Chinese authorities on July 2 announced a cybersecurity investigation into Chinese ride-hailing giant Didi Chuxing. A few days later, they announced a crackdown on “illegal securities activities,” including expedited revision of regulations concerning information security and confidentiality in relation to security issuances and stock market listings outside China. These moves followed Didi’s listing on the New York Stock Exchange, the biggest Chinese tech IPO in the US since Alibaba’s USD 25 billion listing in 2014.
This was the first announcement by Chinese authorities of a cybersecurity investigation into a large Chinese internet platform. On Monday July 5, it was followed by announcement of cybersecurity investigations into three other Chinese internet businesses, Yunmanman and Huochebang in the freight transport sector and Boss Zhipin in job recruitment. While investigations continue, all four companies are prohibited from registering additional users, and Chinese app stores are not allowed to offer Didi’s app.
The official announcements in each case cited “national data security risks,” “national security” and “public interests” as a reason for the measures. The services provided by the companies suggest that authorities were concerned about their management of the personal information of large numbers of Chinese citizens, including state employees.
The measures followed regulatory action in late 2020 against Alibaba’s Ant Financial and come in the context of continuing expansion of China’s data-regulation regime. Chinese authorities want to make the nation’s digital networks more secure and improve conditions for personal information protection and data markets. Chinese state media commented that companies like Didi cannot be allowed to accumulate and freely use “super databases” of personal information larger than those of the Chinese state.
These regulatory actions reflect concern by Chinese authorities over potential transfer of sensitive data held by Chinese internet firms to US authorities due to disclosure requirements for listing on US stock exchanges. Reporting indicates that Chinese authorities had warned Didi to delay its US IPO, and that they were concerned about listing requirements requiring companies to give US authorities information about suppliers, which may create cybersecurity vulnerabilities for Chinese companies’ domestic networks. The crackdown threatens the viability of the Variable Interest Entity (VIE), a legal work-around that Chinese tech firms have used to list on US stock exchanges.
MERICS analysis: “This aligns with the general movement by Chinese authorities towards reining in the big Internet platform businesses,” said MERICS senior analyst John Lee. “Chinese authorities are making it clear that national security and government oversight comes first. At the same time, however, they are tailoring China’s cyberspace regulations to ensure that desirable levels of cross-border data transfer can continue.”
More on the topic: Take a look at the latest additions to our series on digital and tech issues covering the ethics of Artificial Intelligence, the Internet of Things (IoT) and developments in the semiconductor industry in China.
Media coverage and sources:
You are reading an excerpt of our latest MERICS China Briefing.
You can subscribe to this publication on an individual basis. For more information, click here.
MERICS members also have privileged access to this product. If you want to learn more about our membership model for institutions and businesses, please click here.
If you are a MERICS member, you can access the full publication here.