How Can Enterprises Protect Their "Unspeakable Secrets"? The Provisions on the Protection of Trade Secrets Are Coming into Effect!
Introduction:
The State Administration for Market Regulation (SAMR) Order No. 126 has officially promulgated the Provisions on the Protection of Trade Secrets (hereinafter referred to as the "New Regulations"), which will come into effect on June 1, 2026. This represents a comprehensive upgrade to China's core administrative regulations on trade secret protection for the first time in 30 years. For enterprises, this is not only a "powerful weapon" for safeguarding rights but also a "tightening spell" for compliance.
This article provides an in-depth interpretation of the key points, matters for attention, and risk areas under the New Regulations to help you build a robust corporate security defense.
This article provides an in-depth interpretation of the key points, matters for attention, and risk areas under the New Regulations to help you build a robust corporate security defense.
I. Core Highlights of the New Regulations: Three Breakthrough Changes
1. Significant Expansion of Trade Secret Scope
The New Regulations explicitly include digital information such as data, algorithms, source code, and failed experimental data within the scope of protection :
Technical Information: Structure, raw materials, formulas, processes, methods, data, algorithms, computer programs, etc.
Business Information: Creative ideas, management practices, sales strategies, financial information, plans, customer information (including transaction habits and intentions), failed R&D data, etc.
Key Takeaway: "Failed experiences" and "digital assets" that were previously difficult to protect now have clear legal status.
2. Confidentiality Measures Adapted for "Digital Office"
Addressing new scenarios such as remote work and cross-border collaboration, the New Regulations clarify standards for reasonable confidentiality measures :
Physical Isolation: Prohibiting or restricting access to confidential premises.
Technical Safeguards: Permission grading, data desensitization, operation log retention, encryption, sealing, etc.
System Management: Marking, classification, isolation, signing confidentiality agreements, etc.
Key Takeaway: Relying solely on "oral agreements" is no longer sufficient; enterprises must establish a three-dimensional protection network of "physical + technical + institutional" measures.
Addressing new scenarios such as remote work and cross-border collaboration, the New Regulations clarify standards for reasonable confidentiality measures :
Physical Isolation: Prohibiting or restricting access to confidential premises.
Technical Safeguards: Permission grading, data desensitization, operation log retention, encryption, sealing, etc.
System Management: Marking, classification, isolation, signing confidentiality agreements, etc.
Key Takeaway: Relying solely on "oral agreements" is no longer sufficient; enterprises must establish a three-dimensional protection network of "physical + technical + institutional" measures.
3. Optimized Infringement Determination and Burden of Proof
More Specific Infringement Acts: Including electronic intrusion, inducement of breach of contract, and abetment of infringement as new methods .
Reduced Burden of Proof: After the rights holder provides preliminary evidence, the alleged infringer must prove the lawful source of their information .
Increased Penalties: For trade secret infringement, fines of up to RMB 5 million may be imposed; in serious cases, the matter will be transferred to judicial authorities for criminal liability .
More Specific Infringement Acts: Including electronic intrusion, inducement of breach of contract, and abetment of infringement as new methods .
Reduced Burden of Proof: After the rights holder provides preliminary evidence, the alleged infringer must prove the lawful source of their information .
Increased Penalties: For trade secret infringement, fines of up to RMB 5 million may be imposed; in serious cases, the matter will be transferred to judicial authorities for criminal liability .
II. Five Critical Matters Enterprises Must Address:
1. Immediately Conduct a Trade Secret Inventory
Action: Comprehensively review internal technical information (e.g., formulas, code) and business information (e.g., customer lists, bidding strategies).
Standard: Determine whether it meets the three requirements of "not known to the public, having commercial value, and subject to confidentiality measures" .
Action: Comprehensively review internal technical information (e.g., formulas, code) and business information (e.g., customer lists, bidding strategies).
Standard: Determine whether it meets the three requirements of "not known to the public, having commercial value, and subject to confidentiality measures" .
2. Upgrade Confidentiality Measures (Especially IT Systems)
Remote Work: Must deploy permission management systems to ensure employees can only access necessary data.
Data Retention: Enable operation logs to record who accessed, copied, or modified sensitive data and when.
Remote Work: Must deploy permission management systems to ensure employees can only access necessary data.
Data Retention: Enable operation logs to record who accessed, copied, or modified sensitive data and when.
Departure Controls: Mandatory device inspection, account deactivation, and confidentiality reminders before employee departure .
3. Improve Contracts and Systems
Confidentiality Agreements: Sign written confidentiality agreements with employees, suppliers, and partners, clearly defining the scope of confidentiality and liability for breach.
Non-Compete Clauses: Legally agree on non-compete clauses for core personnel.
Internal Policies: Formulate Measures for the Administration of Trade Secrets, clarifying management standards for confidential personnel, carriers, and areas.
Confidentiality Agreements: Sign written confidentiality agreements with employees, suppliers, and partners, clearly defining the scope of confidentiality and liability for breach.
Non-Compete Clauses: Legally agree on non-compete clauses for core personnel.
Internal Policies: Formulate Measures for the Administration of Trade Secrets, clarifying management standards for confidential personnel, carriers, and areas.
4. Establish a Rights Protection Evidence Chain
Evidence Preservation: Use technologies such as timestamps and blockchain to preserve evidence of trade secrets.
Monitoring: Regularly inspect information system security and promptly collect evidence when anomalies are detected.
Evidence Preservation: Use technologies such as timestamps and blockchain to preserve evidence of trade secrets.
Monitoring: Regularly inspect information system security and promptly collect evidence when anomalies are detected.
5. Strengthen Training and Awareness
All-Staff Training: Ensure every employee knows what trade secrets are, how to protect them, and the consequences of disclosure.
Case Warnings: Use real cases to heighten employee vigilance.
All-Staff Training: Ensure every employee knows what trade secrets are, how to protect them, and the consequences of disclosure.
Case Warnings: Use real cases to heighten employee vigilance.
III. High-Risk Minefields: The Following Actions May Cause Severe Losses to Enterprises
1. Lack of Confidentiality Measures
Only oral confidentiality agreements without written contracts; core data unencrypted and without access controls.
Consequence: Courts may rule that "reasonable confidentiality measures were not taken," resulting in the trade secret not being protected.
Only oral confidentiality agreements without written contracts; core data unencrypted and without access controls.
Consequence: Courts may rule that "reasonable confidentiality measures were not taken," resulting in the trade secret not being protected.
2. Departing Employees Taking Data
If enterprises fail to take confidentiality measures, leading to employees copying customer lists or technical materials upon departure; or failing to promptly recover access cards or account permissions, and departing employees subsequently disclose confidential information provided by clients to the enterprise.
Consequence: The enterprise may face claims for compensation from clients.
If enterprises fail to take confidentiality measures, leading to employees copying customer lists or technical materials upon departure; or failing to promptly recover access cards or account permissions, and departing employees subsequently disclose confidential information provided by clients to the enterprise.
Consequence: The enterprise may face claims for compensation from clients.
3. Third-Party Collaboration Leaks
Providing core data to suppliers or outsourcing contractors without signing confidentiality agreements; failing to supervise their usage.
Consequence: The enterprise's trade secrets may be disseminated, resulting in loss of competitive advantage.
Providing core data to suppliers or outsourcing contractors without signing confidentiality agreements; failing to supervise their usage.
Consequence: The enterprise's trade secrets may be disseminated, resulting in loss of competitive advantage.
4. Ignoring "Failed Data"
Believing that failed R&D data has no value and discarding or disclosing it casually.
Consequence: The enterprise misses protection opportunities, and competitors may use this data to avoid R&D risks .
Believing that failed R&D data has no value and discarding or disclosing it casually.
Consequence: The enterprise misses protection opportunities, and competitors may use this data to avoid R&D risks .
5. Remote Work Vulnerabilities
Employees using public WiFi to transmit sensitive data when working from home; personal devices without security software installed.
Consequence: Data stolen by hackers, with the enterprise having difficulty assigning liability.
Employees using public WiFi to transmit sensitive data when working from home; personal devices without security software installed.
Consequence: Data stolen by hackers, with the enterprise having difficulty assigning liability.
IV. Action Recommendations: Complete These Three Steps Before June 1
1. Self-Inspection and Rectification (From Now Until End of April)
Compare existing confidentiality systems and technical measures against the New Regulations' requirements to identify and fill gaps.
1. Self-Inspection and Rectification (From Now Until End of April)
Compare existing confidentiality systems and technical measures against the New Regulations' requirements to identify and fill gaps.
2. System Upgrade (Early May)
Update confidentiality agreement templates and deploy necessary technical protection tools in accordance with the Measures for the Administration of Trade Secrets.
Update confidentiality agreement templates and deploy necessary technical protection tools in accordance with the Measures for the Administration of Trade Secrets.
3. All-Staff Drill (Late May)
Organize a special training session and emergency drill on trade secret protection to ensure all employees are aware and engaged.
Organize a special training session and emergency drill on trade secret protection to ensure all employees are aware and engaged.
Conclusion:
The introduction of the Provisions on the Protection of Trade Secrets marks China's entry into a new era of "strong regulation and practical implementation" for trade secret protection. For enterprises, compliance is competitiveness. Only by proactively embracing change and building a comprehensive protection system can enterprises remain invincible in fierce market competition.