Written by Jingru Wang, Wuhan University Institute of International Law
Three days after its low-key listing in the US on 30 June 2021, Didi Chuxing (hereinafter “Didi”) was investigated by the Cyberspace Administration of China (hereinafter “CAC”) based on the Chinese National Security Law and Measures for Cybersecurity Review. Didi Chuxing as well as 25 Didi-related APPs were then banned for seriously violating laws around collecting and using personal information, leading to the plummet of Didi’s share. On 16 July 2021, the CAC, along with other six government authorities, began an on-site cybersecurity inspection of Didi. The CAC swiftly issued the draft rules of Measures for Cybersecurity Review and opened for public consultation. It proposed that any company with data of more than one million users must seek the Office of Cybersecurity Review’s approval before listing its shares overseas. It also proposed companies must submit IPO materials to the Office of Cybersecurity Review for review ahead of listing.
It is a touchy subject. Didi Chuxing is a Beijing-based vehicle for hire company. Its core business bases on the accumulation of mass data which include personal and traffic information. The accumulated data not only forms Didi’s unique advantage but also is the focus of supervision. The real concern lays in the possible disclosure of relevant operational and financial information at the request of US securities laws and regulations, which may cause data leakage and threaten national security. Therefore, China is much alert to information-based companies trying to list overseas.