Shares for ridesharing service Didi Global commenced trading on the New York Stock Exchange last Wednesday, following a faster-than-normal lightening round of pre-IPO pitches to potential investors. Two days later, China’s cyberspace administration agency brought the regulatory hammer down on the company, initiating a security review and blocking the app from accepting new users. On Sunday the app was removed from popular online app stores like AliPay and WeChat.
The crackdown had a predictable effect on the company’s $4.4 billion IPO in New York, with shares down 20% at end of trading Monday.
What precipitated the crackdown from the Chinese authorities? Evidently, Didi broke the cardinal rule of deferring to the state above all. According to the South China Morning Post, the company failed to gain clearance from the Cyberspace Administration of China (CAC) with regard to the security of its data practices, whereby a data audit is completed to assess whether public disclosure laws in the United States represent a national security threat to China. Specifically, CAC is believed to be concerned about whether Didi would disclose “important data and personal information of Chinese citizens going abroad.” By some accounts, Didi went so far as to ignore a direct request from CAC to delay its IPO until the details of the data review were worked out.
Impact
The real story here concerns China’s evolving regulatory framework for domestic tech companies seeking to list overseas. The fate of Didi itself is secondary. The company was evidently in a race to roll out its own NYSE listing before a more burdensome regulatory process went into effect. Yet ultimately the company learned the same lesson that Alibaba, Tencent, and Baidu did at various points of the past two years: attempt to outmaneuver the Party at your shareholders’ own peril. In Didi’s case, a full accounting of the political fallout has yet to be carried out, as the company is now subject to CAC’s first-ever security review, but it’s safe to assume that the authorities will look to make an example out of Didi lest other startups repeat its folly in the future. Incidentally, the CAC review was subsequently widened to include two other Chinese tech companies that recently listed overseas: Kanzhun Ltd., which runs the online recruitment platform Boss Zhipin, and Full Truck Alliance, which operates two truck-booking apps.
An overhauled regulatory standard for Chinese data security is starting to crystalize. In May, the Chinese government introduced a new data security law intended to ensure that “core state data” isn’t transferred to foreign jurisdictions, under threat of fines up to $1.6 million and even license revocation. The law was meant to go into effect on September 1, which might explain Didi’s urgency to get listed on the NYSE. Among other things, the data security law institutes new standards for how data must be stored onshore, enacts revised export controls on data deemed pertinent to national security, and imposes a reporting standard on private data assets. On Tuesday, the State Council issued a decree strengthening the upcoming rules and calling for their swift implementation.
The new data security law mirrors efforts in the United States to restrict foreign access to US user data, epitomized by the Trump administration’s failed attempt to force China’s ByteDance to sell its popular social media app TikTok to a US company (TikTok and other China-owned apps are now subject to a Department of Commerce-led national security review).
Recent Chinese efforts risk expediting the bilateral tech decoupling initiated by the Trump administration, if anything because the logic underpinning the new data security law – that massive troves of user data represent a potential national security risk – is the very same strategic rationale that now dominates on the US side. For his part, President Xi Jinping appears willing to stress the data sovereignty aspects of decoupling, even at the cost of reducing the foreign capital available to Chinese tech startups; however, President Xi’s vision predictably stops short of US bans on made-in-China hardware and crackdowns on tech transfer which, on the other hand, are viewed as “[obstructing] the development of other countries and [harming] their people’s lives through political manipulation.”
The Didi episode will have a chilling effect on Chinese IPOs on foreign exchanges over the short- to medium-term. Indeed, a class action lawsuit is already in the works on the basis that Didi failed to disclose its regulatory issues in China to US-based investors. This could well be Beijing’s preferred outcome, as the United States’ loss could turn into China’s gain in global IPO markets. China is currently the world’s third-largest IPO destination in terms of proceeds, with Hong Kong far ahead of mainland cities like Shenzhen and Shanghai. To this end, the China Securities Regulatory Commission has initiated an overhaul of its regulatory regime on overseas listings, and the new rules will reportedly require companies seeking to list overseas under the so-called variable interest entity model – where companies like Alibaba and Didi create a foreign holding company to circumvent Chinese laws forbidding foreign ownership in sensitive industries – to secure pre-approval before listing in the United States or Hong Kong.