SHANGHAI (Reuters) – The Cyberspace Administration of China (CAC) said on Saturday any company with data for more than 1 million users must undergo a security review before listing its shares overseas, broadening a clampdown on its large “platform economy”.
The security review will put a focus on risks of data being affected, controlled or manipulated by foreign governments after overseas listings, China’s cyberspace regulator said, posting the proposed rules on its website.
China’s cyberspace regulators are imposing tighter restrictions on data collection and data storage. Authorities are also more broadly pushing for companies to list domestically.
Two new sets of rules, the Data Security Law and the Personal Information Protection Law, which cover data storage and data privacy respectively, are set to go into effect this year.
Saturday’s announcement will also require firms to submit the IPO materials they plan to file for review.
The security review, according to the CAC, will consider national security risks as “risk of supply chain interruption due to political, diplomatic, trade and other factors,” and risk of key data “maliciously used by foreign governments after listing in foreign countries.”
The CAC is seeking public opinion on the proposed rules.
The notice comes after Chinese authorities launched a probe of ride-hailing giant Didi Global for allegedly violating user privacy, just days after its listing in New York.
On Friday, the CAC stepped up its crackdown of Didi, saying it would remove 25 mobile apps operated by Didi from app stores.
The apps in question used data that was illegally collected by Didi and include those for its delivery service, camera device and finance services, the Cyberspace Administration of China said in a statement.
(Reporting by Josh Horwitz; additional reporting by Yilei Sun, Tom Daly and Samuel Shen; Editing by Tom Hogue, William Mallard, Toby Chopra and Emelia Sithole-Matarise)