On Tuesday, the State Internet Information Office and 13 other departments jointly revised and issued the Measures for Network Security Review (hereinafter referred to as the Measures), which will take effect on February 15, 2022. The Measures make it clear that network platform operators who hold the personal information of more than 1 million users must declare to the Cyber Security Review Office to go public abroad.
The new provisions on the listing procedure were originally proposed this summer, and after the revision and promulgation of the Measures, two security risk factors have been added to the review focus. One of them includes national security risk factors such as the risk of critical information infrastructure, core data, important data, or a large amount of personal information being affected, controlled, or maliciously used by foreign governments. According to the Measures, the Cyberspace Administration of China said that companies that meet the criteria should conduct a cybersecurity review before submitting listing applications to overseas securities regulators. Last November, the SFC also imposed stricter scrutiny on Companies listed in Hong Kong, requiring them to submit to cybersecurity scrutiny in cases where the sale could involve national security.
Shortly before the release of the Measures, Didi announced the start of delisting in New York and the start of preparations for listing in Hong Kong. Didi, the largest Chinese company to list in the U.S. since Alibaba debuted in 2014, was delisted from the New York Stock Exchange shortly after its listing, prompting a cybersecurity review shortly after its listing. Didi is currently currently seeking to list in Hong Kong in the form of an introduction. The move would allow U.S. shareholders to gradually transfer their shares. Regulators had previously asked Didi to suspend its IPO before listing on June 30 to wait for the solution of network security issues, and four days after Didi's IPO, the State Internet Information Office announced that after testing and verification, didi Chuxing App had serious violations of laws and regulations in collecting and using personal information.
According to Reuters, after the release of the Measures, the Hang Seng Index fell 0.36% in early trading on Tuesday and the Hong Kong Technology Stock Index fell 1.32%.
The State Internet Information Office also issued the Provisions on the Administration of Recommendation of Internet Information Service Algorithms, which will be implemented on March 1, and last year formulated the Data Security Law on data storage and the Personal Information Protection Law on data privacy.
![The revised Measures for Network Security Review will come into effect tomorrow[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)