Earlier today, the National Development and Reform Commission posted a very brief notice on its website:

The office in charge of foreign investment security review (NDRC) has decided to block the foreign acquisition of the Manus project and require the parties to unwind the deal.

Just one sentence—but the meaning is clear: after months of speculation and review, the rumored Manus–Meta deal is officially over.

A one-million-dollar question is how NDRC enforce the order. Blocking the investment is the easy part. The hard part is unwinding the deal.

As a Chinese lawyer rightly pointed out, Manus isn’t a steel plant or a chip fab. Its core value isn’t in countable physical assets, but in code, models, data, agent workflows, product logic, engineering experience, and the team’s know-how. If you’re unwinding a steel plant or a chip factory, the boundaries are clear—equity, equipment, IP, people—you can list everything and reverse it. But with an AI agent company, the real value isn’t on the balance sheet. It’s in the code, models, data, workflows, product logic, and the team’s know-how.

Once those things have been seen, copied, or absorbed into Meta, you can legally “unwind the transaction,” but you can’t really rewind history.

If the deal has already closed—money paid, people integrated, technology and ideas flowing into Meta’s systems—then unwinding is no longer just about returning shares or canceling contracts. It becomes something much harder: proving that Meta is no longer using any of Manus’s capabilities.

That’s essentially forced divestiture plus “technology decontamination.” You can delete code, cut access, isolate databases—but you can’t easily remove what engineers have learned, or the product ideas already embedded in a large organization.

Then there’s the money. If the deal has closed, the cash may already be distributed across founders, funds, and employees. Whether Meta can get it back depends on the deal terms—risk disclosure, reps and warranties, indemnities, escrow, and so on. That likely turns into a complex M&A dispute.

Finding a new buyer isn’t straightforward either. If the core team and technology have already been absorbed, what exactly is left to sell? And any buyer would need to satisfy regulators, not just offer the highest price.

Finally, the compliance standard itself is extremely demanding. For AI, simply selling the equity isn’t enough. Regulators will want to see a real cut-off—no control, no data access, no tech usage, no personnel overlap—and that likely requires ongoing third-party audits, not just promises.

The decision was made several days before US President Donald Trump’s potential visit to China,and it was reported that China and US is negotiating in mutual investment. It’s not clear whether this case will be on the table of the “investment board”, which was confirmed and promised to be established during the Paris talks between the two countries.

Going back to early March 2025, Manus first took off through an invite-only beta. At one point, invite codes were even being resold on secondary markets. As the hype grew, so did the questions.

The core issue was pretty straightforward:was this a genuine technical breakthrough, or mainly a clever integration of existing models and tools?

In the tech community and media, the debate focused on a few points—how much Manus relied on third-party model APIs, and whether its so-called “general agent” capabilities came from orchestrating tools, or from real algorithmic innovation. But without full technical disclosure or a shared evaluation framework, the debate never really got settled.

In April 2025, Bloomberg reported that Manus’s parent company, Butterfly Effect, raised about $75 million at a roughly $500 million valuation, led by Benchmark, with plans to expand overseas. By June, Chinese media reported that the company was restructuring globally—moving its headquarters to Singapore and scaling down its China team.

Reactions were mixed. Supporters saw it as a rational move to improve global operations. Critics linked it to geopolitical risks, investor pressure, and potential regulatory concerns.

What really shaped the outcome came at the end of 2025.

On December 29, Manus announced on its blog that it would be joining Meta. It outlined some high-level plans—continuing the product, accelerating iteration, and bringing part of the team into Meta. But one key detail—the deal size—was never clearly disclosed. Media estimates ranged from $2–3 billion to higher, but there was no official number.

That’s when regulators formally stepped in.

In January 2026, the Ministry of Commerce of the People’s Republic of China signaled that it was reviewing the deal. Shortly after, at a regular press briefing, it said it would work with other agencies to assess the transaction’s compliance with export controls, technology transfer rules, and outbound investment regulations.

Looking back, that statement carried a lot of weight. It didn’t frame the issue under just one regulatory regime—it put the deal into a broader, cross-cutting compliance framework. That meant the review could touch on everything: technology, deal structure, funding, control, and procedural issues.

By late March, multiple international media outlets reported that some Manus executives had been restricted from leaving China, reinforcing the sense that the review had become serious.

Interestingly, and contrary to what many policy watchers and lawyers expected, the tool ultimately used was not export controls, but foreign investment security review.

This mechanism is sometimes described as China’s version of CFIUS. Many people have heard of it, but few can clearly explain how it works. That’s partly because it’s not a system with highly detailed rules and transparent case law.

At its core, it’s a cross-agency review mechanism led by the NDRC and the Ministry of Commerce. You can think of it as an interagency consultation system—once a transaction touches on national security concerns, it gets pulled into this process.

What triggers it? Broadly two things.

First, sensitive sectors—traditionally defense, energy, and critical infrastructure. But in recent years, the scope has clearly expanded to include data, AI, and digital platforms.

Second, control. It’s not just about majority ownership. If an investor can materially influence decisions—through equity, contracts, board seats, or other means—that can be enough to trigger a review.

What’s more interesting is how the system actually works in practice.

On paper, it’s a structured process: companies file, regulators conduct an initial review, and if needed, move to deeper assessment or even a “special review.” But in reality, a lot happens before anything is formally filed.

Companies often engage regulators early, even at the deal design stage, to get a sense of the likely outcome. If the risk looks too high, the structure gets changed—or the deal never happens. Cases that are formally blocked are relatively rare in public view, but that doesn’t mean the system isn’t powerful. Its real impact often shows up as self-restraint at the front end.

Outcomes can vary: approval, conditional approval (for example, data localization or operational separation), or outright prohibition with a requirement to unwind. And if a deal wasn’t filed in the first place, it can still be investigated after the fact.

If you compare this with the U.S. CFIUS system, the contrast is quite clear. The U.S. approach is more formalised and institutionalised, with clearer rules and precedents. China’s system is more flexible, less transparent, but also more adaptable—and more closely tied to broader industrial and national security priorities.

The first landmark case in China’s foreign M&A sector involving a de facto security review — and ultimately failing — was Carlyle Group’s attempted acquisition of Xugong Group, which began in late 2005.

In October 2005, U.S. private equity firm Carlyle agreed to acquire an 85% stake in Xugong Machinery for about USD 375 million. At the time, Xugong was one of China’s largest construction machinery manufacturers, with a strong position in cranes, road rollers, loaders, and other heavy equipment. This was therefore not a simple financial investment, but a typical case of a foreign investor seeking control over a leading Chinese equipment manufacturer. Public sources later widely described it as one of China’s largest foreign acquisitions at the time.

The Carlyle-Xugong deal then turned into a years-long process of restructuring and regulatory negotiation. To secure approval, the transaction structure was repeatedly revised: Carlyle first sought an 85% stake, then reduced it to 50%, and later further to 45%. In other words, Carlyle moved from seeking absolute control, to joint control, and then to a minority stake, hoping to reduce the sensitivity around control rights. However, the deal still failed to obtain approval. After nearly three years of efforts, Xugong ultimately withdrew from the investment arrangement in 2008.

The significance of the case lies in the fact that it occurred before China had formally established a foreign investment security review regime, but it made Chinese regulators recognize the urgency of creating one. In 2006, MOFCOM and five other ministries issued the Provisions on the Acquisition of Domestic Enterprises by Foreign Investors, requiring parties to report foreign acquisitions that would give foreign investors actual control over domestic enterprises in key industries and that involved factors affecting, or potentially affecting, national economic security.

In 2008, Article 31 of the Anti-Monopoly Law further provided that where a foreign investor’s acquisition of a domestic enterprise, or other participation in a concentration of undertakings, involved national security, it should undergo a national security review in addition to merger review. In 2011, the State Council General Office issued the Notice on Establishing a Security Review System for Foreign Investors’ Mergers and Acquisitions of Domestic Enterprises, formally creating China’s foreign M&A security review regime.

That said, at the time, attracting foreign investment remained the dominant policy priority, so the foreign investment security review system was rarely used in practice.

One more development is worth noting.

On April 24, Bloomberg reported that China is considering restricting top tech companies—including leading AI startups—from accepting U.S. investment without government approval, to prevent sensitive technologies tied to national security from being accessed by foreign investors.

Looking ahead, this review mechanism is only going to become more important. It used to focus mainly on traditional sectors, but it’s now clearly extending into data, AI, and platform economies—the new critical infrastructure of the digital age.

And even though technology export control rules weren’t ultimately used in the Manus case, that doesn’t mean they’re irrelevant. If anything, the “butterfly effect” of this case could reshape how Chinese AI companies think about globalization—from capital and technology to talent—and raise a whole new set of regulatory questions going forward.