China has tightened its handling of "critical information-infrastructure operators" and will require them to submit to a formal review before listing on overseas stock markets.
The stipulation is one of a series of new rules advanced by the Cyberspace Administration of China over the weekend. The administration, which regulates China's Internet space, is now seeking public comment on those rules through July 25.
I can't imagine public opinion is going to have any sway. Of greatest interest to overseas investors is that it is no longer sufficient simply to keep China's stock-market and foreign-exchange regulators happy if a Chinese tech company wants to sell shares internationally.
Internet operators that have the personal information of more than 1 million users must now submit to a cybersecurity review by the Office of Cybersecurity Review, under the new rules.
This formal requirement crystalizes what we have already seen for all practical purposes: the Chinese Communist Party is incredibly concerned about Big Tech companies selling stock on overseas markets. That's particularly true in the United States, where those companies will now be required to file accounts that can be reviewed by the Securities and Exchange Commission's accounting arm, the Public Company Accounting Oversight Board.
There are other new requirements under China's national cybersecurity review mechanism. The Office of Cybersecurity Review was only created in May 2020, but now has a powerful say in overseas listings. The existing procedure for Chinese companies listing offshore was established in 2005, by the State Administration of Foreign Exchange.
Internet operators that are purchasing network products or services must predict the national security risks that could create. Companies must then report anything that "may affect national security" to the Cybersecurity Review Office. The requirement places the burden on companies to meet a vague standard of national security, which China never defines but has interpreted extremely broadly.
Companies listing internationally must consider the risk of "illegal control, interference or destruction of key information infrastructure," the risk of business-continuity interruption, the risk of core and important data being stolen, leaked or destroyed outside China, and the risk that key information and core data could be "affected, controlled or maliciously used" by foreign governments after an overseas listing.
The new rules seem to conflate purchasing technology products and services with listing abroad. A tech company would be integrating purchased products and services into its tech infrastructure, which presents a clear risk to data security; the new requirements treat a foreign listing as if investors are hardwired into a Chinese tech company's systems, and can access any data they contain.
That of course isn't the case; an Amazon.com (AMZN) investor does not have any insight into the vast wealth of data that Amazon builds up on its customer base. But Chinese regulators are clearly terrified that reporting rules for public companies on overseas markets are somehow going to force Chinese Big Tech to hand over even consolidated financial data that give insight into how that company and the Chinese economy is functioning.
China's State Council, its equivalent of a cabinet, issued a policy statement on Tuesday that stresses the importance of "strictly cracking down on illegal securities activities," mainly focusing on issues like insider trading but making mention of international listings. The State Council and the Central Committee of the Chinese Communist Party "recently" issued a notice within the government requiring government departments to implement various new securities policies, the policy statement said.
The policy statement says the government will strive for the "extraterritorial application of capital-markets laws." In other words, China will attempt to extend its own securities law to govern Chinese companies overseas. The notice says there's a need to toughen laws on "data security, cross-border data flow and the management of confidential information."
China has effectively permitted companies to skirt its own securities rules on the ownership of companies in sensitive industries such as Internet infrastructure. It has turned a blind eye to companies going public via a structure known as a Variable Interest Entity, or VIE. Combined with another dodge known as a Wholly Foreign-Owned Enterprise, or WFOE, the practice allowed a Chinese company to sign over its economic rights to an offshore company, normally in the Cayman Islands. International investors would own the Caymans company, when they weren't allowed to own a similar stake directly in a company inside mainland China that operates in a sensitive industry.
Beijing is now intent on closing that loophole, particularly for tech companies. The Cyberspace Administration of China last week blocked three Chinese companies, including ride-hailing operator Didi Global (DIDI) , from signing up new customers after they went public in the United States. It removed Didi's app from Chinese app stores days after its US$4.4 billion initial public offering on the New York Stock Exchange, which valued it at US$67.5 billion.
On Friday, Chinese regulators removed another 25 apps from Didi from app stores. The company "forced its way" to go public without completing a "thorough" data-security assessment with the Cyberspace Administration of China, a regulatory source tells the South China Morning Post. But such a review had not previously been required and was not an official policy until this weekend's announcement. The cyberspace administration "suggested" weeks ago that Didi delay the offering, according to The Wall Street Journal. Faced with Wall Street deadlines and pressure from its backers, the company pushed ahead.
China also announced investigations into the online-recruitment company Boss Zhipin.com and its parent Kanzhun (BZ), as well as the freight-consolidator app Full Truck Alliance (YMM) , which listed in June.
Chinese companies in the first half of the year raised a record US12.5 billion on U.S. markets, in 34 deals, according to Refinitiv data. Tech companies have been best received, and it's exactly those kinds of deal that will now surely screech to a halt.
The medical-data company LinkDoc Technology had been prepping for a listing on Nasdaq under the ticker LDOC. But it has now shelved those plans, Reuters reports, after seeing what Didi has gone through.
Keep, the most-popular fitness app in China, has also been planning a U.S. listing. It has also now pulled those plans, according to the Financial Times.
Beijing also pressured China's largest online-audio platform, Ximalaya, to drop U.S. listing plans and go public in Hong Kong instead. Ximalaya has also now pulled plans for a U.S. listing.
