All internet companies would be asked to voluntarily apply for reviews with the Cybersecurity Administration of China (CAC)—the central Internet regulator which for China—if the firms want to list their shares outside the Asian country.

China is working on new regulations to prohibit internet companies with huge volumes of sensitive consumer data from going public outside of the country, including in the United States—a move that is likely to jeopardise the Chinese tech firms' plans to list abroad.

The new laws are likely to aid Beijing in exerting greater control over the complicated organisational structures that China's largest IT companies employ to circumvent international investment restrictions. Because of political or national-security concerns, Chinese policymakers deem industries like the internet, telecommunications and education to be sensitive.

Last month, Beijing announced plans to strengthen oversight of all companies listed offshore, a major regulatory shift that followed a cybersecurity investigation into ride-hailing giant Didi Global Inc just days after the Chinese company debuted on the New York Stock Exchange in June.

As reported, a person familiar with the current situation revealed that the Chinese securities regulator would tighten scrutiny of overseas IPO-bound firms and prohibit those that collect large amounts of user data or create content that could pose security risks under the proposed rules.

The source also stated that all internet companies would be asked to voluntarily apply for reviews with the Cybersecurity Administration of China (CAC)—the central Internet regulator which for China—if the firms want to list their shares outside the Asian country. As per the source, the CAC would conduct the review with other relevant ministries and regulators, if necessary and after the cybersecurity watchdog's approval, companies would be able to apply to the securities regulator.

The suggestion is one of several being considered by Chinese regulators as Beijing has tightened its grip on the country's online platforms in recent months, including a focus on international listings. The crackdown has shattered stocks and seriously hurt market sentiment, focusing in particular on unfair competition and internet companies' handling of a vast cache of customer data.

As per The Wall Street Journal, which first reported about the new rules, officials from the China Securities Regulatory Commission suggested that companies with less sensitive data, such as those in the pharmaceutical industry, are still likely to gain Chinese regulatory permission for global listings.

The latest targets of Beijing, such as Alibaba Group Holding Ltd., Didi Global Inc. and Tencent Holdings Ltd., are among other Chinese internet heavyweights, who have employed a corporate structure known as a Variable Interest Entity (VIE). This structure was designed two decades ago to get around restrictions on foreign investment in sensitive industries like media and telecoms by allowing Chinese enterprises to raise money through offshore listings.

The VIE has been widely adopted by mostly Chinese internet corporations, which are generally established in the Cayman Islands and the British Virgin Islands and hence outside of Beijing's legal jurisdiction. It also allows businesses to acquire capital in a more flexible manner while avoiding the rigorous and lengthy IPO vetting process that locally formed businesses must go through.

However, as reported earlier, China passed a privacy law—Personal Information Protection Law—on 20 August aimed at restricting companies from acquiring sensitive personal data. Failure to comply can result in fines of up to 50 million yuan ($7.6 million) or 5 per cent of the company's annual turnover. Serious offenders risk losing their business licences and being forced to shut down operations.

The PIPL threatens to further encircle China's tech giants, who are already subjected to a tangle of regulations covering everything from how they form deals and price services to how they manage the massive amounts of data collected regularly. The regulation also states that the personal data of Chinese citizens cannot be transmitted to nations with lesser data security requirements than China which might cause complications for foreign enterprises.