Written by Jeremy MEI Ziyang

LLM student at Wuhan University

Visiting student at Singapore Management University

I. Background

On 15 May this year, Ministry of Justice (MOJ) of China issued its Official Notice No 5 of 2026 (‘the MOJ Notice’), announcing that the relevant extraterritorial investigation carried out by EU on Chinese entities Nuctech constitutes improper extraterritorial jurisdiction measures under China’s Regulation on Countering Improper Foreign Extraterritorial Jurisdiction (ROCIFEJ, State Council Decree No 835).[1] This Regulation was promulgated and entered into force on 7 April 2026. As a nationwide regulation promulgated by State Council, although it cannot be called an ‘Act’ that should be passed by the National People’s Congress, its legal hierarchical force directly follows an ‘Act’, higher than the previous Blocking Rules issued by Ministry of Commerce (MOC).[2]

The MOJ Notice arises from an information request issued by the European Commission to Nuctech’s EU entities. Nuctech is a multinational threat-detection systems manufacturer and seller headquartered in China. The Commission started investigation under Foreign Subsidies Regulation (FSR) and sought access to emails of employees of Nuctech’s EU entities. Although those entities are registered and operate within the EU, their email  are stored on their parent company’s servers in China.

II. Legal basis and effects under Chinese law

The legal basis for this declaration is Articles 3 and 6 of ROCIFEJ. Article 3 empowers Chinese government to take measures countering foreign improper extraterritorial jurisdiction. Article 6 mandates MOJ to issue official notices identifying a foreign measure constitutes improper extraterritorial jurisdiction, taking into account (1) violation of international law and basic norms governing international relations; (2) inappropriate jurisdictional nexus with that foreign state; (3) danger to China’s national sovereignty, security and development interests, or damage to lawful rights and interests of Chinese citizens and organisations; and (4) other factors that shall be taken into consideration.

According to the press releases of MOJ and MOC (which also participated in the investigation), the Notice is issued on these grounds: (1) the scope of requested data is broad that ‘obviously violates international law and basic norms governing international relations’; and (2) EU has also compelled Chinese banking institutions to provide vast and unrelated information located in China, adversely affecting the normal investment and business operations of Chinese enterprises.[3] Although the factor of inappropriate jurisdictional nexus is not mentioned, it can be impliedly conveyed that the Chinese authorities find it inappropriate for EU to unilaterally acquire data stored in China.

The MOJ Notice states that ‘any organisation or individual shall not enforce or assist in enforcing such improper extraterritorial jurisdiction measures.’ It is immaterial whether the provider or assistant is a Chinese entity. The MOJ Notice creates a direct conflict between EU law and Chinese law. Nuctech EU entities will face the dilemma of either violating EU law or violating Chinese law. There is also no doctrine like ‘foreign sovereign compulsion’ in either EU or China.[4] Under EU law, entities choosing to carry out commercial activities in the EU internal market cannot, in principle, rely on the rules of a non-EU state to violate mandatory regulations of the EU.[5] If the European Commission insists acquisition of those data, Nuctech cannot use the Chinese prohibition as an effective defence.

III. The Deepening Jurisdictional Conflict and the Limits of Existing Frameworks

The Nuctech case is not an isolated incident but a manifestation of a systemic problem: the escalating horizontal conflict between states’ assertions of data jurisdiction. This conflict is not new. The Microsoft v. United States (2016) litigation already demonstrated the core tension. However, The Nuctech situation under the ROCIFEJ represents a qualitative escalation for three reasons.

First, it involves a direct, public, and legally binding prohibition by China against compliance with an EU measure. Unlike the US where the Microsoft litigation ultimately turned on statutory interpretation, China has now issued a formal notice under a newly enacted regulation (ROCIFEJ), declaring the EU’s FSR investigation ab initio improper and imposing a positive legal duty on “any organisation or individual” not to comply. This is a blocking statute in its most potent form. It transforms a conflict of jurisdiction between states into a direct legal dilemma for the corporate entity: comply with the EU and violate Chinese law with potential sanctions under ROCIFEJ, or comply with Chinese order and risk penalties from the EU including fines or a negative inference under the FSR. The only possible way out is Art 5 of the ROCIFEJ which allows the affected company to apply for an exemption from MOJ.

Second, the conflict is now hardwired into the enforcement actions of two major economies without a mutual legal assistance or data-sharing framework. The EU and China have no equivalent of the US-EU Data Privacy Framework, no bilateral judicial assistance treaty specifically tailored to data, and no CLOUD Act-style agreement. The EU’s FSR allows it to demand broad access to information, including electronically stored data, from any entity receiving EU subsidies. China’s ROCIFEJ allows it to block precisely such demands if they are deemed to violate international law or threaten national interests. Neither legal order contains a doctrine of “foreign sovereign compulsion” that would excuse non-compliance. From an EU law perspective, the Nuctech EU entities are established in the EU, operate within the EU internal market, and are subject to EU law. The CJEU has consistently held  that EU mandatory rules can follow EU entities even in their extra-EU activities. A Chinese blocking notice is unlikely to be recognised as a valid defence.

Third, the underlying jurisdictional nexus is fundamentally contested. The EU’s FSR investigation targets Nuctech’s EU entities, which are legally incorporated in EU member states. The Commission’s information request is directed at those EU entities. The fact that those emails are stored on parent company servers in China is, from an EU perspective, a matter of corporate organisation, not a jurisdictional bar. The Chinese government, however, views the request as an improper extraterritorial measure because it seeks data physically located in China, effectively compelling production from the Chinese parent company via its EU subsidiaries. This is the classic “data controller” (EU) versus “data location” (China) jurisdictional conflict, now weaponised by two comprehensive legal regimes.

The MOJ Notice declares that the EU measure shall not be enforced or assisted in enforcement. But what are the practical consequences, given the EU’s likely disregard for the Chinese notice? Under Chinese law, the ROCIFEJ provides for enforcement mechanisms. Article 7 allows the Chinese government to “take necessary measures” against any person who complies with a foreign improper extraterritorial measure, including prohibiting them from doing business with Chinese entities, restricting or denying them certain rights, and imposing fines. More significantly, Article 8 allows Chinese citizens or organisations that have suffered losses due to another person’s compliance with such foreign measures to sue for damages in Chinese courts. Nuctech’s EU entities or any third parties, such as lawyers, service providers, etc., if they comply with the EU’s data demand, could theoretically face legal action in China. However, enforcement against EU-based entities with no assets in China is largely symbolic.

Under EU law, as noted, there is no “foreign sovereign compulsion” defence. The European Commission can and likely will ignore the MOJ Notice. The FSR empowers the Commission to impose fines for non-compliance with information requests (Article 26). The Commission could also draw adverse inferences about Nuctech’s subsidy status from the refusal. Thus, if Nuctech’s EU entities cannot receive exemption from China, the MOJ Notice creates a classic compliance dilemma.

[1] Ministry of Justice of the People’s Republic of China, ‘Notice on the Constitution of Improper Extraterritorial Jurisdiction as regards Relevant Measures Taken by EU in Foreign Subsidies Investigation’ (Gov.cn 15 May 2026) <https://www.moj.gov.cn/pub/sfbgw/zwxxgk/fdzdgknr/fdzdgknrtzwj/202605/t20260515_535049.html> accessed 21 May 2026.

[2] Rules on Blocking Improper Extraterritorial Application of Foreign Laws and Measures (Decree [2021] No 1 of Ministry of Commerce) (China).

[3] Ministry of Justice of the People’s Republic of China, ‘Spokesperson for the Ministry of Justice Answers Questions from the Press about the Constitution of Improper Extraterritorial Jurisdiction as regards Relevant Measures Taken by EU in Foreign Subsidies Investigation’ (Gov.cn 15 May 2026) <https://www.moj.gov.cn/pub/sfbgw/gwxw/xwyw/202605/t20260515_535048.html> accessed 21 May 2026; Ministry of Commerce of the People’s Republic of China, ‘Spokesperson for the Ministry of Commerce Answers Questions from the Press about the Determination that Relevant Measures Taken by EU in Foreign Subsidies Investigation Constitute Improper Extraterritorial Jurisdiction Measures’ (Gov.cn 16 May 2026) <https://www.mofcom.gov.cn/xwfb/xwfyrth/art/2026/art_df1b7dd65f014ea29f7de59bb04e2ebf.html> accessed 21 May 2026.

[4] Re Vitamin C Antitrust Litigation 8 F 4th 136 (2d Cir US 2021); Restatement (Fourth) of Foreign Relations Law § 442 (2018) (US).

[5] Nuctech (n 3) [80]–[81].