What strategies can foreign companies adopt to protect their IP rights, such as trademark registration, patent filing, and trade secret protection?

• First of all, act early. We have observed foreign companies that have been selling products and providing services to the Chinese market for months or even years without applying for trademark registrations, patent filings and software copyright registrations in China. This has often led to challenging legal battles.
• In China, whoever files a trademark or patent application first generally has priority, regardless of who first used the mark or invented the technology. Therefore, when deciding to source from or sell to China, it is advisable to start preparing for IP filings in China as soon as possible. Please note that this process can be time-consuming, as Chinese authorities are always dealing with a high volume of applications. For example, it usually takes over a year to register a trademark, starting from the submission of the application.
• Trade secrets protection is a bit different. Trade secrets are primarily protected through the Anti-Unfair Competition Law, supplemented by other relevant legislation such as the Civil Code, Criminal Law, and Labour Law. In practice, confidentiality agreements (also known as non-disclosure agreements or NDAs) are only a good start. Confidentiality agreements templates based on common law principles, which are commonly used by foreign companies, are almost useless in China. To ensure their effectiveness, confidentiality agreements must be “localised” to align with Chinese laws and regulations, complemented by enforceable company policies and procedures for handling and protecting confidential trade secrets.

What role do local partnerships play in protecting a foreign company’s intellectual property in China, and what are the key legal precautions that should be taken when entering into such partnerships? How can foreign companies ensure that their local partners adhere to the terms of IP protection?

• Local partnerships in China can play a complex role in protecting a foreign company’s intellectual property. While they can offer valuable market access, local knowledge, and established networks, they also present potential IP risks if not managed carefully.
• Conducting comprehensive due diligence on potential partners, including their business reputation, financial stability, and track record regarding IP protection, is therefore essential. It is also advisable to check for any prior litigation or administrative actions related to IP infringement.
• Furthermore, it is essential to draft clear and comprehensive contractual agreements that explicitly address IP ownership, licensing, and protection. If technology transfer is involved, a separate technology transfer agreement should be drafted that clearly defines the scope of the transfer, the ownership of any resulting improvements, and the restrictions on further transfer or use of the technology. The complexity of the process is increased when technology transferred is considered as a capital injection into a joint venture entity formed in China.
• To ensure the local partners adhere to the terms of IP protection, foreign companies should implement a system for regular monitoring and audits of the partner’s activities. This can include on-site visits, reviews of business/financial records, and monitoring of online activities.

What steps should we take to safeguard our IP when licensing technology or entering sourcing agreements?

• Specific Considerations for Licensing Agreements: clearly define the licensed technology, permitted uses, territory, and duration; ensure the licensee maintains quality standards and complies with the terms of the license; and choose a royalty structure that aligns with the business objectives and provides adequate compensation for the use of the technology.
• Specific Considerations for Sourcing Agreements: ensure suppliers have precise instructions to avoid misunderstandings and unauthorised use of IP; monitor suppliers’ production processes and security measures to prevent trade secrets leakage (this is why on-site visits are important); and, if possible, choose multiple suppliers to reduce the risk of IP misappropriation.
• We will discuss more in the sections below regarding distribution, sourcing, and licensing agreements.

What contractual safeguards should foreign companies include in licensing agreements to protect their intellectual property, such as patent rights, trademark usage, and enforcement clauses? How can these safeguards mitigate the risk of IP theft or unauthorized use by local partners?

• Unless the deal requires otherwise, the agreements should explicitly confirm that the (foreign company) licensor retains full ownership of all IP. The license only grants specific usage rights. In order to prevent the licensee from claiming any rights beyond those explicitly stated, it is recommended that a “no implied rights” clause be included. It is also essential to address ownership of derivative works or improvements, ideally ensuring assignment back to the licensor.
• Licensing agreements always have their own non-disclosure clauses, which must clearly define confidential information, impose strict confidentiality obligations, specify permitted disclosures, and include a reasonable duration extending beyond the agreement’s termination.
• Also, specify who controls enforcement actions against third-party infringers. Ideally, the licensor should retain control, even with required licensee cooperation.
• Although it is not mandatory by law, you should have a Chinese language version of each agreement. This can help avoid misunderstandings and facilitate enforcement.
• Despite the implementation of robust safeguards, the risk of IP theft remains a concern. It is therefore imperative to closely monitor the market for any infringements and to act quickly to enforce your rights if necessary. A delay in taking action can compound the difficulty of recovering losses and preventing further damage.

How effective are China’s IP enforcement mechanisms in practice, and what steps can we take if infringement occurs? (Such as challenges like timing or jurisdictional issues when enforcing IP.)

• Over the past decade, China has strengthened its IP laws and regulations, aligning them more closely with international standards. Recent amendments to the law have increased penalties for infringement and lowered the burden of proof in some cases.
• Specialised IP courts have been set up in major cities, staffed by judges with expertise in IP law. This has resulted in more informed and consistent decisions, particularly in complex technical cases. Drawing on our own experience, these courts have been found to be more inclined to award higher damages in infringement cases, effectively deterring potential infringers.
• Punitive damages are awarded for wilful and serious IP infringements. The calculation of such damages is typically based on the plaintiff’s actual losses, the defendant’s illegal income (or benefits), or a reasonable license fee. The multiplier for punitive damages can be up to five times the base amount, depending on the severity of the infringement.

We are a Swiss company (subject to GDPR) doing business with Chinese companies and collecting personal data from China. What questions should we ask before doing business with our Chinese partners?

• Dealing with data privacy when transferring personal data between Switzerland (under GDPR and FADP) and China involves navigating (at least) two very different regulatory landscapes. Here’s a breakdown of key questions to ask your Chinese partners before entering into business, with a focus on data protection:
  • What specific personal information (PI) and sensitive personal information (SPI) are you collecting from individuals in China, and what is the lawful and legitimate purpose for this collection? Chinese law, particularly the Personal Information Protection Law (PIPL) and its associated rules, emphasizes purpose limitation.
  • What is the legal basis for processing the PI and SPI under Chinese law? Common bases include consent, contract necessity, legal obligation, or “reasonable necessity” for HR management (for employee data).
  • Do you collect only the minimum PI and SPI necessary for the specified purpose?
  • How do you ensure the accuracy and completeness of the PI and SPI collected? What processes are in place for data correction or updates?
  • How is consent obtained? Is it separate and informed consent? PIPL has strict requirements for consent, especially for SPI. It must be freely given, specific, informed, and unambiguous.
  • What is your data retention policy? How long do you keep the data, and how do you justify these retention periods under Chinese law?
  • What technical and organisational security measures are in place to protect the PI and SPI against unauthorised access, use, disclosure, alteration, or destruction? China has a strong focus on data security. Ask for details about Multi-Level Protection Scheme (MLPS) compliance, encryption, access controls, vulnerability management, and incident response plans. MLPS compliance is often a mandatory requirement.
  • If data is transferred outside of China, how do you comply with the PIPL’s and other regulations’ data export rules?
  • Do you share PI and SPI with any third parties (e.g., subcontractors, cloud providers)? If so, who are they, where are they located, and what contractual safeguards are in place to protect the data?
  • There are many other questions that should be asked and assessed before data is shared/transferred. In addition, potential conflicts between EU law and Chinese law need to be addressed on a case-by-case basis.
• Data Processing Agreement (DPA) is needed to include terms and conditions regarding data transfers, security measures, and compliance with applicable Chinese laws. This DPA should reflect the requirements of PIPL.

What are the main compliance paths for data export in China?

• First, the Security Assessment Path. This path is applicable to situations involving the provision of important data and critical information infrastructure operators (CIIOs) to overseas entities. The Cybersecurity Administration of China (CAC) has established security assessment requirements for data exports, particularly for CIIOs and those handling significant amounts of important data.
• Second, the Personal Information Protection Certification Path. This path is applicable to data exports by non-CIIOs, especially those not involving important data. It requires data exporters to obtain certification from professional institutions. The specific certification mechanism is still evolving.
• Third, the Standard Contract Path. This path is applicable to data exports where the data exporter enters into a contract with the overseas recipient using a standard contract. It requires the data exporter to complete the filing of the standard contract in China.

What are the regulatory trends regarding cross-border data transfer that may affect foreign data receivers?

• New national regulations and local rules (specifically, free trade zone rules) are introducing relaxations for certain types of data transfers, such as those necessary for contracts, cross-border bank wires, and human resources management, while maintaining strict controls for sensitive data and large-scale transfers.
• The Security Assessment Path remains a central mechanism for regulating large-scale data transfers and transfers of important data. However, the criteria and procedures for these assessments are still evolving, creating some uncertainty for companies. We have seen companies spend months preparing an assessment report for government submissions, only to have to significantly rewrite the report due to a change in business model and submission criteria at the same time.
• China is also finalizing measures for Personal Information Protection Certification. This certification will act as an official stamp of approval, demonstrating that a company meets China’s high standards for data protection and is allowed to transfer PI out of China.

Article posted on 17 February, 2025.