In the second half of last week, after the initial regulatory actions were handed down on Didi, a word document was circulating in China.
The document, entitled “Interpretation of the Didi Incident”, soon became a taboo. Many WeChat Groups were automatically disbanded by WeChat administrators when a member tried to send in this document.
Here I have translated part of the WeChat that described what happened – I have asked a contact in Beijing and he confirmed that the details are ‘more or less’ accurate, with some minor inconsistencies.
The other parties of the document cover technical issues of data classification, data security and protection of ‘key information infrastructure’, which we will not explain here in detail.
Interpretation of the Didi Incident
By: a former bureau director of the department of publicity of the communist party of China, currently working at a major internet company covering relevant areas.
- The incident originated with Didi not following the advice of key party and government departments, and went ahead to list in the US without data audit. This forced the regulators to take a heavy-handed approach afterwards;
- The Didi Incident has impacted the regulators’ trust in private companies. It will accelerate the data security governance efforts from the State. Three key parts of those efforts include: industry data classification and categorization, data security audit, and key information infrastructure;
- Antitrust efforts will continue, with strengthened governance on data and control of the capital’s ‘unorganised’ expansion.
The background of the Didi Incident:
Didi submitted its IPO prospectus on 10 June, and went public on 30 June.
1st July is the centenary celebrations of the founding of the Communist Party of China. On the next day Cyberspace Administration of China (CAC) issued an announcement launching a cybersecurity investigation on Didi and halting Didi’s new user registrations.
On 4th of July CAC removed Didi from app stores across China – a few other apps were impacted as well.
What was behind:
Everyone knows that Didi had made a lot of effort over a prolonged period of time in order to IPO.
During this process Didi was seeking support from various parties. It approached the Ministry of Transportation and National Development and Reform Commission.
In fact, both ministries were supportive of Didi’s IPO efforts. However, they were not sure whether the timing was right.
Didi did a few stupid moves afterwards. It did not seek support from more relevant departments and agencies.
About a week before 30 June, CAC expressed their position through various channels to Didi: that they will not stop the IPO, but they hoped that Didi conduct more preparations, and thus delay the IPO date.
Didi hoped that the date could be set at 2 July, and CAC replied saying that the date was not appropriate, and a delay is necessary.
That opinion was sent to Didi explicitly, I don’t know why Didi did not act on that opinion.
Didi finally decided to go public on 30 of June. They told the relevant agencies that they had no problem delaying the IPO, as they understood the intention of the relevant authorities.
Therefore, the authorities thought Didi had confirmed the delay. They were taken by surprise on the 30 of June. The authorities did not know why Didi made such a choice.
On 1 of July everyone was busy with the celebrations, but the CAC soon took action on Didi – on the next day.
In fact, the central authorities have not banned Chinese companies going IPO in the US. However, they had a consensus that companies going for US IPO need to be adequately prepared – including on data security and other areas.
During the IPO process, Didi did not cooperate with the authorities. The central party leadership was angry. They used the word 阳奉阴违 (feigning compliance) to describe Didi’s behaviour, which they regarded as grave.
As a result, many officials, including the ones at the Ministry of Transportation, might be impacted as well. Even the CAC took an earful from the central leadership: “you really can’t rein in these companies?”
With such a background, I feel the punishment on Didi will be severe. This is even more serious than what Alibaba did last year.
In such a tense geopolitical situation, on the day before the centenary celebrations of the CPC – Didi’s IPO is a big political mistake in Chinese context. Especially when they told the authorities they would delay the IPO, but went ahead anyway.
It increased the worries of the party leadership as well as the regulators: if such a big company with such important data could openly lie to the authorities, what else could happen?
Even those in the leadership who were supportive of Didi find it rather inconvenient to voice their support. That will have bad implications on other companies too – who would want to fight for the big tech companies if the result is a slap on the face?
In fact, I felt the central leadership and regulators were quite reasonable. The actions of Didi aggravated the situation. From the beginning, the authorities were supportive – they did not stop Didi, but asked Didi to make adequate preparations. They were communicating with Didi.
The same happened with a few other companies, which delayed their respective IPOs recently. These companies will benefit in the long term, with increased trust from the regulators.
In fact, Tencent and Alibaba also suggested that Didi delay its IPO, but for unknown reasons, Didi did not listen to them.
The document went on to analyse the data security issues, as well as the possible directions of future data classification/categorisation. It also predicted four trends of internet industry supervision:
- Further push of antitrust: this includes further scrutiny on VIE structure;
- Emphasis on data security: companies like Alibaba will receive more scrutiny than companies like Tencent;
- More control on capital that direct big tech companies: Didi has broken the trust;
- Protection of minors: the recent crackdown on “education tech” is one of the key moves.