The proposed guidelines would address a loophole that allowed Didi to go public on Wall Street without first assuring Beijing that its data was secure.
Didi began trading on the New York Stock Exchange last week. Credit… Reuters/Brendan Mcdermid
China took a step on Saturday toward requiring domestic tech companies to undergo a cybersecurity audit before going public on foreign stock exchanges, closing a regulatory gap that allowed Didi, the ride-hailing giant, to list shares on Wall Street last week without receiving a clean bill of health from Beijing.
China’s internet regulator ordered Didi to cease signing up users until officials conducted a security assessment on July 2, two days after the company’s shares began trading on the New York Stock Exchange, sending its share price plunging.
Chinese regulators have now removed Didi’s apps from app stores and punished the firm for failing to give early notice of some of its previous merger transactions, expressing their displeasure with the company, which has 377 million annual active users in China.
As China competes with the United States for high-tech leadership, data protection has been a top priority for Beijing. Chinese officials want to ensure domestic digital businesses do not compromise their information about Chinese users when they go public overseas and are subject to foreign securities scrutiny, much as US officials have worked to ensure Americans’ data is protected from Communist Party prying eyes.
The Cyberspace Administration of China, China’s internet regulator, set regulations on security evaluations last year as part of its framework for preserving the country’s digital infrastructure.
Those rules did not require companies like Didi to go through a formal security check before filing for an overseas initial public offering, but that would change if the agency’s proposed modifications take effect on Saturday.
According to the amended rules, every company that has information on more than one million customers and wants to list its stock on a foreign exchange must undergo a security examination. Such businesses would be required to submit I.P.O.-related materials, as well as procurement records and contracts.
The security assessment is intended at addressing the dangers to national security and business continuity posed by the servers, software, cloud services, and other products used by large digital businesses, according to the existing guidelines.
The amendments are open for public comment through July 25 at the Cyberspace Administration.
Top Chinese authorities said in a policy statement released this week that they will strive to tighten oversight of businesses listed abroad, an issue the text portrayed as a national security priority.
A Wall Street share sale has long been coveted by fast-growing Chinese software companies looking to reward early staff and backers while also gaining foreign investor validation. Beijing, on the other hand, is emphasizing that none of this is more vital than protecting businesses’ data and digital infrastructure. Following its action against Didi, the Cyberspace Administration this week ordered the suspension of user registrations and the submission of security inspections for three additional internet sites — two that connected freight consumers with truck drivers and one for employee recruitment. The two businesses behind those systems, Full Truck Alliance and Kanzhun, went public in the United States lately, just like Didi.