China moved on Saturday toward requiring domestic tech companies to submit to a cybersecurity checkup before they can go public on overseas stock exchanges, a step that would close the regulatory gap that allowed the ride-hailing giant Didi to list shares on Wall Street last week without getting a clean bill of digital health from Beijing.
On July 2, two days after Didi’s shares began trading on the New York Stock Exchange, China’s internet regulator Ordered the company to stop signing up users while officials conducted a security review, sending its share price tumbling.
Chinese regulators have since ordered Didi’s apps off mobile stores and fined it for failing to give advance notice about some of its past merger deals, making clear their displeasure with the company, whose ride-hailing service has 377 million annual active users in China.
Data protection has been a main focus for Beijing as China jousts with the United States for high-tech leadership. Just as U.S. officials have sought to ensure that Americans’ data is protected from the Communist Party’s prying eyes, Chinese officials want to ensure that domestic tech companies do not compromise their information about Chinese users when they go public overseas and submit to the scrutiny of foreign securities regulators.
China’s internet regulator, the Cyberspace Administration of China, enacted its rules on security reviews last year as part of its framework for safeguarding the nation’s digital infrastructure.
Those regulations stopped short of requiring companies like Didi to undergo a formal security check before filing for an overseas initial public offering, but that would change under the revisions proposed by the agency on Saturday.
The revised rules say a security review would be mandatory for any business possessing information on more than one million users that seeks to list its shares abroad. Such companies would need to submit materials related to their I.P.O.s, as well as procurement documents and contracts.
Under the existing rules, the security review is aimed at addressing the risks to national security and business continuity posed by the servers, software, cloud services and other products that major tech companies use.