On April 7, 2026, the Chinese State Council made a routine procurement action potentially illegal: asking a supplier in China for its bill of materials.

Article 13 of State Council Decree No. 834 -- the Regulations on Industrial and Supply Chain Security -- prohibits "investigative or information-gathering activities concerning the industrial or supply chain" by foreign entities without approval. Six days later, Decree No. 835 layered on personal criminal liability for anyone "promoting or participating" in a foreign rule that Beijing deems improper extraterritorial jurisdiction. Both took effect immediately. No transition period. No grace period. No implementing guidelines.

If you run a manufacturing supply chain that touches China -- and most do -- these two decrees changed your compliance landscape overnight. Not because they introduced entirely new legal concepts (China has been building this framework since 2020), but because they elevated scattered departmental rules into a unified, State Council-level system with real enforcement teeth: criminal liability for individuals, a new "Malicious Entity List," and a 15-agency coordination mechanism chaired by the NDRC and authorized to investigate any foreign entity whose conduct "poses a threat of causing actual damage" to China's supply chains.

Beijing rarely writes a rule it does not intend to use. UEL designations jumped from 3 in 2024 to 67 in 2025. The first civil settlement under the Anti-Foreign Sanctions Law was RMB 99.7 million. MOFCOM invoked its blocking rules for the first time on May 2, 2026. The pattern is plain: write the rule, wait six to twelve months, then pull the trigger at scale. April 2026 started the stopwatch.

The core problem for multinational manufacturers is simple to state and genuinely difficult to solve: US law (the Uyghur Forced Labor Prevention Act) and EU law (the Corporate Sustainability Due Diligence Directive) require you to investigate your supply chain in China. Chinese law now restricts precisely that investigation. Saying yes to one legal system creates exposure under the other.

This post maps what the decrees actually say, traces the enforcement escalation that led here, explains the specific catch-22 for manufacturers, and offers practical steps for companies navigating both sides.

What Decree 834 Says: Supply Chain Security

Decree 834 -- officially the "Provisions on Industrial and Supply Chain Security" -- is China's first dedicated administrative regulation addressing supply chain security at the State Council level. It creates a high-level working mechanism of 15 agencies (including Commerce, Public Security, Customs, and the Cyberspace Administration) to monitor and secure critical sectors.

The regulation has four main thrusts:

1. Information Collection Restrictions (Article 13)

This is the provision that creates the most direct conflict with Western compliance obligations. Article 13 prohibits any organization or individual from conducting supply chain-related "investigations or information collection activities" within China in violation of Chinese laws, administrative regulations, departmental rules, or relevant state provisions.

The language is deliberately broad. "Investigations and other information collection activities related to industrial and supply chains" can encompass:

• ESG audits and environmental reporting

• Forced labor due diligence questionnaires

• Supplier evaluations and on-site inspections

• Carbon footprint mapping (Scope 2 and Scope 3 emissions data)

• BOM-level supply chain tracing

• Any structured data collection tied to a foreign compliance regime

No implementing guidelines have been issued to define the boundaries. A European company trying to fulfill its CSDDD obligations can now find itself confronted with Chinese regulations that prohibit or restrict precisely the data collection the EU requires.

2. Retaliation Against Foreign Supply Chain Actions (Articles 14-15)

Article 14 targets foreign governments or organizations that impose bans or restrictions harming China's supply chain. China can investigate such measures and respond with import/export bans, penalty tariffs, or by adding responsible parties to its countersanctions list.

Article 15 establishes a dedicated supply chain security investigation mechanism under which Chinese authorities may examine conduct that "poses a threat of causing actual damage" -- a lower threshold than the "actual harm" standard in predecessor instruments like the Unreliable Entity List. The trigger is no longer waiting for damage to occur. The threat of damage is sufficient.

3. Risk Monitoring and Emergency Response (Articles 4-12)

The regulation requires risk monitoring, emergency plans for key materials and products, and mandates that companies ensure the security of core technologies and data. The State Council can designate "key sectors" for heightened monitoring and supply chain capacity reserves.

4. Coordination Mechanism

Fifteen agencies now share implementation responsibilities. This is not a single-ministry rule that can be ignored. It's a cross-government framework that can trigger simultaneous investigations from multiple regulators.

What Decree 835 Says: Countering Foreign Extraterritorial Jurisdiction

Decree 835 is the sharper of the two instruments. Where Decree 834 restricts information collection, Decree 835 creates affirmative legal consequences for complying with foreign laws that China deems "improper extraterritorial jurisdiction."

The Malicious Entity List (Article 8)

Decree 835 creates a new designation list targeting foreign organizations and individuals that "promote or participate in implementing" identified foreign extraterritorial measures. The word "promote" (推动) is significant -- it expands sanctionable conduct beyond direct implementation to include advocacy, lobbying, or even urging industry peers to sever ties with Chinese entities.

Listed parties face: asset freezes, data-transfer restrictions, visa suspensions, trade prohibitions, investment restrictions, and fines.

Piercing Rules (Article 8)

Countermeasures extend to entities "actually controlled by or participated in establishing or operating" listed entities. Unlike the U.S. OFAC 50% ownership threshold (which triggers automatically), China's piercing test turns on "actual control" -- a case-by-case analysis that can penetrate corporate structures in ways that are harder to predict and plan for.

Criminal Liability (Article 12/18)

This is the most significant escalation. For the first time in China's counter-sanctions framework, Decree 835 introduces express criminal liability for individuals who violate prohibition orders, fail to execute countermeasures, or otherwise violate the decree. Prior instruments imposed only administrative penalties and exit bans. Executives of implicated organizations now face personal criminal exposure.

Prohibition Execution Orders (Article 13)

The Ministry of Justice can issue orders directing all persons in China to refuse compliance with identified foreign measures. This replaces the prior MOFCOM blocking rules with a more formalized, progressive enforcement mechanism (warnings and corrections before formal orders).

Long-Arm Jurisdiction (Article 4)

Decree 835 asserts China's right to exercise jurisdiction over conduct with "appropriate connection" (适当联系) to China. The term is undefined, granting authorities flexibility to reach conduct that occurs entirely outside China's borders.

The Catch-22: When Compliance with One Law Violates Another

The practical dilemma is not abstract. Here are three specific scenarios that manufacturers face today:

Scenario 1: UFLPA Due Diligence

The US Uyghur Forced Labor Prevention Act presumes that goods produced in Xinjiang are made with forced labor and bars their import into the United States. To rebut the presumption, companies must provide "clear and convincing" evidence that no input touched Xinjiang. CBP Form 28 demands supplier names, facility addresses, GPS-tagged photographs, worker documentation, and in some cases wage slips -- a level of supply chain granularity that requires precisely the kind of investigation Decree 834 restricts.

Under Decree 834, Article 13, conducting that supply chain investigation within China -- the questionnaires, the on-site inspections, the data collection -- may now constitute prohibited "supply chain investigation activities." Under Decree 835, complying with UFLPA (which China views as discriminatory extraterritorial jurisdiction) could expose the company to the Malicious Entity List.

The manufacturer cannot satisfy both laws simultaneously.

Scenario 2: EU CSDDD and Scope 3 Emissions

The EU Corporate Sustainability Due Diligence Directive requires large companies to identify, prevent, and mitigate adverse human rights and environmental impacts in their supply chains, with penalties running up to 5% of global turnover for non-compliance. Scope 2 and Scope 3 emissions measurements under ISSB IFRS and the EU's Corporate Sustainability Reporting Directive require data from across the supply chain -- including Chinese suppliers.

Decree 834 restricts precisely this data collection. A company that sends an ESG questionnaire to its Chinese Tier 2 supplier asking about energy sources, emissions data, and labor practices is conducting "supply chain investigation activities" that may fall within the prohibition.

Scenario 3: Supplier Termination

A US company decides to stop sourcing from a Chinese supplier because of UFLPA concerns, export control restrictions, or sanctions compliance. Under China's framework, that termination simultaneously triggers potential exposure under:

• Decree 834: "Interrupting normal transactions" that threatens supply chain security

• Decree 835: Implementing "improper extraterritorial jurisdiction"

• Anti-Foreign Sanctions Law: Implementing foreign discriminatory restrictions

• MOFCOM Blocking Rules: Complying with prohibited foreign law (private right of action -- the Chinese supplier can sue)

• Unreliable Entity List: Suspending normal transactions; discriminatory measures

A single business decision triggers five overlapping Chinese legal instruments.

The Enforcement Escalation: From Paper Tiger to Real Teeth

The decrees matter because enforcement has escalated dramatically. The instruments above are no longer just frameworks on paper.

The 67 UEL designations in 2025 compared to 3 in 2024 represent a 2,233% increase. The designations have focused primarily on US defense companies involved in arms sales to Taiwan -- firms like Epirus, AeroVironment, Exelis, BAE Systems, Dedrone by Axon, TechInsights and its nine subsidiaries, and DZYNE Technologies. But the legal tools are not limited to defense. The expansion of the framework to cover supply chain investigations and ESG audits brings commercial and industrial companies into scope.

The Nanjing Maritime Court case is particularly significant. In December 2024, Jiangsu Yangzijiang Shipbuilding filed a civil claim under the Anti-Foreign Sanctions Law against a counterparty (an anonymized US defense OEM) that had complied with US sanctions. The case settled for RMB 99.7 million (approximately $14 million) and was admitted to the Supreme People's Court database in 2025 -- establishing precedent that private litigation is a viable enforcement mechanism. Chinese companies can now sue foreign counterparties for complying with US sanctions.

Concrete Examples: What's Changed in Practice

What Has Changed

CK Hutchinson / Panama Canal: CK Hutchinson, the Hong Kong conglomerate, lost its Panama Canal port operations following US pressure. China's response helped catalyze the countersanctions framework -- the CK Hutchinson case is widely cited in Chinese policy circles as the type of "improper extraterritorial jurisdiction" the decrees are designed to counter.

Nexperia / Netherlands: The Dutch government exercised national security authority to take control of Chinese-owned chipmaker Nexperia's Dutch operations. This kind of action -- a foreign government intervening in a Chinese company's overseas investments -- falls squarely within Decree 835's definition of conduct warranting countermeasures.

MOFCOM Blocking Rules Invocation (May 2, 2026): MOFCOM issued its first formal blocking order, prohibiting compliance with US sanctions targeting five Chinese companies. This was the first operational use of the blocking mechanism, signaling that the tools built over the past six years are now being deployed.

What Has NOT Changed (Yet)

No Malicious Entity List designations under Decree 835. As of mid-May 2026, no foreign entities have been formally designated under the new Malicious Entity List. The framework is in place but untested.

Routine commercial audits continue. Companies report that standard quality audits, ISO certification inspections, and routine supplier evaluations are still proceeding normally in most sectors. The regulations appear to target politically sensitive investigations (forced labor, sanctions-related tracing) rather than ordinary commercial quality management.

Exemption mechanisms exist. Decree 835 allows companies to apply for exemptions from Prohibition Execution Orders when they face genuine conflict-of-laws situations. This is an important safety valve -- though the process is untested and the approval criteria are undefined.

Defense companies bear the brunt. Enforcement to date has focused primarily on US defense companies. Commercial and industrial companies with no direct defense nexus face lower immediate risk, though the legal exposure is real and expanding.

Practical Steps for Manufacturers

Immediate (This Month)

1. Map your conflict-of-laws exposure. Identify every point where your China operations intersect with a US or EU compliance obligation: UFLPA supply chain tracing, sanctions screening, export controls, ESG reporting, CSDDD due diligence. For each intersection, document the specific Chinese legal risk under Decrees 834/835, AFSL, blocking rules, and UEL.

2. Pause and reassess politically sensitive audits. Do not send new forced-labor due diligence questionnaires or conduct on-site ESG inspections in China until you have legal counsel's assessment of the specific risks under Decree 834. Routine quality audits (ISO, IATF 16949, process capability) appear lower-risk but should still be reviewed.

3. Review global compliance policies. If your corporate compliance policy mandates automatic compliance with US/EU sanctions across all subsidiaries including China, that blanket mandate may constitute "implementing" or "promoting" improper extraterritorial jurisdiction under Decree 835. Consider jurisdiction-specific policies instead.

Near-Term (Next 90 Days)

4. Develop a supplier termination protocol. Terminating a Chinese supplier is the highest-risk action under the current framework. Before any termination, assess exposure under all five Chinese instruments (Decree 834, 835, AFSL, blocking rules, UEL). Document commercial justifications that are independent of sanctions compliance. Avoid citing foreign sanctions as the reason for termination.

5. Prepare exemption applications. Familiarize your legal team with the exemption mechanisms under Decree 835 and the MOFCOM Blocking Rules. If your company faces a genuine conflict of laws, a proactive exemption application is better than reactive designation.

6. Segment your data governance. Separate supply chain data that is collected for Chinese domestic regulatory purposes from data collected for foreign compliance regimes. The restrictions target investigations conducted "in violation of Chinese laws" -- data collected for legitimate Chinese regulatory purposes (tax, customs, quality) may fall outside the prohibition.

Ongoing

7. Monitor enforcement signals. The first Malicious Entity List designations under Decree 835 will be the clearest signal of how broadly China intends to enforce. Watch for designations of non-defense companies, which would indicate expansion beyond the current defense-sector focus.

8. Engage with industry associations. Collective advocacy is less risky than individual company action. Industry groups (US-China Business Council, European Chamber of Commerce in China, AmCham China) are engaging with Chinese regulators on implementation guidance. Individual companies publicizing their compliance challenges risk attracting attention under the "promotion" provision of Decree 835.

Best Information Sources

Staying current on this landscape requires monitoring multiple channels. Here are the most reliable:

Law Firm Analyses (most detailed, fastest updates):

• Morgan Lewis -- Todd Liao's Shanghai team publishes detailed analyses within days of new regulations

• Jones Day -- "Caught in the Crossfire" series covers the full enforcement landscape

• Baker McKenzie -- Global Sanctions and Export Controls Blog tracks designations

• Steptoe -- International Compliance Blog covers the enforcement playbook evolution

• Debevoise & Plimpton -- Detailed provision-by-provision analysis

• Mayer Brown -- Focus on multifront compliance conflicts

• Morrison Foerster -- Coverage of Decree 835 enforcement mechanisms

Government Sources:

• english.www.gov.cn -- Official English translations of Chinese regulations (often delayed)

• ChinaLawTranslate.com -- Unofficial but high-quality English translations (faster than official)

• MOFCOM -- Designation announcements and blocking orders

• US CBP UFLPA Dashboard -- Tracks enforcement actions on the US side

Industry / Research:

• China Briefing (Dezan Shira & Associates) -- Practical business-oriented analysis

• Green Finance & Development Center -- ESG-specific impact analysis

• Rödl & Partner -- EU compliance perspective on the conflict of laws

The Regulatory Timeline: How We Got Here

Understanding the 2026 decrees requires understanding the six-year escalation that produced them.

The pattern is clear: departmental rules became national law, national law became State Council regulations with implementing mechanisms, and enforcement ramped from near-zero to 67 designations in a single year. Each step added new tools and lowered the threshold for action.

The ESG Dimension: Scope 3 Just Got Harder

For companies reporting under ISSB IFRS, the EU Corporate Sustainability Reporting Directive, or the SEC's climate disclosure requirements, the decrees create a specific data problem.

Scope 2 and Scope 3 emissions measurements require data from across the supply chain -- energy sources, production processes, transportation modes, waste streams. Much of that supply chain runs through China. Under Decree 834, collecting this data through foreign-mandated audit processes may fall within the prohibition on supply chain investigations.

This doesn't mean emissions reporting is impossible. It means the mechanism for collecting the data needs to change. Companies may need to:

• Rely on industry-average emissions factors rather than supplier-specific data for Chinese segments of the supply chain

• Work through Chinese industry associations or government-approved channels for data collection

• Use Chinese domestic ESG reporting frameworks (which are developing rapidly) as proxy data sources

• Distinguish between data voluntarily shared by Chinese suppliers and data actively investigated by foreign entities

The practical effect: Scope 3 reporting accuracy for companies with significant China supply chain exposure will likely decrease in the near term. Auditors and regulators on the Western side will need to adapt their expectations.

China's counter-sanctions framework is no longer a collection of dormant instruments. It's a coordinated, multi-agency system with criminal penalties, private rights of action, and a demonstrated willingness to designate. The 2026 decrees did not create the framework from scratch -- they systematized and sharpened tools that have been accumulating since 2020.

For manufacturers, the practical implication is that every decision involving Chinese supply chains -- from supplier evaluations to compliance audits to termination decisions -- now carries regulatory risk on both sides. The companies that navigate this will be the ones that build jurisdiction-specific compliance architectures rather than one-size-fits-all global policies. The catch-22 is real. The question is whether you've mapped it before it maps you.

Sources

• Morgan Lewis -- China Issues New Regulations on Countering Foreign Extraterritorial Jurisdiction -- Comprehensive analysis of Decrees 834/835, enforcement timeline, and Three Highest-Risk Scenarios

• Jones Day -- Caught in the Crossfire: Two New Chinese Decrees Raise the Stakes -- Detailed provision-by-provision analysis with enforcement landscape

• Steptoe -- Two Regulations, One Direction: China's Expanding Economic Security Playbook -- Historical evolution and enforcement escalation data

• Baker McKenzie -- China Introduces New State Council Decrees on Supply Chain Security -- Practical compliance implications

• Green Finance & Development Center -- Impacts on Green Economy and International Collaboration -- ESG, emissions reporting, and CSDDD conflict analysis

• Rödl & Partner -- Supply Chain Regulations in China: A Legal Test for Global Supply Chains -- EU compliance perspective

• China Briefing -- China's New Supply Chain Security Regulations: What Are the Risks? -- Practical risk assessment for foreign companies

• Official PRC Regulation Text (English) -- Decree 835 official English translation

• Mayer Brown -- China Expands Its Playbook: Direct Compliance Conflicts for Multinationals -- Multifront exposure analysis

• GlobeNewsWire / OpenSanctions -- Chinese Unreliable Entities List -- Current UEL designation tracking

Frequently Asked Questions

What exactly does Decree 834 prohibit?

Decree 834, Article 13, prohibits organizations and individuals from conducting supply chain-related "investigations and other information collection activities" within China in violation of Chinese laws and regulations. The scope is deliberately broad and undefined -- it can potentially cover ESG audits, forced labor due diligence, supplier evaluations, on-site inspections, and any structured data collection tied to a foreign compliance regime. No implementing guidelines have been issued to clarify the boundaries.

Can I still conduct quality audits of my Chinese suppliers?

Routine commercial quality audits (ISO certifications, IATF 16949, process capability assessments) appear to be lower-risk under the current framework. The regulations appear to target politically sensitive investigations -- forced labor tracing, sanctions-related supply chain mapping, and ESG audits mandated by foreign governments -- rather than ordinary quality management. However, the broad language of Article 13 means any supply chain investigation carries some degree of legal uncertainty until implementing guidelines are issued.

What is the Malicious Entity List and has anyone been designated?

The Malicious Entity List is a new designation tool under Decree 835 targeting foreign organizations and individuals that "promote or participate in implementing" foreign extraterritorial measures China deems improper. Listed parties face asset freezes, trade prohibitions, visa suspensions, and investment restrictions. As of mid-May 2026, no entities have been designated under this new list, though the separate Unreliable Entity List saw 67 designations in 2025 (primarily US defense companies).

How does this affect my UFLPA compliance obligations?

It creates a direct conflict. The UFLPA requires you to trace your supply chain and document the absence of forced labor to import goods from Xinjiang into the United States. Decree 834 restricts the supply chain investigation activities needed to generate that documentation within China. Decree 835 could treat your UFLPA compliance as implementing "improper extraterritorial jurisdiction." Companies cannot fully satisfy both requirements simultaneously -- they need jurisdiction-specific compliance architectures and potentially exemption applications under Decree 835.

What should my company do right now?

Three immediate actions: (1) Map every intersection between your China operations and US/EU compliance obligations -- UFLPA, sanctions, export controls, CSDDD, ESG reporting. (2) Pause politically sensitive supply chain audits in China pending legal review. (3) Review whether your global compliance policy mandates automatic foreign sanctions compliance by Chinese subsidiaries, which may itself violate Decree 835. Longer-term, develop jurisdiction-specific policies, prepare exemption applications, and monitor enforcement signals -- especially the first non-defense Malicious Entity List designation.

Does this affect Scope 3 emissions reporting?

Yes. Scope 2 and Scope 3 emissions measurements require supply chain data -- energy sources, production processes, transportation modes -- from Chinese suppliers. Collecting this data through foreign-mandated audit processes may fall within Decree 834's restrictions. Companies may need to rely on industry-average emissions factors, Chinese domestic ESG reporting frameworks, or data voluntarily shared by suppliers rather than actively investigated. Reporting accuracy for the China segment of supply chains will likely decrease in the near term.