Ning Xuanfeng (Susan)

Managing Partner of Regulatory & Compliance

Sanya, China

Beijing, China

Areas of Practice

Susan Ning holds a Bachelor of Law from Peking University and a Master in Law from McGill University. She was admitted as a Chinese lawyer in 1988.

Susan joined King & Wood Mallesons (KWM) in 1995. She is the managing partner of the Regulatory & Compliance Group. Susan’s main areas of practice include cybersecurity and data compliance, antitrust and competition law. In addition, Ms. Ning also practises international trade and investment law.

Prior to the enactment of the Anti-Monopoly Law (AML) in 2008, the Cybersecurity Law (CSL) in 2017, the Data Security Law and the Personal Information Protection Law in 2021, Susan took a very active role in assisting and consulting with the Chinese government on the bill drafting. Since the enactment of these laws, she has been actively involved in drafting regulations, measures for implementation and guidelines. Through these consultations and her extensive experience in helping clients to deal with antitrust investigations, Susan built and maintained a close working relationship with the Chinese regulatory authorities. In order to grasp the latest developments and regulatory trends in big data legislation, the KWM cybersecurity and data compliance team, led by Ms. Ning, is a member of the Information Security Management Working Group in the National Information Security Standardization Technical Committee, the Big Data Standards Working Group in National Information Technology Standardization Technical Committee and the National Artificial Intelligence Standardization General Group and actively participates in the formulation of industry standard of big data.

Work Experience

Susan Ning is a highly regarded lawyer at home and abroad. She currently serves as Vice-Chair of the ICC Commission on Competition, Co-Chair of ICC Task Force on Competition and Digital Economy, Chair of GCR Connect Law Leaders Asia-Pacific, and Advisory Board member of the New Champions Community of the World Economic Forum. She also serves as the Antitrust Expert of Beijing Municipal Market Supervision Administration. During her tenure as the first Chairman of the Antitrust Committee of the Inter-Pacific Bar Association, Susan actively participated in various activities of the International Antitrust Forum.

Susan and her team are highly acclaimed in the Chinese antitrust practice. She was ranked Band 1 in Competition/Antitrust and Data Protection & Privacy by Chambers and Partners Greater China Region in 2023, and Leading Individual in data protection by the Legal 500 Asia Pacific for several years. She was also ranked the Female Award of the Year by the Asian Legal Business in 2023. Since 2010 she has been named leading lawyer in antitrust and competition by top international legal directories such as Chambers Asia Pacific, The Legal 500, IFLR1000, and asialaw Profiles.

Cybersecurity and Data Compliance

As the value of data for business competition increases, Susan is one of the pioneers engaged in the cybersecurity and data compliance sector and has a professional team of lawyers with interdisciplinary backgrounds. Susan assists clients in establishing internal systems concerning data compliance (including personal information protection), formulating and modifying privacy policy and compliance plans, developing cross-border data transmission plans, developing data commercialisation compliance programs, conducting self-assessment of cybersecurity and data compliance, conducting internal training on cybersecurity and data compliance, and responding to cybersecurity inspections and network security emergencies. She advises clients on telecom regulation and cybersecurity compliance concerning cloud services, and assists clients with review and consultation services concerning cross-border transfer of evidence in litigation and arbitration. She also provides consultation services on data compliance in pioneer areas such as block-chain, artificial intelligence, and Internet of Things.

Ms. Ning has extensive experience in corporate compliance, internal investigations and compliance & government investigations, crisis management, etc. She has represented major multinational companies in crisis events, including government investigations and related administrative reviews. She assisted clients in handling large-scale compliance projects involving anti-corruption, anti-commercial bribery, food safety management processes, and internal control systems, and data compliance projects across multiple jurisdictions. She assisted with the local updating of clients’ internal data compliance systems to help clients meet the different legal and regulatory requirements of other jurisdictions where they operate.

Susan Ning specialises in assisting companies to establish and improve cybersecurity and data compliance systems in compliance with requirements of China, the European Union (GDPR), the United States and other jurisdictions, to protect the global flow and commercialisation of enterprise data. Susan has assisted companies in sectors such as IT, communications, mobile payment, intelligent connected vehicle (ICV), finance, media, energy, aviation, chemical and manufacturing.

Representative projects are as follows:

Cybersecurity and Data Compliance under PRC Cybersecurity Law (“Cybersecurity Law”)

  • Assist a domestic clearing institution in its data compliance system and provide legal advice on the legality of its overseas branch’s access to domestic data platform.
  • Assist a renowned domestic company engaging in Internet news and information in the personal information protection compliance project, including due diligence on internal network security and data compliance based on compliance obligations under the Cybersecurity Law and its supporting measures.
  • Assist a famous domestic mobile phone manufacturer in the personal information protection project, including identifying relevant risk points, proposing corresponding rectification proposals and conduct compliance training for employee in accordance with compliance obligations under the Cybersecurity Law and its supporting rules.
  • Assist a renowned international company in consumer goods industry in due diligence on the data compliance of its suppliers regarding a data commercialisation application project and provide data compliance consultation services.
  • Assist a globally renowned mobile Internet enterprise to communicate with government agency on data access issues, submit legal analysis and provide compliance advice on the collection and processing of personal information involved in its cloud computing services.
  • Assist the famous domestic financial holding group in data compliance, data integration and asset-based management project. Assist the Company in guiding the implementation of data governance and integration project with scenario-based thinking based on the data sharing process and data lifecycle characteristics. Access the business data of members of the Financial Holding Group for lawful commercial utilisation.
  • Assist an internationally renowned manufacturer of healthcare products, medical devices and pharmaceuticals in providing legal services for local cyber security and data compliance in China. Assisting the company in legally transferring relevant medical data and personal information across borders; and conducting compliance review of existing internal compliance policies and systems in accordance with existing laws and regulations. In addition, providing legal suggestions for further optimisation of internal compliance policies and procedures.

GDPR Data Compliance

  • Assist a famous well-known domestic fin-tech enterprise in the multi-jurisdictional data compliance project, including conducting due diligence on data processing activities of various business lines in accordance with GDPR requirements, identifying compliance risks in the data life cycle, proposing corresponding rectification opinions; updating and localizing the internal data compliance system for the company in accordance with diversified legal and regulatory requirements of other jurisdictions in which the company conducts business. 
  • Assist a globally famous automobile manufacture in GDPR data compliance project, sort out collection, storage, use of personal data and cooperation with third parties possibly involved in the company’s EU business, analyse the potential issues concerning GDPR and provide suggestions for rectification.
  • Assist a well-known domestic mobile phone operating system operator in the GDPR data compliance project, including revising privacy policy and terms of use, formulating internal compliance management policies; determining the country where the European data center to be located; selecting and appointing data protection officer; assisting the company in signing standard agreement concerning cross-border transfer of data; applying for third-party GDPR compliance certification, etc.
  • Assist a renowned international computer operating system developer in GDPR data compliance project, including reviewing the existing global privacy policy, identifying the compliance risks which do not comply with the requirements of the Cybersecurity Law and GDPR, proposing a feasible improvement program and conducting GDPR compliance training for employees.
  • Assist a famous ride-hailing platform in carrying out multi-jurisdictional data compliance projects, including building an international business data compliance system according to GDPR and specific obligations of laws and regulations in other overseas regions, and issued network security supervision status reports in multiple jurisdictions overseas; provides a customized implementation strategy based on the current practice of the clients, and provides comprehensive advice on the appointment of a data protection officer.

Antitrust and Competition Law

With the implementation of the Anti-Monopoly Law (AML) on 1 August 2008, Susan began to fully engage in the area of AML and anti-unfair competition law. Her practice in this area mainly includes merger control filings, antitrust investigations, compliance and antitrust litigation.

KWM officially established its Antitrust Group in 2003, which was the first specialised practice team in this area among Chinese law firms. Since 2003, Susan and her team have undertaken hundreds of merger control filings on behalf of clients, mostly consisting of multinational corporations from industries such as chemicals, semiconductors, luxury goods, transportation, hotels, automobiles, high technology, finance, trade, telecommunications, energy and the Internet. Susan has also assisted a number of clients on confidential investigations of cartel conducts, resale price maintenance and abuse of dominance and represented several landmark litigation cases in relation to monopoly agreements and abuse of dominance. Susan has advised a number of clients regarding establishing and improving their antitrust and competition compliance systems and conducting internal audits.

Susan’s representative projects include: 

Merger Control Filings

  • Represent Whirlpool Corporation in the merger filing of Galanz’s acquisition of Whirlpool China.
  • Represent Toyota and Panasonic in the merger filing of the establishment of a joint venture by Toyota and Panasonic in the area of electric car batteries.
  • Represent Praxair in the merger filing of the merger between Praxair and Linde.
  • Assist Monsanto in the merger filing of Bayer AG’s equity acquisition of Monsanto.
  • Assist Tronox, a globally renowned supplier of inorganic minerals and chemicals, in the merger filing of its acquisition of the titanium dioxide business of Cristal, another leading company in the same industry and obtain clearance without condition.
  • Assist Hisense in the merger filing of its acquisition of equities of Toshiba.
  • Represent Mead Johnson in the merger filing of Reckitt Benckiser Group’s acquisition of equities of Mead Johnson.
  • Represent Lam Research in the merger filing of the merger between Lam Research and KLA-Tencor.
  • Assist Chinese shareholders of Blueair in the merger filing of Unilever’s acquisition of Blueair.
  • Assist Sherwin Williams, a leading brand in the U.S. coating industry, in the merger filing of its acquisition of Valspar, another industry-leading company for $11.3 Billion.
  • Assist Alcatel-Lucent in the merger filing of Nokia’s acquisition of equities of Alcatel-Lucent.
  • Assist in the merger filing of the establishment of a joint venture by Corun, Toyota China, PEVE, Xin Zhong Yuan and Toyota Tsusho.
  • Represent Nokia in the merger filing of Microsoft’s acquisition of equipment and services of Nokia.
  • Assist Pfizer in the merger filing of Pfizer’s acquisition of Wyeth.

Antitrust Investigations and Compliance

  • Represent a RORO shipping company to apply for leniency treatment in an investigation initiated by National Development and Reform Commission (NDRC) against an international cartel and assisted the client to obtain full immunity.
  • Represent an auto part company to apply for leniency in an investigation initiated by NDRC against an international cartel and assisted the client to obtain full immunity.
  • Represent a multinational smelting company on a complex antitrust dispute involving three different types of legal proceedings (international arbitration for IP infringement, civil antitrust litigation and administrative antitrust investigation), and assisted client in settlement with plaintiffs, and eventually received no penalties from NDRC.
  • Represent a Standard Setting Organisation in an antitrust investigation initiated by NDRC on alleged abusive conducts, and assisted client to settle with whistleblower and investigation agency, and eventually received no penalties from NDRC.
  • Represent a technology licensing company in an antitrust investigation initiated by NDRC on alleged excessive pricing and other abusive conducts and represented client before NDRC, and eventually received no penalties from NDRC.
  • Represent a pharmaceutical company in an antitrust investigation initiated by NDRC and represented client before NDRC, and eventually received no penalties from NDRC.
  • Represent an international pharmaceutical appliance company in antitrust investigations initiated by State Administration for Market Regulation (SAMR) and the NDRC, and the client eventually received no penalties from the NDRC.
  • Represented a leading internet platform company in responding to administrative investigation with regard to a cartel allegation concerning joint procurement.
  • Represented a leading multinational retail corporation in responding to administrative investigation resulting from complaints by Chinese retail giants.

Antitrust Litigation

  • Represent the client in launching a lawsuit before the Higher People's Court in Jiangsu province against IDC (InterDigital Technology Corporation) and several other defendants accusing them of abuse of dominance in relation to SEP license issues. We eventually assisted the client to reach a favorable settlement agreement with the defendant.
  • Advise Huawei in its lawsuit against IDC for abuse of dominance. This is the first antitrust litigation in China involving intellectual property issues relating to SEPs.
  • Represent Qihoo in launching a lawsuit against Tencent with respect to abuse of dominance. This is the first antitrust litigation in China to involve comprehensive analysis of competition law and the first competition case to be heard by the Supreme People’s Court.

International Trade and Investment Law

Susan started to practice international trade and investment law since 1995. She was one of the earliest Chinese lawyers in this area and has been widely recognised among her peers. Susan’s areas of practice in international trade include foreign direct investment (FDI), anti-dumping and countervailing duty. In 1997, Susan represented the client in the first anti-dumping investigation case in China. In 2002, Susan participated in the first WTO case after China’s accession to the WTO where she represented MOFCOM’s filing against U.S. safeguard measures on steel imports from China.

In 2008, Susan led a team to work as the sole Chinese legal counsel to the Beijing Organising Committee of the Games of the XXIX Olympiad. As head of the team, Susan provided a wide range of legal advice by reviewing, drafting, and revising various Chinese and English legal documents as well as participating in many key negotiations.

Major Publications

Her articles on the AML have been published by many renowned international competition law journals and publications, including Euromoney’s Competition & Antitrust Review and Global Competition Review. As the author of the Practice Guide to China Antimonopoly Law (published by CCH) and other works in law, she won Antitrust Writing Award by Concurrences in 2019.

Cybersecurity and Data Compliance

  • Global Practice Guides Cybersecurity 2020-2023 Chambers China Chapter;
  • Global Practice Guides Artificial Intelligence 2022 Chambers China Chapter;
  • International Comparative Legal Guide to Data Protection 2019-2022 China Chapter;
  • International Comparative Legal Guide to Cybersecurity 2018-2023 China Chapter;
  • International Comparative Legal Guide to AI, Machine Learning & Big Data 2021-2022 China Chapter;
  • Bank Secrecy Laws (China), Thomson Reuters, January 2022;
  • “Data Compliance Series 1 -- Reflections on the Facebook Incident”, KWM China Law Insight, March 2018;
  • “The Wise and Informed Adapts to the Changing Time and Circumstances Discussing the Issues on ‘Information Technology – Personal Information Security Specification’ from a Practical Perspective”, LexisNexis China Legal Review, January 2018;
  • “Observations and Perspectives on the 1st Year Implementation of CSL, on 2017 Final Issue of LexisNexis China Legal Review”, LexisNexis China Legal Review, December 2017;
  • “Cybersecurity and Data Protection Issues in Chinese Enterprises’ Outbound Acquisition in the Context of ‘One Belt and One Road’”, Journal of Shantou University Journal of Cyber Affairs, Vol. 7, 2017;
  • “Brief Analysis on the Impact of Data on Competition in the Big Data Era”, Journal of Shantou University Journal of Cyber Affairs, Vol. 5, 2017;
  • “Important things must know since Cybersecurity law took effect”, KWM China Law Insight, August 2017;
  • “Brief Analysis on the Regulations for the Security Protection of Critical Information Infrastructure (Draft for Comments)”, KWM China Law Insight, July 2017;
  • “Whether ‘Big Data’ Could Facilitate Monopoly in the Platform Economy and How We Shall Step In”,Competition Policy International, June 2017;
  • “Petya Attack Makes It A Proper Time to Prepare Emergency Plan for Cybersecurity Incidents”, KWM China Law Insight,June 2017;
  • “Security of ‘NEW’ Internet services remains under ‘Supervision’”, KWM China Law Insight, June 2017;
  • “The Cybersecurity Law and its Supporting Rules Take Off Today”, KWM China Law Insight, June 2017.

Antitrust and Competition

  • “China Anti-Monopoly Law Guide”, published by CCH;
  • “GCR Know-how—IP & Antitrust 2017”, Global Competition Review;
  • “Practical Law Global Guides: Competition Guide—China Merger Control Q&A”, Thomson Reuters;
  • “Practical Law Global Guides: Competition Guide—China Restraints of Trade and Dominance Q&A”, Thomson Reuters;
  • “Practical Law Global Guides: Cartel Leniency Guide—China Q&A”, Thomson Reuters;
  • “The Cognizance of Vertical Price Monopoly Agreement—The Fusion of Administration and Judicature, KWM China Law Insight, July 2017;
  • “On the Revision of Measures for the Administration of Automobile Sales—From the perspective of Anti-monopoly”, KWM China Law Insight, April 2017;
  • “Focusing on the Antimonopoly Guide of State Council on Intellectual Property”, KWM China Law Insight, March 2017;
  • “Regulation on ‘Exclusive Arrangements’”, KWM China Law Insight, March 2017;
  • “Monopoly Issues in Sharing Economy”, KWM China Law Insight, December 2016;
  • “Analysis on Abuse of Comparatively Advantageous Position”, KWM China Law Insight, November 2016;
  • “Abuse of Dominance: New Developments in the Tetra Pak Decision”, KWM China Law Insight, November 2016; 
  • “Anti-Monopoly Laws and Regulations On Information Exchange in Major Jurisdictions”, KWM China Law Insight, August 2016; 
  • “Chinese Court Rendered Final Judgment on Rainbow v. Johnson & Johnson – the First Antitrust Private Action of Vertical Monopolistic Agreement”, KWM China Law Insight, August 2013. 

Current site :    CN   |   EN
China Hong Kong SAR
United Kingdom
United States
KWM International Legal Service Center For Digital Economy

KWM International Legal Service Center for Digital Economy (“Digital Centre”), established in 2020, integrates the industry’s premium resources to build a cross-practice and multi-disciplinary research team. As the first innovative and integrated international legal service platform focusing on legal research and legal services in digital economy in China, the Digital Center puts the theory of “law + digital economy” into practice, and has been actively engaged in digital economy legislation and rule-making. It also translates pioneering research into legal service offerings of business value to help clients ride on the digital economy wave.