Reselling cross-border AI tools
China's probe into Meta's US$2B Manus acquisition exposes regulatory gaps in vendor onboarding—here's what solution providers need to ask AI vendors before adding them to their portfolio.
Meta's US$2 billion acquisition of AI agent startup Manus just became a case study in what solution providers could get wrong about AI vendor risk. When China's Ministry of Commerce announced January 9 it would investigate whether the deal violated export controls, the message was clear: where an AI vendor incorporates means nothing if the technology was developed elsewhere.
For solution providers across APAC adding AI tools to their portfolios, the Manus case exposes a critical gap in vendor onboarding processes. Standard due diligence focuses on technical capabilities, margin structures, and service level agreements.
Almost none evaluate whether a vendor's technology development history creates ongoing regulatory exposure that could disrupt customer contracts.
"Although Manus was officially registered in Singapore, the company developed its AI products in mainland China, giving Chinese authorities legal grounds to scrutinise whether sensitive technologies were transferred abroad," China's Ministry of Commerce spokesperson He Yadong said at a January 9 briefing.
The investigation will examine when, how, and which technologies Manus transferred from its China-based operations—even after relocating 105 employees to Singapore in 2025.
Why APAC solution providers face unique exposure
APAC solution providers operate at the epicenter of US-China technology tensions, making vendor regulatory risk more than a theoretical concern. The region's value-added distributors and resellers increasingly position themselves as trusted advisors rather than pure-play product movers.
That shift toward consultative selling creates new liability when vendors face regulatory investigations that compromise service delivery. Consider the typical AI agent deployment scenario: a solution provider sells Manus's automation platform to an enterprise customer with a 24-month contract including service continuity guarantees.
Six months in, regulatory investigations create operational uncertainty. The solution provider now faces three problems simultaneously—contractual obligations to maintain service, unclear vendor capability during regulatory review, and potential need to migrate customers to alternative platforms mid-contract.
Winston Ma, adjunct professor at New York University School of Law who focuses on AI and the digital economy, told the South China Morning Post the Manus review "could become a high-profile test case for China's equivalent of the Committee on Foreign Investment in the United States."
The investigation timeline could stretch up to six months according to legal experts, creating extended periods of vendor uncertainty for partners with active customer deployments.
The cross-border compliance framework solution providers overlooked
China updated its technology export control rules in 2020, expanding coverage to include certain algorithms—changes widely interpreted as giving Beijing stronger legal grounds to intervene in deals involving strategic technology.
The framework asserts jurisdiction over technology developed within China, regardless of where companies later incorporate or where their founders relocate.
Dai Menghao, Shanghai-based partner at King & Wood Mallesons specializing in export controls and sanctions, told SCMP that "the AI agent developed by Manus was definitely something that Chinese regulators could subject to export controls."
This creates a dual-jurisdiction problem for APAC solution providers: AI vendors may face regulatory scrutiny from both where technology was developed and where it's being deployed. The regulatory reach extends beyond completed deals.
If Chinese regulators determine Manus should have obtained export licenses before transferring technology or talent abroad, the company's founders could face criminal charges under Chinese law—creating vendor stability risk that no service level agreement addresses.
The new vendor vetting checklist for AI portfolio decisions
Solution providers evaluating AI vendors for their portfolios need to move beyond traditional technical and commercial assessments. This includes running multiple verifications on the origin of the technology. This includes finding out where the core AI model, agent, or platform developed and even understanding which jurisdictions' export control regimes might claim authority over the technology.
Also, when acquisitions, takeovers or mergers happen, will there be service continuity? Does the vendor maintain service continuity insurance or escrow arrangements? What customer notification obligations exist during regulatory review periods? And are there contractual provisions for vendor-funded customer migration if regulatory action blocks operations?
There are risk transfer mechanisms that need to be considered. For example, does the vendor agreement include indemnification for regulatory compliance failures? What liability caps apply during force majeure events including regulatory investigations? Are there alternative vendor relationships that can be activated for rapid customer migration?
Nick Patience, AI lead at The Futurum Group, told CNBC that "the most likely outcome is a lengthier approval process and potential conditions around how Manus technology developed in China can be used, rather than an outright block."
Even if investigations don't block operations entirely, extended approval processes create business uncertainty that solution providers must contractually account for.
The Manus case creates a market opportunity for solution providers who can credibly assess and communicate AI vendor regulatory risk. As APAC businesses face growing pressure to navigate US-China technology tensions, the ability to provide vendor risk transparency becomes a differentiator beyond technical expertise or pricing.
For solution providers, the lesson isn't about Meta's specific deal—it's about recognizing that AI vendor compliance risk extends far beyond what traditional due diligence processes capture.
In APAC's value-added channel ecosystem, where solution providers increasingly position themselves as trusted advisors rather than transactional resellers, the ability to assess and communicate cross-border AI vendor risk may become as important as technical certifications or vendor authorizations.