.png){kind=logo}
April 30, 2026
Interpretation of the Core Provisions of the Regulations on the Protection of Trade Secrets
On February 24, 2026, the State Administration for Market Regulation issued the "Provisions on the Protection of Trade Secrets" (hereinafter referred to as the "New Regulations"). This marks the most landmark regulatory update in the field of trade secret protection, following the implementation of the 1998 "Several Provisions on Prohibiting Infringement of Trade Secrets" (hereinafter referred to as the "Old Regulations") for 28 years. The New Regulations consist of 31 articles, systematically restructuring five core components of trade secret protection: "definition criteria, protective measures, infringement determination, enforcement procedures, and legal liabilities." They will take effect on June 1, 2026. This is not merely a regulatory revision but also a digital restructuring of the trade secret protection system.
I. Digital Reconstruction of the Scope of Trade Secrets
A. Article 5: Data, Algorithms, and Code Are Incorporated
Article 5 of the new regulations stipulates: "Information related to technology, including structures, raw materials, formulations, processes, methods, data, algorithms, computer programs, and codes, constitutes technical information." This marks the most landmark breakthrough in the new regulations, explicitly including "data, algorithms, and codes" within the scope of protection. AI model training data, platform algorithm logic, user profiling data, and other similar information can now be claimed as trade secrets, thereby solidifying the legal foundation for data assetization.
B. Article 7: Value Confirmation of Failed Experimental Data
Article 7 of the new regulation stipulates: "Staged achievements or failed experimental data, technical solutions, etc., formed in production and operational activities that meet the specified criteria are considered to possess commercial value." This provision overturns the traditional notion that "trade secrets must have actual commercial value." In R&D-intensive industries such as biopharmaceuticals and semiconductors, substantial investments often yield "failed data" rather than successful products. The new regulation explicitly acknowledges that failed data may also hold potential commercial value.
C. Article 6: The "reprocessing" of publicly available information may constitute a trade secret
Article 6 of the new regulations stipulates: "New information formed by organizing, improving, or processing publicly known commercial information that meets the conditions shall be considered not known to the public."
Publicly available raw data do not constitute trade secrets, but the new data systems formed through cleaning, modeling, and structured processing can be protected as trade secrets, provided that intellectual labor is invested and they are not generally known to the public.
II. Digital Upgrade of Confidentiality Measures
A. Article 9, Item 4: First entry of remote work confidentiality measures into regulations
Article 9 of the new regulations stipulates: "For scenarios such as remote work and cross-border collaboration, technical confidentiality measures such as permission grading, data anonymization, and operation log tracking shall be taken."
The old confidentiality measures mainly relied on physical isolation, while the new rules institutionalize digital measures, which are in line with current work scenarios such as remote work and cross-border collaboration. It is recommended that enterprises adopt corresponding technical confidentiality measures in accordance with the new regulations.
B. Article 9, Item 7: Procedures for Resignation Management
The new regulations specify that confidentiality measures include "requiring departing employees to register, return, clear, and destroy the trade secrets and their carriers that they possess or come into contact with."
This is the first time that the procedures for resignation management have been clearly defined at the departmental regulatory level, requiring not only the return of company equipment, but also the supervision of employees to clear confidential information from personal devices and personal cloud drives, and the process should be recorded.
III. New Methods for Determining Infringement
A. Article 10: Regulation on "Electronic Intrusion"
The new regulations explicitly classify the following behaviors as improper means:
1. Unauthorized access to the digital office system, server, email, and cloud drive of the rights holder to obtain trade secrets;
2. Obtaining trade secrets through malicious programs and vulnerability attacks;
3. Unauthorized downloading or transmission of trade secrets to email addresses or cloud drives beyond the control of the rights holder;
In practice, a large number of trade secret leaks occur before resignation, where employees take away core technical files through private email and cloud disk "backups." The new regulations explicitly include this as an "improper means," providing a direct basis for administrative investigation and punishment.
B. Article 13: Instigation, Inducement, and Assistance in Infringement
The new regulations clearly state that those who incite or instruct others to infringe, induce others to infringe through material rewards, and knowingly provide convenience are all considered to be infringing. This means that if a new company knowingly accepts and uses the technology of an employee who has been hired by the original company, it can be directly recognized as infringement.
IV. Strengthening the Burden of Proof and Enforcement Power
A. Article 20: Transfer of Burden of Proof
If there is evidence proving that the information used by the suspected infringer is substantially the same as the trade secrets of the right holder, and the suspected infringer had the conditions to obtain the trade secrets, the municipal supervision department can determine infringement. The right holder only needs to prove "substantial similarity+contact conditions," and the burden of proof is transferred to the suspected infringer.
B. Article 23: Expansion of Law Enforcement Powers
The new regulations endow the municipal supervision department with investigative measures such as querying bank accounts, sealing and seizing property, approaching the level of criminal investigation. Technical secret cases are under the jurisdiction of the city level or above, ensuring the professionalism of law enforcement.
C. Article 29: Clear Extraterritorial Effects
This regulation applies to those who commit acts of infringing on trade secrets overseas and disrupt the competitive order of the domestic market. It addresses infringement in scenarios involving cross-border data flow and offshore servers, and, according to the regulation, as long as it affects the domestic market, they can be held accountable.
V. The Boundary of Legal Behavior
A. Article 15: Legitimate acts that do not constitute infringement
For the first time, the new regulations systematically stipulate legal defenses, including:
1. Independently discovered or independently developed;
2. Disassemble, survey, analyze and obtain technical information related to products obtained from public channels (i.e., reverse engineering);
3. Former employees utilize their accumulated general knowledge, skills, industry experience, or industry information available through public channels to carry out their work;
4. To disclose illegal and criminal activities in accordance with the law;
5. Other behaviors that do not constitute infringement of trade secrets.
Regarding the aforementioned reverse engineering, it should be noted that Article 14 of the "Provisions of the Supreme People's Court on Several Issues Concerning the Application of Law in the Trial of Civil Cases of Infringement of Trade Secrets" clearly stipulates that if the accused infringer obtains the trade secrets of the right holder by improper means and then claims that the trade secrets have not been infringed on the grounds of reverse engineering, the people's court will not support this claim.
It has been less than three months since the official implementation of the new regulations on June 1, 2026. It is recommended that companies actively respond to the new regulations and build a compliance system, including but not limited to, developing reasonable confidentiality measures, signing confidentiality and non-compete agreements with employees, implementing graded encryption for computer system deployment, leaving operation traces, and other means to achieve risk prevention and control and protect the core assets of the enterprise.
I. Digital Reconstruction of the Scope of Trade Secrets
A. Article 5: Data, Algorithms, and Code Are Incorporated
Article 5 of the new regulations stipulates: "Information related to technology, including structures, raw materials, formulations, processes, methods, data, algorithms, computer programs, and codes, constitutes technical information." This marks the most landmark breakthrough in the new regulations, explicitly including "data, algorithms, and codes" within the scope of protection. AI model training data, platform algorithm logic, user profiling data, and other similar information can now be claimed as trade secrets, thereby solidifying the legal foundation for data assetization.
B. Article 7: Value Confirmation of Failed Experimental Data
Article 7 of the new regulation stipulates: "Staged achievements or failed experimental data, technical solutions, etc., formed in production and operational activities that meet the specified criteria are considered to possess commercial value." This provision overturns the traditional notion that "trade secrets must have actual commercial value." In R&D-intensive industries such as biopharmaceuticals and semiconductors, substantial investments often yield "failed data" rather than successful products. The new regulation explicitly acknowledges that failed data may also hold potential commercial value.
C. Article 6: The "reprocessing" of publicly available information may constitute a trade secret
Article 6 of the new regulations stipulates: "New information formed by organizing, improving, or processing publicly known commercial information that meets the conditions shall be considered not known to the public."
Publicly available raw data do not constitute trade secrets, but the new data systems formed through cleaning, modeling, and structured processing can be protected as trade secrets, provided that intellectual labor is invested and they are not generally known to the public.
II. Digital Upgrade of Confidentiality Measures
A. Article 9, Item 4: First entry of remote work confidentiality measures into regulations
Article 9 of the new regulations stipulates: "For scenarios such as remote work and cross-border collaboration, technical confidentiality measures such as permission grading, data anonymization, and operation log tracking shall be taken."
The old confidentiality measures mainly relied on physical isolation, while the new rules institutionalize digital measures, which are in line with current work scenarios such as remote work and cross-border collaboration. It is recommended that enterprises adopt corresponding technical confidentiality measures in accordance with the new regulations.
B. Article 9, Item 7: Procedures for Resignation Management
The new regulations specify that confidentiality measures include "requiring departing employees to register, return, clear, and destroy the trade secrets and their carriers that they possess or come into contact with."
This is the first time that the procedures for resignation management have been clearly defined at the departmental regulatory level, requiring not only the return of company equipment, but also the supervision of employees to clear confidential information from personal devices and personal cloud drives, and the process should be recorded.
III. New Methods for Determining Infringement
A. Article 10: Regulation on "Electronic Intrusion"
The new regulations explicitly classify the following behaviors as improper means:
1. Unauthorized access to the digital office system, server, email, and cloud drive of the rights holder to obtain trade secrets;
2. Obtaining trade secrets through malicious programs and vulnerability attacks;
3. Unauthorized downloading or transmission of trade secrets to email addresses or cloud drives beyond the control of the rights holder;
In practice, a large number of trade secret leaks occur before resignation, where employees take away core technical files through private email and cloud disk "backups." The new regulations explicitly include this as an "improper means," providing a direct basis for administrative investigation and punishment.
B. Article 13: Instigation, Inducement, and Assistance in Infringement
The new regulations clearly state that those who incite or instruct others to infringe, induce others to infringe through material rewards, and knowingly provide convenience are all considered to be infringing. This means that if a new company knowingly accepts and uses the technology of an employee who has been hired by the original company, it can be directly recognized as infringement.
IV. Strengthening the Burden of Proof and Enforcement Power
A. Article 20: Transfer of Burden of Proof
If there is evidence proving that the information used by the suspected infringer is substantially the same as the trade secrets of the right holder, and the suspected infringer had the conditions to obtain the trade secrets, the municipal supervision department can determine infringement. The right holder only needs to prove "substantial similarity+contact conditions," and the burden of proof is transferred to the suspected infringer.
B. Article 23: Expansion of Law Enforcement Powers
The new regulations endow the municipal supervision department with investigative measures such as querying bank accounts, sealing and seizing property, approaching the level of criminal investigation. Technical secret cases are under the jurisdiction of the city level or above, ensuring the professionalism of law enforcement.
C. Article 29: Clear Extraterritorial Effects
This regulation applies to those who commit acts of infringing on trade secrets overseas and disrupt the competitive order of the domestic market. It addresses infringement in scenarios involving cross-border data flow and offshore servers, and, according to the regulation, as long as it affects the domestic market, they can be held accountable.
V. The Boundary of Legal Behavior
A. Article 15: Legitimate acts that do not constitute infringement
For the first time, the new regulations systematically stipulate legal defenses, including:
1. Independently discovered or independently developed;
2. Disassemble, survey, analyze and obtain technical information related to products obtained from public channels (i.e., reverse engineering);
3. Former employees utilize their accumulated general knowledge, skills, industry experience, or industry information available through public channels to carry out their work;
4. To disclose illegal and criminal activities in accordance with the law;
5. Other behaviors that do not constitute infringement of trade secrets.
Regarding the aforementioned reverse engineering, it should be noted that Article 14 of the "Provisions of the Supreme People's Court on Several Issues Concerning the Application of Law in the Trial of Civil Cases of Infringement of Trade Secrets" clearly stipulates that if the accused infringer obtains the trade secrets of the right holder by improper means and then claims that the trade secrets have not been infringed on the grounds of reverse engineering, the people's court will not support this claim.
It has been less than three months since the official implementation of the new regulations on June 1, 2026. It is recommended that companies actively respond to the new regulations and build a compliance system, including but not limited to, developing reasonable confidentiality measures, signing confidentiality and non-compete agreements with employees, implementing graded encryption for computer system deployment, leaving operation traces, and other means to achieve risk prevention and control and protect the core assets of the enterprise.
The contents of all newsletters of Shanghai Lee, Tsai & Partners (Content) available on the webpage belong to and remain with Shanghai Lee, Tsai & Partners. All rights are reserved by Shanghai Lee, Tsai & Partners, and the Content may not be reproduced, downloaded, disseminated, published, or transferred in any form or by any means, except with the prior permission of Shanghai Lee, Tsai & Partners.
The Content is for informational purposes only and is not offered as legal or professional advice on any particular issue or case. The Content may not reflect the most current legal and regulatory developments. Shanghai Lee, Tsai & Partners and the editors do not guarantee the accuracy of the Content and expressly disclaim any and all liability to any person in respect of the consequences of anything done or permitted to be done or omitted to be done wholly or partly in reliance upon the whole or any part of the Content. The contributing authors' opinions do not represent the position of Shanghai Lee, Tsai & Partners. If the reader has any suggestions or questions, please do not hesitate to contact Shanghai Lee, Tsai & Partners.