China on Saturday decided to require domestic tech companies to submit to cybersecurity checks before they can go public overseas, a move that would fill the regulatory void that has allowed ride-sharing giant Didi to list its shares on Wall Street last week without getting a good digital health check from Beijing.
On July 2, two days after Didi’s shares began trading on the New York Stock Exchange, China’s Internet regulator ordered the company to stop registering users while authorities conducted a security review, causing its stock price to drop.
Chinese regulators have since ordered Didi’s apps on mobile stores and fined him for failing to give advance notice of some of his past merger deals, clearly expressing their dissatisfaction with the move. company, whose ridesharing service has 377 million annual active users in China.
Data protection has been at the center of Beijing’s concerns as China competes with the United States for high-tech leadership. Just as U.S. officials have sought to ensure that Americans’ data is protected from the prying eyes of the Communist Party, Chinese officials want to ensure that domestic tech companies don’t compromise their information about Chinese users when they become public abroad and submit to the examination of foreigners. securities regulators.
China’s internet regulator, the Cyberspace Administration of China, promulgated its rules on security reviews last year as part of its framework to protect the country’s digital infrastructure.
Those regulations don’t require companies like Didi to go through a formal security check before filing an initial overseas public offering, but that would change based on the agency’s proposed revisions on Saturday.
The revised rules state that a security review would be mandatory for any company with information on more than one million users and seeking to list their shares overseas. These companies are expected to submit documents related to their IPOs, as well as procurement documents and contracts.
Under existing rules, the security review aims to address national security and business continuity risks posed by servers, software, cloud services, and other products used by large technology companies.
The revised rules add two more risks to the list: the possibility that important data could be “stolen, disclosed, damaged and exploited illegally or moved abroad”, and that the data could be “influenced, controlled or exploited in any way. malicious by foreign governments ”after an IPO abroad
The Cyberspace Administration is accepting public comments on the revisions until July 25.
Key Chinese policymakers this week said in a policy document that they would seek to strengthen oversight of overseas listed companies, an issue the document presented as a national security concern.
For fast-growing Chinese tech companies, a sale of shares on Wall Street has long been coveted as a chance to reward early employees and backers while gaining validation from international investors. But Beijing says none of this is as important as securing companies’ data and digital infrastructure.
After opposing Didi, the cyberspace administration this week ordered three more internet platforms – two that connect freight customers to truck drivers and one for job recruiting – to suspend registrations of users and undergo security reviews. Like Didi, the two companies behind these platforms, Full Truck Alliance and Kanzhun, also recently went public in the United States.