Caught Between Two Fires: Why China's New April 2026 Rules Should Worry Every U.S. Company Doing Business with China

For seventeen years, we've counseled U.S. and European companies through every twist in the U.S.–China relationship — export controls, CFIUS reviews, UFLPA enforcement, entity listings, and the steady drumbeat of sanctions expansion out of Washington. Through all of it, one thing stayed more or less reliable: when Beijing pushed back, it did so through negotiation, informal pressure, or narrow case-by-case countermeasures. Compliance officers in Chicago, Detroit, and Dallas could focus on U.S. law and treat Chinese law as a secondary consideration.

That era ended this month.

On March 31, 2026, China's State Council issued Decree No. 834 — the Regulations on the Security of Industrial and Supply Chains. Two weeks later, on April 13, Decree No. 835 — the Regulations on Countering Foreign Improper Extraterritorial Jurisdiction — took effect, again with no grace period. Read together, these two instruments do something China has not done before: they pull the full menu of countersanctions tools — identification, blocking, investigations, civil liability, administrative penalties, and potential criminal exposure — into a single coordinated framework with teeth.

If you do business in or with China, your compliance program needs to be re-examined. Probably this quarter.

What actually changed

Decree 835 is the one that's drawing most of the attention from international counsel, and for good reason. It's twenty articles long and was signed by Premier Li Qiang. But the substance matters more than the length. A few provisions stand out for anyone running a multinational.

First, China has formally asserted its own extraterritorial reach. Article 4 of Decree 835 gives Chinese authorities jurisdiction over conduct with an "appropriate connection" (适当联系) to China. That standard is deliberately undefined. In practice, it means a decision made at a Munich headquarters, a Houston boardroom, or a Singapore regional office can now be pulled into Chinese regulatory exposure if Beijing decides the downstream impact on Chinese interests is sufficient. This is no longer a defensive blocking statute. It's an offensive jurisdictional claim.

Second, there's a new designation: the Malicious Entity List (恶意实体清单). Unlike the existing Unreliable Entity List, which targets improper trade conduct, or the Anti-Foreign Sanctions countermeasure list, which responds to hostile government action, the Malicious Entity List goes after any foreign organization or individual that "promotes or participates in implementing" foreign extraterritorial measures against China. The word "promotes" (推动) is the one to watch — it's broad enough to reach advisors, consultants, law firms, industry associations, and anyone else who helps shape or execute those measures. Designation triggers a second punch called the "piercing rule": countermeasures can flow through to entities the listed party controls, co-founded, or helps operate. For companies with complex holding structures, that matters.

Third, Article 14 creates a private right of action. Chinese citizens and organizations harmed by a foreign party's compliance with an "improper" foreign measure can now sue that party directly in Chinese courts — even if the defendant has no operations in China. Your European distributor cuts off a Chinese buyer to satisfy U.S. sanctions? That buyer can now bring a Chinese lawsuit against your distributor, seek damages, and count on the government to support the case. Morrison Foerster has called this the most commercially consequential feature of the Regulation, and I'd agree.

Fourth, Article 12 opens the door to criminal liability for individuals who violate the decree. That is a meaningful escalation from the administrative-only penalties that sat in every prior Chinese countersanction instrument.

Decree 834 — the supply chain regulation — works alongside all of this. It authorizes Chinese regulators to investigate "discriminatory measures" against Chinese persons that harm industrial and supply chain security, and to impose countermeasures similar to those available under Decree 835. In plain terms: if your global supply chain restructuring singles out Chinese suppliers or customers, regulators now have statutory authority to investigate and respond.

Why this hits U.S. and European companies harder than it looks

The reason these rules are dangerous is not that they're harsh in the abstract. It's that they create a genuine, enforceable legal conflict with obligations your company is already under from Washington and Brussels.

Three operational areas carry the most immediate risk, and I want to name them plainly.

UFLPA compliance is now a two-sided exposure. If your company is running Xinjiang-related supply chain traceability under the Uyghur Forced Labor Prevention Act — which almost every U.S. importer of manufactured goods is, in some form — the activities that keep you compliant with CBP are exactly the activities most likely to draw Chinese countermeasures. Collecting sensitive information on Chinese supplier operations, applying the "rebuttable presumption" to cut off Chinese suppliers, participating in industry-wide Xinjiang-linked exclusions: all of this is now squarely inside what Beijing views as "assisting improper extraterritorial jurisdiction." China has already demonstrated willingness to retaliate in this exact scenario. The new framework makes that retaliation faster, more systematic, and harder to negotiate away.

Headquarters-driven commercial terminations are the highest-risk activity of all. Multiple international law firms have flagged this in their April client alerts, and our read is the same. If a U.S. or European parent company instructs its Chinese subsidiary to stop doing business with a particular Chinese customer, stop buying from a particular Chinese supplier, or cut off post-sale service based on a foreign sanctions designation or export control, that instruction — if executed in China — can now generate exposure under both Decree 835 (if the foreign measure is formally identified as improper) and the private-action provision in Article 14. The Chinese subsidiary's management team, and potentially the individuals who execute the order, bear the legal risk locally.

EU CSDDD, FSR, and similar regimes are also in scope. Although the primary target is clearly U.S. long-arm reach, the decrees are facially neutral across foreign states. Chinese commentary has already flagged the EU's Foreign Subsidies Regulation as a designated trade barrier. European companies that thought they were on safer ground than their American counterparts should reread the text.

What we're telling our clients to do now

There's no single answer to a dual-jurisdiction conflict. There are, however, a handful of moves that belong on every company's desk this quarter.

Start with a quiet internal inventory. Which of your current compliance programs — UFLPA due diligence, secondary sanctions screening, export control decisions, forced-labor audits, FSR disclosures, CSDDD reporting — involve actions taken by or through your Chinese entities? That list is your exposure map. Map each activity against the three Chinese lists (Unreliable Entity, Anti-Sanctions, and now Malicious Entity) and against the private-action risk under Article 14.

Rewrite the protocol for headquarters-to-China instructions. Any order from a U.S. or European parent that would require the Chinese subsidiary to terminate a Chinese commercial relationship, cut off service or maintenance, withhold parts, or restrict technology access based on foreign law should no longer be executed reflexively. It should trigger a China-side legal review before execution, and — where the conflict is serious — a formal exemption application under Article 9 of Decree 835 to the State Council's legal affairs department. The exemption pathway exists. It's narrow, and it's slow, but it's better than absorbing the legal risk silently.

Rethink your commercial contracts. Sanctions clauses, termination-for-convenience provisions, and information-sharing obligations should be reviewed for Chinese law exposure. A contract clause that was standard under New York or Delaware law may now be a liability in Beijing.

Build the monitoring discipline. Identification of a foreign measure as "improper" under Decree 835 is done by the Ministry of Justice and published. Once published, compliance with that measure is prohibited in China. Your compliance team needs a process to monitor those identifications and flag them immediately to affected business lines.

And consider running a tabletop exercise. The fact patterns most likely to break your program is the one where your parent company's general counsel in the U.S. issues an instruction your Chinese country manager cannot lawfully execute, and the clock is ticking on both sides. That scenario deserves to be rehearsed before it's real.

The bigger picture

Beijing has been building toward this moment for six years. The 2020 Unreliable Entity List, the 2021 MOFCOM Blocking Rules, the 2021 Anti-Foreign Sanctions Law, the 2023 Foreign Relations Law — each instrument added a piece. Decrees 834 and 835 fit them together into something the previous pieces never quite were on their own: a coherent, State Council–level framework that gives Chinese authorities the full ladder of options, from monitoring to civil suit to criminal referral, against foreign parties whose compliance with their home-country law harms Chinese interests.

The right response is not panic. It's also not indifference. It's the same response that's carried serious cross-border businesses through every prior shock in this relationship — careful mapping of actual exposure, disciplined governance around the decisions that matter most, and a willingness to invest in dual-jurisdiction compliance before you need to.

If you'd like a sharper read on where your company sits on that map, that's the conversation we have every week at ABG. Our advisory team is already running assessments against the new framework for clients in manufacturing, logistics, and technology, and we're happy to share what we're seeing.