Technology M&A 2025

CHINA Trends and Developments Contributed by: Joanna Jiang, Richard Qiang, Greg Guo and Dimitri Phillips, DaHui Lawyers

to do so may lead to an array of undesirable consequences. While the remaining amendments do not direct- ly impact M&A, they provide additional safe- guards and clearer governance standards that are beneficial to investors. For example, the director accountability measures help compa- nies improve transparency and prevent poten- tial conflicts of interest. These changes create a more reliable business environment, offering investors greater protection and confidence in In 2024, numerous developments were seen in the realms of cybersecurity and data protection legislation, regulation, and enforcement, mark- ing a persistent trend with significant implica- tions for the M&A space. Cross-border data transfers On 22 March 2024, the Cyberspace Administra- tion of China (the “CAC”) issued the Provisions on Facilitating and Regulating Cross-Border Data Transfers (the “CBDT Regulations”), which went into effect immediately. The CBDT Regula- tions are particularly beneficial to multinational companies with operations that involve the transfer of personal information (“PI”) and other forms of data out of China. Before the CBDT Regulations were issued, exporting any PI out of China would have required: their acquisition decisions. Cybersecurity and Data • signing a standardised and CAC-approved template contract with overseas PI recipients, carrying out a burdensome PI protection impact assessment (“PIPIA”), and filing both with the CAC (or, instead of all the above, undergoing PI certification procedures by

a specialised institution designated by the CAC); or • in cases where certain PI thresholds or condi- tions were met, having to complete an even more burdensome “security assessment” procedure with the CAC. The CBDT Regulations alleviate the compliance burden by exempting companies from stand- ardised contracts, PIPIA filings, PI certifications, and security assessment requirements in the fol- lowing scenarios. • Exporting PI of employees for HR manage- ment in line with established labour laws and policies or collective labour agreements. • Exporting PI that is necessary for the conclu- sion or performance of a contract to which the PI subject is a party (eg, activities such as cross-border shopping, delivery, payments, bank account opening, ticket and hotel bookings, visa applications and examination services). • Exporting the non-sensitive-PI of no more than 100,000 individuals (on a cumulative basis) in the period since 1 January of the current year, by a data handler who is not considered a “critical information infrastruc- ture operator” under PRC law. The CBDT Regulations have dispelled long- standing concerns of companies undergoing M&A involving Chinese targets. With the CBDT Regulations in place, the process of integrat- ing local Chinese operations with international systems and administrative practices becomes much more streamlined. This increased ease of compliance with China’s updated data transfer measures are favourable to corporate investors looking to expand their operations in China while aiming for seamless global co-ordination.

87

CHAMBERS.COM

Powered by