- Anthropic’s terms of service ban sales of Claude Code to companies controlled by China, and the FT reports it is trying to enforce that.
- Firms including Ant Financial and ByteDance are reportedly circumventing the restriction via cloud services, Singapore subsidiaries, or VPNs.
- Alibaba has banned its own employees from Claude Code and told them to delete all Claude models.
- The internal ban followed reports of hidden code that could flag China-based users; Anthropic says the experiment has been replaced with stronger safeguards.
What Happened
Anthropic is trying to stop Chinese companies from accessing Claude Code, the Financial Times reported, as covered by The Decoder on July 3, 2026. The company’s terms of service explicitly ban sales to firms controlled by China, but companies such as Ant Financial and ByteDance are reportedly getting around the restriction through cloud services, overseas subsidiaries in Singapore, or VPNs.
At the same time, and pointing in the opposite direction, Alibaba is banning its own employees from using Claude Code and requiring them to delete all Claude models, according to a report from The Information.
Why It Matters
The two-sided restriction shows how export limits and corporate policy are colliding around frontier coding tools, with pressure coming from both governments and companies. For Anthropic, the access fight is not only about compliance with US-aligned export norms but about protecting its models from being copied.
The company has previously accused Alibaba, DeepSeek, Moonshot AI, and MiniMax of using Claude for distillation — training smaller models on Claude’s outputs — which frames the effort to block access as a defense of model intellectual property as much as a legal requirement. That history also explains why a Chinese firm like Alibaba might independently bar its staff from the tool: continued use invites exactly the distillation accusations Anthropic has leveled.
Technical Details
Alibaba’s internal ban followed reports of hidden code in Claude Code that could flag users based in China or linked to a Chinese lab. Anthropic’s Thariq Shihipar called it an experiment from March intended to stop account abuse and distillation, and said stronger safeguards have since replaced it, though he did not detail them. The circumvention methods reported by the FT — cloud access, Singapore-registered subsidiaries, and VPNs — are the standard routes around geographic sales restrictions, and are difficult to detect from account metadata alone, since a Singapore subsidiary paying with a local entity looks like a legitimate customer. That detection gap is the core enforcement problem: the terms of service are clear, but the signals needed to enforce them are weak.
Who’s Affected
The restrictions affect large Chinese technology firms that rely on Claude Code for development, including ByteDance and Ant Financial, and Alibaba’s own engineers, who must now remove Claude models from their machines. Anthropic faces the enforcement burden of policing access without over-blocking legitimate users elsewhere, a balance that the March flagging experiment appears to have gotten wrong. Rival Chinese labs previously accused of distillation — DeepSeek, Moonshot AI, and MiniMax — are indirectly implicated in the tightening.
What’s Next
Enforcement is the unresolved problem: sales bans are hard to police when access flows through cloud intermediaries and overseas subsidiaries. Anthropic says it has replaced the March flagging experiment with stronger safeguards, but has not described them, leaving open how it will distinguish restricted buyers from legitimate ones. Whether Alibaba’s internal ban spreads to other Chinese firms will indicate how much the distillation concern — and the reputational risk of using a US model under scrutiny — is shaping corporate behavior on both sides of the Pacific.