Artificial intelligence is being embedded ever more deeply in corporate management and compliance. It brings material efficiency gains, but also introduces risks that require a prompt and structured response. This article focuses on two areas, third party governance and trade secret protection, setting out the key shifts and compliance priorities driven by AI.
Partner compliance management
Conventional partner management tends to separate pre-engagement due diligence, in process approvals and ex-post investigations. The result is often siloed information and delayed escalation. AI can help connect the management chain by integrating internal and external data in near real time, enabling earlier risk warnings and a shift towards smarter, AI-enabled controls.
Partner
Han Kun Law Offices
Tel: +86 21 6080 0909
E-mail:
jolie.yan@hankunlaw.com
Regulatory drivers and technological evolution. In February 2026, the National Development and Reform Commission and several other departments jointly issued the Implementation Opinions on Accelerating the Promotion and Application of Artificial Intelligence in the Field of Tendering and Bidding, calling for a shift from “manual evaluation” to “human machine evaluation”. In turn, internal management can move from transaction-by-transaction compliance checks to system-wide risk management.
In practice, AI adoption in this area typically progresses through three layers: a basic layer that automates retrieval of corporate registration data, court cases and administrative penalties; an analytics layer that uses knowledge graphs to map corporate relationships, identify equity penetration chains and ultimate controllers, and flag risks such as related party transactions and benefit transfers; and a decision layer that integrates with ERP and finance systems to create a closed loop of “data capture risk modelling alerts and remediation”.
Market practice and compliance focus. Financial institutions have moved first, building dynamic monitoring and machine learning based scoring models.
Manufacturers emphasise supply chain “look through” management to identify risk transmission. In healthcare, the emphasis is on implementing compliance frameworks and running process-based, dynamic management.
When deploying AI-enabled partner management systems, three legal issues are central: data compliance, including an assessment of the legality of data sourcing and processing, and steps to avoid the use of unauthorised data; algorithm explainability and auditability, supported by documented decision paths to meet transparency expectations; and human-machine boundaries, with tiered decision making, and medium and high-risk matters subject to human review.
Trade secret protection
Expanding scope of protectable assets. As AI is adopted, core corporate assets increasingly take a dynamic “data-algorithm-model” form. On the technical side, protectable outputs include: self-trained model weights and parameter configurations; deployment architecture such as model selection logic and compute scheduling; iteratively refined prompt sets; and agent orchestration logic, private knowledge bases, and high-quality training datasets.
Taken together, these outputs reflect a company’s business understanding and technical investment, and can constitute commercially valuable methods. On the business side, token consumption cost structures and AI deployment choices that reflect business strategy may also be brought within the protection perimeter.
Wider risk exposure. First, the standard for assessing “secrecy” warrants recalibration. The traditional test of whether information is “readily obtainable” is human centred, whereas generative AI can synthesise and reconstitute insights from large volumes of public data, undermining the practical foundations of “not generally known to the public”.
Second, leakage pathways are becoming more algorithmic. At the input stage, employees may feed sensitive information into third party AI services; at the processing stage, non anonymised data used for training may embed secrets in model parameters and allow them to be elicited; and at the output stage, multi agent collaboration can create complex information flows that are difficult to trace.
Third, the threshold for “effective” confidentiality measures is rising. Measures designed primarily to constrain human behaviour may be insufficient where AI can reconstruct or infer secrets from fragments of public information. In addition, under large model application programing interface (API) usage or platform deployment, vendors may access knowledge bases, runtime logs or model parameters; weak access controls or contractual protections can therefore create material leakage risk.
Rebuilding the compliance framework. Companies should respond on three fronts. Institutionally, update trade secret policies to cover model weights, prompts and knowledge bases; introduce classification and tiering; formalise AI tool usage rules; and refresh confidentiality arrangements with vendors and employees.
Technically, choose deployment models based on business sensitivity, strengthen access control, data masking and log auditing, and ensure evidence preservation for rights enforcement.
Operationally, embed protection requirements throughout the AI project lifecycle, reinforce staff training, and tighten handover procedures for sensitive information to build a coherent defence in depth model.
Conclusion
AI is reshaping the underlying logic of corporate compliance management. In partner governance, it opens up new possibilities for risk identification and decision optimisation; in trade secret protection, it both broadens the scope of protectable assets and introduces novel risks that traditional frameworks struggle to fully address.
In response, companies should stay alert to technological developments and seize the opportunities that AI enables, while prudently assessing the legal risks it may trigger, and updating governance design and management controls in a timely manner, building a compliance governance framework fit for the AI era.
Jolie Yan is a partner at Han Kun Law Offices. She can be contacted by phone at +86 21 6080 0909 and by mail at jolie.yan@hankunlaw.com
