China’s Internet regulator, the China Cyberspace Administration, enacted its rules on security reviews last year as part of its framework to safeguard the nation’s digital infrastructure.
Those regulations fell short of requiring companies like Didi to undergo a formal security check before filing an IPO overseas, but that would change under the agency’s proposed revisions on Saturday.
The revised rules say that a security review would be mandatory for any company with information on more than a million users seeking to list its shares abroad. These companies would have to submit materials related to their initial public offering, as well as procurement documents and contracts.
Under existing rules, the security review is intended to address national security and business continuity risks posed by servers, software, cloud services, and other products used by major technology companies.
The revised rules add two more risks to the list: the possibility that important data could be “stolen, leaked, damaged and illegally exploited or transferred abroad”, and that the data could be “influenced, controlled or maliciously exploited by foreign governments. ”After an IPO abroad