China's revised cybersecurity review rules, which came into force this week, will better protect national security and companies, a lawyer has told CGTN.
The new regulation requires online platforms operating personal information of more than one million users to undergo a cybersecurity review before seeking initial public offerings (IPOs) in a foreign country.
The goal of enacting the new measures is not to prevent domestic companies from undertaking overseas listings, but to ensure national security and confidentiality of information, said Selena Wang, a lawyer specializing in mergers and acquisitions and corporate listings. She added that Article 7 of the new measures specifies that a cybersecurity review is mandatory for such companies.
The new rules will focus on assessing the impact or possible impacts on all the data operations of online platforms, such as collection, storage and processing. They also consider the national risks, including the possibility of key information infrastructure being illegally controlled, interrupted or damaged and the risk of key data being used for malicious purposes by foreign governments after listing in overseas markets. Companies will not be allowed to list abroad if the review finds that national security could be harmed.
By tightening the review process, regulators aim to ensure that the companies conform to the necessary cybersecurity regulations before listing overseas. There were instances earlier of companies completing IPOs even as the review process was underway, Joy Huang, a partner at Allbright Law Offices, told CGTN.
The new regulations, which improve the previous supervision system, are set to better protect national security and the companies themselves, Huang said.
Why are Chinese regulators tightening rules?
A key feature of the new regulations is the section that deals with data-intensive platform companies.
"If any data-intensive platform company has the personal information of more than one million users or affect or may affect national security, then the data is not just the assets of the company, but also may be strategic assets of the country," Wang pointed out.
On a broader scale, the revised cybersecurity measures are also in response to the various challenges posed by the US authorities against China Concept Stocks listing on US bourses, she added.
How will the new measures impact Chinese companies' overseas listing?
It is important to note that the regulations do not cover listings in Hong Kong, Wang emphasized, adding that it does not mean that cybersecurity is no longer a consideration for listing in Hong Kong.
Cybersecurity reviews are promulgated through proactive reports of companies or initiated by regulators, Wang said. Although the new measures do not require the companies to apply for a cybersecurity review proactively before listing in Hong Kong, the regulators may still initiate a cybersecurity review if they see any possible threat to national security, she added.
Furthermore, China's cyberspace regulators also announced new measures in January on algorithmic recommendation service providers that come into effect in March. These aim to prohibit algorithm technology companies from generating fake news or disseminating information from unauthorized sources.