Beijing’s Tech Sector Crackdown Sends a Clear Warning to Companies Going Global

By Josh Bramble

Beijing has pursued a multi-pronged approach to rein in Chinese technology firms and shore up its political power over private enterprises. The crackdown encompasses several overlapping measures, including scrutinizing the initial public offerings (IPOs) of major internet companies, proposing broad new rules to limit overseas public listings, and introducing sweeping data security laws. Although these moves create a self-inflicted economic wound by restraining China’s top tech companies, Beijing has made clear that it is willing to suffer significant costs in order to exert political control.

China’s prominent internet companies listing on US exchanges are among the primary targets of Beijing’s current campaign against big tech. One of the most high-profile victims to fall prey to the government’s crackdown is Chinese ride-hailing giant Didi. The Cyberspace Administration of China (CAC) allegedly warned Didi to delay its IPO and conduct an internal cybersecurity review as early as three months before it went public. However, in the absence of a direct order, coupled with mounting pressure from investors, Didi proceeded with its listing in what was the second-largest IPO in the United States by a Chinese firm.

Days later, Didi found itself in the center of a regulatory firestorm. The crackdown began with a cybersecurity review of the company and was followed by the removal of Didi’s app from Chinese app stores. Beijing moved swiftly against Didi, halting new user registrations for a review period of up to 45 days. The CAC and six other ministries, including the Ministry of State Security and the Ministry of Public Security, stationed themselves within Didi’s offices to conduct China’s first cybersecurity review of a private firm.

Although it did not release details of its probe on Didi, the CAC announced that any company with data on at least one million users would need to go through a cybersecurity review process before listing abroad.

Didi is not alone in facing heightened pressure from Beijing. In 2020, the growing influence of financial technology titan Ant Group was enough to spur the government to take action. Ant Group already had its share of run-ins with financial regulators in its rapid ascension as China’s national champion in the microfinance space, and co-founder Jack Ma’s flagrant public criticism of regulators proved to be the last straw. President Xi Jinping personally stepped in to cancel Ant Group’s IPO, and regulators later forced the firm to restructure as a financial holding company.

Beijing extended its crackdown to several other smaller private technology firms, launching cybersecurity reviews into Boss Zhipin, an online recruitment company, and Full Truck Alliance, a truck-hailing platform. Both companies were listed on the Nasdaq in June, prior to becoming targets of the CAC’s regulatory probes. In Shanghai’s Star Market—China’s counterpart to the Nasdaq—regulators are increasing scrutiny over domestic IPO applications.

In addition to doling out one-off punishments for companies caught in the government’s crosshairs, the China Securities Regulatory Commission (CSRC) is reportedly developing a broader proposal that would prevent internet firms with large amounts of user data from filing for overseas IPOs. Under the planned rules, companies collecting a vast amount of user data will be the subject of heightened scrutiny and will need the formal approval of a cross-ministry committee before listing abroad.

Many Chinese companies, including Didi and Alibaba, have filed overseas through a variable interest entity, a structure that uses an offshore shell company and exploits a legal loophole to raise capital from foreign investors without having to go through the barrier of Chinese regulators. Beijing is well aware of the workaround and has tolerated a level of ambiguity for years, but is now considering revising that rule. The CSRC has allegedly asked several companies to delay their overseas IPOs while it finalizes new regulations over the coming months.

On top of scrutinizing IPOs, Beijing has tightened its grip on the private sector by pushing forward new legislation to address data security concerns. Data, which is now considered a factor of production along the same lines of land, labor and capital, is a matter of national security. Policymakers view data as a key foundation of the increasingly prominent digital economy, which the China Academy of Information and Communication Technology estimated accounted for 38.6 percent of China’s GDP in 2020. In an era of global uncertainty surrounding the regulation of big data, Beijing is making moves to establish control and set an early precedent.

Regulators are making it clear that firms should not be able to monopolize data, and that data should not fall into the hands of foreign governments when companies go global. Alongside China’s 2017 Cybersecurity Law, two new regulations stand out.

First, the Data Security Law , effective September 1, establishes jurisdiction over data activities conducted both within and outside China’s borders. Any “core data” that regulators consider relevant to China’s national security is subject to strict regulation. Chinese companies are explicitly prohibited from providing their data to foreign authorities without prior approval from Beijing.

Second, the Personal Information Protection Law adds additional compliance requirements for private companies collecting user data. The law, which goes into effect November 1, stipulates that firms sending personal information data outside of China’s borders must first complete a cybersecurity evaluation. Similar to the Data Security Law, if a foreign regulator requests personal information data, it is the Chinese government - not the company - that makes the call.

On the one hand, these moves to rein in private companies are self-sabotaging. From July to September, Didi and Alibaba alone collectively lost nearly 170 billion dollars in market capitalization. Going forward, Chinese companies may struggle to raise capital under new stringent restrictions on overseas IPOs, and they will likely find it difficult to navigate the emerging data governance landscape.

In pulling the rug out from under some of the leading players behind China’s rise as a global innovation powerhouse, Beijing may significantly undercut its global interests. The long-term financial fallout could also undercut the engine of China’s economic growth, which has long been a key component of the Chinese Communist Party’s legitimacy.

On the other hand, economic dynamism cannot come at the expense of the party’s political control. Internet companies previously enjoyed a period of growth in which they could operate in a regulatory gray zone, but Beijing has become wary of what it considers the “ disorderly expansion of capital ” and is increasingly willing to make an example out of high-profile companies.

China’s ongoing crackdown is reminiscent of the fang-shou cycle of Chinese politics in which the government tightens its hold (shou) after it determines it has let things go (fang) for too long. Beijing’s recent moves signal that there is a limit to how much power private firms can amass, and that Chinese companies going global cannot cross the red line without feeling the heat. As the government rolls out new regulations and makes examples out of the largest firms in the tech sector, it is clear that the political pendulum has swung decisively in the shou direction.

Josh Bramble is a former intern with the China Power Project at the Center for Strategic and International Studies (CSIS).