Our Expert in China
Any foreign buyer, private‑equity sponsor or multinational planning an acquisition in, or out of, the People’s Republic of China must navigate a multi‑regulator approval chain before a deal can close. Understanding how to obtain cross‑border M&A approvals in China in 2026 is more complex than in previous years: tightened cybersecurity and data‑export rules, updated CSRC governance requirements for listed targets, and evolving national security review triggers have added new procedural steps to what was already a demanding process. This guide maps every approval in chronological order, sets out the documents needed, provides realistic timelines with extension windows, and flags the 2026 regulatory changes that deal teams must build into their transaction timetables.
It is designed for general counsels, in‑house M&A teams, PE sponsors and external deal counsel who are at the pre‑LOI to pre‑closing stage and need to size the regulatory path ahead.
Cross‑border M&A approvals in China are not a single filing, they are a sequence of regulator‑specific clearances, each with its own trigger test, statutory clock and documentary requirements. Which approvals apply to a given transaction depends on the deal structure (share acquisition versus asset purchase), the nature of the target (listed versus unlisted, state‑owned versus private), the sector (restricted, encouraged or prohibited under the Foreign Investment Negative List), and whether the target processes personal data, “important data” or operates critical information infrastructure.
The principal regulators and their roles are as follows:
The decision tree is straightforward in principle: identify which triggers your deal hits, then sequence the filings so that each clearance is a condition precedent in the SPA. In practice, multiple approvals frequently run in parallel, and the M&A approval process in China in 2026 requires early coordination to avoid timeline blow‑outs.
Before any filing can be prepared, deal teams must run a structured eligibility assessment. Each regulator applies its own threshold or trigger test, and missing one at the screening stage is a common source of delay.
Merger control notification obligations fall on the notifying party, typically the buyer or, in a joint acquisition, both acquirers. The cybersecurity review obligation rests on the operator (the target), although in practice the buyer’s counsel coordinates the filing. National security review applications are generally submitted by the investor, though the target or a third party may also trigger the process. CSRC filings are the responsibility of the listed company and its advisers. SAFE registration is performed by the acquiring entity or its onshore subsidiary post‑closing.
The following procedure sets out the typical sequence for a foreign inbound share acquisition. Outbound deals, asset acquisitions and state‑owned enterprise transactions may require additional or modified steps, but the core regulatory checkpoints remain the same. Each step identifies the responsible party, the key actions and the typical duration.
| Step | Who does it | Typical duration |
|---|---|---|
| 1. Conduct pre‑deal screening and regulatory risk map | Buyer’s counsel, target’s counsel, due diligence team (legal, data, tax, finance) | 1–3 weeks |
| 2. File antitrust (merger control) notification with SAMR | Notifying party (buyer) via PRC counsel | 30 calendar days (Phase I); extendable to 90 days (Phase II) and a further 60 days (Phase III) |
| 3. Submit cybersecurity review application to CAC (if triggered) | Target operator, coordinated by buyer’s counsel + cybersecurity vendor | 30–90 days (initial review + special review if required) |
| 4. Apply for national security review (if triggered) | Investor (buyer), via designated inter‑agency mechanism | Variable, typically 30–90+ days; no single statutory cap |
| 5. Obtain CSRC clearance (if target is listed or deal involves securities issuance) | Listed target / sponsor / PRC counsel | 20–60 business days (subject to exchange and CSRC consultation rounds) |
| 6. Complete SAFE / foreign exchange registration and remittance steps | Buyer / onshore subsidiary via designated bank | 2–6 weeks post‑closing |
| 7. File post‑closing company registry updates and tax clearances | Local PRC counsel / target company | 1–4 weeks |
Before signing a letter of intent, assemble a cross‑functional team (legal, data privacy, tax, finance) to identify which approvals apply. The key deliverables at this stage are: a preliminary antitrust filing assessment (turnover data from both parties), a data inventory mapping the target’s personal information and important data holdings, a sector classification against the Foreign Investment Negative List, and an initial national security sensitivity assessment. For targets operating critical information infrastructure or holding data on more than one million individuals, engage a cybersecurity vendor to run a preliminary security gap analysis. This step typically takes one to three weeks and determines the shape of the entire approval timeline.
If the merger control thresholds are met, the notifying party must submit a Concentration of Undertakings Notification to SAMR. The filing includes prescribed forms, market‑share data, competitive analysis, copies of the transaction agreements and supporting documents. SAMR’s review proceeds in up to three phases under the Anti‑Monopoly Law: Phase I (preliminary review) lasts 30 calendar days; Phase II (further review) may add a further 90 calendar days; and Phase III (additional extension) may add a further 60 calendar days in complex cases. A simplified procedure is available for transactions with limited competitive overlap, which shortens the timeline. Pre‑filing consultation with SAMR is strongly recommended and can reduce the risk of the clock being stopped for supplementary information requests.
Where the target is a critical information infrastructure operator or processes personal information exceeding the prescribed thresholds, a cybersecurity review application must be submitted to the CAC. The Measures for Cybersecurity Review require the operator to prepare a security assessment report, a data export justification (if cross‑border data transfer is involved), and a description of the supply chain and vendor risks. The CAC conducts an initial review, typically completed within approximately 30 working days, and may escalate to a special review phase that can extend the process to 90 days or more. Industry observers expect this step to become more common in cross‑border M&A as the scope of “important data” continues to broaden under 2025–2026 regulatory guidance.
Deal teams should begin the data inventory and remediation workstream as early as possible, running it in parallel with the antitrust filing to avoid sequential delay.
Transactions that involve a foreign investor acquiring control or material influence over a domestic enterprise in a covered sector must be submitted for national security review. The review is conducted through an inter‑agency working mechanism. The process does not follow a single published statutory clock in all cases; instead, the authority sets the timetable on a case‑by‑case basis. In practice, reviews typically take between 30 and 90 days, but can extend considerably if the authority requests additional information or imposes conditions. Buyers should identify potential national security triggers during Step 1 and consider voluntary pre‑notification where the position is ambiguous. For a detailed breakdown of the national security review process, see our China national security review coverage.
Where the target is a company listed on a PRC stock exchange and the transaction constitutes a material asset restructuring, tender offer or change of control, CSRC approval is required. The listed company, together with its financial adviser and PRC counsel, prepares a disclosure package including a restructuring report or prospectus, independent financial adviser opinions and valuation reports. The relevant stock exchange conducts an initial review before the matter is escalated to the CSRC. The combined review window typically spans 20 to 60 business days, though consultation rounds and supplement requests can extend this period. Early engagement with the exchange and preparation of the disclosure package well before the filing date are critical to managing the timeline.
After closing, the buyer (or its onshore subsidiary) must register the transaction with SAFE and the designated foreign exchange bank. This involves submitting capital account registration forms, capital verification certificates issued by a PRC auditor, and evidence of the completed share transfer. The bank coordinates with SAFE to process the registration, which typically takes two to six weeks depending on the completeness of the documentation and the processing speed of the local branch. Cross‑border remittance of the purchase price, and any future repatriation of dividends or disposal proceeds, requires compliance with SAFE’s capital account rules.
Within the period prescribed by local practice (commonly 30 days of closing), the target company must update its business registration with the local Administration for Market Regulation to reflect the new shareholder structure. Tax clearance certificates should be obtained from the competent tax bureau, confirming the target’s pre‑closing tax position and any withholding tax obligations arising from the share transfer. These filings are typically handled by local PRC counsel and should be embedded as conditions subsequent or post‑closing obligations in the SPA.
The documents needed span every stage of the approval chain. Some are prepared by the buyer, others by the target, and several require notarisation, consularisation or certified translation. The table below consolidates the core document set. Deal teams should treat this as a working checklist and adapt it to their specific transaction structure.
| Document | Notes (issuer, format, validity) |
|---|---|
| Signed SPA / share transfer agreement | Executed by buyer and seller; bilingual (English + Chinese certified translation); notarisation and consularisation may be required for foreign‑executed documents |
| Board resolutions / shareholder resolutions (buyer and target) | Issued by respective corporate bodies; certified copies with company seal; provided on company letterhead |
| Financial statements (audited, past 3 years) | Issued by the target’s auditors; translated and professionally certified; required for SAMR, CSRC and due diligence review |
| Business licence copy and company registry extract | Issued by the local Administration for Market Regulation; must be current (up‑to‑date extract) |
| Data inventory and personal information mapping | Prepared by the target; required for CAC cybersecurity review and data export assessment; should include data categories, volumes, cross‑border transfer flows |
| Employee list and employment contracts | Issued by the target; relevant for labour transfer, social insurance compliance and due diligence |
| SAMR antitrust filing forms and supporting materials | SAMR prescribed Concentration of Undertakings Notification form; includes market‑share data, competitive analysis and transaction documents |
| National security review supporting materials | Prepared by the investor; includes technical descriptions, ownership structure charts and national security impact analysis; format depends on the reviewing authority |
| CSRC disclosure documents (listed targets) | Restructuring report or prospectus, independent financial adviser opinions, valuation reports; prepared per CSRC and exchange rules |
| SAFE / foreign exchange registration documents | Capital account registration forms, capital verification certificates (issued by PRC auditor), bank application forms; submitted via designated FX bank |
| Tax clearance and VAT certificates | Issued by the competent tax bureau; covers pre‑closing tax status and withholding tax obligations on the share transfer |
| IP ownership evidence and software inventory | Target to provide IP registration certificates, patent and trademark records, and a software asset list; relevant for valuation and data/export control assessments |
| Cybersecurity compliance evidence | Security assessment reports, data export justification memoranda, vendor security attestations; prepared by the target with support from a cybersecurity vendor |
Foreign‑language documents generally require certified Chinese translations. Documents executed outside the PRC may need notarisation by a local notary in the country of origin and consularisation (or apostille, where applicable) before they are accepted by PRC regulators. Allow additional lead time, typically one to three weeks, for legalisation processes.
One of the most common questions from deal teams is: how long does the M&A approval process in China take? The answer depends on how many regulatory clearances are triggered and whether they can be run in parallel. The table below sets out the statutory clocks, typical extension windows and practical notes for each approval.
| Approval / Filing | Statutory initial clock | Typical extension(s) | Practical notes |
|---|---|---|---|
| SAMR merger control (Phase I) | 30 calendar days | Phase II: additional 90 days; Phase III: additional 60 days | Simplified procedure available for low‑overlap deals; pre‑filing consultation can reduce information requests |
| CAC cybersecurity review | Approximately 30 working days (initial review) | Special review phase: may extend to 90+ days total | Triggered by critical infrastructure or data threshold; begin data inventory in parallel with Step 1 |
| National security review | No single statutory cap; authority sets timetable | Variable, case‑by‑case; multi‑month process possible | Voluntary pre‑notification recommended where triggers are ambiguous |
| CSRC review (listed targets) | 20–60 business days (combined exchange + CSRC review) | Consultation rounds and supplement requests may extend | Prepare disclosure package well before filing; coordinate with exchange early |
| SAFE / FX registration (post‑closing) | Administrative processing; typically 2–6 weeks | Varies by bank branch and document completeness | Coordinate with designated FX bank before closing to pre‑stage documentation |
| Post‑closing company registry filings | Commonly within 30 days of closing | , | Embed as post‑closing obligation in SPA; local counsel manages filing |
For a straightforward deal triggering only SAMR review (simplified procedure), the regulatory clearance path may take as little as four to eight weeks from filing. A complex transaction triggering antitrust, cybersecurity and national security reviews, with a listed target requiring CSRC clearance, can extend the regulatory timeline to six months or longer. The key to managing the timeline is parallel processing: filing the SAMR notification and CAC cybersecurity review simultaneously where possible, and preparing CSRC disclosure materials during due diligence rather than after signing.
When drafting the SPA, deal teams should set the long‑stop date with sufficient buffer for the longest reasonably expected approval path, and include walk‑away rights and reverse break fees calibrated to the regulatory risk. Early indications suggest that in 2026, regulators are increasingly willing to engage in pre‑filing consultations, which can reduce the risk of clock‑stopping information requests.
Regulatory filing fees in China are generally modest compared to some other jurisdictions, but the total cost of the approval process, including professional advisers, cybersecurity remediation and tax, can be substantial. The table below provides indicative cost ranges. All figures are approximate and should be confirmed with local counsel for the specific transaction.
| Item | Indicative amount | Notes |
|---|---|---|
| SAMR antitrust filing fee | No fixed statutory fee; administrative costs for remedies vary | Legal and economic adviser costs for preparing the notification are the primary expense |
| CSRC / exchange filing fees | Varies by exchange and transaction type | Professional costs (financial adviser, sponsor, legal counsel) typically dominate |
| SAFE / bank processing charges | Modest bank fees | Varies by designated bank and branch |
| External legal fees (PRC + foreign counsel) | USD 50,000–500,000+ (deal size and complexity dependent) | Range spans small private buyouts to large strategic or listed‑company acquisitions |
| Cybersecurity assessment and remediation | USD 20,000–200,000+ (depends on scope) | Includes third‑party security assessment, gap remediation and vendor attestation work |
| Tax clearance / withholding tax / VAT | Contingent, depends on pre‑deal liabilities and deal structure | Engage a PRC tax adviser early; withholding tax on share transfer gains is typically 10% for non‑resident sellers (subject to treaty relief) |
Deal teams should also budget for contingent costs: antitrust remedy negotiations (behavioural or structural commitments) can generate significant additional legal and economic advisory fees, and cybersecurity remediation may require technical infrastructure investment that was not anticipated at the LOI stage.
The 2025–2026 regulatory cycle has introduced several changes that directly affect how to obtain cross‑border M&A approvals in China in 2026. Deal teams should incorporate the following into their workflow:
The cumulative effect of these changes is that the regulatory pathway for cross‑border M&A in China is wider and deeper than in previous years. Deals that would previously have required only an antitrust filing may now also trigger cybersecurity and data‑export reviews, adding weeks or months to the timetable. Building these steps into the deal timeline from the outset, rather than discovering them mid‑process, is essential.
Cross‑border M&A approvals in China are no longer a matter of filing a single antitrust notification and waiting. The 2026 regulatory environment demands a structured, multi‑regulator workflow, from pre‑deal screening through SAMR, CAC, national security and CSRC clearances to SAFE registration and post‑closing filings. Understanding how to obtain cross‑border M&A approvals in China in 2026 requires early identification of triggers, parallel processing of filings, realistic timeline planning and close coordination with experienced PRC counsel. Practitioners who build these steps into their deal architecture from the LOI stage will be best positioned to close transactions on schedule and avoid the costly pitfalls that derail unprepared deal teams.
For guidance tailored to a specific transaction, contact a China cross‑border M&A specialist through our directory.
This article was produced by Global Law Experts. For specialist advice on this topic, contact Roberto Gilardino at Horizons (Shanghai) Corporate Advisory Company Limited, a member of the Global Law Experts network.
posted 18 minutes ago
posted 41 minutes ago
posted 1 hour ago
posted 2 hours ago
posted 3 hours ago
posted 3 hours ago
posted 4 hours ago
posted 4 hours ago
posted 4 hours ago
posted 5 hours ago
posted 5 hours ago
Find the right Legal Expert for your business
Sign up for the latest legal briefings and news within Global Law Experts’ community, as well as a whole host of features, editorial and conference updates direct to your email inbox.
Naturally you can unsubscribe at any time.
Global Law Experts is dedicated to providing exceptional legal services to clients around the world. With a vast network of highly skilled and experienced lawyers, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.
Global Law Experts is dedicated to providing exceptional legal services to clients around the world. With a vast network of highly skilled and experienced lawyers, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.
Send welcome message
