For foreign companies operating in China, market access risk is no longer limited to whether a business activity is open, restricted or prohibited at the point of entry. Increasingly, the more important question is whether the company can continue to evidence compliance once operations begin.

Across sectors, China’s regulatory environment is becoming more inspection driven. Authorities are placing greater emphasis on documentation, operational visibility, data control, customs traceability, tax consistency, product standards, advertising claims, cyber security, supply chain resilience and sector-specific licences. For foreign-invested enterprises, this means that incorporation approval or business registration should not be treated as the final compliance hurdle.

Market access is becoming an ongoing condition, not a one-time permission.

What inspection driven regulation means in practice

Inspection driven regulation refers to a compliance environment where authorities increasingly rely on checks, reviews, audits, data monitoring, document requests, site visits and targeted enforcement to assess whether companies are operating within the rules.

This does not always mean a formal investigation. It may begin with a routine tax bureau question, a customs document review, a bank request for transaction evidence, a regulator asking for licence support, a data compliance audit, a product quality check, or a local authority confirming whether the registered address matches actual operations.

For foreign companies, the risk is that a weakness in one area can affect wider market access. A company may still be registered, but face practical restrictions if it cannot issue fapiao correctly, clear customs efficiently, pass a bank review, support product claims, document data transfers or evidence the legal basis for its China operations.

Why market access risk is increasing

China has moved from a period where market entry was often the main foreign investment question to one where operational compliance is under closer supervision. Foreign investors still need to check negative lists, licensing requirements and sector restrictions, but they also need to prepare for more active post-entry scrutiny.

Several factors are driving this shift.

China is strengthening regulatory control in sectors linked to national security, technology, data, critical infrastructure, supply chains and strategic industries. The revised Cybersecurity Law, adopted in October 2025 and effective from 1 January 2026, is described by advisers as the first major update since the law’s 2017 introduction, with changes addressing emerging cyber risks, AI-related governance and alignment with the Data Security Law and Personal Information Protection Law.

China is also increasing attention on supply chain security. Regulations released by the State Council in April 2026 expanded government powers to investigate and impose countermeasures where actions are regarded as creating risk to industrial and supply chain security.

At the same time, sector regulators are moving from broad rules to operational compliance expectations. In data protection, 2025 developments included finalised compliance audit requirements, cross-border transfer certification mechanisms and stronger enforcement architecture.

Market access is now monitored after entry

Foreign companies often focus heavily on incorporation, business scope and licensing at the setup stage. These remain important, but they do not guarantee uninterrupted market access.

A company may be lawfully incorporated and still face restrictions later if its actual activity no longer matches its approved scope, if it lacks a required sector licence, if its product documentation is incomplete, if customs declarations do not match commercial records, or if data processing activities create regulatory exposure.

This is particularly relevant where companies grow quickly after incorporation. A business may begin as a consulting entity, then move into software, data processing, product sales, online platforms, import-export activity or regulated services. Each shift may create new inspection points.

Customs and export controls are becoming more traceable

For companies trading across borders, customs and export compliance are increasingly important. China has tightened attention on import-export registrations, business scope alignment and traceability between exporters, manufacturers, tax records and customs documentation. Reports on 2025 export compliance changes highlighted requirements for importers and exporters to be officially registered and identifiable to tax and customs authorities, with relevant licensing and business scope alignment.

This matters for foreign companies using China as a manufacturing, sourcing or export base. Authorities may examine whether the named exporter, manufacturer, production entity, sales entity, customs declaration, invoice, tax record and shipping document are consistent.

Where trading companies sit between factories and overseas customers, informal arrangements are becoming more difficult to sustain. A company may need to show who produced the goods, who sold them, who exported them, who received payment and how VAT or export refund treatment was handled.

Data protection is moving into audit mode

Data compliance is one of the clearest examples of inspection driven regulation. China’s data regime has moved from principle-based requirements into more operational controls, including personal information protection audits, cross-border data transfer mechanisms and sector-specific data expectations.

Recent analysis of China’s data compliance environment notes enforcement focus on cross-border data compliance, personal information protection, compliance audits, user rights, sensitive data handling and identification of important data.

For foreign companies, this is not only relevant to technology businesses. It may affect retailers, HR platforms, healthcare providers, manufacturers, professional services firms, e-commerce companies, financial services, education providers, property groups, logistics operators and any company transferring employee, customer or operational data outside China.

The risk is practical. If a company cannot explain what data it collects, where it stores it, who can access it, whether it leaves China, and which transfer mechanism applies, it may struggle during an audit or regulator request.

Online platforms and digital commerce face closer supervision

China’s platform and online transaction regulation has also continued to develop. Recent commentary on the 2025 regulatory environment notes that national and local market regulatory departments continued refining the framework for online transactions, with a more standardised system of oversight.

This affects businesses selling online, operating digital marketplaces, running apps, using mini-programmes, processing user data, publishing online advertising, or offering subscription-based services.

Foreign companies should not assume that a foreign website, overseas payment structure or Hong Kong contracting entity removes China-facing compliance questions. If customers, users, transactions, data or marketing activity are in Mainland China, regulators may still examine the China compliance position.

Advertising and product claims are inspection points

Market access risk also arises through marketing activity. China’s advertising rules are actively enforced, particularly where claims relate to product quality, health, financial outcomes, education, environmental benefits, technology performance or consumer protection.

SAMR-related enforcement data reported in 2025 showed substantial enforcement activity against illegal advertising in 2024, with tens of thousands of cases investigated and fines imposed.

For foreign companies, marketing copy should not be treated as separate from regulatory compliance. Product descriptions, website claims, sales presentations, packaging, distributor materials and social media content may all be reviewed against advertising, consumer protection, product quality and sector-specific rules.

A claim that is acceptable in an overseas market may be problematic in China if it cannot be evidenced or if it falls within a restricted category.

Life sciences, food, cosmetics and consumer goods remain exposed

Inspection driven regulation is particularly relevant in sectors where products directly affect consumers, health, safety or public welfare. This includes life sciences, medical devices, food and beverage, cosmetics, baby products, education, consumer electronics, automotive products and regulated chemicals.

These sectors may involve product registration, labelling rules, import approvals, advertising restrictions, distributor controls, quality management records and recall obligations.

For overseas brands, the risk is often created by the supply chain. A distributor, agent, e-commerce operator or local partner may be responsible for practical sales activity, but the foreign brand can still suffer reputational and commercial impact if inspections identify non-compliance.

Supply chain security is becoming a strategic issue

China’s 2026 supply chain security regulations are significant because they widen the lens from company-level compliance to industrial and supply chain conduct. The new rules have been described as expanding powers to investigate and impose countermeasures on foreign entities considered to threaten industrial supply chains.

This creates a different type of market access risk. Foreign companies may need to assess not only whether they comply with commercial rules, but whether decisions around supply suspension, technical support withdrawal, software updates, product access or sourcing strategy could attract attention.

This is particularly relevant for technology, advanced manufacturing, semiconductors, industrial equipment, automotive, energy, software, healthcare equipment and other sectors connected to critical supply chains.

Registered information must match real operations

China companies are registered with specific information, including name, address, legal representative, registered capital and business scope. Inspection driven regulation increases the importance of keeping this information accurate.

Authorities may check whether the company can be contacted at its registered address, whether its business activities match its scope, whether licences support actual activity, and whether the legal representative, finance contact and tax handler information is current.

If a company expands into new activity without updating its scope or obtaining a licence, it may create avoidable exposure. If the registered address is no longer valid, the company may face abnormal status or difficulties with tax, banking and filings.

Tax inspections are connected to operational evidence

Tax bureau questions are increasingly linked to how the company actually operates. Authorities may ask whether revenue matches contracts, whether fapiao match services or goods supplied, whether related-party charges are documented, whether export VAT treatment is supported, and whether deductions are evidenced.

This is particularly important for foreign-invested enterprises with intercompany transactions. Management fees, royalties, cost allocations, procurement services, shareholder loans, technical services and reimbursement arrangements should be documented before transactions occur.

Inspection driven regulation means that tax compliance cannot be managed only through year-end filings. The company needs consistent evidence throughout the year.

Banking reviews can restrict practical market access

Banks are not regulators in the same way as market supervision or tax authorities, but bank reviews can create real operational barriers. If a bank questions transaction flows, ownership, source of funds, customer relationships or trade documents, the company may face account restrictions, delayed payments or additional due diligence.

For foreign companies, this can have the same effect as regulatory pressure. A company may still be legally registered but unable to operate smoothly if payments are delayed or the bank is not comfortable with the business model.

This is why corporate records, contracts, invoices, customs documents and tax filings should be consistent.

The risk is not equal across all sectors

Inspection risk is higher where the business involves regulated products, public-facing platforms, consumer claims, imports and exports, cross-border payments, sensitive data, critical technology, healthcare, education, finance, environmental impact, employment at scale, or supply chains linked to national policy priorities.

Lower-risk businesses are not exempt, but they may face fewer touchpoints. Even a consulting company may face questions if it issues fapiao outside its scope, transfers personal data overseas, pays related-party charges without documentation, or operates from an invalid registered address.

Why foreign companies are more exposed

Foreign companies often have more complex structures than domestic businesses. They may have overseas shareholders, Hong Kong intermediaries, offshore contracts, global data systems, cross-border services, intercompany payments, foreign executives and regional supply chains.

This complexity can make inspections more difficult if documents are not prepared in China-ready form. A global policy or overseas contract may not be enough. Chinese authorities may expect local documents, Chinese-language explanations, fapiao evidence, tax filings, bank records and local accountability.

Foreign companies should also remember that China compliance is often local. National rules matter, but provincial, municipal and district-level implementation can affect how inspections are handled.

Warning signs that a company should review its position

A company should consider a compliance review if it has recently expanded its business activity, changed products or services, started importing or exporting, launched online sales, begun transferring China data overseas, hired staff, changed registered address, applied for new fapiao categories, increased related-party transactions, or received unusual questions from tax, customs, banks or local authorities.

It should also review its position before major commercial changes, including appointing a distributor, opening a warehouse, moving into manufacturing, launching a China app, collecting customer data, introducing AI-enabled products, or supplying sensitive technology.

How companies can prepare for inspection driven regulation

The best preparation is to build compliance into operations rather than respond only when questions arise.

Foreign companies should begin by mapping their actual China activity. This should include customers, suppliers, contracts, data flows, payments, tax filings, licences, products, marketing claims, registered address and staff roles.

They should then check whether each activity is supported by the company’s business scope, licences, tax registrations, customs registrations, data compliance documents and internal approvals.

The company should also maintain a document file that can be produced quickly if questions arise. This may include the business licence, articles of association, lease or registered address documents, tax registration information, bank records, contracts, fapiao, customs declarations, product certificates, marketing approvals, data processing records, internal policies and related-party agreements.

Internal controls are part of market access protection

Inspection driven regulation makes internal controls more important. A company may have good legal documents but still fail in practice if staff issue incorrect fapiao, approve unreviewed claims, sign contracts outside scope, process personal data without approval, or make payments without support.

Controls should cover contract approval, payment approval, supplier onboarding, customer due diligence, fapiao issuance, customs document checks, data access, marketing claims, licence renewals and company chop use.

For overseas shareholders, the aim is to have visibility over what is happening locally before a regulator or bank identifies the issue first.

Documentation should be China-ready

Foreign companies should not assume that overseas compliance documents will automatically satisfy China regulators. Policies may need to be localised. Contracts may need Chinese-language summaries. Data maps may need to identify China-specific systems. Transfer pricing documents may need to align with China rules. Product documents may need local certification or labelling support.

The practical question is not whether the company has documents somewhere in the group. It is whether the China entity can produce the right documents, in the right format, at the right time.

How Woodburn supports foreign companies in China

Woodburn supports foreign companies with China company setup, post-incorporation compliance, tax registration, VAT and fapiao processes, customs registration, accounting, audit liaison, internal control review, registered address planning and ongoing corporate governance support.

For foreign investors, this support helps identify whether the China company’s actual operations match its approved structure and whether it is prepared for tax, customs, banking, market supervision or sector-specific questions.

Conclusion

Inspection driven regulation is changing how foreign companies should think about China market access. Entry approval is no longer enough. Companies must be able to show, on an ongoing basis, that their activities, documents, tax treatment, data handling, trade records, licences and internal controls are aligned.

The risk is increasing across sectors because regulators are using more operational evidence to assess compliance. For foreign businesses, this means that market access depends not only on what is registered, but on what can be proven.

Companies that prepare early will be in a stronger position. Those that rely on incorporation approval alone may find that the real test comes later, when a regulator, bank, tax bureau or customs authority asks for evidence.

Woodburn Accountants & Advisors is one of China and Hong Kong’s most trusted business setup advisory firms.

Woodburn Accountants & Advisors is specialized in inbound investment to China and Hong Kong. We focus on eliminating the complexities of corporate services and compliance administration. We help clients with services ranging from trademark registration and company incorporation to the full outsourcing solution for accounting, tax, and human resource services. Our advisory services can be tailor-made based on the companies’ objectives, goals and needs which vary depending on the stage they are at on their journey.