China May Seek Cyber Check for HK Listings of Firms Holding Data

(Bloomberg) -- China may require a cybersecurity review for companies holding data that plan to go public in Hong Kong, if it’s decided that the listing will potentially have an impact on its national security.

The draft rule, published by China’s cyberspace regulator on Sunday, didn’t specify how the regulators will define if a listing will endanger security. 

Firms holding data of more than 1 million users must undergo cybersecurity approval when seeking listings in other nations, the Cyberspace Administration of China said in the statement, reiterating a guideline published in July. It didn’t specify the requirement for Hong Kong listings then.

Earlier in July, people familiar with the matter told Bloomberg that China plans to exempt companies going public in Hong Kong from first seeking approval of the country’s cybersecurity regulator.

The new rule will complicate the process for companies to list in Hong Kong, but the Hong Kong option still “has its advantages over U.S. listings” as not all companies will need to undergo data security reviews, said Xia Hailong, a lawyer at Shanghai-based Shenlun law firm.

Internet platforms, which amass large amounts of data relevant to the country’s security, economic development or public interests, must undergo cybersecurity reviews for any mergers and acquisitions or restructuring if the changes will affect national security, the CAC said on Sunday.

The draft rule, which is soliciting public feedback until Dec. 13, also requires large internet platform operators to report to cyberspace regulators and relevant authorities for setting up overseas headquarters, operations or research centers. 

©2021 Bloomberg L.P.

With assistance from Bloomberg