The 1260H List Names the Companies. It Doesn't Map What They Own.

On June 8, 2026, the Department of Defense published its updated list of Chinese military companies under Section 1260H. The list names 188 entities, primary designees and their explicitly identified subsidiaries.

Contracting prohibitions take effect June 30. For defense primes, that deadline is urgent. But the downstream ownership risk embedded in this list reaches far beyond the defense sector into global banking, multinational supply chains, and any organization that screens counterparties for sanctions exposure.

---

The June 8 list is a significant document. Across 80 primary designees and 108 explicitly named subsidiaries, it covers household names across aerospace, semiconductors, maritime shipping, genomics, surveillance, electric vehicles, and telecommunications.

AVIC, Huawei, COSCO SHIPPING, SMIC, DJI, BGI Group, BYD, CATL, Tencent, Alibaba, Baidu. Each is designated because of direct or indirect affiliation with Chinese SASACs, the PLA, MIIT, or other organs of China's military-civil fusion apparatus.

For defense contractors, the immediate concern is the June 30 contracting prohibition, which bars DoD from entering into renewing or extending contracts with listed entities or entities under their control. A second-tier prohibition takes effect June 30, 2027, extending to end products and services acquired indirectly through third parties.

But the compliance stakes here are not limited to defense contractors. They extend to anyone who screens counterparties for risk and who needs to understand what's actually connected to these entities.

Why the 1260H List Matters For and Beyond Defense

The 1260H list has a pattern worth understanding well. It functions as a leading indicator of more restrictive designations to come.

Several companies on the current list are already subject to OFAC sanctions and BIS export controls. AVIC and SMIC carry OFAC SDN designations. Huawei appears on the OFAC Non-SDN Chinese Military-Industrial Complex (NS-CMIC) list, which restricts U.S. persons from purchasing or selling the company's publicly traded securities. SMIC is also on the BIS Entity List.

That trajectory — 1260H first, then stricter designations — has repeated across multiple iterations of the list. Compliance teams and financial institutions that treat this list as only relevant to government procurement are misreading it. Entities on the list, and their downstream affiliates, represent elevated risk for:

Banks and financial institutions. OFAC's NS-CMIC list prohibits U.S. persons from trading securities in designated companies. The 1260H list is the document that identifies which companies are candidates. A bank onboarding a fund with exposure to a 1260H-linked holding structure, or processing transactions for an unlisted subsidiary of a designated entity, faces the same downstream risk that has defined Huawei and SMIC enforcement. KYB and KYC programs that screen only against current OFAC and BIS lists are operating one cycle behind.

Multinationals with global supply chains. Several companies on the 1260H list are among the world's largest in their sectors. COSCO SHIPPING is the world's largest shipping company. CATL is the world's largest EV battery manufacturer. BYD is the world's largest EV producer by volume. Tencent and Alibaba power significant portions of global digital commerce. Any multinational with exposure to these entities (through suppliers, logistics partners, distributors, or technology vendors) faces risk that a list-based screen may not surface.

The Downstream Problem: What Sayari Found

The named entities on the 1260H list represent the publicly designated surface. What lies beneath it is structurally larger.

Sayari's Commercial World Model maps ownership and control relationships traced to primary-source government registries across 250+ jurisdictions. When we traverse the downstream ownership structures of just three companies from the June 8 list, the gap between the named entities and the full risk exposure becomes clear.

AVIC — the Aviation Industry Corporation of China, a SASAC-controlled aerospace and defense conglomerate — has 14 named affiliates on the 1260H list. Sayari's graph surfaces a downstream corporate network that extends well beyond those 14 entities, through subsidiary layers spanning China, the United States, Mexico, Russia, and Hong Kong. The named list captures the listed surface. The graph shows the structure.

COSCO SHIPPING has 5 named entities on the list. Sayari's traversal finds downstream subsidiaries operating in Japan, South Korea, South Africa, Australia, New Zealand, and Fiji — in the first page of results alone. COSCO's global port investments, logistics subsidiaries, and container operations span every major trade corridor. None of those operational entities are named on the list. All of them carry inherited 1260H ownership risk.

Huawei's holding structure includes 2 named entities on the list. Sayari identifies downstream subsidiaries in the Netherlands, New Zealand, Hong Kong, China, and Myanmar — entities like Huawei Technologies Cooperatief U.A. (Netherlands), Huawei Global Finance (Hong Kong), and multiple device and regional operating companies. These are the entities that appear in procurement decisions, vendor contracts, and banking relationships worldwide. None are named on the June 8 list.

The full downstream graph of a conglomerate like AVIC or COSCO runs into hundreds of related entities across multiple jurisdictions. As such, the named list is the starting point, not the complete picture of exposure.

The Data Problem Underneath the Risk Problem

Two structural issues make this harder than it sounds.

First, Chinese corporate registries do not uniformly disclose ownership. Entities restructure and rename specifically to reduce their visible surface area. Some have already removed explicit references to military-civil fusion affiliations from their current public filings. Without historical registry data that captures those disclosures before they were scrubbed, the connection disappears from view. Sayari retains historical records going back as far as primary sources allow, which means those links remain traceable even after the entity has updated its public profile.

Second, the enforcement trajectory compounds the risk of inaction. The 1260H list has grown steadily since its first publication — from a handful of companies to 134 entities today, with additions in January 2025 and again in June 2026 including Alibaba, BYD, Baidu, and RoboSense. Each new addition immediately creates compliance exposure for anyone with undisclosed downstream relationships to that entity. Organizations that do not maintain continuous monitoring of their counterparty ownership structures will find out about these additions the same way they find out about most regulatory changes: too late.

What Sayari Provides

Sayari's Commercial World Model resolves 10.6B+ primary-source records from 250+ jurisdictions. It is not a list. It is a graph — structured to answer the question that the 1260H list raises but cannot answer on its own: what else is connected to these entities, and how?

For financial institutions, Sayari supports KYB screening and beneficial ownership analysis that surfaces 1260H-linked ownership in counterparty corporate structures before they clear a name-match screen. 72% of risk Sayari discovers is absent from global watchlists (see our report on hidden, typological risk).

For multinationals, Sayari's Supply Chain Mapping traces sub-tier supplier ownership across jurisdictions, flagging entities that carry owned_by_usa_section_1260h_entity risk regardless of whether they appear by name on any government-published list.

For cleared defense contractors and FOCI compliance programs, Sayari has partnered with major defense agencies to automate 1260H and FOCI risk screening at scale — in one deployment replacing a manual triage process across thousands of contractor submissions with real-time risk scoring. For more information, check out our recent webinar on FOCI risks here.

The June 30 deadline is days away. The named companies are the starting point. The work of understanding what they own, control, and influence across global supply chains and financial markets is what follows — and what Sayari is built to support.