China may require a cybersecurity review for companies holding data that plan to go public in Hong Kong, if it’s decided that the listing will potentially have an impact on its national security.
The draft rule, published by China’s cyberspace regulator on Sunday, didn’t specify how the regulators will define if a listing will endanger security.
Firms holding data of more than 1 million users must undergo cybersecurity approval when seeking listings in other nations, the Cyberspace Administration of China said in the statement, reiterating a guideline published in July. It didn’t specify the requirement for Hong Kong listings then.
Earlier in July, people familiar with the matter told Bloomberg that China plans to exempt companies going public in Hong Kong from first seeking approval of the country’s cybersecurity regulator.
The new rule will complicate the process for companies to list in Hong Kong, but the Hong Kong option still “has its advantages over U.S. listings” as not all companies will need to undergo data security reviews, said Xia Hailong, a lawyer at Shanghai-based Shenlun law firm.
Internet platforms, which amass large amounts of data relevant to the country’s security, economic development or public interests, must undergo cybersecurity reviews for any mergers and acquisitions or restructuring if the changes will affect national security, the CAC said on Sunday.
See also: China tightens securities lending rule to support stock market
The draft rule, which is soliciting public feedback until Dec. 13, also requires large internet platform operators to report to cyberspace regulators and relevant authorities for setting up overseas headquarters, operations or research centres.
Photo: Bloomberg
