Didi drops 20% after IPO as Beijing tightens data security review

Business & Technology

Chinese cybersecurity regulators launched investigations of three companies that had recently listed in the U.S., hinting at concerns that their data could fall into foreign hands. Beijing also said that it would “consolidate the information security responsibilities of overseas listed companies.”

A driver of Chinese ride-hailing service Didi drives with a phone showing a navigation map on Didi's app, in Beijing, China
A driver of Chinese ride-hailing service Didi drives with a phone showing a navigation map on Didi's app, in Beijing, China, July 5, 2021. REUTERS/Tingshu Wang.

On June 30, Chinese ride-hailing giant Didi Chuxing made a splash on the New York Stock Exchange, raising $4.4 billion in the largest initial public offering for a China-based company since Alibaba in 2014.

Six days later, Didi’s share price has slid 20% after multiple actions by regulators back in Beijing:

  • On July 2, two days after the IPO, the Cyberspace Administration of China (CAC) announced that it had placed the company under investigation, possibly for data-security-related reasons. Didi later said that it had no knowledge this action was coming.
  • The CAC then ordered app stores to remove the Didi app because it violated laws in its “collection and use of personal information,” the regulator said (in Chinese). The order did not affect current users of Didi’s app or its drivers, but as of July 4, new users were unable to register for the company’s services.
  • The CAC then broadened its data security crackdown to two other companies that had recently listed in the U.S. — China’s “Uber for trucks,” Full Truck Alliance, and Kanzhun, the owner of online recruiting platform Boss Zhipin. These two companies, whose share price slid more than 10% each today, face the same app freeze as Didi while regulators conduct their investigation.
  • Finally, “China’s top government body, the State Council, said [in Chinese] it would act to strengthen the protection of sensitive data related to overseas listings, and ‘consolidate the information security responsibilities of overseas listed companies,’” the Financial Times reports, helping drive a smaller sell-off of a few percentage points in other U.S.-listed Chinese companies, including Baidu, JD.com, and Alibaba.

Why the data security crackdown, and what other motivations?

The crackdown on Didi and other tech companies that have recently listed overseas comes after several regulator actions over the past year: the Ant Group IPO suspension; the multiple antitrust probes into Alibaba, Tencent, and others, including Didi itself; and the new, harsh regulations on the private tutoring industry in China.

But data security is also a specific and particularly high-profile concern in Beijing, where “data sovereignty” and “cyber sovereignty” have been buzzwords for years. Interestingly, in a Wall Street Journal article revealing that Didi had been warned by Chinese regulators to delay its U.S. IPO, the company is said to have “received mixed signals from different agencies,” so there might not have been a predetermined course of action in Beijing, or a decision that was closely related to others on Chinese Big Tech.

Some of the possibilities for why the hammer came down on Didi at this time include:

  • National security and data sovereignty — “Back in Beijing, officials, especially those at the Cyberspace Administration of China, remained wary of the ride-hailing company’s troves of data potentially falling into foreign hands as a result of greater public disclosure associated with a U.S. listing,” the Wall Street Journal suggests.
  • Backlash to threat of delisting: Some analysts think the CAC’s anxieties over data privacy are in reaction to new regulations in the U.S. that would delist Chinese firms unless they abide by U.S. auditing procedures.
  • Surprises in the SEC filing: China tech policy analyst Graham Webster suggested a possible scenario, where “if — in addition to the IPO politics — CAC was angry that they’d found out about something (a supplier) they supposedly control from U.S. SEC filings, rather than from Didi itself.”
  • Mounting political pressure to list in Hong Kong or mainland China, rather than overseas.

Meanwhile, Didi will take a continued battering, because while existing users of its app in China are not affected, user growth will be impossible during the investigation. And per the WSJ, “Analysts say the review process could last for months and involve some dozen government agencies including China’s Ministry of Public Security and its top economic planning agency.”

As many as 34 other companies based in China or Hong Kong that have pending filings for U.S. IPOs could also be affected by the new wave of scrutiny, Bloomberg reports.