The Transparency Gap: How the UK Confirms Chinese Influence Threats But Stays Silent When Investigations Fail

The UK government names and acts on Chinese influence threats. It goes quiet when investigations close without charges and when compliance data does not exist...

When MI5 issued an interference alert about Christine Lee in January 2022, naming her as an agent of the Chinese Communist Party operating in British politics, the system worked. Parliament was informed. Donations were traced. Barry Gardiner, the Labour MP who had received more than 420,000 pounds from Lee, stepped down from his front-bench role. The Investigatory Powers Tribunal upheld the designation in December 2024. A threat was identified, publicised, and acted upon. But this pattern of confirmation has an uncomfortable mirror image. When investigations find nothing, when compliance regimes publish no data, when enforcement closes without charges, the UK government goes silent.

The National Security Act 2023, which received Royal Assent in July 2023 and came into force in December that year, created new powers to prosecute foreign interference and established the Foreign Influence Registration Scheme. Security Minister Dan Jarvis told Parliament in April 2025 that Parts 1 to 3 of the act had already produced results: six charges brought against individuals conducting activity for foreign states, with five further individuals charged with other offences in related cases. The enhanced tier of the FIR Scheme, covering Russia and Iran, went live on 1 July 2025. The political tier, which will cover all foreign states, will eventually be published as a public register.

Beyond Christine Lee, confirmed cases continue to accumulate. Yang Tengbo, also known as H6, was identified as a Chinese state asset with direct access to Prince Andrew. The Special Immigration Appeals Commission upheld his exclusion from the UK in December 2024, finding links to the United Front Work Department. In March 2024, the UK government attributed the Electoral Commission breach to Chinese state-linked actors, affecting 40 million voter records. The Ministry of Defence confirmed a payroll data breach in May 2024 was attributed to China. In April 2024, two individuals were charged under the Official Secrets Act 1911 for offences related to Chinese state activity. APT31, a Chinese state-aligned hacking group, targeted 43 parliamentary email accounts, though the National Cyber Security Centre confirmed the attacks were entirely unsuccessful. The Electoral Commission breach was a separate, successful operation.

The IPT ruling in December 2024 confirmed MI5 had acted proportionately. But Lee operated for years before the alert. The FIR Scheme, which Jarvis described as designed to shed light on foreign state activity, has published zero compliance figures. No register is live. Parliament has no visibility into how many individuals or organisations have registered, what activities have been declared, or whether the scheme is being circumvented. The light only shines one way.

The Electoral Commission Breach: A Preventable Disaster

In August 2021, attackers gained access to the Electoral Commission’s systems. They exploited ProxyShell vulnerabilities in Microsoft Exchange Server. Patches for these vulnerabilities had been available since April and May 2021. The Electoral Commission never applied them. One account was still using its original allocation password at the time of the breach. The attackers created web shells, accessed voter registration data on multiple occasions, and remained inside the system undetected for over a year. When the breach was finally disclosed in August 2023, the Commission described it as a complex cyber-attack. In March 2024, the UK government confirmed Chinese state-linked actors were responsible.

The technical investigation by the Information Commissioner’s Office revealed the breach was entirely preventable. The ICO found basic security failings at every level: unpatched servers, unchanged default credentials, and no multi-factor authentication on the account that was compromised. The Deputy Information Commissioner stated plainly that if the Electoral Commission had taken basic steps, this breach would not have happened. Forty million people had their data exposed because the body responsible for electoral integrity failed to apply a security patch available for 18 months.

The outcome was not a fine. The ICO issued a reprimand. No monetary penalty was imposed. The Commission accepted the findings and promised improvements. No evidence of data misuse was found, but the regulatory response was a formal telling-off for a completely avoidable breach affecting every registered voter in the country. The contrast with the Christine Lee case is stark. One involved an individual acting as a foreign agent, publicised and prosecuted. The other involved institutional negligence affecting 40 million people, resulting in no financial penalty and minimal public accountability.

Chinese Police Stations: The UK Response Versus the US Response

In April 2023, the human rights organisation Safeguard Defenders reported that China was operating overseas police stations in dozens of countries, including three in the United Kingdom. The stations were allegedly used to monitor and pressure Chinese dissidents abroad. In June 2023, Security Minister Tom Tugendhat provided a written parliamentary statement on the government’s response.

Police have investigated reports of the three alleged sites following the Safeguard Defenders report. They have found no evidence of illegal activity on behalf of the Chinese state at these locations. The public scrutiny these sites have received has had a suppressive impact on their functions.

The Chinese embassy told the Foreign Office the stations had been closed permanently. Beijing called the allegations a complete political lie. But the crucial comparison is with the United States. In April 2023, the US Department of Justice arrested two individuals in New York for operating a secret Chinese police station in Manhattan. They were charged with conspiracy to act as illegal agents of the Chinese government. The UK response was investigation without charge, followed by a statement that public scrutiny had suppressive impact on the stations’ operations. The implication is that the UK chose a different enforcement path, relying on public exposure rather than criminal prosecution. But the silence that follows such decisions creates a vacuum. The public knows Chinese police stations existed. The public knows they were investigated. The public knows no charges were brought. What the public does not know is why the UK chose not to follow the US precedent.

Ukpga 20230032 En

2.7MB ∙ PDF file

Download

Download

Su Jiangbo and the Property Freeze

In March 2025, the National Crime Agency obtained Unexplained Wealth Orders against an individual identified only as Mr X, later named by the OCCRP and Sunday Times as Su Jiangbo. His companies had purchased 108 million dollars worth of London property. The properties were frozen under Interim Freezing Orders. The three-month window for Su Jiangbo to respond closed in June 2025. No public record exists of any response filed. The properties remain frozen. The Crown Prosecution Service described the matter as an ongoing civil recovery investigation.

The case highlights another transparency gap. Su Jiangbo’s companies continued purchasing properties until June 2025, even after the UWOs were obtained in March. The enforcement mechanism allowed property acquisition to continue while investigation proceeded. Developers told investigators that bulk deals were very attractive and that Su never visited the properties in person. Anti-money laundering checks by developers were not required by law. The properties were concentrated in prime London locations including the Triptych Bankside development, where Su purchased 15 units.

The UWO regime, introduced in 2018 under the Proceeds of Crime Act, was designed to compel individuals to explain the sources of their wealth. But the enforcement timeline shows the gap between designation and resolution. Su Jiangbo’s companies bought properties for years before the UWO. The properties were frozen, but no criminal charges have been announced. No forfeiture has been completed. The public sees wealth frozen but not explained, not resolved. The transparency promised by the UWO regime has not materialised in this case.

The Transparency Pattern

The Christine Lee case worked because MI5 acted publicly. The IPT ruling confirmed the action. Parliament was informed. The FIR Scheme, announced by Dan Jarvis, promises a public register of foreign influence registrations, but no register exists yet and no compliance data has been published. The enhanced tier covering Russia and Iran went live on 1 July 2025. The Chinese police station investigation concluded without charges, while the US prosecuted. The Electoral Commission breach exposed 40 million people’s data due to unpatched vulnerabilities, and the Commission was reprimanded, not fined. Su Jiangbo’s properties are frozen, but the case remains unresolved.

The pattern is consistent. When the UK government takes action against Chinese state influence, it publicises it. Christine Lee was named. APT31 was attributed. Official Secrets Act charges were announced. When investigations close without action, the public is told nothing. The police station investigation found no criminal activity, but the public does not know what was investigated or what thresholds were applied. The Electoral Commission’s negligence was confirmed, but no fine followed. The FIR Scheme is live, but compliance figures are secret. Su Jiangbo’s wealth is frozen, but the case remains open with no resolution in sight.

The National Security Act 2023 provides powers to prosecute foreign interference. The FIR Scheme provides transparency mechanisms to expose foreign influence. But transparency only works when it is symmetric. Confirmed threats should be publicised. Closed investigations should be explained. Compliance regimes should publish data. Otherwise, the UK government is not shedding light on foreign influence. It is selectively illuminating its own enforcement successes while leaving the public in the dark about its failures, its non-findings, and its enforcement gaps. The Chinese state operates in darkness. The UK response should not mirror it.

Sources

• 1legislation.gov.uk — National Security Act 2023 (as enacted)

• 2GOV.UK — Dan Jarvis ministerial statement on FIR Scheme implementation, 1 April 2025

• 3NCA — UK Electoral Commission breach attributed to suspected Chinese state-related cyber actor

• 4Infosecurity Magazine — ICO reprimands Electoral Commission over security failures

• 5TechRadar — ICO reprimands UK Electoral Commission over cyberattack that left voter data exposed

• 6US Department of Justice — Two arrested for operating illegal overseas police station for Chinese government, April 2023

• 7OCCRP — Mr X Revealed: UK freezes $108M in properties purchased by wanted Chinese national

• 8Weekly Blitz — UK freezes $108 million in London properties linked to wanted Chinese national