China’s cyber security regulators have launched an investigation into Didi, sending the ride-hailing group’s shares sharply lower on its third morning of trading in New York.
The Cyberspace Administration of China made the sudden announcement on Friday evening, Beijing time, two days after Didi raised at least $4bn in the year’s biggest initial public offering.
Despite the record fundraising, Didi kept the occasion low-key, without celebrating on its domestic Weibo social media channel, organising a press conference, or taking part in a bell-ringing ceremony in New York.
The CAC said the investigation was in order to “safeguard national data security and protect national security”, and that Didi must stop registering new users for the duration of the probe in order to “comply with the cyber security investigation work and prevent risks from spreading”.
Didi told the Financial Times that it would “actively comply” with the investigation and “completely inspect our cyber security risks under the guidance and supervision” of the authorities. Its shares opened 11 per cent lower on Friday in New York before stabilising to end down 5.3 per cent on the session, at $15.52. The stock was priced at $14 in its IPO.
“This is a signal for big tech companies, warning them of the importance of data security and personal data protection,” said Wang Congwei, a partner at Beijing Jingshi law firm.
China’s cyber security reviews are new measures launched last year in order to protect what it sees as “critical information infrastructure”, a broad category that includes transport providers and large-scale database systems. One of its aims is to prevent data leaks of critical information.
According to Chinese regulations, an ordinary investigation can last up to 30 business days, with extensions of 15 additional business days for complex cases.
Didi has more than 377m users and 13m drivers annually active in China, meaning it stores a significant amount of user data that could lead it to be considered a critical information infrastructure by Chinese regulators.
The platform not only gathers data on trips and user locations but, following a passenger safety scandal in 2018, also records audio during every ride.
The company has not yet faced a major publicly known data leak. Following passenger murders in 2018, Didi was reprimanded by police and traffic regulators for not sharing more data, a debacle that underlines the tensions within China’s government departments between demands for more data-sharing and calls for higher data security.
Along with other ride-hailing peers, Didi was called in by market regulators in May and told to address high costs for drivers and arbitrary price changes.
Additional reporting by Nian Liu