China's cyberspace regulator said on Saturday any company with data for more than 1 million users must undergo a security review before listing its shares overseas, broadening a clampdown on its large "platform economy."
The security review will put a focus on risks of data being affected, controlled or manipulated by foreign governments after overseas listings, the Cyberspace Administration of China (CAC) said, posting the proposed rules on its website.
China's cyberspace regulators are imposing tighter restrictions on data collection and data storage. Authorities are also more broadly pushing for companies to list domestically.
Two new sets of rules, the Data Security Law and the Personal Information Protection Law, which cover data storage and data privacy respectively, are set to go into effect this year.
Saturday's announcement will also require firms to submit the IPO materials they plan to file for review.
The security review, according to the CAC, will consider national security risks as "risk of supply chain interruption due to political, diplomatic, trade and other factors," and risk of key data "maliciously used by foreign governments after listing in foreign countries."
The CAC is seeking public opinion on the proposed rules.
Didi's shares plunged 20% on news of the probe, and the company said its revenue would be affected.