Cybersecurity. Photo: VCG
China has finally settled the details of its forthcoming cybersecurity regulation by requiring domestic platform companies with data of more than 1 million users to undergo a security review before listing their shares overseas, the latest amendment to the country's Cybersecurity Review Measures that will be effective from February 15.
The regulators' move to tighten rules for companies seeking overseas IPOs comes not only as a proportionate response to overseas countries' toughened crackdown on Chinese firms, but is also a reflection of China's increasing emphasis on data security with the rapid development of China's internet sector, experts said.
However, this does not mean that China is completely shutting the door for domestic companies that wish to list in overseas markets, and neither will the country's pace for market opening-up slow to any extent as a result of the country's efforts to prevent data leaks, economists stressed.
A combined 13 Chinese departments released an amendment on the Cybersecurity Review Measures to include the data processing activities of network platform operators that affect or may affect national security into a cybersecurity review. The amendment clarifies that online platforms which store the personal information of more than 1 million users must report to the cybersecurity review office before going public outside of China.
They should submit information including an analysis on the IPO's potential impact on national security, relevant purchasing documents, agreements or contracts to be signed, as well as other related materials to regulators before the desired IPO.
The authorities will focus on appraising whether the listing would impose national security risks such as the leakage or damage of core data, the possibility of large amounts of personal data being grasped and manipulated by overseas governments, as well as the risk of critical information infrastructures being illegally controlled, interrupted and damaged, read the measures.
The reviews will be carried out by China Cyberspace Review Technology and Certification Center. The China Securities Regulatory Commission will also be added as a member department to conduct the review.
Experts said that the cybersecurity reviews are an important and constantly evolving process in China. Since the investigation in July into Chinese ride-hailing giant Didi Chuxing after its listing in the US, amendments to the country's cybersecurity regulations have been the subject of widespread public attention.
"Now the shoe has finally dropped," Zuo Xiaodong, vice president of the China Information Security Research Institute, told the Global Times on Tuesday, as he stressed that the policy uncertainties faced by companies in the process of listing have dissipated, and the new regulations are generally good for the IPO activities of companies or for China's pro-economic development.
Another factor is that regulators excluded Hong Kong listings from the finalized cybersecurity review rules for offshore IPOs compared with the draft version, dispelling market worries about companies having to undergo security reviews if they seek IPOs in Hong Kong.
"With the issuance of the measures, the policy is now very clear, companies who want to list in Hong Kong do not need to conduct cybersecurity reviews," Zuo said.
Equivalent response to crackdownThe Chinese government's move to amend the cybersecurity review regulation comes amid a slew of regulatory changes in China over the past year to toughen regulation on internet platforms as well as protect personal data.
In July 2021, Chinese ride-hailing giant Didi Chuxing was removed from app stores under order of the Cyberspace Administration of China (CAC) for illegally collecting users' personal data. The decision to remove the service came just days after its mega IPO on the US stock market.
The regulations also reflect increasingly tense relations between China and the US, with the US placing tougher requirements and supervision on Chinese domestic companies that are listed in the US, a change that has already resulted in the delisting of multiple Chinese firms from the US stock markets.
Recently, the US government passed an act that increases accountability for Chinese companies that refuse to obey financial oversight, while the US securities regulator, the Securities and Exchange Commission (SEC), is also reportedly obstructing Chinese companies from fund-raising in the US unless they fully explain their legal structures, Reuters reported in July.
Xi Junyang, a professor at the Shanghai University of Finance and Economics said that China's toughened regulations on cross-border listings are an equivalent response to certain overseas countries' crackdown measures on Chinese firms.
"Worries are deepening that overseas countries might collect and use China's data in an unfriendly way, now that political relations between China and many foreign countries have a lot of uncertainties," he told the Global Times, adding that China's emphasis on cybersecurity in recent years has also pushed authorities to regulate non-local IPOs in a stricter way.
However, experts stressed that such management is in line with international practice and is perfectly appropriate considering China's rapid development of online business.
"The cybersecurity review system is not unique to China, and it is adopted by other countries including the US and Japan. I don't think it is rolled out to target a certain country," Wang Yuan, a partner in Beijing Gaoqin Law Firm, said on Tuesday.
She noted that the amendment shows the government's emphasis on supervising major platforms, that is, large-sized internet platforms and critical information infrastructure operators where risks are mostly likely to be exposed, instead of applying the checks to all companies in general.
Continuous opening-upExperts stressed that the requirement for reviews of non-local IPOs might further discourage domestic companies from seeking overseas IPOs, particularly in the US, while the A-share and Hong Kong stock markets will benefit instead.
"It's possible there will be very few large domestic companies that will seek to list in the US this year," Xi said.
According to him, many companies originally thinking of overseas IPOs are likely to turn to A-share markets as the first priority, now that the country is moving to apply the registration-based IPO system for the whole stock market, while the Hong Kong market will also see incremental IPO applications from domestic firms.
However, stricter regulation on cross-border IPOs does not mean that China will hinder domestic companies from raising funds overseas or slow its opening-up measures by any sense, the economists stressed.
"The listing threshold for companies cannot be theorized or misunderstood as China's holding back its efforts in opening-up," Dong Shaopeng, an expert adviser for the China Securities Regulatory Commission (CSRC), told the Global Times on Tuesday.
According to him, improving the review mechanism is to clarify the boundaries of right and wrong by legal means to protect public safety and national security, and at the same time promote market entities to carry out market activities in accordance with the law.
"Now we have to coordinate openness and security, and the more open we are, the more we must pay attention to security issues," he added.
China's top securities regulator and relevant regulatory authorities have always been open to and fully respect Chinese companies' independent choices of overseas listing venues in compliance with relevant laws and regulations, a spokesperson with the CSRC said in December.
China is also making further steps in opening up its market to overseas investors, such as by scrapping the foreign ownership ratio limit in passenger vehicle production in the newest version of the negative list for foreign investment.