Reg Watch No. 4: The Regulatory Whirlwind That Followed Didi’s IPO

China's ride-hailing giant Didi ran into some heavy regulation right after its listing in the U.S. on June 30. The IPO and its aftermath may mark a watershed moment for China's internet companies, which will face increasingly tough scrutiny on issues ranging from antitrust to personal data protection to cybersecurity, and more domestic approvals will be needed before they will be able to list overseas.

The rapid rise of China's tech industry was in part thanks to a lax regulatory regime - the social support of innovation and regulators' attitude that "let the bullet fly". But before the Didi incident, the winds had already changed, and Chinese tech regulation is catching up in terms of antitrust and data protection, echoing the trend in the developed world. The following is a timeline of the regulatory storm triggered by Didi's IPO. Certainly more will come, and eventually they will provide more clarity on how Chinese government wants to regulate the country's rapidly growing tech sector.

July 2  A previously obscure office - the Cybersecurity Review Office under the Cybersecurity Administration of China (CAC) - said it would investigate Didi to "prevent data security risks, safeguard national security and protect the public interest." This is the first time ever that a cybersecurity review has been launched.

July 4  The CAC ordered the removal of the Didi app from domestic app stores. The regulator cited China's Cybersecurity Law for the order as the company was found to be illegally collecting user data. The removal of the app will hurt Didi’s ability to acquire new users,  though Didi already has a high penetration rate in the Chinese market.

July 6  The review went beyond Didi. CAC’s Cybersecurity Review Office put two other internet platforms recently listed in the U.S. under cybersecurity review. Online recruitment platform Boss Zhipin, run by Kanzhun Ltd., and Yunmanman and Huochebang - two truck-booking apps run by Full Truck Alliance Co. Ltd., were told to stop registering new users.

July 6  The CCP Central Committee and State Council jointly issued an opinion to crack down on illegal activity in securities. It required scrutiny to be stepped up on cross-border data security and China concepts stock.

July 7  In addition to data security, there is also an antitrust review in progress. The market regulator disclosed 22 new fines for firms that failed to seek antitrust clearance for past acquisitions or joint ventures. Didi was slapped with eight fines, totaling 4 million yuan ($616,339).

July 9  The CAC ordered the removal of 25 of Didi’s mobile applications that offered services from carpool to finance. The regulator cited China's Cybersecurity Law for the order. They were found to be illegally collecting users' data.

July 10  The CAC asked for public comment on draft changes to "Measures for Cybersecurity Review." Under the draft, any Chinese internet company with more than 1 million users would have to undergo a cybersecurity review if they seek to raise money abroad. Companies would have to provide "IPO materials to be filed to the Cybersecurity Review Office, the interdepartmental office that conducts cybersecurity reviews. This would mean that companies' prospectuses and other filings will be checked by the government before they file for a listing outside China.

Jasper Liu and June Deng are analysts at Caixin Insight, the research arm of Caixin Group.

Contact analyst Jasper Liu (jasperliu@caixin.com) and editor Michael Bellart (michaelbellart@caixin.com)

Download our app to receive breaking news alerts and read the news on the go.

Get our weekly free Must-Read newsletter.