China’s internet regulator said it has stopped Didi Chuxing from registering new users, two days after the country’s dominant ride-hailing service completed the largest initial public offering (IPO) by a Chinese company this year in New York. “In order to prevent risks regarding national data security, to maintain national security, and protect the public interest, Didi is now under a cybersecurity review based on the National Security Law, Cybersecurity Law and Measures for Cybersecurity Review,” the country’s cybersecurity review office said in a statement published on Friday, without elaborating. Didi’s response was swift. “Didi will fully cooperate with the relevant government authority during the review,” it said on a statement on Friday. “We plan to conduct a comprehensive examination of cybersecurity risks, and continuously improve our cybersecurity systems and technology capacities.” “This does not mean that the cyber security review office will issue a ticket after reviewing Didi,” said Ding Mengdan, a lawyer at Beijing Yingke (Hangzhou) law firm. “It’s a pre-review to prevent any security risks in advance and so that the government can conduct ongoing supervision.” The ride-hailing giant raised US$4.4 billion in a US initial public offering on Wednesday in an upsized sale that valued the company at about US$70 billion. Reuters reported June 17 that China’s market regulator had begun an antitrust probe into Didi, citing three people with knowledge of the matter. Despite worsening geopolitical tensions between the US and China, Didi pulled in an astronomical number from investors for a company that has yet to turn a profit. US investors have bought into the growth story of Didi, which was started as a ride-hailing app in 2012 by Alibaba Group Holding alum Cheng Wei, and has since branched out into developing and manufacturing electric vehicles and autonomous cars in China. Didi Chuxing propels Chinese IPOs to record capital raising in the US In April 2020, 12 Chinese government departments jointly formulated the Measures for Cybersecurity Review. Under normal circumstances, a cybersecurity review will be completed within 45 working days and can be extended by 15 working days if the situation is complicated, according to the measures, which went into effect in June 2020. “The investigation into Didi is the first public cybersecurity review after China’s Cybersecurity Law and the Measures for Cybersecurity Review went into effect,” said Ma Ce, a lawyer at Hangzhou-based Kinding Law Firm. “This means that Didi is a critical information infrastructure operator in China, for whom the Measures apply.” Beijing has recently been working to stamp out personal privacy breaches in the world’s largest internet market, with nearly 1 billion users. The scrutiny of data privacy is part of a wider crackdown on China’s biggest tech companies, with tightened control over their business practices, including a record 18.2 billion yuan (US$2.8 billion) fine imposed on e-commerce giant Alibaba in early April for monopolistic business practices. Didi stated in its listing documents that “as a result of the government’s focus on anti-monopoly and anticipated enhanced regulation of platform enterprises, our business practice and expansion strategy may be subject to heightened regulatory scrutiny.” Internet giant Tencent Holdings and Alibaba were also among the country’s major internet firms fined for failing to disclose deals in violation of China’s anti-monopoly law since last year. And it is not only Chinese regulations that Didi has to worry about. Late last year, the Holding Foreign Companies Accountable Act aimed at Chinese companies listed in the US passed with strong bipartisan support and became law. US listed foreign companies will be suspended from the exchanges after failing to hand over audits to US regulators for three straight years. Didi’s shares have risen 17 per cent since their June 29 IPO debut, rising to US$16.40 yesterday in New York. Alibaba owns the South China Morning Post.