China’s national security review for inbound M&A has become the single most consequential regulatory gate for foreign investors targeting the mainland in 2026. Intensified enforcement, broader sector coverage and tighter coordination between agencies mean that any acquisition, or even a minority investment, touching defence, critical infrastructure, data platforms or key technologies now carries material filing risk. This checklist-style guide walks in-house counsel, PE sponsors and cross-border M&A lawyers through every stage: mandatory triggers, voluntary filing considerations, the agencies involved, realistic timelines, the documents regulators expect and the structuring tactics that can reduce NSR risk before a deal reaches the review desk.

Whether a transaction is live or still in term-sheet discussions, the decision framework below will help determine exposure and map a clear path to compliance.

Key Takeaways, If You Are Doing a China Deal Now

· Map your NSR exposure immediately. Check whether the target operates in a sector covered by the mandatory filing triggers (defence, critical infrastructure, critical technology, data-intensive platforms). If it does, filing is not optional.

· Engage regulators early. Pre-filing consultations with the competent review body are informal but influential. Industry observers expect that early engagement materially shortens formal review timelines.

· Structure with NSR in mind. Deal architecture, WFOE versus JV, board-seat allocation, data-access carve-outs, directly affects whether a transaction falls into mandatory, voluntary or no-filing territory.

· Prepare the full document package before signing. Incomplete filings are the most common cause of delay. The practical pre-filing checklist in this article covers every document and annex the review body typically requests.

Snapshot, What Is China’s National Security Review (2026 Update)

China’s national security review is a regulatory screening mechanism through which designated government agencies assess whether a proposed foreign investment threatens national security. The regime applies to both direct and indirect acquisitions by foreign investors and can extend to greenfield investments, joint ventures and contractual arrangements that confer control or access to sensitive assets.

Legal Background and Recent Rule Changes

The current NSR framework rests on the Foreign Investment Law of the People’s Republic of China (effective 1 January 2020) and the Measures for the Security Review of Foreign Investment (effective 18 January 2021), both issued under the authority of the State Council. These instruments replaced earlier patchwork rules and established a unified, cross-sector screening mechanism for inbound M&A China compliance.

Since 2024, the regulatory environment has tightened further. The expansion of foreign investment oversight measures, including enhanced negative-list enforcement and broader data-security review obligations, signals an environment in which early indications suggest NSR filings are being scrutinised with greater rigour and regulators are more willing to intervene at the pre-closing stage. Industry observers note that 2026 enforcement actions have put particular emphasis on technology-sector transactions and investments involving cross-border data flows.

Core Policy Objectives

The review framework is designed to protect three overlapping policy interests:

· National defence and military-related security. Any investment that could give a foreign party influence over defence suppliers, military-civil fusion entities or sensitive geographic zones.

· Critical infrastructure and key technologies. Sectors including energy, transport, water conservancy, information technology, telecommunications, finance and key equipment manufacturing.

· Data security and personal information. Transactions that provide access to large-scale personal data or “important data” as defined under the Data Security Law and related regulations issued by the Cyberspace Administration of China.

Which Transactions Trigger China’s National Security Review, Mandatory and Flagged Categories

The foreign investment national security review applies to a wide range of transaction types, but the critical distinction for deal teams is between mandatory filing triggers and situations where filing is voluntary but strongly advisable. Getting this classification wrong is the fastest route to deal disruption.

Mandatory Filing Triggers

Under the Measures for the Security Review of Foreign Investment, a mandatory NSR filing in China is required where a foreign investor acquires, directly or indirectly, actual control of a domestic enterprise that falls within specified sectors. The key mandatory categories are:

· Defence and military-related enterprises. Any investment in enterprises located in proximity to military facilities or engaged in defence-related production, regardless of stake size.

· Critical infrastructure operators. Acquisitions targeting enterprises in energy, transport, water conservancy, information technology, finance, key equipment manufacturing or other sectors designated as critical.

· Critical technology holders. Investments that transfer or grant access to key technologies, including proprietary algorithms, chip-design IP, advanced manufacturing processes and dual-use items.

· Large-scale data controllers. Targets that process personal information of more than one million individuals or that hold classified “important data” under the Data Security Law.

· Controlling-stake acquisitions in agricultural and food-security sectors where the investment could affect national food supply chains.

· Investments near sensitive geographic locations. Properties or facilities adjacent to military installations, regardless of the commercial sector involved.

“Control” for these purposes covers equity stakes of 50% or more, the power to appoint a majority of directors, the ability to exert material influence over business decisions and operational management, and contractual arrangements that confer equivalent influence (e.g. VIE structures).

Voluntary Filing and Common Red Flags

Even where a transaction does not meet the mandatory triggers, the review body retains the power to call in any foreign investment it considers relevant to national security. Industry observers expect that the following fact patterns will increasingly prompt a regulatory request to file:

· Minority investments with board seats or veto rights in sectors adjacent to the mandatory list.

· Joint ventures where the foreign partner contributes technology and gains contractual access to the domestic partner’s data or customer base.

· Contractual arrangements (licensing, R&D collaboration, exclusive supply) that provide the foreign party with access to sensitive technology without a formal equity acquisition.

· Indirect acquisitions completed offshore where the ultimate target asset is a PRC-based subsidiary holding sensitive licences or data.

Practical Examples

In anonymised deal scenarios that have shaped practitioner guidance, foreign acquirers have filed voluntarily where: (a) a minority PE investment in a logistics-tech platform gave the investor access to port-utilisation data; (b) an offshore acquisition of a holding company resulted in indirect control of a PRC semiconductor subsidiary; and (c) a JV agreement for AI-assisted medical diagnostics granted the foreign partner access to healthcare records exceeding the personal-data threshold. In each case, early voluntary filing helped avoid a regulator-initiated call-in and the associated uncertainty.

Who Runs NSR China 2026: Agencies, Coordination and Jurisdiction

The national security review is coordinated at the central-government level through a working mechanism led by the National Development and Reform Commission (NDRC) and the Ministry of Commerce (MOFCOM), operating under the authority of the State Council.

Agency Roles

Cross-Border Interfaces

Where a transaction also triggers export-control, anti-monopoly or outbound data-transfer obligations, the filing parties should expect parallel engagement with customs authorities, the State Administration for Market Regulation (SAMR) and the CAC. Coordinating across these parallel regimes from the outset is critical to avoiding conflicting conditions or sequencing problems that delay closing.

NSR Timeline and Stages, Pre-Filing Through to Decision

Understanding the realistic timeline for China’s national security review is essential for deal planning. The statutory stages are defined, but practical durations vary significantly depending on sector sensitivity, deal complexity and the quality of the initial filing.

Pre-Filing Consultations

The working mechanism encourages, though does not formally require, informal pre-filing consultations. These discussions allow the parties to test whether a formal filing is needed, identify likely areas of concern and refine the document package. Industry observers report that well-prepared pre-filing engagement can shorten the subsequent formal process materially.

Phase 1: General Review

Once a filing is formally accepted, the working mechanism conducts an initial general review. The statutory expectation is for this phase to be completed within 30 working days. During this period, regulators assess whether the transaction raises national-security concerns warranting an in-depth examination.

Phase 2: Special Review

If the general review identifies potential concerns, the case moves to a special (in-depth) review. This phase can run for an additional period that, in practice, extends between 60 and an open-ended number of working days. Complex cases, particularly those involving critical technology, large-scale data or defence proximity, may take considerably longer. The review body may request supplementary materials, pause the clock or impose interim conditions during this phase.

Timeline Reference Table

Practical Pre-Filing Checklist: The China FDI Screening Document Package

Incomplete or poorly organised filings are the most common reason for delays. The following China FDI screening checklist covers the documents and evidence the working mechanism typically requires, together with recommended formats and practical tips for each item.

Mandatory Documents

1. Filing application form. Completed in Chinese, using the standard form prescribed by the working mechanism.

2. Transaction agreements. Executed or near-final versions of the SPA, JV agreement, subscription agreement or equivalent, together with all schedules and side letters. Provide both the original language and a certified Chinese translation.

3. Equity and ownership structure charts. Full charts showing (a) the pre-transaction structure and (b) the post-transaction structure, identifying all intermediate holding entities from the ultimate beneficial owner down to the PRC target.

4. Business scope and licence documentation for the PRC target. Include the business licence, any sector-specific operating permits (e.g. telecom VAL, ICP licence, data-processing approvals) and a summary of the target’s principal activities.

5. Technology and IP inventory. A description of any patents, proprietary algorithms, source code, trade secrets or key technologies held by the target, with an assessment of whether any are classified as “critical technologies” or appear on relevant export-control lists.

6. Data-access evidence. Documentation confirming the volume and category of personal information and/or “important data” processed by the target, including any existing cross-border data-transfer assessments filed with the CAC.

7. Investor background materials. Corporate profile of the foreign acquirer, including ultimate beneficial ownership, prior investments in China, government affiliations (if any) and compliance history.

Evidence to Support a No-Security-Risk Argument

Beyond the mandatory items, the filing parties should proactively submit evidence designed to demonstrate that the transaction does not threaten national security. Recommended exhibits include:

· Market-share and competitive-landscape analysis showing that the target is not dominant in a sector critical to national security.

· Governance commitments. Board-composition proposals, Chinese-national officer requirements and data-governance protocols that ring-fence sensitive information.

· Divestiture or carve-out plans where the transaction includes non-core sensitive assets that can be separated.

· Letters of support from local government or industry partners, where appropriate and genuine.

Sample Filing Index

How to Reduce NSR Risk China, Structuring, Safeguards and Regulator Engagement

Proactive deal structuring is the most effective way to reduce the risk of an adverse outcome under China’s national security review. The measures below are based on approaches that practitioners routinely deploy in inbound M&A China transactions.

Deal Structures That Lower NSR Exposure

· WFOE (Wholly Foreign-Owned Enterprise) with limited scope. Establishing a WFOE to pursue activities outside the sensitive sectors, while leaving critical-technology or data-heavy operations in a separate, domestically controlled entity, can keep the transaction outside mandatory filing triggers.

· Joint venture with minority foreign stake. Where the foreign party does not acquire “control” (as defined under the Measures), the transaction may fall into the voluntary rather than mandatory filing category. However, contractual rights that confer de facto control, such as veto powers over key business decisions, can negate this benefit.

· Staged investment with regulatory checkpoints. Structuring an investment as an initial minority stake with a call option for future increases, subject to NSR clearance at each stage, allows the parties to proceed with lower-risk phases while deferring higher-risk elements.

Contractual Mitigants and Governance Safeguards

· Data segregation. Implement technical and contractual barriers that prevent the foreign investor from accessing personal information or “important data” held by the target. This directly addresses one of the most common NSR concerns.

· Ring-fencing critical IP. Transfer or licence non-sensitive commercial IP only, retaining critical-technology assets under domestic control through a separate entity or a trust arrangement.

· Chinese-national management requirements. Committing to appoint PRC nationals to key security and data-management roles can alleviate regulator concerns about foreign influence over sensitive operations.

· Escrow and break-fee provisions. Including a regulatory break fee and escrow arrangements protects both parties if NSR clearance is denied or subject to unacceptable conditions.

Pre-Filing Regulator Engagement

Early, transparent engagement with the working mechanism is widely regarded as the most impactful single step a foreign investor can take to reduce NSR risk in China. Practical guidance includes:

· Request an informal pre-filing meeting with the MOFCOM-administered office of the working mechanism as soon as the target sector and deal structure are identified.

· Disclose the rationale for the investment, commercial logic, technology roadmap, job-creation plans, before regulators form their own risk narrative.

· Present proposed remedies proactively. Arriving at the pre-filing meeting with a draft set of governance commitments and data-protection measures demonstrates good faith and can pre-empt more onerous conditions.

· Coordinate public communications. Industry observers note that premature media coverage of a deal can complicate the regulatory process. Align external communications with the filing timeline.

Outcomes, Remedies and Enforcement Under China’s National Security Review

Clearance Types

The working mechanism may reach one of three outcomes at the conclusion of its review:

· Pass (no action). The transaction is cleared without conditions. The parties may proceed to closing.

· Conditional clearance. The transaction is permitted subject to binding conditions, for example, divestiture of a specific business line, restrictions on data access, appointment of a compliance monitor or ongoing reporting obligations.

· Prohibited. The transaction is blocked. Any steps already taken to implement the investment must be unwound.

Remedies and Conditions

Conditional clearances typically include one or more of the following requirements: partial divestiture of sensitive assets; operational restrictions on cross-border data transfer; mandatory appointment of government-approved compliance officers; periodic reporting to the working mechanism for a defined post-clearance period; and restrictions on future expansion into additional sensitive sectors without fresh approval.

Penalties for Failure to File

A foreign investor that fails to file when required, or that closes a transaction before receiving clearance, faces serious consequences. The working mechanism has the authority to order the transaction to be unwound, require divestiture of the acquired interest and impose other corrective measures. The likely practical effect for the parties includes deal voiding, reputational damage, potential monetary penalties and a significantly harder path for any future China investments. Early indications suggest that enforcement activity in this area has increased through 2025 and into 2026, with regulators more willing to intervene in transactions that have already closed.

Post-Clearance Compliance Checklist

· Appoint a dedicated NSR compliance officer within the PRC target entity.

· Implement all conditions set out in the clearance decision within the prescribed timeframe.

· Establish a reporting calendar for any periodic reports required by the working mechanism.

· Conduct an annual internal audit of compliance with clearance conditions.

· Maintain records of all data-access events, governance decisions and communications with regulators for a minimum of five years.

Quick-Reference Comparison Table and Decision Tree for China National Security Review 2026 Inbound M&A

Filing Obligation by Transaction Type

Decision Tree, Does Your Deal Need an NSR Filing?

1. Does the target (or its PRC subsidiary) operate in defence, critical infrastructure, critical technology, large-scale data processing or agriculture?

· Yes → proceed to Step 2.

· No → filing is unlikely to be required, but monitor for call-in risk. Consider voluntary pre-filing consultation if the sector is adjacent.

2. Will the foreign investor acquire “control” of the target, through equity (≥50%), board majority, management influence or equivalent contractual rights?

· Yes → mandatory filing required. Do not sign or close before clearance.

· No → proceed to Step 3.

3. Will the foreign investor gain contractual access to critical data, technology or sensitive facilities?

· Yes → voluntary filing strongly recommended. Engage the working mechanism for pre-filing guidance.

· No → filing is likely not required. Document the analysis and retain it for compliance records.

Conclusion

Navigating the China national security review for inbound M&A in 2026 requires early preparation, precise sector analysis and proactive regulator engagement. Before advancing any transaction, deal teams should confirm filing obligations using the decision tree above, assemble a complete document package following the pre-filing checklist and engage the working mechanism for informal guidance at the earliest opportunity.