China’s latest intervention into supply chain regulation marks a major new risk for multinationals with Chinese exposure in their supply chains. China’s 2026 Regulations on Industrial and Supply Chain Security, effective from the 31 of March 2026, embed a new form of supply chain governance within the country’s national security framework.
These rules will restrict core due diligence activities, expand the state’s ability to impose countermeasures and create direct conflicts with Western legal obligations. More fundamentally, they reinforce the reality that operating in China involves navigating a system where commercial activity is closely tied to state interests and subject to extensive oversight by the Communist dictatorship.
For companies with Chinese-linked supply chains, this new law creates a direct and unresolved conflict between Chinese law and Western due diligence obligations, while reinforcing the broader reality that operating in China involves exposure to risk from the state.
Supply chains as an extension of national security
The Regulations on Industrial and Supply Chain Security provisions are explicitly tied to China’s national security laws and foreign relations framework. Supply chain activity is framed as integral to economic stability and state security, with oversight distributed across ministries that include public security, cybersecurity and national security bodies.
This means that supply chain data, supplier relationships and procurement decisions will not be treated as purely commercial matters. They fall within a system that prioritises state visibility and control. The regulations establish monitoring systems, early warning mechanisms and coordinated enforcement powers that allow authorities to intervene where risks to supply chain stability are identified. In effect, supply chain compliance becomes part of a broader surveillance and control architecture.
The most immediate concern for multinational companies is Article 13 of the law, which restricts “information gathering activities” related to industrial and supply chains where these are found to breach Chinese law.
The language is deliberately broad. It does not define the scope of prohibited activity with precision. This creates uncertainty around whether standard compliance processes fall within its reach. Routine practices such as supplier questionnaires, ESG audits, human rights assessments and on-site inspections could all be captured, depending on how the provision is interpreted and enforced.
Foreign companies may face legal exposure for carrying out activities that are mandatory under their home jurisdiction. The regulations explicitly bring such investigative activity within Chinese legal control, even when it is driven by external compliance obligations.
Expanding powers of retaliation from Chinese authorities
Alongside restrictions on information gathering, the regulations significantly expand the Chinese government’s ability to respond to perceived threats to supply chain security.
Authorities are empowered to investigate foreign organisations and individuals where their actions are seen to disrupt normal transactions or threaten supply chain stability. The threshold for intervention is low. It includes situations where there is a risk or threat of harm, rather than a requirement to demonstrate actual damage.
Once triggered, the available measures are extensive. Companies can face restrictions on trade and investment, limits on cooperation with Chinese partners and operational constraints within the country. Individuals may even encounter travel restrictions or limitations on their ability to work or reside in China.
What makes this particularly challenging is that enforcement is not limited to actions taken within China. Decisions made abroad, including compliance with foreign regulations, may fall within scope if they are considered to affect Chinese supply chains.
A coordinated counter-sanctions system
The 2026 regulations are part of a wider legal architecture that has been developing over several years where China has moved from isolated countermeasures to a coordinated system that integrates multiple legal instruments, including the Anti-Foreign Sanctions Law, blocking rules and entity designation regimes.
Recent additions introduce further escalation. The concept of a “malicious entity list” extends liability to those who promote or support foreign sanctions. There are also provisions that point to potential criminal liability in certain circumstances.
This means a single compliance decision motivated by a standard national legal requirement, can now trigger multiple parallel responses across different regulatory mechanisms. Terminating a supplier, adjusting a supply chain in response to sanctions or conducting enhanced due diligence may expose a company to overlapping investigations and penalties.
Direct conflict with Western due diligence regimes
For multinational companies, the central challenge lies in the potential conflict between Chinese law and Western compliance requirements.
Legislation such as the EU Corporate Sustainability Due Diligence Directive and the US Uyghur Forced Labor Prevention Act imposes strict obligations to map supply chains, identify risks and conduct detailed human rights due diligence. These obligations often require precisely the type of information gathering and supplier scrutiny that the Chinese regulations place under restriction.
Ultimately, the new framework highlights the possibility that companies could face legal consequences simply for investigating their own supply chains in China. This creates a genuine legal dilemma. Compliance with one regime may constitute a breach of another.
One of the more significant developments is the increasing exposure of individuals. The regulatory framework now allows for measures that affect executives and employees directly, including travel restrictions and potential liability under broader legal provisions.
The inclusion of possible criminal liability in the new regulations means that decisions taken at a corporate level, including those made outside China, may have consequences for individuals with operational or managerial responsibilities linked to Chinese operations.
What will this mean in reality?
The introduction of the Regulations on Industrial and Supply Chain Security is unlikely to mean that every foreign company operating in China will face investigation or sanction. In practice, most routine commercial activity will continue without direct intervention. However these regulations do give Chinese authorities a broad legal basis to initiate investigations where conduct is perceived to threaten supply chain security or national interests. The threshold is deliberately flexible. It includes not only actual harm, but the “threat of harm,” and it captures a wide range of activity, including information gathering and commercial decisions that depart from what authorities consider normal market behaviour
From a risk management perspective, this creates an environment where enforcement is likely to become selective and strategic and connected to Chinese state priorities. The law provides a mechanism that can be activated when needed, rather than one that must be applied consistently across all actors.
This introduces a layer of political and reputational risk into compliance decisions. A company may find itself exposed where its actions intersect with areas of sensitivity for the Chinese state. That could include public positions taken by senior leadership, decisions linked to human rights concerns, or alignment with foreign regulatory frameworks that China views as hostile or discriminatory.
For example, a company that publicly distances itself from certain regions like Xinjiang or suppliers on human rights grounds, or one that actively complies with external sanctions regimes, may be seen as undermining China’s economic or political interests. Under the new framework, that perception can be sufficient to justify scrutiny. The regulations provide the legal pathway to investigate, restrict operations or impose countermeasures if authorities choose to act.
This dynamic is reinforced by the wider counter-sanctions system. The inclusion of concepts such as “promoting” foreign measures and the ability to act against individuals as well as entities broadens the scope for intervention. It allows authorities to respond not only to concrete actions, but also to signalling and alignment.
For multinational companies, risk exposure can be driven solely by what a company does, but also by how those actions are interpreted within a shifting political context. Compliance frameworks that are designed around legal certainty in one jurisdiction may create vulnerability in another.
In practical terms, this requires a recalibration of risk assessment when operating with China. Companies need to consider not just whether an action is legally required under Western law, but how it may be perceived and classified under Chinese law. The existence of the regulation means the option to enforce is always available, even if it is not exercised routinely.
