Translation: CAC Announces ‘Cybersecurity Review’ of Ride-Hailing Giant Didi, Just After Its IPO


July 2, 2021


July 2, 2021

The Cybersecurity Review Office of the Cyberspace Administration of China on Friday announced the initiation of a review of the Chinese ride-hailing giant Didi Chuxing. The announcement came two days after the company’s more than $4 billion USD IPO, the Financial Times reported.

DigiChina has translated the official announcement below.

The cybersecurity review process is outlined in the “Cybersecurity Review Measures,” finalized in 2020, which established the Cybersecurity Review Office under the CAC.

Cybersecurity reviews under those Measures focus on security implications stemming from procurement and installation of “network products and services” by entities deemed to be “critical information infrastructure (CII) operators.” The language generally centers around “national security” risks, but both CII and national security can be defined broadly to include economic security, mass breaches of personal data, etc.

According to the Cybersecurity Review Measures:

Article 9: The cybersecurity review process focuses on assessing the potential national security risks brought about by procurement of network products and services, mainly considering the following factors:

  1. The risk that the use of products and services could bring about the illegal control of, interference with, or destruction of CII, as well as the theft, leak, or damage of important data;
  2. The harm to CII business continuity of product and service supply disruptions;
  3. The security, openness, transparency, and diversity of sources of products and services; the reliability of supply channels, as well as the risk of supply disruptions due to political, diplomatic, and trade factors;
  4. Product and service providers’ compliance with Chinese national laws, regulations, and department rules;
  5. Other factors that could harm CII security and national security.

The review, which under the Measures would conclude within 45 days unless there are complications, and may require Didi and/or its suppliers to make changes. Penalties for non-compliance are set out in the Cybersecurity Law and may include suspending use of certain systems, a fine up to 10 times the purchase price of the systems, and fines between 10,000 and 100,000 RMB for responsible personnel.


Cybersecurity Review Office Announcement on the Initiation of Cybersecurity Review of “Didi Chuxing”

July 2, 2021, 19:19   Source: Cyberspace Administration of China Website

In order to guard against national data security risks, safeguard national security, and ensure public interests; in accordance with the “National Security Law of the People’s Republic of China” and the “Cybersecurity Law of the People’s Republic of China”; the Cybersecurity Review Office, according to the “Cybersecurity Review Measures,” is effectuating cybersecurity review of Didi Chuxing. In order to cooperate with cybersecurity review work and guard against the expansion of risks, Didi Chuxing will stop new user registrations during the review.

Cybersecurity Review OfficeJuly 2, 2021

Original Chinese


2021年07月02日 19:19 来源: 中国网信网