Beijing’s cyberspace watchdog said this week that, starting Feb. 15, Chinese platform companies holding the personal data of more than one million users will go through a cyber security review before listing shares overseas.
The move comes amid a wave of regulatory changes to tighten the regime’s grip over big tech companies in China.
According to a statement on Jan. 4 released by the Cyberspace Administration of China (CAC), the implemented regulation is to “safeguard network data and ensure national security.”
“There is a risk that critical information infrastructure, important data, or a large volume of personal information could be impacted, controlled, or maliciously used by foreign governments following a company’s listing overseas,” the new regulations stated, reiterating a concern exposed last July when the cyber security rules were first proposed.
Based on the rules, it was unclear which types of companies would be affected, reported Reuters, citing Alex Roberts, an expert in tracking China’s data policy at the Shanghai-based Linklaters law firm.
“This ambiguity will be a real concern for successful multi-channel businesses in China’s digital economy given the current uncertainty of the review process,” said Roberts.
Beijing launched its first cybersecurity review in July, 2021 to probe ride-hailing giant Didi Global Inc. for allegedly defying regulatory requests to ensure its data security before overseas listing, just days after its $4.4 billion initial public offerings (IPO) in New York.
The CAC at the time cited “preventing national data security risks, protecting national safety, and ensuring public interests” as reasons for the review, which came amid growing tensions between Washington and Beijing.
Seven regulatory bodies, including those overseeing state security, public security, tax, and transportation, visited Didi’s offices in mid-July to conduct an on-site investigation. Didi announced in December that it would delist from the New York Stock Exchange and seek a listing in Hong Kong instead.
Beijing introduced a slew of new regulations in recent months for internet platform companies as data has been its key concern.
In November, the CAC required data processors to apply for a network security review before listing in Hong Kong.
On Dec. 24, the China Securities Regulatory Commission (CSRC) announced that it would require companies planning to list overseas to first register with the agency, under a system that also closely collaborates with other regulatory bodies.
On December 27, the National Development and Reform Commission (NDRC), China’s top economic planning agency, said that companies in sensitive industries, such as internet news and publishing, should get approval from relevant Chinese regulatory bodies before listing their shares overseas.
Regulations on Algorithm Recommendation Technology
On January 4, the CAC released another statement saying it would begin enforcing new laws on algorithm technology used by platform businesses on March 1, and extend oversight over internet news providers.
Apps operated by platform companies extensively use algorithm recommendation technology, including e-commerce giant Alibaba Group Holding, social media and video gaming market leader Tencent Holdings, and TikTok owner ByteDance.
The regulator said it would require platforms to allow users to switch off algorithm services in the new regulations.
Online news providers will also be required to obtain a license for their services, and will be forbidden from publishing information that does not come from the state agency’s list of approved news sources.
On Oct. 20, the CAC updated its approved list of 1,358 news outlets for internet content sharing.
Katabella Roberts and Reuters contributed to this report.