Update: Didi Hit With 25 More App Removals as China Ramps Up Sanctions

China’s cybersecurity regulator ordered the removal of 25 mobile applications operated by ride-hailing giant Didi Chuxing offering services from carpool to finance, signaling an intensified clampdown on the company over data security concerns.

The Cyberspace Administration of China (CAC) told Chinese app stores to remove the apps as they were found to be illegally collecting users’ data, according to a statement (link in Chinese) late Friday. The regulator cited China's Cybersecurity Law for the move.

While telling app stores to remove the Didi apps, the CAC also barred internet platforms from providing traffic and downloads for the apps.

The order covers all applications operated by Didi including the corporate version of Didi Chuxing, Didi’s carpool service, freight service, its platform serving drivers and Didi Finance.

The latest removal order underscored mounting regulatory headwinds facing Didi. The crackdowns have eroded a huge chuck of the company’s market value days after its $4.4 billion initial public offering in New York.

On July 1, Chinese regulators said they would investigate the company for national security and data risks. Didi was told to stop registering new users during the investigation.

Three days later, Didi’s main ride-hailing app was ordered to be removed from app stores, while the CAC instructed Didi to rectify issues in accordance with national laws and standards and to effectively protect the personal information of users.

Didi pledged to comply with regulators’ order and make serious rectifications. The order will not affect existing users of Didi’s app or its drivers, the company said July 3.

The moves were compounded Tuesday when the State Council, China’s cabinet, issued a stark warning to the country’s largest companies, pledging to tighten oversight of data security and overseas listings. Two other Chinese companies that recently sold stock in the U.S. ― Full Truck Alliance Co. Ltd. and Kanzhun Ltd. ― also came under investigation.

The series of regulatory blows dragged the price of U.S. traded Didi Global Inc. below its $14 IPO price. The stock traded at $11.54 Friday morning, wiping out more than $15 billion of market value.

As the shares tumbled, at least half a dozen class action lawsuits were filed in the U.S. against Didi, with some alleging the company failed to disclose that Chinese regulators had warned it to delay its IPO pending a security review of the Didi Chuxing app.

U.S. senators from political parties called on the Securities and Exchange Commission (SEC) to investigate whether Didi misled investors before its listing.

In its IPO prospectus, Didi used 60 pages to list the risks it faces across its business, particularly legal and regulatory risks that could have a material adverse impact on its business prospects, including risks involving drivers and vehicle licenses and antitrust risks. The prospectus specifically notes that Didi’s IPO could require approval from Chinese regulators under Chinese law.

In April 2020, 12 Chinese government departments led by the Cyberspace Administration of China jointly issued the “Measures for Cybersecurity Review,” requiring that critical information infrastructure operators conduct an assessment of potential national security risk exposure prior to procurement of network products or services.

If such assessment determines that the products or services to be procured present potential national security concerns, the operator must apply to the Cybersecurity Review Office for a cybersecurity review.

Although usually a review can be completed within 45 business days, it may be extended for an additional 15 days if the review is complicated. If the review enters a special review process, it will take additional 45 business days or longer.

The cyber security review will focus on national security risks, including the risks of illegal control, interference or destruction of critical information infrastructure as a result of the use of products and services, as well as the risk of important data being stolen, leaked or damaged. It will also assess damage to critical information infrastructure caused by interruptions in the supply of products and services and transparency, diversity of sources, reliability of supply channels and the risk of supply disruptions due to political, diplomatic, trade and other factors, according to the regulations.

Denise Jia contributed to this story.

Contact reporter Han Wei (weihan@caixin.com) and editor Bob Simison (bobsimison@caixin.com)

Download our app to receive breaking news alerts and read the news on the go.

Follow the Chinese markets in real time with Caixin Global’s new stock database.