China’s top cybersecurity officials seek to calm investor concerns that new regulation could put chill on overseas IPOs

Officials from Beijing’s top cybersecurity agencies said a regulation on ‘critical information infrastructure’ does not target foreign businesses or IPOs

Probes into Didi and other tech companies has caused speculation about the meaning of the term in question, which is used but not defined in recent laws

Reading Time:3 minutes

China is introducing new rules on “critical information infrastructure” amid a widespread cybersecurity crackdown, but ambiguity about the term remains. Photo: Shutterstock

Published: 5:19pm, 25 Aug 2021Updated: 11:04pm, 25 Aug 2021

China’s top cybersecurity brass assured investors at a government press conference that a new regulation designed to protect the country’s “critical information infrastructure” is not meant to target foreign businesses or overseas initial public offerings.

Officials from the Cyberspace Administration of China (CAC), the Ministry of Industry and Information Technology (MIIT), the Public Security Bureau and the Ministry of Justice gathered on Tuesday to explain the new “Regulations on Safeguarding Critical Information Infrastructure” that goes into effect next month. It is expected to have a sweeping impact on how companies in sectors such as information, energy and finance manage their data systems in the country.

Companies and legal experts have been waiting for clarity on the concept of critical information infrastructure, which was identified in China’s Cybersecurity Law in 2017 without being clearly defined. Companies with systems considered to be part of such infrastructure bear greater responsibilities for ensuring security and are subject to additional regulatory scrutiny under the law.

China’s cybersecurity probe into ride-hailing giant Didi Chuxing, led by the CAC, has fanned speculation about whether the company’s systems, which contain domestic mapping and user data, fall under these guidelines.

Along with Didi, Full Truck Alliance and Boss Zhipin were also hit with cybersecurity reviews after all three companies listed in New York in June. However, CAC deputy head Sheng Ronghua said at the press conference that the new regulation is not meant to curtail overseas listings.

“For a long period of time, we have been supporting internet companies to raise funds in accordance with laws and regulations,” Sheng said. “No matter the ownership of a business, where it goes public, it has to meet the two conditions of complying with state laws and ensuring the security of critical information infrastructure and personal information.”

“[A company’s] operations won’t be affected [by the regulation] as long as it meets the two conditions,” Sheng added.