China’s top cybersecurity officials seek to calm investor concerns that new regulation could put chill on overseas IPOs
- Officials from Beijing’s top cybersecurity agencies said a regulation on ‘critical information infrastructure’ does not target foreign businesses or IPOs
- Probes into Didi and other tech companies has caused speculation about the meaning of the term in question, which is used but not defined in recent laws
China’s top cybersecurity brass assured investors at a government press conference that a new regulation designed to protect the country’s “critical information infrastructure” is not meant to target foreign businesses or overseas initial public offerings.
Officials from the Cyberspace Administration of China (CAC), the Ministry of Industry and Information Technology (MIIT), the Public Security Bureau and the Ministry of Justice gathered on Tuesday to explain the new “Regulations on Safeguarding Critical Information Infrastructure” that goes into effect next month. It is expected to have a sweeping impact on how companies in sectors such as information, energy and finance manage their data systems in the country.
“For a long period of time, we have been supporting internet companies to raise funds in accordance with laws and regulations,” Sheng said. “No matter the ownership of a business, where it goes public, it has to meet the two conditions of complying with state laws and ensuring the security of critical information infrastructure and personal information.”
“[A company’s] operations won’t be affected [by the regulation] as long as it meets the two conditions,” Sheng added.
Cyberspace security cadres like Sheng rarely make public comments, but they now wield an increasing amount of power over the fate of China’s technology giants as security has taken centre stage in Beijing’s internet management.
Why China is tightening control over cybersecurity
Sheng, 59, has only made a few public speeches himself since taking up his current position in May 2019. In a press conference this past May, he said the administration would carry out an annual “cleaning” campaign starting this year to crack down on offences such as “inflated traffic by click farms”, “algorithm abuse” and “historical nihilism”, referring to historical accounts that conflict with Communist Party doctrine, in a bid to create “a clean and clear cyberspace for the people”.
At the press conference on Tuesday, Sheng was joined by Sun Weimin, the head of the cybersecurity coordination bureau at the CAC. The bureau is the primary agency involved in organising and implementing cybersecurity reviews like the one Didi is undergoing. The CAC published an amended version of its cybersecurity regulations last month, and Sun’s bureau is in charge of collecting and reviewing public feedback on it.
Wang Yingwei, the head of cybersecurity at the Ministry of Public Security, also joined the press conference. As China’s top officer in charge of cybercrimes, Wang has rarely made public appearances since he took the position in 2019. Wang, who has a PhD in applied mathematics from Peking University, was known for applying big data analysis to law enforcement during his tenure as deputy police chief in Guizhou province before his promotion.
Sui Jing, the cybersecurity bureau chief at MIIT, was present at the event, as well. Her bureau has also been gaining prominence as Beijing has placed an increasing emphasis on cybersecurity.
While the press conference was light on specifics regarding critical information infrastructure and didn’t mention any company by name, it served as a clear message that Beijing cares a lot about threats to and leaks from the country’s information systems.
“It shows the importance of regulating critical information infrastructure,” said Xia Hailong, a lawyer at Shanghai Shenlun law firm.