China Cyberspace Agency Tightens Rules on Foreign Listings

The Cyberspace Administration of China, an agency set up by President Xi Jinping that reports to a leadership group he chairs, increased interagency oversight of companies traded in the United States and elsewhere overseas. The agency also will harden rules related to domestic companies listed on foreign stock exchanges and better coordinate various regulators. That lack of coordination was apparent in DiDi Global’s IPO last month, which was supported by financial regulators but tagged by the country’s cybersecurity regulator.

The Wall Street Journal reports, in the case of DiDi, despite warnings about its network security from the cybersecurity regulator, that company went ahead with its IPO. With the new agency in place, “the cyber watchdog could conceivably block a plan that is seen as threatening Chinese security.”

It adds that, “the increased involvement in corporate oversight by the cyberspace regulator, which has been entrusted with strengthening the state’s sway over digital information, could risk accelerating a decoupling between the financial markets in China and the U.S.”

On the U.S. side, lawmakers such as Senator Marco Rubio (R-Florida) are “stepping up calls to block Chinese firms from going public in the U.S. unless they submit to U.S.-style audit requirements.”

At the University of California, San Diego, political economy professor Victor Shih reported that, in China, “the cyber regulator has become the new securities regulator.” “Investors and companies will find it much harder to manage the listing process,” he added. Xi set up the agency in 2014, “two years after he rose to power, in a bid to centralize and beef up the country’s overall network and data safety.”

Edward Snowden’s leak of classified information “had spooked the Chinese leadership with a realization of how easily information on Chinese citizens or companies could fall into the wrong hands,” a fear that drove more state regulations over data security and information flow.

After Chinese regulators started a cybersecurity probe into DiDi, days after its U.S. stock sale, its “American depositary shares have plunged … several class-action lawsuits have already been filed in the U.S. against DiDi, accusing the company of having misled investors before its IPO … and many investors who bought into DiDi’s IPO were confused or even enraged by the sudden regulatory actions.”

Due to conflicting rules between Chinese regulators and the U.S. Securities and Exchange Commission, which wants more access to audits of Chinese companies, “analysts say many Chinese companies could be delisted from the U.S. markets as a result.” China’s cybersecurity watchdog agency “is also working with China’s top securities regulator and other ministries in revising longstanding rules governing so-called variable interest entities,” according to sources.

The New York Times reports the revised rules in China state that, “a security review would be mandatory for any business possessing information on more than one million users that seeks to list its shares abroad.” The security review also adds two more risks to important data: that it could be “stolen, leaked, damaged and illegally exploited or moved overseas,” and/or “influenced, controlled or maliciously exploited by foreign governments” after an overseas IPO.

Related:
Biden Administration Asks Courts to Dismiss Government Appeals of TikTok Ruling, Reuters, 7/12/21
China to Order Tencent Music to Give Up Music Label Exclusivity, Reuters, 7/12/21
China’s Great Firewall Is Blocking Around 311K Domains, 41K by Accident, The Record, 7/11/21
Didi Warns of ‘Adverse Impact’ After 25 Mobile Apps Removed, Bloomberg, 7/12/21