Navigating uncertainty: Regulatory challenges for Chinese tech firms in 2025

Chinese companies face continuous difficulties in either investing in the US or being invested in by US investors due to stringent regulations. US President Donald Trump on 21 February 2025 signed an "America First Investment Policy" memorandum (America First Memorandum) directing the Committee on Foreign Investment in the United States (CFIUS) and other regulatory agencies to use all necessary legal instruments to curb Chinese investments in strategic sectors, including "technology, critical infrastructure, healthcare, agriculture, energy, raw materials, and others. Currently,  CFIUS reviews mergers and acquisitions that may result in foreign control of US businesses, certain non-controlling investments in critical technologies, critical infrastructure, or sensitive personal data (TID US businesses), and certain real estate transactions. 

On the other hand, US restrictions on investments in certain Chinese entities, known as "Reverse CFIUS," prohibit or require reporting of certain investments in Chinese entities engaged in semiconductors, microelectronics, quantum information technology, and artificial intelligence. An executive order issued on 9 August 2023, directed the U.S. Department of the Treasury to create an outbound FDI review program. This program requires reporting or prohibits investments by US persons involving "covered national security technologies and products." The final rule, issued on 28 October 2024, and effective 2 January 2025, targets investments in companies engaged in semiconductors, quantum information technologies, and AI systems. These measures introduce new hurdles and uncertainties for cross-border collaborations, investments, and funding opportunities for China-based companies. According to America First Memorandum, the Trump Administration will consider new or expanded restrictions on US outbound investment in the PRC in sectors such as semiconductors, artificial intelligence, quantum, biotechnology, hypersonics, aerospace, advanced manufacturing, directed energy, and other strategic sectors.

Legislation to strengthen digital sovereignty and changes in the political environment pose significant challenges to many companies' overseas operations. The introduction of the EU's GDPR and China's Cybersecurity Law have been followed by a number of additional laws and regulations worldwide.

For instance, in 2024, the US government issued several significant laws and regulations restricting access to sensitive data by countries of concern, including China, Russia, Iran and others. These documents include:

• Executive Order 14117: "Preventing Access to Americans' Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern," issued on 28 February 2024.
• Protecting Americans from Foreign Adversary Controlled Applications Act: Signed into law on 24 April 2024, as part of Public Law 118-50.
• Protecting Americans’ Data from Foreign Adversaries Act of 2024: Passed by the House on 20 March 2024, and signed into law on 24 April 2024.
• Proposed Rule on Protecting the Supply Chain of Smart Connected Vehicles from Foreign Adversaries: Finalised by the U.S. Department of Commerce’s Bureau of Industry and Security on 14 January 2025.
• Proposed Rule on Addressing National Security Risks to U.S. Sensitive Data: Issued by the U.S. Department of Justice on 21 October 2024 to implement Executive Order 14117.

With China and Chinese entities designated as "countries of concern," these regulations impose restrictions or bans on Chinese entities conducting business in the US, particularly in areas involving data transactions, sensitive personal data, application operations and connected vehicle networks.

In addition to the US, a number of countries have increased their scrutiny of foreign investments from a national security perspective. For example:

• European Union: The EU has expanded its FDI screening mechanisms to include a broader range of sectors, such as critical infrastructure, technology and data processing.
• United Kingdom: The UK has implemented the National Security and Investment Act, which allows the government to review and potentially block foreign investments in sensitive sectors.
• Australia: Australia has tightened its FDI review process, focusing on sectors like telecommunications, energy and critical technologies.
• Canada: Canada has also enhanced its FDI screening to protect national security, particularly in areas involving critical technologies and infrastructure.

A number of foreign governments have imposed controls, licence requirements and restrictions on the import and export of technologies and products.

Building on earlier regulation, the U.S. Department of Commerce's Bureau of Industry and Security (BIS) issued a new interim final rule in September 2024, implementing export controls on quantum computing products, advanced chip manufacturing equipment and more. Additionally, in December 2024, BIS announced a comprehensive list of rules to restrict China's ability to produce advanced-node semiconductors.

In addition, 140 Chinese entities were added to the US government's Entity List, and 14 existing entries were modified at the end of 2024.

2024 saw a wave of global regulatory actions in the fields of Internet of Things (IoT), cloud services and AI. 

From September 2024, the EU Data Act imposed a series of compliance obligations on IoT, cloud services and related industries operating in the EU, with some cloud service providers planning to terminate cloud service switching fees as a result. 

The EU Artificial Intelligence Act (EU AI Act) came into effect on 1 August 2024, requiring AI system providers and deployers operating in the EU market to fulfil corresponding obligations based on AI technology risk types.

Regulation of large platforms is also deepening globally. In February 2024, the EU's Digital Services Act (DSA) came into force, strengthening regulation of the digital industry, especially large platforms, alongside the Digital Markets Act (DMA) which was implemented in May 2023. 

The European Commission has designated several Chinese entity-related platforms, including AliExpress, TikTok, Shein, and Temu as Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs) under the DSA, joining a host of US and global platforms such as Amazon, Apple, Facebook and YouTube. 

Additionally, several entities, including ByteDance, were designated as "gatekeepers" under the DMA. These large platforms and their operators must fulfil enhanced obligations regarding market fair competition and user rights protection. 

In 2024, the EU's investigations into Chinese entity-related platforms focused on issues such as transparency and advertising and recommendation system settings, management of merchants and traded goods, content review and internal complaint handling, addictive design risk control, protection of minors, and data access rights for researchers. 
Globally, advertising compliance was one of the key focuses of large platform regulation in 2024.