Beijing is ramping up its scrutiny of ride-sharing giant Didi Global, announcing on Friday that seven government departments have jointly launched an on-site cybersecurity investigation into the company.
The Cyberspace Administration of China (CAC) said in a brief notice published on its website that other government departments, including the Ministry of Public Security, the Ministry of Transport and the Ministry of Natural Resources, would be jointly stationed at the Beijing-based company as they conduct their probe. It didn’t mention how long the investigation would last, or what penalties Didi could possibly face. The company did not immediately respond to an emailed request for comment.
Zhu Wei, a professor at the China University of Political Science and Law, says the investigation could last for months as regulators look into Didi’s operations to ensure its data is kept secure. The past few weeks have been tumultuous for Didi. Shortly after its $4.4 billion initial public offering in New York, China’s regulators ordered all 25 of the company’s apps to be removed from app stores and new user registrations were suspended.
China’s cybersecurity regulators had already been investigating Didi since the beginning of this month. They had previously suggested delaying the IPO, and urged the company to examine its network security in order to protect its users’ data, according to a Wall Street Journal report that cited anonymous sources. Didi told the newspaper that “it had no knowledge before the IPO of the regulator’s decisions to put the company under cybersecurity review, and to ban new downloads of its ride-hailing app.”
Still, the company’s shares have already plunged more than 10% below its IPO price of $14, prompting a series of class-action lawsuits alleging that Didi had published false and misleading information and also that it failure to disclose the possible cybersecurity investigations.
Meanwhile, China is also drastically tightening the review process for companies seeking to list their shares overseas. CAC announced last week a proposal to require any company holding data of more than 1 million users to undergo a security review before they list overseas. In response, several Chinese companies, including fitness app Keep and medical data company LinkDoc, have already shelved plans to list in the U.S.
“Instead of financial or securities regulators, the CAC will lead the review process of Chinese companies’ foreign IPOs going forward,” says Shen Meng, director of Beijing-based boutique investment bank Chanson and Co. There have been reports claiming that Didi rushed to complete its IPO before getting regulatory approval, and “this is clearly not allowed.”