PRC’s First Overarching Outbound Investment Regulation: Key Changes and What It Means for Cross Border Dealmaking

On 1 June 2026, the State Council published the Regulation on Outbound Investment (the “Regulation”) (State Council Order No. 837), signed by Premier Li Qiang and passed at the 83rd Executive Meeting of the State Council on 17 April 2026. The Regulation takes effect on 1 July 2026 and is the first administrative regulation — as opposed to ministerial-level departmental rules — issued by the State Council to comprehensively govern outbound investment by PRC investors.

The elevation in legislative hierarchy matters on two fronts. First, administrative regulations carry greater legal authority than departmental rules and, for the first time, can impose administrative penalties directly on violators. Second, the Regulation consolidates the previously separate NDRC and MOFCOM frameworks under a single instrument, creating a more unified and more enforceable compliance architecture.

Although ministerial rules implementing the new regulation have not yet been announced, the framework includes several key developments of which both domestic and foreign dealmakers should be aware:

1. The creation of an Outbound Investment Security Review Regime (OISR) with broad, undefined powers to reject new transactions and unwind existing ones.
2. Existing ODI and export control regulations (as well as the new OISR regime), now cover indirect transfers, including through licensing and employee secondment arrangements.
3. Outbound investment restrictions now cover individuals (as well as entities and institutions).
4. Chinese regulators are empowered to adopt protective measures against organizations that impose or comply with policies deemed discriminatory to Chinese investment.
5. Violations of the new regulations may involve personal liability to directors and officers and, in some cases, criminal liability.

The new regulations will enter into force on 1 July 2026, which means deals already at signing, or in advanced negotiation, need to be assessed against the Regulation's requirements now.

1. Outbound Investment Security Review Regime (OISR)

Article 15 of the Regulation introduces an outbound investment security review regime (“OISR”). The NDRC and MOFCOM, together with other relevant State Council departments, are empowered to review outbound investments that “affect or may affect national security” — deliberately broad language that covers initial investments as well as post-investment asset transfers and disposals. Although specific technologies or industries have not yet been specified, based on existing transfer control regulations, sectors such as AI, semiconductors, critical minerals, EV batteries, and certain biotechnologies are likely to come under scrutiny.

All PRC entities and individuals are legally obligated to cooperate with the review (the details of which have not yet been announced) and to comply with any resulting decisions; non-compliance triggers the penalties described in Section 5.

Covered Transactions

In addition to transactions involving a direct outbound investment from China, three other common transaction patterns expressly fall under the new OISR regime and will be subject to regulatory scrutiny going forward:

1. Offshore restructurings (the “Singapore wash”). Contributing PRC-origin technology, IP, or data to a Cayman or Singapore holding vehicle so that the subsequent acquisition appears purely offshore does not remove the transaction from the Regulation’s scope. Under Article 2, the restructuring step itself constitutes an outbound investment, and if the underlying assets may affect national security, OISR review may apply to the initial offshoring.
2. Disposal of existing overseas assets. Article 15 expressly covers disposals of overseas assets and interests, not merely initial investments. A foreign acquirer purchasing an asset from a Chinese seller therefore needs to consider whether the history of that asset — including any prior offshore restructurings — creates an OISR exposure that has not been properly cleared, and, even if cleared, whether approvals in respect of the secondary transaction are required.
3. Technology transfer through licensing or personnel. Technology or know-how transferred through licensing arrangements, or through the secondment of key technical staff, can trigger OISR review (see Section 2), even where there is no equity component. Where an equity investment is also present — for example, a Chinese party contributing IP to a joint venture — both an ODI filing and OISR review may be required.

Detailed implementing rules — covering thresholds, triggers, and procedural timelines — have not yet been issued. However, Beijing’s recent unwinding of Meta’s USD 2 billion acquisition of the PRC AI start-up Manus (which the NDRC blocked on national security grounds in April 2026), indicates that OISR will likely follow a substance-over-form approach — tracing where technology was developed and how it was migrated offshore, rather than technicalities such as where the target company is incorporated — close gaps left by current NDRC/MOFCOM rules (which primarily focus on transactions in designated sensitive industries and countries), and be willing to exercise its unwinding power in practice.

2. Indirect Technology and Data Transfer Restrictions

Article 13 addresses the intersection of outbound investment and export control. It restates existing prohibitions on exporting controlled goods, technology, services, and data, but extends that prohibition explicitly to indirect transfers. The methods specifically called out include: the cross-border dispatch of technical personnel, organizing personnel to work overseas, providing cross-border technical guidance, and arranging cross-border training programs.

The significance is that post-investment operational integration is now explicitly within scope. Seconding engineers to work with an overseas investee company, migrating source code during post-acquisition integration, or running cross-border training programs for controlled technology can all constitute a controlled transfer if the underlying technology or data is subject to restriction. This echoes the 'deemed export' concept under US export control law and closes a gap that was previously addressed only loosely by the Export Control Law.

Key distinctions to draw

The types of information sharing arrangements that constitute a controlled transfer, and how they are regulated, are subject to several important nuances:

1. OISR review is distinct from ODI review. Article 13's obligations are triggered independently of whether there is any equity component in the transaction. A pure licensing arrangement with dispatched engineers is within scope if the technology is controlled — even if no ODI filing is required for that arrangement. Conversely, an equity investment that does not involve controlled technology may complete the ODI process without separately triggering Article 13.
2. Cross-border data compliance is a separate track. Article 14 expressly provides that cross-border data flows arising from outbound investment are governed by applicable laws, including the Data Security Law, the Personal Information Protection Law (PIPL), and the Cybersecurity Law. Security assessments, standard contract filings, or personal information protection certifications may apply to the data-transfer components of a deal even where the investment itself has been properly cleared through the OISR/ODI process.
3. Dispute resolution and evidence sharing. Article 22 requires that where parties to outbound-investment-related arbitration or litigation need to provide evidence or materials to overseas recipients, they must comply with state secrets protection, data security, personal information protection, technology export, and export control requirements, and must obtain regulatory approval if required by law. This has practical implications for dispute resolution clauses and document-sharing protocols in transaction agreements.

Taken together, outbound investment compliance is no longer just an NDRC/MOFCOM filing exercise. PRC companies expanding overseas now face a three-layer framework — ODI regulation, technology export control, and cross-border data transfer — that overlap and must be planned and addressed as an integrated whole.

3. Individual Investors Formally Brought Within Scope

The Regulation defines “investors” to include not just enterprises and other organizations, but also individuals within the PRC, and mandates the NDRC and MOFCOM issue detailed implementing rules for individual investors, establishing for the first time a clear regulatory basis for this category of outbound investment.

In practice, many individual PRC investors have historically relied on the Circular 37 framework, a set of rules issued by the State Administration of Foreign Exchange (SAFE) in 2014, which required foreign exchange registration for round-trip investment through offshore special purpose vehicles (SPVs). Circular 37 resolved only the foreign exchange dimension, however, and did not address the underlying NDRC and MOFCOM ODI obligations. Red-chip structures used by PRC founders for overseas listings now carry materially higher enforcement risk given the Regulation's new penalty regime.

That means the Article 33 implementing rules for individual investors have not yet been promulgated. Until they are, the precise compliance pathway remains uncertain, and individuals relying on existing structures should seek specific advice before proceeding with new transactions.

4. Counter-Discriminatory and Protective Measures

The Regulations equip the PRC government with three categories of response mechanisms to address actual or perceived investment barriers and discriminatory measures that PRC investors encounter overseas.

1. MOFCOM investigation and responsive measures. MOFCOM may, by itself or together with other relevant State Council departments, investigate obstacles encountered by PRC investors and take responsive measures such as adjusting country-specific investment policies and restricting relevant imports, exports, or international service trade.
2. Counter-sanction measures. Where foreign states or international organizations impose discriminatory prohibitions or restrictions against PRC investments, the PRC government may place relevant organizations and individuals on counter-sanction lists under the Anti-Foreign Sanctions Law.
3. Restrictive measures against foreign organizations and individuals. Foreign organizations and individuals that harm PRC sovereignty, security, or development interests, or that unreasonably deprive PRC investors of their legitimate rights, may be subject to restrictions on transactions, cooperation, and entry into the PRC. Notably, these measures may extend to affiliates, making it harder to circumvent.

Two broader points are worth noting. First, these provisions share significant common ground with the State Council Provisions on Security of Industrial and Supply Chains (State Council Order No. 834), which came into effect on 7 April 2026. Together, the two instruments signal a coordinated expansion of PRC countermeasure tools across investment, supply chains, and trade. Second, a foreign entity that terminates business ties with a Chinese company to comply with third-country sanctions could face liability under both this Regulation and the Anti-Foreign Sanctions Law — the two regimes are additive, not alternative.

5. Application to Hong Kong, Macau, and Taiwan

For entities operating through Hong Kong holding structures, the Regulation expressly provides that investments by PRC-domiciled investors in Hong Kong, Macau, and Taiwan are subject to the Regulation “by reference” (unless otherwise provided by law or regulation).

The application “by reference” will require further interpretation and implementing rules. However, the starting position is that PRC enterprises investing in Hong Kong — including by acquiring Hong Kong-listed entities or establishing holding structures through Hong Kong — are not automatically outside the Regulation's reach, and transactions that use Hong Kong as a conduit for assets whose underlying origin or sensitivity engages national security concerns may be subject to OISR review.

6. Administrative Penalties for Violations

The Regulation establishes, for the first time, an omnibus penalty regime covering the full spectrum of ODI violations. Under PRC law, administrative penalties can only be imposed by instruments at the level of administrative regulation or above — the previous departmental rules simply lacked this power. The enforcement landscape has fundamentally changed.

The penalty structure is tiered rather than a single flat rate: prohibited-investment violations where the investor refuses to comply attract fines of 0.5%–1% of the investment amount, while filing and documentation failures at the initial stage attract a lower band of 0.1%–0.5%, escalating to 0.5%–1% if the investor refuses to rectify. For large transactions, even the lower bands represent a significant absolute amount, and the deterrent is compounded by the activity-ban and asset-disposal remedies.

Personal liability for individual directors, legal counsel, compliance officers, and finance personnel is a material new development. PRC-side management teams and their advisors face a direct personal risk — in the form of fines on the individuals personally — that did not exist under the prior departmental rules.

The Regulation also includes a criminal liability backstop: violations involving national security, money laundering, or illegal business operations that meet criminal prosecution thresholds may give rise to criminal liability under the PRC Criminal Law, not merely administrative penalties. Public officials who engage in dereliction of duty or disclosure of state secrets in the ODI approval process may also face criminal prosecution.

The penalty regime does not apply to foreign counterparties directly. However, the practical consequences of an uncleaned OISR position can be severe: title and ownership risk after closing, ongoing operational constraints, counterparty performance risk if the Chinese party faces enforcement, and exit risk when the unresolved regulatory position surfaces on the next sale.

7. Practical Considerations for Dealmakers

The Regulation is best understood as a framework law, as many of its most significant provisions are pending implementing measures; however, there are a number of important implications for anyone engaging in Chinese cross-border transactions.

For PRC-domiciled investors and their managers

1. Outbound investment compliance should be treated as a three-track exercise: ODI regulation under the NDRC and MOFCOM, technology export control, and cross-border data transfer requirements under the Cyberspace Administration of China. These tracks overlap in important ways and must be planned together, not sequentially.
2. OISR risk should be assessed early — at the preliminary feasibility stage, not at the filing stage. For transactions in AI, semiconductors, biotech, and data-intensive sectors, proactive engagement with the competent authorities before the deal is announced is advisable.
3. Post-investment integration plans should be separately reviewed for compliance with the Regulation. Secondments of technical staff, training programs, source code migration, and cross-border operational data sharing are all potentially reviewable, even if the initial transaction was not.
4. Where an individual or entity uses an offshore transaction structure, specific advice should be sought on whether historical compliance gaps need to be remediated — particularly if a new transaction or a public listing is being contemplated.

For foreign counterparties transacting with PRC investors

1. Where a target asset has PRC origins, prior restructurings and asset migrations should be diligenced before signing to determine whether clearance was required and obtained. The fact that an asset is located offshore does not preclude regulatory scrutiny. Discovering a jurisdictional defect after signing is materially more costly to resolve.
2. Parties should assess whether any technology transfer (beyond a formal equity investment) necessitates an OISR filing. For parties involved in joint ventures with Chinese entities, this means establishing protocols around technology flows and continuously monitoring adherence to them.
3. When structuring transactions, deal teams should look to the intent of the rules, not just the black letter law. The unwinding of the Meta/Manus transaction indicates regulators are applying a substance over form approach, and are willing to use their powers to block or unwind transactions.
4. Parties should closely monitor developments in their home jurisdictions that may be viewed as discriminatory towards Chinese companies. Forced divestitures, termination of contracts, required concessions, denial of access to government contracts, banning of product sales, investigations, fines, penalties, etc., may be perceived by Chinese regulators as politically-motivated, which now carries formalized legal implications. This presents heightened certainty risk (particularly for US companies) that should be allocated in deal documents.
5. For transactions where both PRC and foreign investment screening requirements may apply, the sequencing and interaction of both PRC and foreign workstreams should be mapped at the preliminary diligence stage, before the deal timetable is fixed. In sensitive sectors such as AI, semiconductors, biotech, and data-intensive businesses, regulations may conflict and proactive early engagement with the competent authorities on both sides is advisable.
6. Dispute resolution provisions should reflect that discovery in disputes involving Chinese counterparties is now more limited (particularly if the information relates to sensitive sectors). Parties should consider protocols on how sensitive information will be shared and consequences for failure to produce.

A note on financial services

The Regulation expressly provides that investments in overseas financial markets are subject to the Regulation as well as to other applicable state rules. Dedicated licensed channels such as the Qualified Domestic Institutional Investor (QDII) and the Qualified Domestic Limited Partner (QDLP) programs continue to apply; the Regulation does not displace these regimes. This is a useful clarification for asset management and wealth management clients who are concerned that the Regulation may disrupt existing licensed cross-border capital market investment programs.