China’s internet regulator moved Saturday toward requiring data-rich tech companies to undergo cybersecurity reviews ahead of any foreign listings, making explicit for the first time a data-security requirement that marred last week’s U.S. initial public offering by Didi Global Inc.
Separately, China’s main antitrust regulator on Saturday blocked Tencent Holding Ltd. ’s bid to combine the country’s two biggest game-streaming platforms, its first public intervention to halt a merger in China’s technology sector.
The moves come at the end of a week that was marked by a flurry of actions by Beijing aimed at reining in the nation’s tech giants. The two moves are the clearest signals yet that authorities are tightening the leash on overseas-listed Chinese companies amid concerns about data security. It also shows that regulators are rethinking the bigger-is-better mentality that allowed homegrown companies like Tencent and Alibaba Group Holding Ltd. to become global players.
The security review revision, released Saturday by the Cyberspace Administration of China for public comment, said companies holding personal data on at least one million users must apply for a cybersecurity review. Previously, companies seeking overseas stock listings weren’t explicitly obligated to conduct such reviews, though they would typically do so if asked by officials.
The Wall Street Journal reported earlier that Didi, the Chinese ride-hailing firm, pushed ahead with its $4.4 billion New York IPO late last month despite being urged by China’s internet regulator to submit itself to a cybersecurity review.