Setting up
In China

A guide for UK digital and tech businesses setting up in China, the risks to be aware of and how to mitigate them.

Setting up
In China

A guide for UK digital and tech businesses setting up in China, the risks to be aware of and how to mitigate them.

Setting up in China can unlock business opportunities for your company but, as with any market with which you are not familiar, it can be challenging.

On this page you’ll find advice on successfully setting up a digital and tech business in China. It includes practical tips for getting started, information about risks, and guidance on what you can do to manage them.

Before setting up your business in China, you might find it helpful to ask yourself the following questions.

Confirming
investment

Have I confirmed that China’s Foreign Investment Law permits me to invest and whether there are any restrictions on that investment?

Entity
type

What type of entity do I want to establish under Chinese law? This might be a Wholly-Foreign Owned Enterprise (WFOE), a Joint Venture, or a Representative Office.

Intellectual
property

Have I registered my intellectual property (IP) for the China market? This might include filing patents, registering trademarks or obtaining copyright protection.

Professional
advice

Have I sought professional advice for legal, financial and human rights matters?

Where to
set up

Have I decided where to set up in China, in terms of cities or regions?

If you have further questions about setting up in China, DIT and China Britain Business Council are available to help.

Risk and strategic consulting firm Control Risks have provided the following questions to ask yourself when you are considering working with a Chinese partner.

Checking corporate filings is helpful, but superficial. Do not rely on global blacklist databases, as they rarely capture Chinese names accurately and can generate false positives.

Are they integral to my business and how much value do they add?

Ask a Chinese-speaking colleague or contact to spend some time on Baidu or Google researching the company. This will help to detect any issues of concern such as court cases, bribery allegations, or unexpected commercial or political ties.

Public records are limited in China. It is important to be aware that it is illegal to obtain full paper corporate filings held by the AMR business registration authorities (these contain financial data and other information beyond that in the public accessible online version), individual household registration records and a complete list of an individual’s corporate interests.

For more information about compliance and protecting your organisation’s data, visit this advice page from Control Risks.

Control Risks is not the only organisation that provides this service. Control Risks are not endorsed or recommended by HMG. You should research whether this service provider will be suitable. HMG does not accept any liability arising to any person for any loss or damage suffered through using these service providers or this information.

Before setting up your business in China, there are a number of UK and Chinese laws you should be aware of. If you fail to adhere to these laws, even inadvertently, you could risk damage to your organisation’s assets and your ability to operate in China.

There are a number of potential pitfalls UK businesses need to avoid when entering the China market, investing in China, or trading with Chinese parties.

You should ensure you are compliant with the Modern Slavery Act and the UK Bribery Act (which applies to non-UK companies working in the UK and to UK companies working overseas). You should also ensure your company is GDPR compliant.

The e-Commerce Law governs the qualification, setting up and operations, operators and customers’ rights and obligations, e-commerce operators’ network security, protection of customers’ rights and non-compliance legal liabilities for all types of e-commerce businesses. Most foreign companies choose to set up either their own online store or set up online stores on popular e-commerce platforms, such as Tmall and JD. Given the popularity of such Chinese e-commerce platforms, the platform operators may impose additional requirements (such as engaging their accredited third-party technology partners) in order to set up flagship stores on their platforms. The template agreements with Tmall or JD usually contain unfavourable terms that are hard to amend. The Chinese government offers preferential tax on imports through cross-border e-commerce platforms, and goods provided through this approach will receive more relaxed regulation as imports for personal use such as no requirements for licensing, registration or record-filing for first-time imports.

The 2017 Chinese Cyber Security Law governs cybersecurity and data in China. There are strong rules about collecting, using, saving and transferring (especially for cross-border transfer) ‘important data’ and personal data. Important and sensitive data collection, use or cross-border transfer needs prior government approval.  The personal data rules are similar to GDPR, and are based on informed consent. In the event of violation, penalties include warnings, confiscation of illegal gains, fines, and suspension or stoppage of relevant websites and businesses. This guide from the CBBC can help you to stay compliant.

This law states that all organisations and citizens shall provide support and assistance to, and cooperate with, national intelligence work, and guard the secrecy of any national intelligence work they are aware of. There are differing interpretations of this law. An unofficial translation can be found here.

China’s regulatory framework for data falls under the Cybersecurity Law, Data Security Law, and Personal Information Protection Law. The new laws represent the Chinese government’s continued efforts to protect data security and personal information, as handled by private entities, and regulate cross-border data transfer. China has, in a relatively short space of time, legislated for one of the most comprehensive set of data laws in the world; the full implications of these new laws on foreign businesses are unclear. It is therefore essential that UK companies are aware of their obligations and the potential impact of the new laws on their operations in China.

The Data Security Law (DSL) came into effect on 1st September 2021 and represents the Chinese government’s further efforts to protect data security and regulate cross-border data transfers. The law includes new concepts such as “National Core Data”, provisions for handling data requests from foreign judicial or law enforcement organisations, and confidentiality obligations. An unofficial translation of the law can be found here.

China’s Ministry of Industry and Information Technology has drawn up a regulation clarifying how firms should handle sensitive industrial and telecoms data as part of the new regime. The draft measures were out for consultation in February, and include some changes from a previous draft published in September 2021. The most significant amendment is the removal of the outright ban on exporting “core data” out of China.

The Personal Information Protection Law (PIPL) came into effect on 1st November 2021 and provides a comprehensive framework for the handling of personal data in China. The law regulates the handling of personal information, and the handling of ‘sensitive personal information’ requires additional measures. The law also makes provision for the transfer of personal data overseas under certain circumstances. A guide to the new law can be found here.

You should also be aware that if you provide online services, the regulations on algorithmic recommendation systems are likely to have some impact on your operations in China. The regulations came into effect on 1 March 2021, and a translation can be found here. Their enforcement is a stated focus for the Cyberspace Administration of China in 2022. A detailed analysis of an earlier draft of the regulations can be found here.

In addition to Laws on Cybersecurity and Data Security, businesses working in and/or exporting from China should be aware of updated Regulations on the Administration of Technology Import and Export (announced August 2020) and the Export Control Law (in force from December 2020) – and understand how these might affect their operations.

This law sets out an improved legal framework for foreign businesses to invest, establish and conduct businesses in China and replaces three previous foreign investment laws. Foreign investors will now receive national treatment except for businesses falling into the ‘Foreign investment negative list’. This consists of two blacklists: one that prohibits foreign investment, and another that restricts the proportion of foreign capital (effectively making it necessary to enter a joint venture with a Chinese partner). The Foreign investment negative list was updated in July 2020 – see this explainer from the British Chamber of Commerce in China.

This is the basic law for the incorporation, organisation structure and governance of all types of companies. It specifies many unique administrative requirements for incorporation and management of a company. It protects and regulates the legal rights and interests of companies, shareholders and creditors. It’s important that you choose your location carefully.  Many factors depend on which region a company operates in, such as the supply chain, the maturity of the ecosystem and infrastructure, access to skilled personnel, the sophistication of local IP protection environment, and local government support and tax incentives. Under the Company Law, recently introduced implementing regulations and government rules, a business entity in China now has more freedom to define the business scope of a Chinese subsidiary, which still needs to be written in its business license.

This governs all types of agreements or contracts in China. Given the differences in the UK and China’s legal systems, entering into a valid and enforceable contract is critical in trading with Chinese partners. Whether the UK company is well protected will depend on how a sale or a service agreement is drafted. You must get expert, legal advice and always have a well-designed agreement vetted for China enforceability. A Chinese translation of the agreement may be necessary to ensure the Chinese partner fully understands their obligations. Always request affixation of the official chop (stamp) of the Chinese partner to ensure binding effect. In any contract you need to consider the governing law, jurisdiction, dispute resolution and injunction issues. Selecting English law and exclusive jurisdiction of British courts is often not helpful, because UK judgments are very hard to enforce in China. Arbitration in HK or Singapore could be a good compromise and such arbitral awards are generally enforceable in China.

You should be aware of Foreign Exchange Control Regulation 2008, as well as the Agreement For The Avoidance Of Double Taxation And The Prevention Of Fiscal Evasion With Respect To Taxes On Income And Capital Gains.

The Regulations provide long-awaited details about how critical information infrastructure (CII) operators will be designated and what their responsibilities will be to protect the security of networks that they build and operate. This summary from Stanford University’s DigiChina project can help you stay compliant.

The new law came into effect on 1 January 2022. The law regulates how Chinese technology-related industrial policies operate and how state guidance funds for science and technology are run. The law features more ‘buy domestic’ provisions, in line with the Chinese government’s efforts to increase technological self-reliance and encourage foreign firms to relocate production to China.

The provisions in the law do not in theory discriminate against Foreign Invested Enterprises in the government procurement process, including both Joint Ventures and Wholly-Owned Foreign Enterprises, as long as they produce or provide services within the customs territory of China.

The China-Britain Business Council has a helpful explainer here. An unofficial translation of the law can be found here.

For further advice, you can contact CBBC or the IP attaché team in China. Always seeks expert legal advice before setting up in China.

Before setting up your business in China, you should be aware of the potential commercial risks to your business and how to mitigate them. This will help you protect your assets, data and IP – and ultimately improve your chances of long-term success in China.

Taking legal steps to protect your IP in China is important, but you should also consider your cybersecurity.

In September 2020 the then Foreign Secretary also warned of Chinese global cyber attacks. More information on this and previous announcements can be found here.

In July 2021 the UK joined like-minded partners to confirm Chinese state-backed actors were responsible for gaining access to computer networks via Microsoft Exchange servers.

The UK opposes and defends against the targeted theft of UK knowledge assets and expertise.

Asking yourself the following questions is a good way to start to address potential commercial risks:

China has recently shown considerable efforts in creating stronger intellectual property rights (IPR) protection systems. However, counterfeiting, trademark infringements and other IPR infringements remain major issues. For the most up-to-date information on IP rights, visit this page. This free, fast and easy-to-use online IP Health Check tool can also help you identify your IP assets and provide you with the next steps on how to protect them. IP rights are territorial. If you want your IP rights to be enforced in China, you need to ensure they’re registered there. For advice on registering and enforcing your rights within China, the Intellectual Property Office has a number of factsheets, and an IP attaché team in China which can offer advice on specific issues with registering and enforcing your IPR in China.

Have you thought about your company’s networks? How will you communicate? What IT will you take to China? You can consult the UK’s Centre for the Protection of National Infrastructure Secure Business page for more information.

Following these principles will help to ensure any risks to your IP, data or knowledge assets are appropriately mitigated. The NCSC provides practical guidance and uses industry and academic expertise to nurture the UK’s cyber security capability. To protect your organisation in cyberspace, you can follow these ten steps. If you’re a business with 250 employees or fewer, there is advice on being cyber secure tailor-made to suit your business. There are plenty of other ways you can protect your business and improve your approach to cyber security. If you want to know more about protecting your research, you can find further information here.

China is developing the CSCS to improve company regulation. The system is administered by the Chinese government and involves three components: (i) rating companies against a range of metrics; (ii) collecting regular information and updating ratings accordingly; (iii) shaping company behaviour via incentives and sanctions. You should monitor the situation and ensure you are receiving legal advice when setting up in China. This document from the European Chamber provides more detail on the CSCS. See also this MERICS report for more information.

Read this guide to learn whether AI could help protect your business.

When partnering with Chinese companies, UK businesses should consider whether they are on the entity listings of other countries, for example the United States, especially if they are already doing business in those countries.

The Centre for the Protection of National Infrastructure (CPNI) and National Cyber Security Centre (NCSC) have produced guidance to help you start to identify and mitigate some of these risks.

For more information, visit the DIT Doing Business Abroad Guide or the China Britain Business Council China Business Handbook

When setting up your business you should consider the ethical implications of engaging with China on emerging technologies.

The UK Government is committed to upholding human rights and has serious concerns regarding the Chinese State’s use of technologies in ways that violate human rights and harm individuals and society. Where China is not meeting its obligations under international law and falls below the standards required and expected of responsible governments and nation states, the UK Government will continue to speak out publicly.

Our concerns include China’s use of facial recognition and predictive computer algorithms for mass surveillance, profiling and repression of ethnic minorities in Xinjiang and elsewhere; automated internet and media surveillance and censorship including in a number of new ‘smart cities’, to expand social control and limit individual freedoms.

While engagement offers many opportunities, there is a risk that your company’s technology could be used to violate human rights, posing a significant risk to your business’s reputation. Businesses engaging in joint research and development activities in the fields of surveillance, biometrics, or tracking technology are at a heightened risk.

In addition, you should be aware of China’s programme of Civil Military Fusion (highlighted below). As well as ensuring that you are abiding by the relevant legal obligations, you may want to consider the possible reputational consequences if your company’s technology contributes to China’s military development.

Asking yourself the following questions may be a good way to start addressing the potential ethical challenges of doing business in China.

You should consider this from an ethical and legal perspective. For more information, please refer to the UN’s Guiding Principles on Business and Human rights here.

In its planning documents China has publicly stated that MCF requires ‘mutual open sharing of basic science and technology resources’ and ‘effective two-way transfer of technology’ – seeking accelerated development and transfer of technologies from civil sectors to military sectors. Because of this, the end use of your technology may not be limited to civilian contexts. The UK Government has serious concerns that advanced dual-use technology and knowledge, and research by UK firms and academic institutions, may be diverted to assist Chinese military programmes. Without proper due diligence, your businesses reputation could be at risk and you may face legal and reputational consequences.

You should ensure you understand whether your products, services and expertise could be used to violate human rights or contribute to military capabilities. This includes considering alternative uses for the data collected or generated by your technology particularly if it will be aggregated, for example in smart city infrastructures. Further research into Chinese partners or customers may also reveal concerning historical behaviours, show links to Chinese defence companies and universities, or reveal a declared MCF business strategy. If you or your company are found to be aiding human rights violations or advancing Chinese military capabilities, it could severely damage your reputation. There may also be legal implications if you have violated UK Export Controls or international sanctions. This also applies to research.

The best starting-point for conducting effective due diligence is being able to identify, segment and prioritise ‘high risk’ suppliers. Companies can lean on country, industry and sub-national specific risk data to identify supplier exposure and follow up with audits for those that have been ‘red flagged’. The key to implementing due diligence in China is having access to credible risk data. Stakeholder engagement – an important component of due diligence – can be challenging in Chinese supply chains.

Organisations with links to severe human rights abuses, such as those taking place in Xinjiang, face reputational and legal risks.

Though analysis by Verisk Maplecroft suggests that standard due diligence practices are unlikely to be effective in preventing links to human rights violations, companies can take the following steps:

  1. Align approaches to business policies, strategy, systems, supplier codes of practice, KPIs and training programmes, helping to raise awareness of social and environmental issues;
  2. Map operations of suppliers and subsidiaries to identify where the most salient risks lie;
  3. Set up audit programmes for the highest risk areas identified in mapping exercises. You may wish to enlist the assistance of independent, third-party auditors to check your assessments;
  4. Collaborate with industry peers, suppliers, governments, NGOs and other local partners to share knowledge, good practice and on-the-ground projects.

A good resource to further understand the different types of human rights issues and how they impact your supply chain is the Human Rights & Business Dilemmas Forum produced by Verisk Maplecroft and the UN Global Compact.

Human rights organisations have also suggested the following best practice when conducting due diligence:

  1. Be transparent about whom you are doing business with, including publishing the names of local partners, suppliers and collaborators. This could include any government agencies, public security bureau-affiliated research laboratories, or military-economic entities.
  2. Publicly report on human rights due diligence to display that you have a strategy, that you have applied it, and that you have assessed the risks.

You may find it helpful to contact specialists who offer advice and knowledge on doing business in China. Who can I talk to?

Department for
International Trade (DIT)

The Department for International Trade (DIT) helps businesses export and grow into global markets, as well as helping overseas companies locate and grow in the UK.

DIT’s network of trade advisors across the UK can help create a tailored export growth action plan, advise you on which markets are best for your business and put you in touch with contacts who can help you expand internationally.

China-Britain Business
Council (CBBC)

The China-Britain Business Council (CBBC) is the leading organisation helping UK companies grow and develop their business with China. CBBC provides advice, support and networking opportunities for companies at every stage of their China journey.

Visit CBBC’s website for detailed practical guidance for tech companies on the business environment, setting-up, finding partners, and business risks.

Intellectual Property Office

HMG’s Intellectual Property Office website hosts detailed, cross-sector information on GOV.UK about protecting and enforcing IP when working with China.

A number of factsheets, and an IP attaché team in China which can offer advice on specific issues with registering and enforcing your IP rights in China.

British Chamber of
Commerce in China

British Chamber of Commerce in China is a membership organisation for British businesses focused on boosting UK-China trade and investment. It has chapters in Beijing, Shanghai, Guangzhou and Southwest China, and provides a wide programme of events, publications and industry insights.

Secure Innovation

The Centre for Protection of National Infrastructure (CPNI) and the National Cyber Security Centre (NCSC) are the national technical authorities on physical, people and cyber security. They have created Secure Innovation to help founders and CEOs of emerging technology startups and their investors protect fledgling companies so that they can thrive.

Detailed guidance is available to empower startups and investors with the tools to foster a healthy security culture from the outset and continue to protect vital company assets as businesses scale and collaboration opens up overseas opportunities.

Visit CPNI website

NCSC for Startups

NCSC for Startups is the successor to the NCSC Cyber Accelerator, a programme which helped more than 40 tech companies raise in excess of £100m in external investments. The aim is to bring together innovative startups with NCSC technical expertise to solve some of the UK’s most important cyber challenges.

NCSC for Startups offers something for startups at all stages of maturity; from those developing a Minimum Viable Product (MVP), to those with established solutions looking to expand into new markets. There are also opportunities for organisations to get involved with the programme to bring additional support and expertise through:

  • Shaping technical challenges to bring a focus to areas of interest
  • Working together and directly with startup companies to influence their products
  • Providing technical leadership and influence to encourage the growing cyber eco-system

Where can I go to get advice on travelling to China?

The FCDO also provides details and up to date information on doing business in China.

Visit the FCDO website for information on getting a visa, as well as up-to-date travel advice for China – including on coronavirus.

How can I develop working relationships if there is a language barrier?

GOV.UK has a list of translators and interpreters in China. You should research whether a service provider will be suitable.

The FCDO does not accept any liability arising to any person for any loss or damage suffered through using these service providers or this information.

This representative example is based on real cases where companies have failed to negotiate the complexities of the Chinese market.

A UK-registered medical company (Company A) developed a data-driven platform that uses Artificial Intelligence (AI) to help doctors identify and diagnose hard-to-treat diseases.

In January 2020, Company A partnered with a private Chinese medical services provider (Company B) and six government bodies in China, to launch the platform in China. This required the participating medical organisations to upload their patients’ symptoms onto the platform, enabling the system to analyse the patient’s data and provide the doctors with potential diagnoses and treatments.

Whilst Company A’s platform was initially an overwhelming success, a series of widely documented complaints revealed that patients had no consent or control over the use of their data. This granted Company B and the six government bodies, unrestricted access to sensitive patient data without patients’ consent.

Company A received significant negative scrutiny from the international press for their lack of ethical consideration in developing a service that uses unethically sourced data. The negative media coverage severely damaged Company A’s reputation and sales.

Company A recognised that it did not conduct comprehensive due diligence on Chinese data laws prior to launching in China and has since sought legal advice on the practical steps it can take to secure and protect data in China.