chinese market are required to go through full clearance at the China Customs Office.

The 2017 Chinese Cyber Security Law governs cybersecurity and data in China. There are strong rules about collecting, using, saving and transferring (especially for cross-border transfer) ‘important data’ and personal data. Important and sensitive data collection, use or cross-border transfer needs prior government approval.  The personal data rules are similar to GDPR, and are based on informed consent. In the event of violation, penalties include warnings, confiscation of illegal gains, fines, and suspension or stoppage of relevant websites and businesses. This guide from the CBBC can help you to stay compliant.

This governs all types of agreements or contracts in China. Given the differences in the UK and China’s legal systems, entering into a valid and enforceable contract is critical in trading with Chinese partners. Whether the UK company is well protected will depend on how a sale or service agreement is drafted. You must get expert, legal advice and always have a well-designed agreement vetted for China enforceability. A Chinese translation of the agreement may be necessary to ensure the China partner fully understands their obligations. Always request affixation of the official chop (stamp) of the Chinese partner to ensure binding effect. In any contract you will need to consider the governing law, jurisdiction, dispute resolution and injunction issues. Selecting English law and exclusive jurisdiction of British courts is often not helpful, because UK judgments are very hard to enforce in China. Arbitration in Hong Kong or Singapore could be a good compromise – especially because the arbitral awards are generally enforceable in China.

This law states that all organisations and citizens shall provide support and assistance to, and cooperate with, national intelligence work, and guard the secrecy of any national intelligence work they are aware of. There are differing interpretations of this law. An unofficial translation can be found here.

In May 2019, the Chinese Ministry of Commerce announced the creation of an “unreliable entities list”. This list is designed to address “foreign enterprises, organisations and individuals that do not comply with market rules, violate the spirit of contract, block or cut supplies to Chinese firms with non-commercial purposes, and seriously damage the legitimate rights and interests of Chinese enterprises.” The list is more likely to target logistics firms and companies that export to China.

This regulation pertains to cross-border technology/patent licences and requires such licensing agreement to be either approved (for restricted technologies listed in the catalogue) or registered (for free technologies not included in the catalogue) with the provincial commerce authority. Most foreign technologies fall into the free category. The registration of the licensing agreement could be unsuccessful for various reasons. For instance, if the licensee is a university or other unincorporated entity, it cannot be an applicant for registration through the government’s online system, meaning a specialist technology/import/export agent needs to be included in the licensing agreement. Also, government officials can sometimes ask for changes to the agreement before registration, such as the governing law being Chinese. There is no strict legal consequence for not registering a free technology license agreement with the authority under this Regulation.

China’s regulatory framework for data falls under the Cybersecurity Law, Data Security Law, and Personal Information Protection Law. The new laws represent the Chinese government’s continued efforts to protect data security and personal information, as handled by private entities, and regulate cross-border data transfer. China has, in a relatively short space of time, legislated for one of the most comprehensive set of data laws in the world; the full implications of these new laws on foreign businesses are unclear. It is therefore essential that UK companies are aware of their obligations and the potential impact of the new laws on their operations in China.

The Data Security Law (DSL) came into effect on 1st September 2021 and represents the Chinese government’s further efforts to protect data security and regulate cross-border data transfers. The law includes new concepts such as “National Core Data”, provisions for handling data requests from foreign judicial or law enforcement organisations, and confidentiality obligations. An unofficial translation of the law can be found here.

China’s Ministry of Industry and Information Technology has drawn up a regulation clarifying how firms should handle sensitive industrial and telecoms data as part of a new regime. The draft measures were out for consultation in February, and include some changes from a previous draft published in September 2021. The most significant amendment is the removal of the outright ban on exporting “core data” out of China.

The Personal Information Protection Law (PIPL) came into effect on 1st November 2021 and provides a comprehensive framework for the handling of personal data in China. The law regulates the handling of personal information, and the handling of ‘sensitive personal information’ requires additional measures. The law also makes provision for the transfer of personal data overseas under certain circumstances. A guide to the new law can be found here.

You should also be aware that if you provide online services, the regulations on algorithmic recommendation systems are likely to have some impact on your operations in China. The regulations came into effect on 1 March 2021, and a translation can be found here. Their enforcement is a stated focus for the Cyberspace Administration of China in 2022. A detailed analysis of an earlier draft of the regulations can be found here.

Businesses looking to export to China should be aware of the latest regulations, including updated Regulations on the Administration of Technology Import and Export. Relatedly, China’s new Export Control Law entered into force in December 2020 – you can find more information about this here. We recommend companies should seek professional legal advice, and factor this into their plans for operating in China.

The Regulations provide long-awaited details about how critical information infrastructure (CII) operators will be designated and what their responsibilities will be to protect the security of networks that they build and operate. This summary from Stanford University’s DigiChina project can help you stay compliant.

The new law came into effect on the 1 January 2022. The law regulates how Chinese technology-related industrial policies operate and how state guidance funds for science and technology are run. The law also features more ‘buy domestic’ provisions, in line with the Chinese government’s efforts to increase technological self-reliance and encourage foreign firms to relocate production in China.

The provisions in law do not in theory discriminate against Foreign Invested Enterprises in the government procurement process, including both Joint Ventures and Wholly-Owned Foreign Enterprises, as long as they produce or provide services within the customs territory of China.

The China-Britain Business Council has a helpful explainer here. An unofficial translation of the law can be found here.

For further advice, you can contact CBBC or the IP attaché team in China. Always seeks expert legal advice before setting up in China.

When setting up arrangements to export to China, you should consider the ethical implications of engaging with China on emerging technologies.

The UK Government is committed to upholding human rights and has serious concerns regarding the Chinese State’s use of technologies in ways that violate human rights and harm individuals and society. Where China is not meeting its obligations under international law and falls below the standards required and expected of responsible governments and nation states, the UK Government will continue to speak out publicly.

Our concerns include China’s use of facial recognition and predictive computer algorithms for mass surveillance, profiling and repression of ethnic minorities in Xinjiang and elsewhere; automated internet and media surveillance and censorship including in a number of new ‘smart cities’, to expand social control and limit individual freedoms.

While engagement offers many opportunities, there is a risk that your company’s technology could be used to violate human rights, posing a significant risk to your business’s reputation. Businesses engaging in joint research and development activities in the fields of surveillance, biometrics, or tracking technology are at a heightened risk.

In addition, you should be aware of China’s programme of Civil Military Fusion (highlighted below). As well as ensuring that you are abiding by the relevant legal obligations, you may want to consider the possible reputational consequences if your company’s technology contributes to China’s military development.

Asking yourself the following questions may be a good way to start addressing the potential ethical challenges of doing business in China.

You should consider this from an ethical and legal perspective. For more information, please refer to the UN’s Guiding Principles on Business and Human rights here.

In its planning documents China has publicly stated that MCF requires ‘mutual open sharing of basic science and technology resources’ and ‘effective two-way transfer of technology’ – seeking accelerated development and transfer of technologies from civil sectors to military sectors. Because of this, the end use of your technology may not be limited to civilian contexts. The UK Government has serious concerns that advanced dual-use technology and knowledge, and research by UK firms and academic institutions, may be diverted to assist Chinese military programmes. Without proper due diligence, your businesses reputation could be at risk and you may face legal and reputational consequences.

You should ensure you understand whether your products, services and expertise could be used to violate human rights or contribute to military capabilities. This includes considering alternative uses for the data collected or generated by your technology particularly if it will be aggregated, for example in smart city infrastructures. Further research into Chinese partners or customers may also reveal concerning historical behaviours, show links to Chinese defence companies and universities, or reveal a declared MCF business strategy. If you or your company are found to be aiding human rights violations or advancing Chinese military capabilities, it could severely damage your reputation. There may also be legal implications if you have violated UK Export Controls or international sanctions. This also applies to research.

Organisations with links to severe human rights abuses, such as those taking place in Xinjiang, face reputational and legal risks.

Though analysis by Verisk Maplecroft suggests that standard due diligence practices are unlikely to be effective in preventing links to human rights violations, companies can take the following steps:

  1. Align approaches to business policies, strategy, systems, supplier codes of practice, KPIs and training programmes, helping to raise awareness of social and environmental issues;
  2. Map operations of suppliers and subsidiaries to identify where the most salient risks lie;
  3. Set up audit programmes for the highest risk areas identified in mapping exercises. You may wish to enlist the assistance of independent, third-party auditors to check your assessments;
  4. Collaborate with industry peers, suppliers, governments, NGOs and other local partners to share knowledge, good practice and on-the-ground projects.

A good resource to further understand the different types of human rights issues and how they impact your supply chain is the Human Rights & Business Dilemmas Forum produced by Verisk Maplecroft and the UN Global Compact.

Human rights organisations have also suggested the following best practice when conducting due diligence:

  1. Be transparent about whom you are doing business with, including publishing the names of local partners, suppliers and collaborators. This could include any government agencies, public security bureau-affiliated research laboratories, or military-economic entities.
  2. Publicly report on human rights due diligence to display that you have a strategy, that you have applied it, and that you have assessed the risks.

You may find it helpful to contact specialists who offer advice and knowledge on doing business in China. Who can I talk to?

Department for
International Trade (DIT)

The Department for International Trade (DIT) helps businesses export and grow into global markets, as well as helping overseas companies locate and grow in the UK.

DIT’s network of trade advisors across the UK can help create a tailored export growth action plan, advise you on which markets are best for your business and put you in touch with contacts who can help you expand internationally.

Visit Exporting is GREAT for more general advice on exporting to China.

China-Britain Business
Council (CBBC)

The China-Britain Business Council (CBBC) is the leading organisation helping UK companies grow and develop their business with China.

CBBC provides advice, support and networking opportunities for companies at every stage of their China journey.

Visit CBBC’s website for detailed practical guidance for tech companies on the business environment, setting-up, finding partners, and business risks.

Intellectual Property Office

HMG’s Intellectual Property Office website hosts detailed, cross-sector information on GOV.UK about protecting and enforcing IP when working with China.

A number of factsheets, and an IP attaché team in China which can offer advice on specific issues with registering and enforcing your IP rights in China.

British Chamber of
Commerce in China

British Chamber of Commerce in China is a membership organisation for British businesses focused on boosting UK-China trade and investment. It has chapters in Beijing, Shanghai, Guangzhou and Southwest China, and provides a wide programme of events, publications and industry insights.

Secure Innovation

The Centre for Protection of National Infrastructure (CPNI) and the National Cyber Security Centre (NCSC) are the national technical authorities on physical, people and cyber security. They have created Secure Innovation to help founders and CEOs of emerging technology startups and their investors protect fledgling companies so that they can thrive.

Detailed guidance is available to empower startups and investors with the tools to foster a healthy security culture from the outset and continue to protect vital company assets as businesses scale and collaboration opens up overseas opportunities.

Visit CPNI website

NCSC for Startups

NCSC for Startups is the successor to the NCSC Cyber Accelerator, a programme which helped more than 40 tech companies raise in excess of £100m in external investments. The aim is to bring together innovative startups with NCSC technical expertise to solve some of the UK’s most important cyber challenges.

NCSC for Startups offers something for startups at all stages of maturity; from those developing a Minimum Viable Product (MVP), to those with established solutions looking to expand into new markets. There are also opportunities for organisations to get involved with the programme to bring additional support and expertise through:

  • Shaping technical challenges to bring a focus to areas of interest
  • Working together and directly with startup companies to influence their products
  • Providing technical leadership and influence to encourage the growing cyber eco-system

Where can I go to get advice on travelling to China?

The FCDO also provides details and up to date information on doing business in China.

Visit the FCDO website for information on getting a visa, as well as up-to-date travel advice for China – including on coronavirus.

How can I develop working relationships if there is a language barrier?

GOV.UK has a list of translators and interpreters in China. You should research whether a service provider will be suitable.

The FCDO does not accept any liability arising to any person for any loss or damage suffered through using these service providers or this information.

This representative example is based on real cases where companies have failed to negotiate the complexities of the Chinese market.

A UK-registered technology company (Company A) secured an £800,000 commercial deal to export 50 of its unique cameras to a Chinese hardware company (Company B). The camera enables the capture of low-light images, making it suitable for a wide range of scientific and industrial applications.

By March 2020, Company A had exported two of a total ten shipments to Company B. Following an examination by UK authorities, it was identified that Company A did not have the necessary Standard Individual Export Licence (SIEL) which was required as the camera was subject to the UK’s Strategic Export Controls. It was also concluded that, had Company A submitted an application for a SIEL, the application would have been rejected on the basis that the product had clear potential use in a weapons programme.

By failing to submit an application for a SIEL and for proceeding to export a restricted and controlled good, Company A was issued a fine of £400,000 by HM Revenue & Customs.

Company A was also obliged to cancel the remaining eight shipments to export the product to Company B, increasing their vulnerability to legal claims by Company B.

Recognising that it should have conducted more detailed due diligence before signing a contract to export the product, Company A later amended its internal business process to mandate that staff consult the relevant UK export authorities where there is a possibility that a product is likely to be subjected to UK Strategic Export Controls.