Businesses’ concerns about China in recent years have often been captured by major shocks and external trends. Right now, those are COVID and the fallout from the Ukraine conflict. Previous attention-grabbers have included major regulatory actions such as those against DiDi Chuxing and Ant Financial, and the many twists and turns in US-China trade conflict since 2017. While these are hugely important, as focus jumps from one topic to another, many people have lost sight of underlying, durable trends in the local regulatory and policy environment that will shape China’s business environment.

“The rejuvenation of the Chinese nation is no walk in the park or mere drum-beating or gong-clanging.” That’s what President Xi Jinping famously said in 2017, and it’s a statement that captures the challenge behind everything from his desire to reform state healthcare and fix Chinese air quality, to his plan to effect a tectonic shift in the Chinese economy. Meeting those challenges has triggered a raft of new regulations and aggressive enforcement. Anti-bribery, anti-competition, food safety, environmental protection, and more recently, cyber- and data-security, have all seen a sharp increase in regulatory investigations, guilty verdicts, and significant fines (and even jail time). So Xi’s era has been tumultuous for business operators and investors, both domestic and foreign. But it has also been incredibly lucrative. Can the good times continue to roll?

Inside the box

One of the oft-used English metaphors in business to spur creativity and innovation is to “think outside the box”. However, one of our Chinese client’s perspective of this phrase says a lot about the realities of doing business here: “Our (foreign) JV partners often say that innovation and growth requires ‘thinking outside the box’. This doesn’t work in China, because there is always a box that you need to operate within. Venture outside the box and you can get yourself in trouble. In China, success comes by thinking – and innovating – inside the box.

The “box” in China is defined by – and enforced through – an increasingly strict political and regulatory environment – from geopolitical scuffles between China and other nations to enforcement of data security, environmental, food safety and other regulations. When Chinese authorities are asked why regulatory enforcement is increasing, they talk about creating a “more equitable and stable” business environment as a foundation to grow the economy. In other words, stability (and associated growth) come through regulation. As the Chinese proverb goes, “if you release (regulations), it will lead to chaos” (一放就乱). Business success in China today is based on companies knowing where the political and regulatory limits are for them and identifying the space inside the box to innovate and grow. To put it another way, our client was saying that it is imperative to understand the political and regulatory priorities of Chinese authorities and to identify growth opportunities within the framework of regulatory compliance.

Are foreign companies being targeted?

News headlines do well to give the impression that foreign companies with operations or investments in China are in the crosshairs of China’s regulators. However, in recent times, regulatory enforcement has been far more of a concern for local Chinese companies. China has been carrying out various forms of “regulatory crackdown” for many years, and since 2013 it has pursued a concerted strategy to revamp regulations, restructure regulators and tighten enforcement. In addition to strengthening political control, these reforms aim to create a better functioning market and business environment, while solving broader political, societal and economic issues, and to better implement central policies – a perennial challenge for Beijing.

Soon after Xi assumed office, his administration rolled out an aggressive anti-bribery and anti-corruption (ABAC) campaign. Foreigners who only read Western media most closely associate this campaign with a British pharmaceutical company, which, after 18 months of investigation by the Ministry of Public Security, was found guilty of bribing doctors and fined nearly half a billion dollars. What is less known by foreigners is that thousands of Chinese companies, business leaders and party members were investigated under the ABAC sweep, landing many in jail (with some even receiving capital punishment for errors judged most egregious). Chinese companies Ant Financial and DiDi Chuxing are recent examples of how business leaders tried to list publicly in the US, only to be hauled back by Chinese authorities for ignoring the regulatory “box” established for them (financial services regulations for Ant and data security for DiDi Chuxing).

Despite China’s disputes with other countries and the proliferating legal framework for potential “retaliation” (from the Anti-Foreign Sanctions Law and Export Control Law to the elusive Unreliable Entities List), there have been very few cases in the past several years where leading foreign multinationals have been capriciously investigated and punished by Chinese regulators. It would be a mistake to assume that foreign companies are not subject to the same regulatory scrutiny as Chinese companies. They are, particularly in areas like anti-monopoly and competition policy, where several risk factors intersect. The “quiet rise” of China advocated by former leaders was a simple one: ensure the “red carpet” was out for foreign investors to drive China’s transformation, while keeping their governments pliant by not rattling the sabre. Xi is somewhat different: China isn’t rising; it has risen and he’s being very noisy about it.

Abroad, that looks intimidating – he has turned frozen territorial conflicts like the border dispute with India into uncomfortably warm ones and made accidental confrontation in places such as the South and East China Seas more likely. At home, the “risen China” mantra appears honest.

Finding this article useful?

What next?

Multinational companies would do well to focus on two critical efforts to future-proof their China strategy:

  • Recognise this: Xi and the Communist Party regulate the Chinese economy based on their interests. The execution of that might look familiar – like a smoother, more law-abiding marketplace – but those are just by-products of the ultimate objective of chaos reduction designed to facilitate state control. This is fundamentally different from Western economies because, in China, you can smash through the sides of this box, not by breaking any rule, but simply by contravening the Party’s often vague and changing design for the future. Just ask Alibaba.
  • With that in mind, you need to recognise this “design” as a work in progress. Companies must monitor political developments in regulatory build-out and enforcement and make continuous adjustments to stay safely in the middle and to steer well clear of the “sides of the box”. And don’t just watch what the rule-makers are doing. Engage with them and watch for hints from the Party hierarchy in terms of what they emphasise and the projects they favour in what might be a sector “adjacent” to yours.

For example, China’s Cyber Security Law (CSL) came out with guidance on what companies designated as “critical information infrastructure” (CII) should do but did not provide a precise definition of what CII really is. So just knowing the law or regulation, while important, is insufficient to manage the risk of the regulation being enforced.

To identify a company’s exposure to political and regulatory risk – to define the “box” – companies must go beyond the regulation and understand how (and why) that regulation is being enforced in China at various local levels, recognising which drivers are geopolitical and which are mostly local, identifying who are the targets of enforcement and what the regulators are requiring. This will not only give insight into what “compliance” means but also provide a roadmap of how and where the authorities are starting to enforce. Companies can then assess how their business, with their unique strategy and operational footprint, might be exposed to those political and regulatory risks, but also strive because of them.

Test your business against the following questions:

  • What sectors matter the most to industrial reformers and am I one of those? Healthcare, food and chemicals are famous for the degree of scrutiny and enforcement Chinese regulators they are subjected to, and this list is expanding.
  • Which regulations are the focus of government enforcement in our sector? Our years of tracking government enforcement show that most cases have clear regulatory drivers that flow from political imperatives. For example, chemical companies are under significant pressure from aggressive enforcement of environmental regulations, while those in the consumer sector will face extra scrutiny from data-security regulators.
  • Where are we particularly vulnerable to these regulations? Does your company process a lot of data and share it with others outside China? Does your company have a large enough market share to attract the attention of anti-monopoly regulators?
  • Will geopolitical tensions heighten scrutiny? How exposed is your company to the risk of politicisation of data and technology? How prominently does your brand represent a specific country or industry? How likely are you to face significant restrictions from export controls?
  • Monitor, monitor, monitor

    Once the “box” has been defined, it is critical to monitor political developments and regulatory enforcement across China. For example, both Jiangsu and Shandong Provinces have been particularly aggressive in the enforcement of environmental regulations, while Liaoning Province has paid closer attention to anti-competition, particularly in the healthcare space.

    Although analysing laws, regulations and enforcement activity can highlight issues that are worrying for business, there are practical steps that companies can take to see how it fits into the bigger picture, to understand if this is about them, and to manage the actual risks that form their box:

  • What sort of regulatory guidance is being issued and how does it provide information about the original regulation? For example, the July 2015 CSL was typically vague about several critical issues that would help define compliance. However, since then, there have been many circulars and regulatory updates to the CSL that provided additional (but imperfect) guidance on definitions of CII and personal information, among other things. All these documents need to be taken together to understand the current state of regulation and enforcement efforts.
  • Who is enforcing the regulations? In some cases, a regulatory enforcement arm is clearly defined – for example, the Administration for Market Regulation (AMR) enforces ABAC regulations. However, in some instances, other regulators will be involved, such as the Public Security Bureau (PSB), China’s police. Getting involved in an ABAC case raises concerns that criminal bribery is suspected. The PSB has a division that enforces the CSL, but the Cyber Administration of China will also be involved in enforcing issues where content is a question.
  • What is enforcement’s main concerns? For CSL enforcement, are regulators focused on data security, private information, content, or all the above? If there is an anti-monopoly sweep in a province, what types of companies are they going after (local or foreign) and in what sector(s)?

  • Monitoring regulatory enforcement is critical to companies that wish to get an early indication of how their “box” may be changing.


    The message to multinationals is clear: China is no longer an unconditional welcome mat for foreigners. It is now a place where multinationals are welcome but only on terms that are subordinate to a broader state-led master plan around Xi’s personal vision, firstly for the Communist Party, and secondly, the country. So this “box” is highly politicised, increasingly based on the preferences of an individual, and changing rather quickly. In other words, multinationals are welcome “inside the box”; however, this box is complex and unique, and understanding it is no longer an option.