Obscure Cyber Agency Becomes Nemesis of China's Tech Giants

(Bloomberg) -- In its earliest iteration, the Cyberspace Administration of China used to police the country’s internet for pornography and sensitive content online. Now, the low-profile agency holds the future of IPO-hungry tech firms in its hands.

Around since 2011, the CAC has burst into prominence over the past two weeks, doing what powerful financial regulators could not by extending its oversight to overseas initial public offerings, all with the backing of the governing State Council. Under new rules unveiled this month, any company that wants to go public abroad will need to seek CAC approval if they have more than 1 million users. No agency held such explicit gatekeeper powers in the past.

The watchdog -- which operates under the Central Cyberspace Affairs Commission chaired by President Xi Jinping -- is now at the forefront of Beijing’s attempts to wrest control over one of its most valuable resources: data, the quintessential fuel for a global struggle with the U.S. to dominate the technologies of the future.

“The CAC is now going to the front of the stage upon Xi Jinping’s calling,” said Feng Chucheng, a partner at research firm Plenum in Beijing. The government needed to rein in “disorderly expansion of capital, and the internet companies fall squarely under this warning.”

The agency’s prominent new role in China’s tech crackdown follows months of probes led primarily by the State Administration of Market Regulation, China’s antitrust watchdog, and financial regulators including the People’s Bank of China. It wields a broad mandate to rein in the influence of the country’s largest corporations, focusing on the way they’ve employed data to shore up their dominance and thwart rivals. Authorities are also considering establishing a government-backed joint venture with some of the country’s biggest e-commerce platforms to oversee the lucrative data they collect from hundreds of millions of customers, Bloomberg has reported.

More broadly, the crackdown shows how technology is quickly turning into the next major battleground in a clash of superpowers, with implications that potentially could reshape the global economy for decades to come. With the U.S. lobbying other nations to prevent China from obtaining technology like advanced computer chips and Xi undertaking a national project to develop them, stringent data security controls risk further disrupting supply chains, balkanizing financial markets and forcing countries to pick sides.

The CAC on July 2 launched a cybersecurity probe into Didi Global Inc., demonstrating how the once-obscure agency is flexing its muscle in ways that can upend capital markets and overhaul the country’s most successful businesses. The Didi inquiry, which came days after the ride-hailing giant’s $4.4 billion U.S listing, set in motion a $130 billion stock sell-off and forced high-flying startups including Alibaba Group Holding Ltd.-backed LinkDoc Technology Ltd. and Tencent Holdings Ltd.-backed Meicai to halt their plans to go public.

The agency broadened its crackdown over the weekend, redefining a rarely used rule to require that any company holding data on more than 1 million users must now apply for cybersecurity approval when seeking listings in other nations. That kind of data could be “affected, controlled and maliciously exploited by foreign governments,” the CAC said in a statement on Saturday.

”It’s a necessary change,” said Mark Greeven, a professor specializing in China technology at IMD Business School based in Lausanne, Switzerland. “There needs to be a department that deals with big tech, in particular platform businesses, and takes them seriously. For the businesses like Alibaba and Didi, their game is changing. The time of easy business is gone.”

After the government gave it expanded powers last week, the CAC will revise rules for overseas listings. Companies that are already public will be held accountable for keeping their data secure, the governing State Council said.

About 70 private firms based in Hong Kong and China that are set to go public in New York may eventually be impacted, according to data compiled by Bloomberg. Bankers say they expect the majority of Chinese IPOs bound for U.S. exchanges to be suspended or diverted to other venues. Chinese on-demand logistics firm Lalamove is considering shifting its planned $1 billion U.S. initial public offering to Hong Kong, Bloomberg News reported, becoming potentially one of the first firms that filed confidentially in the U.S. to re-route to Hong Kong.

The CAC has become emboldened in part because of the state’s push to entwine the importance of data with national security, said Rogier Creemers, assistant professor at Leiden University’s Chinese Studies department in the Netherlands.

Beijing does not “want an app with data about Chinese individuals to be held by a foreign-owned company and be shopped abroad and used for espionage purposes,” he said.

At its inception, the agency -- also known by its Chinese name of the State Internet Information Office -- was charged with asserting control over China’s social media, curtailing online debate and instituting stricter rules on content. It flourished under Lu Wei, who took over as director in 2013, growing in size and absorbing other cybersecurity departments. In 2014, the watchdog began dispatching delegations to international cyber events and brokering meetings between Xi and technology chieftains such as Mark Zuckerberg and Tim Cook. It also established an international internet conference in the town of Wuzhen that attracted industry leaders from around the world.

Lu was removed from office in 2016 on charges of corruption however, so Xi appointed Xu Lin, a longstanding party official, as his replacement. The Chinese president had wanted the CAC to become a highly centralized agency for content regulation and cybersecurity policy coordination and the agency soon expanded its policy and regulatory coordination capacity “across internet content sectors and broadly the entire cyberspace,” according to Plenum’s Feng.

Under Xu, the agency also recruited and promoted more cyberspace and technical professionals to replace propaganda officials. Its present director Zhuang Rongwen once worked as an engineer, before becoming a vice minister at the propaganda department. Two of the four current deputy directors also come from the telecommunications and IT industry.

“The authorities are taking a triage approach by investigating the businesses that can do the most damage from a cybersecurity perspective,” said Carly Ramsey, a Shanghai-based director with Control Risks in Shanghai.

Zhuang took the helm in 2018 and has long stressed the importance of data as a critical national asset. In an op-ed written in the state-owned People’s Daily in 2019, he said data “will have a significant impact on economic development, governance and everyday life.” “The capability of controlling data is a key measure in a country’s competitiveness,” he wrote.

Read more: China Charges Former Internet Censorship Chief With Corruption

Even before Didi’s IPO, the agency had already put China’s tech billionaires on notice. In March, it issued new rules regulating what types of personal information the different kinds of apps should and shouldn’t collect. The regulator swiftly followed up by rapping hundreds of apps for illegally gathering user data, though in most cases, the companies were given time to rectify their issues instead of being penalized right away.

As early as three months before Didi’s debut, the CAC and other regulators asked the ride-hailing giant to delay its offering because of concerns over its huge trove of data, people familiar with the matter have said. Didi ultimately went ahead with the offering, raising $4.4 billion in the second-largest debut by a Chinese corporation in U.S. history and setting in motion the crackdown on its operations as well as on foreign IPOs.

The CAC’s action “goes beyond the punitive measures taken by China’s antitrust authority,” said Xiaomeng Lu, director of geotechnology at policy consultancy Eurasia Group. “Both the antitrust campaign and the cybersecurity crackdown have signaled Beijing’s intention to rein in major tech platforms to ensure they fall within the party line.”

The broad crackdown will be painful in the short term and the stakes are high, says Kendra Schaefer, partner at Beijing-based strategic advisory consultancy Trivium China. The digital economy is projected to grow to 55% of China’s overall economy in 2025, up from about 38% now.

“What China will do is leave the tech companies in an extreme state of uncertainty for two to three years,” she said. “What they are thinking is, this is our growth engine. If we don’t get the rules in place, this is going to spiral out of control.”

©2021 Bloomberg L.P.