Close Protection and Security in China | CloseProtectionHire

China presents a security profile that is frequently misunderstood. Tier-one cities are not high physical violence environments – Beijing and Shanghai have lower violent crime rates against foreign nationals than comparable cities in Brazil, South Africa, or the Philippines. The security challenge is different: state surveillance at a scale no other country has deployed, documented state-sponsored intellectual property theft, commercial dispute exit ban mechanisms, and legal restrictions that apply to foreign nationals in ways that are not obvious until they become a problem.

This guide covers the security planning requirements for executives travelling to China: the legal framework for private security operations, clean device protocol, exit ban risk, surveillance considerations, and the operating model that a competent China-experienced security provider delivers.

The surveillance environment

China’s national surveillance infrastructure is the most extensive in the world. It combines facial recognition cameras linked to national identity databases, a social credit framework that integrates multiple data sources, hotel check-in records shared with local police, phone monitoring capability, and comprehensive internet traffic logging.

The Ministry of State Security (MSS) and Ministry of Public Security (MPS) are the primary agencies. Their collection capability means that a foreign executive’s movements, communications, and associations in China are potentially visible to the state at a level that is not replicable in Western operating environments.

For most corporate travel, this surveillance does not translate into active interference with the visit. China receives hundreds of thousands of foreign business travellers annually without incident. The surveillance environment matters for security planning in specific ways:

It means communications that would be sensitive if the Chinese state could read them – competitive intelligence, negotiating positions, client information, security arrangements – should not be transmitted by standard phone or email from within China.

It means hotel rooms in China should not be assumed to be private in the same way a hotel room in London or New York is.

It means VPN usage in China is technically illegal (personal VPNs without state approval are prohibited under the 2017 Cybersecurity Law), and VPN traffic can attract monitoring attention independently of the content.

IP theft and the clean device protocol

The FBI/NCSC/CISA joint advisory of 2023 identifies China-linked state actors – APT10, APT41, Volt Typhoon – as conducting a sustained campaign of intellectual property theft targeting Western technology, pharmaceutical, energy, defence, and advanced manufacturing companies.

The attack vector that travel security addresses is device access during a China trip. Documented methods include: hotel Wi-Fi network interception, hotel room access to unattended devices, and border crossing examination of electronic devices.

The clean device protocol for China travel:

Before travel, provision a dedicated travel device (laptop and phone) that contains no corporate network access credentials, no sensitive documents, and no stored passwords. A factory-reset device or a dedicated travel loaner is appropriate. The device should connect to the internet only through a pre-configured corporate VPN that was authorised before entry into China – though VPN usage itself carries the legal caveat above.

Do not carry devices containing sensitive commercial information into China unless operationally unavoidable. If such devices must travel, ensure full-disk encryption (AES-256) and power the device down at border crossings. Do not unlock a device at the request of a border official unless instructed to do so by legal counsel.

After travel, arrange for any device that was carried into China to be examined by the organisation’s IT security team before reconnecting to corporate networks. This is not excessive caution – it is the standard recommended by the NCSC for China travel.

Exit ban risk

The Exit and Entry Administration Law (2012) and provisions of the Criminal Procedure Law allow Chinese authorities to issue exit bans preventing an individual from leaving China. Exit bans have been applied to foreign nationals in commercial disputes, corruption investigations involving their employer, and in some cases diplomatic pressure situations.

The Australian Strategic Policy Institute identified 128 confirmed cases of foreign nationals subjected to exit bans in China as of 2023. The figure is believed to significantly undercount actual cases, as many are resolved quietly without public record.

Exit bans are database-applied. They are invisible to the subject until the executive attempts to board a flight or cross the border. There is no prior notification.

Pre-travel legal due diligence for executives with significant China commercial exposure should confirm: any outstanding commercial litigation or arbitration involving Chinese counterparties; any regulatory investigations involving the executive’s employer that have a China dimension; any business partners or associated companies currently under investigation by Chinese authorities.

This review should be conducted by legal counsel with specific China expertise, not a general commercial solicitor.

Private security in China: what is and is not possible

The Regulations on the Administration of Security Services (2009) restrict security service provision in China to licensed Chinese companies. Foreign nationals cannot independently operate as CPOs or security consultants in China on behalf of a client. A Western CP team that deploys to China and provides security services without operating through a licensed Chinese provider is operating outside the law.

The practical operating model for foreign executives requiring close protection in China:

Engage a licensed Chinese security company. Chinese-foreign joint ventures in the security sector exist, and several international security companies operate through licensed Chinese partners. The key question is the provider’s actual operational quality, not just their licence.

For tier-one cities (Beijing, Shanghai, Guangzhou, Shenzhen), qualified licensed providers with experience supporting multinational clients are available. For tier-two industrial cities and manufacturing bases, the quality of available providers drops sharply.

For the highest-sensitivity visits, an expatriate security manager or consultant can travel with the principal as an adviser (not providing direct security services themselves), coordinating with and directing the licensed Chinese ground team. This arrangement respects the legal framework while maintaining the quality assurance of a Western-trained security professional in the planning role.

Tier-one vs tier-two vs interior operations

Security planning must account for the significant difference between operating in Beijing and Shanghai versus a manufacturing plant visit in Hubei province or an energy project site in Xinjiang.

Xinjiang carries its own specific security context – FCDO advises caution for travel to Xinjiang given the documented human rights situation and the monitoring environment that is even more intensive than elsewhere in China. Foreign nationals associated with organisations that have published critical assessments of Xinjiang-related issues face potential legal exposure.

Tibetan Autonomous Region and areas of Qinghai, Sichuan, and Yunnan bordering Tibet require separate permits and have specific travel restrictions for foreign nationals.

Digital communications protocol in China

The operating protocol for sensitive communications during China travel:

Establish the communications plan before departure. Identify which platform will be used for sensitive communications (Signal is blocked in China without VPN, ProtonMail may be accessible with VPN, corporate encrypted messaging requires prior VPN configuration).

Brief the principal and all travel party members on the communications protocol before entry. Ad hoc decisions about using standard SMS or unencrypted email for sensitive communications should not be made in-country.

Assume phone conversations on a Chinese carrier are loggable. Sensitive discussions should not happen on a standard voice call while on a Chinese network.

For the broader regional CP context that China sits within, see our close protection in Southeast Asia guide. For the IP protection framework applicable to executives carrying sensitive commercial information to China, see our protecting trade secrets on international travel guide. For the Northeast Asia CP environment directly adjacent to China – Japan (Security Services Act, Abe assassination lessons, PSIA-documented PRC targeting), South Korea (Lazarus Group cyber threat, 2024 martial law crisis) – see our close protection in Japan and South Korea guide. For the specific intelligence risk environment facing executives in Hong Kong post-NSL, Singapore, and Taiwan – including NSL extraterritoriality, POFMA legal risk, cross-strait contingency planning, and clean device protocol for all three hubs – see our close protection in East Asia business hubs guide.

Sources

FBI/NCSC/CISA: Joint Advisory on PRC State-Sponsored Cyber Actors 2023. People’s Republic of China: Regulations on the Administration of Security Services 2009. PRC: Exit and Entry Administration Law 2012. PRC: Cybersecurity Law 2017 (VPN restrictions). Australian Strategic Policy Institute: Foreign Nationals Subjected to Chinese Exit Bans 2023. FCDO: Foreign Travel Advice – China, 2025. OSAC: China Security Report 2024. Control Risks RiskMap 2025: China Chapter. NCSC: Cyber Security Advice for Travellers to China, National Cyber Security Centre, 2024. State Department: China Travel Advisory 2025.