China on Saturday decided to require domestic tech companies to submit to cybersecurity checks before they can go public overseas, a move that would fill the regulatory void that has allowed ridesharing giant Didi to list its shares on Wall Street last week without getting a good digital health check from Beijing.
On July 2, two days after Didi’s shares began trading on the New York Stock Exchange, China’s Internet regulator ordered the company to stop registering users while authorities conducted a security review, causing its share price to drop.
Chinese regulators have since ordered Didi’s apps out of mobile phone stores and fined him for failing to give advance notice of some of his past merger deals, clearly expressing their displeasure with the company. , whose ridesharing service has 377 million annual active users in China.
Data protection has been at the center of Beijing’s concerns as China competes with the United States for high-tech leadership. Just as U.S. officials have sought to ensure that Americans’ data is protected from the prying eyes of the Communist Party, Chinese officials want to ensure that domestic tech companies don’t compromise their information about Chinese users when they become public abroad and submit to the examination of foreigners. securities regulators.
China’s internet regulator, the Chinese Cyberspace Administration, has adopted its security screening rules last year as part of its framework to safeguard the country’s digital infrastructure.
These regulations don’t require companies like Didi to go through a formal security check before filing an initial overseas public offering, but that would change with the revisions. proposed by the agency the Saturday.
The revised rules say that a security review would be mandatory for any company with information on more than one million users and seeking to list their shares overseas. These companies are expected to submit documents related to their IPOs, as well as procurement documents and contracts.
Under existing rules, the security review aims to address national security and business continuity risks posed by servers, software, cloud services and other products used by large technology companies.
The revised rules add two more risks to the list: the possibility that important data could be “stolen, disclosed, damaged and exploited illegally or moved abroad”, and that the data could be “influenced, controlled or exploited in any way. malicious by foreign governments ”after an IPO abroad
The Cyberspace Administration is accepting public comments on the revisions until July 25.
The main Chinese decision-makers have stated this week in a policy document that they would seek to strengthen oversight of listed companies abroad, an issue the document presented as a national security concern.
For fast-growing Chinese tech companies, a sale of shares on Wall Street has long been coveted as a chance to reward early employees and backers while gaining validation from international investors. But Beijing says none of this is as important as securing companies’ data and digital infrastructure.
After taking action against Didi, the Cyberspace Administration ordered this week three additional internet platforms – two that linked freight customers to truck drivers and one for job recruiting – to suspend user registrations and undergo safety reviews. Like Didi, the two companies behind these platforms, Full Truck Alliance and Kanzhun, also recently went public in the United States.