Exclusive | Didi’s business slows from break-neck pace as on-site probes by China’s cybersecurity regulators gum up operations
- Employees of Didi Chuxing have been forced to address technical demands from regulators as cybersecurity probe drags on
- The review has forced the ride-hailing giant to make the investigation its top priority as it seeks to get its app back into app stores
Investigators, who sequestered themselves into Didi’s head office in the Zhongguancun Software Park in the northwestern corner of the Chinese capital, have called mid-level staff in for hours of questioning, even on weekends and at short notice, employees said. Engineers have completed the rectification of the data management loopholes, according to staff members familiar with the matter.
Part of the company’s rectification process involves addressing issues authorities see with its management of the data it collects from users and mapping, which must be corrected before Didi is allowed back on China’s Android and Apple app stores.
The government’s investigations of Didi have completed, and regulators are shifting their gaze to other technology companies that have completed their initial public offering applications to list in the United States, according to people familiar with the matter.
07:30
Why China is tightening control over cybersecurity
Didi’s spokespeople did not respond to requests for comment.
One sign of how operations have been impacted is the slow roll-out of a billing feature that allows drivers to see detailed data on their share of passenger bills.
Sun Shu, the chief executive of Didi’s ride-hailing business and the head of its drivers committee, promised the feature in a public letter at the end of May. Drivers first started getting this data in mid-August, but only in seven Chinese cities, including Shenyang and Changchun. The country’s busiest cities – Beijing, Shanghai and Shenzhen – have not been included yet.
The government has also not disclosed much information about the investigation, which is being led by the Cyberspace Administration of China (CAC) and joined by six other agencies, including the Ministry of State Security and the Ministry of Public Security.
According to China’s cybersecurity review regulation, a probe typically concludes within 30 working days, but it can run up to 45 working days. An additional 45 days can be added as a special review period when there is disagreement among regulators.
The government has been weighing different potential punishments for Didi, including a record fine, the introduction of a state investor, or even a forced delisting from the New York Stock Exchange, Bloomberg reported in July. Didi has also been in talks with a state-owned company to handle its data management and monitoring, Reuters reported this month.
Didi said last week that it is “actively and fully cooperating with authorities in the cybersecurity review”.
“The outcome of the case, including what data are being looked into, will be an important reference for future cases,” Ramsey said. “There is a lot of speculation that the case is broader than just cybersecurity, but [also regards] listings in the US, so we really want to see what the investigation is about.”