"Whatever you think, think the opposite."

— Paul Arden

The world rewards not those who are right, but those who see what others cannot.

Trade secret losses are rarely decided in a courtroom. By the time litigation begins, the damage is already done — and often irreversible.

On June 1, 2026, China's Provisions on Trade Secret Protection took effect. Many companies, seeing new legal protections in place, will feel a measure of reassurance. That reassurance can be the most dangerous response of all.

The law is the same net for everyone: some cast it to catch fish, others are caught in it. For companies without a holistic trade secret protection framework, the new Provisions are no guarantee of safety — such companies may still find themselves the catch rather than the fisherman.

This article attempts a unique endeavor: to read the new Provisions backwards — to find, on the flipside of each rule, a map of the risks that companies have been ignoring. Before taking any comfort from the new rules, companies owe themselves an honest self-assessment.

I. The Numbers Don't Lie: The Real Risks Companies Face

1.1  Cases Are Surging — and the Threat Comes from Inside

Before discussing legal tools, it is worth confronting the data directly.

Source: Supreme People's Procuratorate; Wolters Kluwer   (China) Legal Database

• In 2023, the number of individuals prosecuted for trade   secret misappropriation rose 96.6% year-on-year, far outpacing overall IP crime growth   (Source: SPP, April 2024)

  
  

• In 2024, Chinese prosecutors accepted 163 trade secret   cases involving 385 individuals, a   further 12.4% year-on-year increase (Source: SPP IP White Paper, April 2025)

  
  

• Over the decade 2013-2023, 3,461 trade secret cases were   concluded nationwide; only 5.8% of civil first-instance cases resulted in a   judgment fully or partially supporting the plaintiff, and over 39% settled or   were withdrawn (Source: Wolters Kluwer China database)

  
  

• Chinese prosecutors have explicitly identified departing   senior technical staff and executives as the primary vector for trade secret   misappropriation (Source: SPP, 'New Characteristics of IP Crimes in H1 2023',   August 5, 2023)

That last point deserves particular attention. The threat is typically not an external hacker. It is the engineer in the next office, or the vice president who handed in her resignation notice last week.

1.2  Two Real Cases, Two Very Different Lessons

▶ Case One: The German Multinational That Won — and Nearly Didn't

In 2021, the Chinese subsidiary of a globally recognized German company brought proceedings before the Beijing Intellectual Property Court against a former employee. During his final weeks of employment, the employee had systematically forwarded large volumes of confidential documents from his work email to a personal account and printed sensitive materials using company equipment.

The court found for the company across all claims. The decisive factor was not the obviousness of the misconduct — it was the company's ability to produce preliminary evidence demonstrating that the employee had repeatedly violated documented confidentiality policies. The burden then shifted to the employee to prove legitimate acquisition. He could not.

Had the company lacked sound confidentiality policies, or lacked records of the employee's violations, the same underlying facts could easily have produced a completely different result.

(Source: Beijing IP Court case; reported by MOFCOM IP Information Network, February 2023)

▶ Case Two: RMB 159 Million — and What Actually Won It

Mr. Fu joined a Jiaxing chemical company in 1991 and rose to deputy head of the vanillin production workshop by 2008, where he commanded the core production processes. After leaving, he joined a competitor and applied the technical secrets of his former employer to the new company's operations.

The Supreme People's Court issued its final ruling in 2021: the defendants were ordered to cease infringement immediately and pay approximately RMB 159 million in damages. The case was designated “Guiding Case” No. 220.

What made this victory possible was not merely that the rights holder held these drawings — any chemical company keeps its own process documentation. It was that the rights holder could pin its technical secrets down to six specific secret points, each mapped precisely onto the drawings and flow diagrams.

Many companies possess complete technical materials yet have never undertaken the exercise of identifying and defining their secret points. Once in litigation, they cannot even articulate which specific points their claimed trade secret consists of. The ability to fix and identify the secret points — that is the real foundation of a winning case.

(Case No.: (2020) Supreme Court IP Civil Final No. 1667; Guiding Case No. 220)

★ The Central Point

The law   gives you the tools to pursue a claim. It cannot build your evidence for you   — and everything you need to prove your case must exist before the   infringement occurs.

The   right question is not: 'Are we legally protected?'

It is:   'If we discovered tomorrow that our trade secrets had been misappropriated,   what evidence could we produce?'

II. Reading the Rules Backwards: The Risk Map Behind

The articles of the new Provisions are not merely declarations of rights — they read like a memorandum of infringement reality. Behind every provision lies a category of misappropriation that has already happened, repeatedly. Read the rules backwards, and a clear risk map emerges.

2.1  Digital Assets: If They Now Need Protection, They Were Previously Exposed

The Provisions expressly include data, algorithms, source code, and computer programs within protectable technical information. Failed experimental data and intermediate R&D results are also covered.

⚠ Reading It Backwards

This   provision exists because, until now, vast amounts of commercially valuable   digital assets — algorithmic models, intermediate research outputs, failed   experimental data — have sat in a protection vacuum. Precisely because they   seemed unimportant, they could flow out of companies at any moment without   legal consequence.

The core   question is not whether the new rules cover your digital assets — it is   whether you have built a corresponding confidentiality management framework   for them. The Provisions cannot prevent misappropriation at the source.   Without a management framework, your only recourse may be after-the-fact   remedies — pursued at considerable cost in time, energy, and money, after the   damage is done.

2.2 Remote Work: A Dedicated Rule Means a Pre-Existing Problem

For the first time, China's trade secret framework specifically names tiered access controls, data desensitization, and operation logging as recognized confidentiality measures for remote work and cross-border collaboration environments.

⚠ Reading It Backwards

Legislators do not write rules for risks that do not exist. Remote work environments have been leaking trade secrets for years — operating in the gap between legal requirements that hadn't caught up, and company policies that were designed for a different era.

Can your employees forward confidential files to personal email accounts without restriction? Are remote access sessions logged? If the answer to either question is 'not sure,' your remote work environment is very likely an open exposure right now.

2.3 Talent Poaching: A Rule Against It Confirms How Widespread It Is

Third parties who knew or should have known that information was misappropriated face shared liability. Assessing 'should have known' involves the degree of confidentiality, whether the manner of acquisition was commercially reasonable, and the transaction price.

⚠ Reading It Backwards

Legislators address practices that are prevalent enough to require regulation. The fact that this provision exists tells you that extracting trade secrets by hiring away a competitor's key employees is already a widespread tactic — widespread enough to warrant explicit regulation.

Look at it from the other side: your competitors may be speaking with your senior engineers right now. The research director recruited away at double the salary — did she leave with only her 'personal skills' and 'professional experience'? How should a company build systems so that when key employees depart, its trade secrets remain protected? The new Provisions offer critical risk signals and a measure of legal protection — but this homework belongs to the company itself, and it cannot be skipped.

2.4 Departing Employees: A Rule Requiring Return and Deletion Means a Serious Exposure for the Employer

The Provisions explicitly recognize, as a formal confidentiality management measure, requiring departing employees to register, return, delete, and destroy trade secrets and their carriers.

⚠ Reading It Backwards

If departure management had been working well, legislators might never have needed a dedicated rule. Its existence confirms that, in practice, employees leaving with confidential materials has been extremely common — and that most companies lack a systematic, effective offboarding information control process.

Review your own offboarding workflow: On an employee's last day, how is the process actually structured? Has it been reviewed by professional legal counsel? Is there a signed list itemizing the confidential materials and carriers the employee handled, with each item confirmed as returned or deleted? Is the removal of company files from personal devices verified, along with the other necessary procedural steps?

2.5  Burden-Shifting: A Forceful Rule That Mirrors the Rights Holder's Evidentiary Predicament

Article 20 of the Provisions states that where there is evidence showing the suspected infringer is using information substantially identical to the claimed trade secret, and that the suspected infringer had the means to obtain it, market supervision authorities may find that infringement occurred — unless the suspected infringer can prove the information was lawfully acquired or used. This presumption borrows from the 'similarity + access' standard developed in judicial practice and introduces the same burden-shifting mechanism, substantially lowering the threshold for a rights holder to bring a complaint and easing its evidentiary burden.

⚠ Reading It Backwards

Proving   that a misappropriator stole a trade secret is extraordinarily difficult.   Even with preliminary leads, a rights holder struggles to assemble the full   chain — 'access to the secret → unlawful acquisition → actual use' — and a   single missing link can be enough to prevent a case from even being accepted.   Misappropriation is usually carried out covertly: secrets are accessed,   copied, and transmitted in private, with no public witnesses and no scene to   point to. Direct, on-the-spot evidence is rarely available. Seen this way,   this rule is unequivocally good news for rights holders.

But this   door opens only for those already standing in front of it. The burden shifts   only after the rights holder has completed the threshold showing of   'substantial similarity' and 'opportunity to access.' In reality, many   companies have neither fixed a list of secret points for their trade secrets   nor preserved logs tracing employee access to confidential information — they   cannot even complete the threshold proof. For them, the benefit of the rule   becomes a legal ornament: visible, but out of reach.

III. Smoldering Fires: The Five Sources of Trade Secret Leakage

Reading the Provisions backwards brings the picture into focus: trade secret leakage follows patterns, and it leaves traces. The risk almost always ignites in five hidden places — then spreads, then rages.

3.1  Five Exposure Gaps: Which Ones Are Open in Your Organization?

Each of the five dimensions below represents both a core protection pillar and a primary leakage channel. The self-check signal accompanying each gap is a diagnostic question — if your answer is 'not sure' or 'no,' that exposure may be fermenting in your blind spot right now.

★ A Reality Worth Acknowledging

Perhaps your answer to every question above is 'yes.' But if those policies and processes were assembled by imitation — borrowed from templates and adapted by analogy, without review by professional IP lawyers with real-world trade secret dispute experience — they may not actually cover the risk scenarios that matter in practice: the enforceability boundaries of non-compete clauses, the specific legal requirements for departure management, the evidence standards for administrative complaints. That may be where the real risk lies.

Benchmarking against the standard — and finding the gaps — is the first step.

3.2  From Assessment to System: The Path Forward

Identifying exposures is necessary but not sufficient. The next step is closing them systematically — not by relying on a contract template or a training session, but through a protection framework designed in phases, implemented on the ground, and maintained over time.

The logic across the three phases: Phase One answers 'where are the gaps,' Phase Two answers 'how do we close them,' Phase Three answers 'are we staying protected as things change.' Skipping Phase One and moving directly to implementation is building a road without a blueprint.

3.3  What You Can Do Now

Immediate (within one month):

• Trade secret inventory: Document your core information assets — formation history, confidentiality status, access list. This is the evidentiary foundation for everything that follows.

  
  

• Contract audit: Review employment and supplier agreements — entering into dedicated confidentiality agreements where warranted — and add explicit obligations for departing employees to register, return, and delete confidential materials.

  
  

• Digital environment assessment: Remote access, personal cloud use, cross-border file transfers — these three scenarios are now named compliance requirements, and the hardest to reconstruct evidence for after a breach.

Near-term (three to six months):

• Information classification: Establish a tiered system — core secrets, internal sensitive, general internal — with differentiated access controls and transfer rules for each level.

  
  

• Supply chain agreements: Revise local supplier, contract manufacturer, and joint venture partner agreements to include specific, enforceable confidentiality terms and post-contract information handling obligations.

  
  

• Employee training: The Provisions expressly recognize 'imposing confidentiality requirements through internal rules, training, and written notice' as a statutory confidentiality measure — which means the training records themselves carry evidentiary value. Training should clearly convey the scope of each employee's confidentiality obligations, the protocols for handling confidential information, and the duties that survive departure — with sign-in sheets and signed acknowledgments retained as proof that the company took reasonable confidentiality measures.

Longer-term (six to twelve months):

• Policy localization: Have China-qualified counsel review your global information security framework and identify gaps specific to Chinese legal requirements.

  
  

• Enforcement response plan: Develop coordinated administrative, civil, and criminal response playbooks before an incident occurs. The more specific the plan, the faster the response when infringement happens — and the smaller the loss.

Closing Thoughts

A fortress is most easily breached from within.

For companies, the external threat — a competitor trying to steal technology — is visible and familiar. The harder challenge is the internal vulnerability: the management gaps that have existed for years but were never confronted. That is the breach that brings the fortress down.

The entry into force of the Provisions is a significant milestone. But its value lies NOT in telling companies 'you are now protected' — it lies in having written the ignored exposures, one by one, into legal text.

Think of the engineer who transfers files to a personal account late at night, the senior engineer recruited away at double the salary, and the visitor who photographs the whiteboard in a meeting room.

These are not hypotheticals. They exist in cases that have already been decided — and in companies operating right now.

The question is not whether it will happen — but whether you will be ready when it does.