China to introduce cyber security reviews for companies listing overseas

China flag is depicted on the screen in program code
(Image credit: Shutterstock)

China said on Tuesday it would introduce new rules that will affect how its tech platforms plan to list abroad or use recommendation algorithms, as it seeks to gain oversight of its tech sector.

From 15 February, the Cyberspace Administration of China (CAC) will require platform companies with data for over 1 million users to undergo a security review before listing their shares overseas. The CAC said the main purpose of this rule, which could affect the likes of ByteDance, is to further protect network and data security and to maintain national security.

At the same time, in an additional statement, the CAC announced it would implement new rules around the use of algorithm recommendation technology from 1 March. This includes a requirement that companies give users the right to switch off the service and increases oversight of news organisations that use the technology to share information.

However, the new law does not make it clear whether companies that plan to list in Hong Kong will be affected by the security review. In November last year, the CAC released a draft document called “regulations on Network Data Security Management” which stipulated that when data processors go public in Hong Kong, they will have to apply for a network security review.

Following heightened US-China tensions, and after US regulators were applying greater scrutiny to new listings of Chinese companies, a number of Chinese tech firms were considering launching an IPO in Hong Kong. This could see around $2 trillion worth of Chinese listings move out of US exchanges from 2024.

An example of this is China Mobile, which hopes to raise £6.6 billion when it lists in Shanghai after laws introduced by the Trump administration removed the company from the New York Stock Exchange. If it raises the money, it will make the public share sale China’s fifth-biggest on record, and the biggest listing since the Agricultural Bank of China’s public offering in 2010.

This comes after China introduced new regulatory changes last year. One of these was the Personal Information Protection Law (PIPL) which stipulates how data can be collected and used in the country while governing the actions of companies hoping to move data out of China. It regulates activities carried out by state agencies, personal information processing activities, and also applies to foreign organisations that process personal data overseas.

Zach Marzouk

Zach Marzouk is a former ITPro, CloudPro, and ChannelPro staff writer, covering topics like security, privacy, worker rights, and startups, primarily in the Asia Pacific and the US regions. Zach joined ITPro in 2017 where he was introduced to the world of B2B technology as a junior staff writer, before he returned to Argentina in 2018, working in communications and as a copywriter. In 2021, he made his way back to ITPro as a staff writer during the pandemic, before joining the world of freelance in 2022.