China on Saturday moved to oblige domestic tech companies to undergo cybersecurity screening before they can go public on overseas exchanges and get a clean bill on digital health from Beijing.
On July 2, two days after Didi’s shares traded on the New York Stock Exchange, China’s Internet regulator ordered the company to stop registering users while officials conducted a security clearance, causing the share price to fall.
Chinese regulators have since banished Didis apps from the mobile stores and fined them for failing to announce some of its previous merger deals in advance, highlighting their displeasure with the company, whose ridesharing service has 377 million annual active users in China.
Privacy has been a major concern for Beijing while China competes with the United States for high-tech leadership. Just as US officials have tried to ensure that Americans’ data is safe from the prying eyes of the Communist Party, Chinese officials want to ensure that domestic tech companies do not compromise their information about Chinese users when they go public and themselves abroad control of foreign companies are subject to securities regulators.
China’s Internet regulator, the Cyberspace Administration of China, enacted its security clearance rules last year as part of its framework to protect the country’s digital infrastructure.
Those regulations no longer required companies like Didi to go through a formal security review prior to filing an IPO abroad, but that would change as part of the agency’s proposed revisions on Saturday.
The revised rules state that a security clearance is mandatory for any company that has information on more than a million users and wants to list its stocks overseas. Such companies would be required to submit materials related to their initial public offerings, as well as procurement documents and contracts.
Under the existing regulations, the security review aims to address the national security and business continuity risks posed by servers, software, cloud services and other products used by large technology companies.
The revised rules add two other risks to the list: the possibility that important data could be “stolen, leaked, corrupted and illegally exploited or relocated abroad” and that data could be “influenced, controlled or maliciously exploited by foreign governments” after going public abroad
The Cyberspace Administration is accepting public comments on the revisions until July 25th.
Leading Chinese policymakers this week indicated in a policy paper that they would attempt to tighten supervision of overseas listed companies.
For fast-growing Chinese tech companies, a Wall Street stock sale has long been in great demand as a way of rewarding young employees and funders while gaining recognition from international investors. But Beijing makes it clear that none of this is as important as securing corporate data and digital infrastructure.
After cracking down on Didi this week, the cyberspace administration ordered three additional internet platforms – two connecting freight customers to truck drivers and one for recruitment – to suspend user registrations and subject security reviews. Like Didi, the two companies behind these platforms, Full Truck Alliance and Kanzhun, had recently gone public in the US.