Didi Chuxing ‘forced its way’ to a New York listing, triggering data security review, sources say

Didi Chuxing pushed ahead with its listing in New York before the Cyberspace Administration of China (CAC) had fully cleared the ride-hailing giant’s data security concerns, forcing Beijing to put it under a national security review and kick it off the country’s app stores, according to two people familiar with the situation.

One regulatory source in Beijing, who is not directly involved in the case but was briefed on discussions, said Didi had “forced its way” to go public in New York without completing a thorough data security assessment by CAC, a necessary step for Beijing amid its enhanced scrutiny of data security.

But as a data assessment is not yet an institutionalised part of the listing process, Didi was able to go ahead with its US listing plan without complete clearance from CAC, which would include conducting a full body check of disclosed information to see whether an initial public offering (IPO) might impair China’s data security, the source added.

The ruling Chinese Communist Party and the State Council, the cabinet, issued a new policy guideline on Tuesday night, saying China will change its rules around the overseas listings of Chinese businesses and empower domestic regulators and watchdogs to have a say in their listing.

According to the policy directives, China will also improve the regulation of data security, “cross-border data flow” as well as confidential information processing, a strong indication that Beijing is tightening its data controls.

The domestic procedure for a Chinese company to go public in an overseas market like New York was created as early as 2005 by the State Administration of Foreign Exchange. The concept of data security barely existed at that time and CAC was not created until 2011.