引言： 

《国务院关于产业链供应链安全的规定》（下称《新规》）的出台，标志着在全球产业链重构、地缘政治风险上升、国内“统筹发展与安全”战略深化的背景下，中国将产业链供应链的韧性、安全与可控性置于前所未有的战略高度。这不仅是产业政策，更是具有法律强制力的合规要求。

在《新规》下，涉关键领域清单的供应链数据将落入重要数据范围；欧盟CSRD到CSDDD等人权与环境尽责义务集群、美国经济制裁与出口管制的域外影响、联合国贸发会议“大规模透明度”标准等境外ESG立法的辐射效应，双重叠加下，中国跨境企业ESG报告也从体现企业社会责任的“软性”沟通工具，转变为展示企业应对系统性风险（尤其是国家安全与法律合规风险）能力的“硬性” 战略文件。

一、《新规》的核心制度框架

在《国家安全法》《对外关系法》《反外国制裁法》《对外贸易法》的基础上，《新规》首次以专项行政法规形式系统规范产业链供应链安全，确立“以关键领域清单为核心”的治理框架：配合风险监测预警、信息共享、风险防范、应急管理及反制措施的全链条制度体系，并明确了数据安全与报告义务。这些制度安排对ESG报告的供应链风险披露和信息报送产生了直接影响。

《新规》与《反外国制裁法》《出口管制法》《数据安全法》《网络安全法》及《对外关系法》《阻断外国法律与措施不当域外适用办法》、AEO新规等共同构成针对涉外经营企业的完整法律约束框架，构成“供应链安全合规义务聚合”。这种制度叠加增加了跨境贸易企业的合规复杂度和报告义务，企业将同时面临国内外双重合规压力：一方面遵守《新规》及国内法律的要求，另一方面需回应境外客户在ESG合同项下不断升级的供应链尽责要求。

二、《新规》对跨境贸易企业ESG报告披露的新指引

同以往的ESG报告披露指南相比，《新规》在广度、深度等方面对跨境贸易企业的ESG报告披露都提出了更高的要求：

（一）披露范围扩容：从“常规ESG”延伸至“产业链供应链安全相关”

环境（E）维度：新增产业链供应链相关环境合规披露，如关键原材料绿色采购、跨境物流碳足迹、海外生产基地环保合规（衔接新规第4条数字化、绿色化导向）

社会（S）维度：强化供应链劳工权益、跨境合作中的社区责任、供应链韧性建设（如应急保障、多元化供应渠道）披露，呼应新规风险防范与应急管理要求

治理（G）维度：新增产业链供应链安全治理披露，包括合规管理体系、风险监测机制、反制措施应对预案、跨境数据安全（衔接新规第8条信息共享与数据安全、第13条信息收集规范）

（二）披露要求升级：从“自愿性”向“强制性+合规性”转型

强制披露场景：关键领域跨境贸易企业（新规第7条关键领域清单内企业）需强制披露供应链安全相关ESG信息，明确披露频次与内容要求

合规性要求：ESG披露需符合新规及关联法律规定，避免披露内容与国家安全、反制措施、阻断办法相冲突（如不得披露危害产业链安全的敏感信息，需明确域外不当措施应对披露）

可比性与可验证性：参照新规信息共享要求及国际规则（如欧盟CSRD、ICC可持续贸易原则），提升ESG披露的标准化水平，便于监管核查与国际合作

（三）披露责任强化：明确企业主体责任与法律风险

主体责任：跨境贸易企业作为ESG披露第一责任人，需对披露信息的真实性、准确性、完整性负责，关联产业链供应链安全风险防控义务（新规第9-10条风险监测与防范）

法律责任：未按要求披露、虚假披露、披露不当（如泄露关键供应链信息、违反反制与阻断规定）的法律后果，包括行政处罚、行业限制、民事赔偿，甚至刑事责任（衔接新规第16条、反外国制裁法相关条款）

第三方责任：ESG报告鉴证机构、供应链合作方的协同责任，明确跨境企业对上下游供应商ESG信息披露的督促义务（参照欧盟CSDDD尽职调查要求）

（四）披露导向优化：兼顾“安全防控”与“国际适配”

安全导向：ESG披露需突出产业链供应链风险防控、关键领域自主可控、应急处置能力等内容，呼应新规总体国家安全观要求

国际适配：结合国际贸易安全与便利化要求，兼顾国际ESG披露规则（如CSRD、CBAM），避免披露内容与国际规则冲突，助力企业跨境合规通关、市场准入（衔接新规第5条国际合作要求）

差异化导向：区分不同规模、不同行业跨境企业的披露要求，重点强化高风险行业（如农业、纺织、矿业）企业的供应链ESG披露（参照欧盟CSDDD行业差异化要求）

三、《新规》对跨境贸易企业ESG报告披露的不利影响

作为对产业链供应链安全相关法律法规的文本衔接与体系整合，《新规》针对跨境企业ESG披露的专项监管措施不足，对虚假披露、违规披露的查处力度有待加强（衔接新规第17条专业服务机构支持要求），商务、海关、环保、国家安全等部门对信息披露的监管侧重点不同，也未明确细化产业链供应链安全相关ESG披露的具体范围、标准；欧盟CSRD、美国SEC披露要求与我国反制、阻断规则的衔接，企业披露面临“合规冲突”的压力与披露风险。

（一）供应链信息共享与ESG披露的数据合规冲突

《新规》第八条要求有关部门推动关键领域产业链供应链信息共享，引导行业、企业间加强信息互联互通。ESG报告披露指南也要求企业加强供应链的可持续透明度，常需向境外机构传递供应商数据、工厂运营数据、薪资福利数据等。我国数据安全法律制度则对数据出境设置严格管控。跨境贸易企业在履行ESG报告义务时可能落入如下法律困境： 

1、在面向境外ESG评级机构披露供应链详实信息时，可能因数据出境安全评估未获批而构成违法。

2、关键领域清单正式公布后，相关供应链数据很可能被认定为重要数据，出境审批难度和等待时限将大幅提升。

3、合规提示：若ESG尽职调查报告含涉供应链实践数据，建议启动双重申报程序，或采用替代性脱敏模式进行报送。

（二）反制措施下的ESG报告合规风险

《新规》第十四条至第十六条明确，针对外国组织、个人中断正常交易或侵害我国产业链供应链安全的行为，可开展供应链安全调查并采取反制措施；我国境内的组织、个人应当执行有关反制措施。这一规定与欧盟CSDDD等境外立法下的供应链尽责义务呈现出规则竞合。当跨境贸易企业在ESG报告披露中被迫要求配合供应外国客户的尽责调查程序时，若该外国客户已被反制对象名单覆盖，企业将可能在供应链合规活动中触犯《新规》第十四条等同制度和《反外国制裁法》的规定。此外，按照CSDDD法案要求企业有义务评估并停止与违规供应商的业务往来，这对中国被名单覆盖的企业可能产生实质性经营影响。

（三）《阻断办法》对ESG“尽职调查”传导的限制

2026年5月2日中国首次施行《阻断外国法律与措施不当域外适用办法》阻断禁令，标志着该办法正式进入执法阶段。若未来更多外国制裁措施或域外供应链调查被认定不当利用，相关部门可能在本办法下要求企业不得配合执行该调查部分内容，导致企业被迫中断与外国客户的部分ESG数据共享和数据配合活动。这将直接导致ESG供应链追踪、碳排放数据境外归集等正常商业数据披露链条断裂或法律失据。

四、ESG报告披露与《新规》义务之间的规范协调与实务路径

（一） ESG供应链风险评估与《新规》合规流程的融合矩阵

将ESG定位为满足国内法律合规与回应国际投资者关切的双重战略工具，构建以“四重法律为基准的风险应对结构”：

一是满足客户ESG合同项下的供应链尽责要求；

二是满足《对外贸易法》中涉外安全合规要求；

三是满足数据出境的审批流程；

四是贴合海关AEO制度对进出口供应链安保义务的认证要求。

从合规流程上看，可从风险评估、供应商分级、应急交互和多方合规调节层完成整合。

（二）数据出境安全评估与ESG数据披露的法律协调路径

当企业为履行ESG报告义务而需要向境外发送信息时，以《新规》及相关法律为标尺，全面审计现有供应链与ESG披露实践：

优先判断本企业是否为关键信息基础设施运营者或涉及重要数据出境场景；

如关键领域清单数据被认定为重要数据，需事前通过国家安全评估方可出境；

若数据出境安全评估未获批准，替代方案可包括：数据本地化存留及委托境内第三方出具ESG报告后再行汇总脱敏数据境外传递。

（三）同时满足国内外法律和境外客户合同的双轨合规模式构建

跨境贸易企业可构建“双层合规”披露策略：精心设计披露语言，既要满足国内监管的透明度要求，又要策略性管理对境外制裁主体的信息暴露风险。

境内合规义务须经法务合规部门审核是否与《国家安全法》《反外国制裁法》《阻断办法》冲突。

境外，可主动向外国买方说明中国数据出境法律限制，争取建立双方均认可的数据匿名化供应链汇报模式。

结语

《新规》对ESG报告披露的影响，不仅体现为信息共享义务和风险合规义务的叠加，其更深层影响在于重新塑造了跨境贸易企业信息披露的合法性边界——即在国家安全需求与传统ESG商业承诺之间的平衡与选择。可以预见，未来的ESG报告内容将不再仅仅是可持续的诉求表，它将成为一扇在中国境内外双重法律监管下运转的、复合型的合规之窗。中国跨境企业应尽早监测、识别与熟悉这套新制度体系的运作方式，在合规与安全博弈中谋求供应链的韧性发展。

Legal Implications of the New Regulations on Industrial and Supply Chain Security for ESG Disclosure by Cross-Border Trade Enterprises

Introduction

The promulgation of the Regulations of the State Council on Industrial and Supply Chain Security (the “New Regulations”)  signals that, against the background of global supply-chain restructuring, rising geopolitical risk, and China’s deeper policy commitment to coordinating development and security, China has elevated the resilience, security, and controllability of industrial and supply chains to an unprecedented level of strategic importance. The New Regulations are therefore not merely an instrument of industrial policy; they are also a set of legally binding compliance rules.

Under the New Regulations, supply-chain data relating to the catalogue of key sectors may fall within the scope of “important data” under China’s data governance regime. At the same time, overseas ESG-related regulatory developments - including the EU Corporate Sustainability Reporting Directive (CSRD), the Corporate Sustainability Due Diligence Directive (CSDDD), human rights and environmental due-diligence obligations, the extraterritorial effects of U.S. economic sanctions and export controls, and the growing emphasis on large-scale corporate transparency promoted by international organizations - are reshaping how cross-border enterprises disclose supply-chain information. These domestic and international pressures mean that ESG reports prepared by Chinese cross-border enterprises are no longer only “soft” communications about corporate social responsibility. Increasingly, they are becoming legally sensitive strategic documents through which companies demonstrate their capacity to identify, manage, and respond to systemic risks, particularly national security and legal compliance risks.

I. Core Institutional Framework of the New Regulations

Building on the National Security Law of the People’s Republic of China, the Law on Foreign Relations of the People’s Republic of China, the Anti-Foreign Sanctions Law of the People’s Republic of China, and the Foreign Trade Law of the People’s Republic of China, the New Regulations are the first dedicated administrative regulation to govern industrial and supply-chain security in a systematic manner. They establish a governance framework centered on a catalogue of key sectors, supported by mechanisms for risk monitoring and early warning, information sharing, risk prevention, emergency management, and countermeasures. They also expressly address data security and reporting obligations. These institutional arrangements directly affect how enterprises disclose supply-chain risks and submit ESG-related information.

Together with the Anti-Foreign Sanctions Law, the Export Control Law, the Data Security Law, the Cybersecurity Law, the Foreign Relations Law, the Rules on Counteracting Unjustified Extra-territorial Application of Foreign Legislation and Other Measures, and the updated Authorized Economic Operator (AEO) regime, the New Regulations form part of a broader legal architecture governing enterprises engaged in foreign-related business. This architecture may be understood as an aggregation of supply-chain security compliance obligations. The accumulation of these rules increases the compliance complexity and reporting burden for cross-border trade enterprises. Such enterprises must satisfy domestic legal requirements under the New Regulations and related Chinese laws, while also responding to increasingly demanding supply-chain due-diligence obligations imposed by overseas customers through ESG clauses in commercial contracts.

II. New ESG Disclosure Expectations for Cross-Border Trade Enterprises

Compared with earlier ESG disclosure guidance, the New Regulations raise the expected breadth and depth of ESG disclosure by cross-border trade enterprises.

1. Expanded Disclosure Scope: From Conventional ESG to Industrial and Supply Chain Security

Environmental dimension (E): Enterprises may need to add environmental compliance disclosures that are specifically connected with industrial and supply-chain security, such as green procurement of key raw materials, carbon footprints associated with cross-border logistics, and environmental compliance at overseas production sites. These topics correspond to the digital and green development orientation reflected in Article 4 of the New Regulations.

Social dimension (S): Disclosures should pay greater attention to labour rights within the supply chain, community responsibilities arising from cross-border cooperation, and the construction of resilient supply chains, such as emergency support capacity and diversified sourcing channels. These disclosures are consistent with the risk-prevention and emergency-management logic of the New Regulations.

Governance dimension (G): Enterprises may need to provide additional disclosures on supply-chain security governance, including compliance management systems, risk-monitoring mechanisms, plans for countermeasures, and cross-border data security. These matters are closely related to Article 8 of the New Regulations on information sharing and data security, and Article 13 on the collection of information.

2. Higher Disclosure Requirements: From Voluntary Narratives to Compliance-Oriented Reporting

Mandatory disclosure: Cross-border trade enterprises operating in key sectors, particularly those falling within the catalogue referred to in Article 7 of the New Regulations, may be required to disclose ESG information relating to supply-chain security. For such enterprises, the frequency, scope, and content of disclosure will likely become more specific and more closely linked to regulatory expectations.

Compliance requirements: ESG disclosure must be consistent with the New Regulations and related laws. Enterprises should avoid disclosures that conflict with national security requirements, countermeasure regimes, or blocking rules. For example, sensitive information that could endanger industrial and supply-chain security should not be disclosed, and disclosures involving improper extraterritorial measures should be framed with particular care.

Comparability and verifiability: By drawing on the information-sharing requirements of the New Regulations and relevant international frameworks, such as the EU CSRD and the ICC Principles for Sustainable Trade, enterprises can improve the standardization of ESG disclosure. This will make disclosures easier to verify in regulatory review and more usable in international cooperation.

3. Stronger Disclosure Accountability: Corporate Responsibility and Legal Risk

Corporate responsibility: Cross-border trade enterprises are the primary responsible parties for ESG disclosure  accounting for the truthfulness, accuracy, and completeness of disclosed information, while also fulfilling supply-chain security risk-prevention obligations under Articles 9 and 10 of the New Regulations.

Legal consequences: Failure to disclose required information, false disclosure, or improper disclosure may trigger legal consequences. These may include administrative penalties, restrictions on business activities or market access, civil liability, and, in serious cases, criminal liability. Particular risks arise where disclosure leaks critical supply-chain information or violates countermeasure and blocking requirements.

Third-party responsibilities: ESG assurance providers and supply-chain partners may also assume coordinated responsibilities. Cross-border enterprises should clarify how they supervise upstream and downstream suppliers in providing ESG information, especially where overseas due-diligence requirements under the EU CSDDD or customer contracts extend disclosure obligations along the supply chain.

4. A Balanced Approach to Disclosure: Security Risk Management and International Alignment

Security-conscious disclosure: ESG disclosure should highlight the enterprise’s capacity to prevent and manage industrial and supply-chain risks, maintain controllability in key sectors, and respond to emergencies. This approach reflects China’s holistic approach to national security.

Internationally aligned disclosure: At the same time, ESG disclosure should remain compatible with international requirements on trade security and facilitation, as well as global ESG reporting rules such as the CSRD and the Carbon Border Adjustment Mechanism (CBAM). Disclosure should avoid unnecessary conflict with international rules and should support cross-border customs compliance, market access, and commercial cooperation. This also corresponds to Article 5 of the New Regulations on international cooperation.

Differentiated disclosure: Disclosure requirements should be calibrated according to enterprise size, sector, and risk exposure. Enterprises in higher-risk sectors, such as agriculture, textiles, and mining, should strengthen supply-chain ESG disclosure in line with sector-specific risks and the differentiated due-diligence logic of the EU CSDDD.

III. Potential Adverse Effects on ESG Disclosure by Cross-Border Trade Enterprises

As a legal instrument that connects and systematizes existing laws and regulations on industrial and supply-chain security, the New Regulations do not yet provide detailed ESG-specific supervisory measures for cross-border enterprises. Enforcement mechanisms for false or improper ESG disclosure remain to be further clarified. In addition, different authorities - including commerce, customs, environmental protection, and national security agencies - may approach information disclosure from different regulatory perspectives. The precise scope and standards for ESG disclosure relating to industrial and supply-chain security have not yet been fully specified. As a result, enterprises may face compliance conflicts when EU CSRD requirements or U.S. SEC disclosure expectations interact with China’s countermeasure and blocking regimes.

1. Data-Compliance Tensions Between Supply-Chain Information Sharing and ESG Disclosure

Article 8 of the New Regulations requires competent departments to promote information sharing for industrial and supply chains in key sectors, and to guide industries and enterprises in strengthening information connectivity. ESG disclosure frameworks also encourage greater supply-chain transparency and often require enterprises to transmit supplier data, factory operation data, wage and welfare information, and other ESG-relevant materials to overseas institutions. China’s data security regime, however, imposes strict controls on the outbound transfer of data. Cross-border trade enterprises may therefore encounter the following legal dilemmas when fulfilling ESG reporting obligations:

• When disclosing detailed supply-chain information to overseas ESG rating agencies, an enterprise may violate Chinese law if the relevant outbound data-transfer security assessment has not been approved.

• At the time when the catalogue of key sectors is formally issued, supply-chain data in those sectors is likely to be classified as important data. This may significantly increase both the difficulty of outbound transfer approval and the waiting period for regulatory clearance.

• Compliance note: Where an ESG due-diligence report contains detailed supply-chain practice data, enterprises should consider a dual filing or approval process, or adopt alternative reporting models based on anonymization and desensitization.

2. ESG Reporting Risks Under Countermeasure Regimes

Articles 14 to 16 of the New Regulations make clear that where foreign organizations or individuals disrupt normal transactions or impair the security of China’s industrial and supply chains, Chinese authorities may conduct supply-chain security investigations and adopt countermeasures. Organizations and individuals within China must comply with the relevant countermeasures. These rules may overlap, and at times conflict, with overseas supply-chain due-diligence obligations such as those under the EU CSDDD. Where a cross-border trade enterprise is required, in the course of ESG reporting, to participate in a foreign customer’s supply-chain due-diligence process, the enterprise may face legal exposure if that foreign customer is covered by a Chinese countermeasure list. In such circumstances, the enterprise’s supply-chain compliance activity may risk violating the New Regulations, including the institutional logic of Article 14, as well as the Anti-Foreign Sanctions Law. In addition, because the CSDDD requires enterprises to assess and, where appropriate, suspend business relationships with non-compliant suppliers, Chinese enterprises included on relevant lists may face material operational consequences.

3. Limits Imposed by the Blocking Rules on the Transmission of ESG Due Diligence

On May 2, 2026, China applied, for the first time, a prohibition order under the Rules on Counteracting Unjustified Extra-territorial Application of Foreign Legislation and Other Measures. This marked the entry of the blocking rules into a more active enforcement stage. If additional foreign sanctions measures or extraterritorial supply-chain investigations are later found to constitute improper extraterritorial application, Chinese authorities may require enterprises not to comply with specific parts of those foreign measures or investigations. This could force enterprises to suspend portions of their ESG data-sharing and cooperation activities with foreign customers. The practical result may be disruption in ordinary commercial disclosure chains, including supply-chain traceability, overseas aggregation of carbon-emissions data, and cross-border ESG due diligence, leaving enterprises without a clear legal basis for continued data transmission.

IV. Coordinating ESG Disclosure with Obligations Under the New Regulations: Practical Pathways

1. Integrating ESG Supply-Chain Risk Assessment with Compliance Processes Under the New Regulations

ESG should be positioned as a dual-purpose strategic tool: it should help enterprises satisfy domestic legal compliance requirements and respond to the concerns of international investors and customers. Enterprises may build a risk-response structure based on four legal and compliance dimensions:

• first, satisfying supply-chain due-diligence obligations under ESG clauses in customer contracts;

• second, complying with foreign-related security requirements under the Foreign Trade Law;

• third, meeting the approval and assessment requirements for outbound data transfers; and

• fourth, aligning with the supply-chain security obligations embedded in China Customs’ AEO certification regime.

At the process level, this integration can be achieved through risk assessment, supplier classification, emergency coordination, and multi-party compliance reconciliation. Rather than treating ESG disclosure, data compliance, trade compliance, and customs compliance as separate workstreams, enterprises should map them against each other and identify where one disclosure item may trigger multiple legal review points.

2. Coordinating Outbound Data-Transfer Security Assessment with ESG Data Disclosure

Where an enterprise must transmit information overseas to fulfill ESG reporting obligations, it should use the New Regulations and related laws as the legal baseline for a comprehensive review of its current supply-chain and ESG disclosure practices:

• The enterprise should first determine whether it is a critical information infrastructure operator or whether the disclosure involves a scenario in which important data would be transferred overseas.

• If data connected with the catalogue of key sectors is classified as important data, the enterprise should complete the relevant national security assessment before transferring the data overseas.

• If the outbound data-transfer security assessment is not approved, alternatives may include retaining data within China, engaging a qualified domestic third party to prepare the ESG report, and transmitting only aggregated or anonymized data overseas after desensitization.

3. Building a Dual-Track Compliance Model for Domestic Law, Foreign Law, and Overseas Customer Contracts

Cross-border trade enterprises may adopt a dual-layer disclosure strategy. The language of ESG disclosure should be carefully designed to satisfy domestic transparency expectations while strategically managing the risk of exposing information to overseas sanctioned or restricted parties.

For domestic compliance, legal and compliance departments should review whether proposed disclosures may conflict with the National Security Law, the Anti-Foreign Sanctions Law, or the blocking rules. This review should occur before ESG questionnaires, supplier declarations, audit reports, or carbon-data templates are sent to overseas counterparties.

For overseas engagement, enterprises may proactively explain China’s outbound data-transfer restrictions and related legal constraints to foreign buyers. They should seek to establish mutually acceptable reporting models based on anonymized, aggregated, or tiered supply-chain information. This approach can help preserve commercial cooperation while reducing the risk that ESG disclosure becomes a channel for improper extraterritorial compliance pressure.

Conclusion

The impact of the New Regulations on ESG disclosure is not limited to the accumulation of information-sharing duties and risk-compliance obligations. Its deeper effect lies in redefining the lawful boundaries of information disclosure by cross-border trade enterprises. Enterprises must now balance national security requirements against traditional ESG commitments made to customers, investors, and other stakeholders. ESG reports are therefore unlikely to remain simple statements of sustainability aspirations. They are becoming complex compliance windows through which enterprises must operate under both Chinese and overseas regulatory scrutiny. Chinese cross-border enterprises should begin monitoring, identifying, and understanding how this emerging legal regime functions, so that they can pursue resilient supply-chain development while navigating the increasingly delicate relationship between compliance, disclosure, and security.