Beijing tightens grip on China tech with proposal for cybersecurity reviews on all foreign public listings

Platform operators that have collected personal information from at least 1 million users must apply for a review by the Cybersecurity Review Office

The draft regulations also cover data security risks involving foreign powers, with reviews assessing the risks of data being transferred abroad illegally

Reading Time:2 minutes

Two masked men on their smartphones at the Ditan Park in Beijing on Tuesday, February 9, 2021. Photo: AP

Published: 3:10pm, 10 Jul 2021Updated: 11:14pm, 10 Jul 2021

China’s process for approving initial public offerings (IPOs) in foreign capital markets will require an additional layer of oversight, as the cyberspace regulator is being formally inserted into the procedures, according to draft rules proposed by the Cyberspace Administration of China (CAC).

Technology platform companies that possess the personal data of at least 1 million users must apply for a review by the Cybersecurity Review Office, a group backed by 12 powerful Chinese ministries, if they plan an IPO in a foreign market, according to a draft of the updated version of Beijing’s Measures for Cybersecurity Review published on Saturday, which is open for feedback until July 25.

The draft does not specify if it exempts or covers Hong Kong - the world’s favourite IPO destination in seven of the past 12 years - although the city is usually not considered a “foreign” market under Chinese regulations.

The threshold was set at 1 million - a low bar a country where almost 1 billion people go online actively - apparently to conform with Foreign Investment Risk Review Modernization Act of the United States, which requires approvals by the Committee on Foreign Investment in the United States (CFIUS) for deals that involve the personal data of 1 million or more US individuals.

A driver of Chinese ride-hailing service Didi drives with a phone showing a navigation map on Didi's app in Beijing on July 5, 2021. Photo: Reuters

Coming hot on the heels of a series of crackdowns by the cyberspace regulator on China’s dominant ride-hailing service Didi-Chuxing, the new rules could significantly change the regulatory landscape for Chinese tech firms wanting to raise funds from foreign markets.

Didi, which raised US$4.4 billion in a June 30 stock sale in New York, angered Chinese regulators - especially the CAC - because of the way that it forced its way to the listing, sources have told the Post. Four sources described the company’s insistence to list as akin to a “deliberate act of deceit”.