Major companies have been caught in a dragnet as Chinese authorities look to rein in the mining of its citizens’ data. Celebrations after Didi’s mega IPO, which raised USD 4.4 billion for the company, were short-lived after regulators kicked off a security probe. Three other firms, including US-listed Boss Zhipin, Yunmanman, and Huochebang—the latter two of which merged to form Full Truck Alliance, a company whose shares are traded in New York—were dragged into a similar situation.
Behind moves that are wiping billions of dollars from these companies’ valuations is a Chinese government organ that has taken on a newly dominant role: the Cyberspace Administration of China, or CAC.
The CAC has strong endorsement at the highest levels in Beijing. “Without cybersecurity, there is no national security; without informatization, there would be no modernization,” Chinese President Xi Jinping said in February 2014 at the first CAC meeting. Xi emphasized that the organization’s core mission is to coordinate matters related to sovereign cybersecurity and the adoption of information technology.
That means the CAC formulates policies that dictate what tech companies can and cannot do with the troves of information about people, places, and behaviors that they possess.
The CAC largely worked behind the scenes until 2018, when 60-year-old Zhuang Rongwen, who also serves as a vice minister of the Communist Party’s propaganda department, became its chief. Zhuang was previously a technocrat in Fujian Province, where he had worked under Xi when the future president was a senior official.
In his first speech as CAC head, Zhuang, who holds a PhD in engineering, said officials must “fight a people’s war for the governance of the online environment” as well as “persist in safeguarding national cyber sovereignty and realistically protect national security and the people’s interests.”
The CAC now works with 12 central government agencies, including the Ministry of State Security and Ministry of Public Security, to examine the operations of companies that handle critical data.
The CAC’s far-reaching impact
At the moment, the CAC is one of three government arms that are cracking down on big tech. Where the Cyberspace Administration probes the handling of data, the State Administration for Market Regulations is in charge of antitrust investigations into Alibaba, Meituan, and other tech firms, while the People’s Bank of China is boxing in fintech service providers, like when it instructed Ant Group to “return to its roots in payments.”
Under the CAC’s rules about data security, which went into effect in June, digital records are a national asset that can be used, or restricted, according to the government’s needs. The implication is that Chinese authorities have significant power to demand private companies to share data collected from e-commerce platforms, social media, lending, and other businesses.
Didi and other companies being probed by the CAC committed “serious violations” against the CAC’s laws, the cybersecurity watchdog said. While investigations are meant to last up to 45 days, they can be extended if the Cyberspace Administration deems there to be sufficient reason.
The agency’s capacity is well beyond consumer-facing apps. It can also govern data gathered by personal and commercial vehicles, and has already released a separate policy that specifically applies to the auto sector, covering information gleaned from mapping functions as well as pedestrian and traffic flows. That immediately causes headaches for all automakers that are embedding connectivity features in their cars. And, it leads an “online education alliance” that was established in mid-March, although what the group does remains unclear.
It looks like the CAC is far from done with its mission to curb the influence and reach of major tech companies. Yet another new policy draft released on July 10 stipulates a mandatory security review for any domestic company with more than 1 million users looking to list abroad. Firms must also submit materials regarding their IPO plans to the CAC.
At least 70 companies based in mainland China or Hong Kong that were set for IPOs in New York are now reconsidering their arrangements, according to Bloomberg, including recognized names like ByteDance, Keep, LinkDoc, Ximalaya, and Soulgate. Some may be steered toward going public in Shanghai, Shenzhen, or Hong Kong.
The impact of the CAC’s recent clampdown is already being felt on capital markets. The Nasdaq Golden Dragon China Index, which tracks 98 Chinese companies listed in the US, has fallen 8.74% since June 14.
What started as a banner year with a steady stream of Chinese enterprises going public in New York—24 companies raised a total of USD 5.8 billion in the first quarter of 2021, up 728% from USD 700 million in the same period in 2020—is set to take a very different direction in the second half of this year.