On July 6, 2021, after the Wall Street Journal reported that prior to DiDi’s June 30, 2021 U.S. IPO, government authorities had urged the Chinese ride-hailing firm to postpone the offering, but that the company, under pressure from investors, had gone ahead with the IPO anyway, it seemed that it would only be a matter of time before DiDi would be hit with a U.S. securities lawsuit. Indeed, as it turned out, the same day the Journal article appeared, an investor filed a U.S. securities class action lawsuit against the company. As discussed below, the lawsuit is based on cybersecurity and privacy concerns relating to the company’s ride-hailing app. A copy of the investor’s July 6, 2021 complaint can be found here.
DiDi Global is a ride-hailing firm based in China. It is often referred to as the “Uber of China.” On Wednesday June 30, 2021, the company completed an over $4 billion U.S. IPO and its American Depositary Shares (ADSs) began trading on the NYSE.
On July 2, 2021, just two days after the IPO, the company reported in a press release that the Peoples’ Republic of China (PRC) Cyberspace Administration of China (CAC) had posted on its website that DiDi is “subject to cybersecurity review by the authority.” During the review, DiDis “required to suspend the new user registration in China.”
According to the Wall Street Journal’s July 3, 2021 article about this development, the authority’s probe “aims at preventing risks related to national data security.” The Journal article adds that “the move comes as authorities seek to rein in China’s big technology companies, which have become central to everyday life in Chinese society and assert more control over data that these companies hold.”
Two days later, on July 4, 2021, the company further announced that the company’s “DiDi Chuxing” app “had the problem of collecting personal information in violation of relevant PRC laws and regulations.” Pursuant to the PRC’s Cybersecurity Law, the CAC had “notified app stores to take down the DiDi Chuxing app in China,” and “required the Company to strictly comply with relevant laws and regulations, follow the relevant standards set by the PRC government authorities, and rectify the problem to ensure the security of users’ personal information.”
In a July 6, 2021 article (here), the Wall Street Journal reported in a front-page article that “weeks before” the company’s IPO “China’s cybersecurity watchdog suggested the Chinese ride-hailing giant delay its initial public offering and urged it to conduct a thorough self-examination of its network security, according to people with knowledge of the matter.”
On July 6, 2021, an investor who purchased the company’s ADSs filed a securities class action lawsuit in the Central District of California against DiDi; certain of its officers and directors; and its offering underwriters. The complaint purports to be filed on behalf of investors who purchased DiDi securities pursuant to or traceable to the registration statement and related prospectus issued in connection with the company’s June 30, 2021 IPO. UPDATE: In addition to the complaint filed in the Central District of California, on July 6, 2021 a different investor filed a separate securities class action lawsuit in the Southern District of New York against DiDi related to the company’s IPO. The SDNY complaint can be found here.
The complaint alleges that the registration statement was false and misleading or failed to disclose that: “(1) Defendant DiDi ‘had the problem of collecting personal information in violation or relevant PRC laws and regulations’; (2) DiDi’s app, DiDi Chuxing (Travel) would face an imminent cybersecurity review by the CAC; (3) the CAC would require all Chinese app stores to remove DiDi Chuxing; and (4) as a result, Defendants’ statements about the Company’s business, operations, and prospects were materially false and misleading and/or lacked a reasonable basis at all relevant times.”
The complaint alleges that as a result of the disclosure of material facts omitted from the registration statement, the share price of the company’s ADS’s has fallen below the offering price, damaging investors.
The complaint alleges that the defendants violated Sections 11, 12(a)(2), and 15 of the Securities Act of 1933. The complaint seeks to recover damages on behalf of the class.
For companies that are subject to IPO-related securities litigation, the usual arc of events is as follows. First, the company makes its debut amidst great fanfare. Then after it launches into life as a public company, the company hits an obstacle or faces a setback, and the company’s share price declines, after which the plaintiffs’ lawyer inevitable file a securities lawsuit against the company. The events preceding DiDi’s new lawsuit trace this same arc; the difference is that in the DiDi lawsuit, the time frame was dramatically compressed. The path from high-profile debut to slumping share price was, in DiDi’s case, a matter of days, less that a calendar week.
The source of the concern, and in fact the aspect of this situation that will give the lawsuit emotional heft, is the report that the company had been warned in advance by government authorities to postpone the IPO but that the company, under pressure from investors, went ahead anyway. The claims of aggrieved investors, who were unaware of the government warnings and who purchased shares in the offering only to see the price decline shortly thereafter, has a certain compelling appeal.
However, beyond these circumstantially specific aspects of this new lawsuit, there are certain ways in which this new lawsuit reflects certain larger securities class action litigation trends.
First, the underlying bases of the government investigation are concerns relating to cybersecurity and privacy. As I have noted in prior posts in recent years, cybersecurity and privacy concerns are a troublesome new source of corporate and securities litigation. To be sure, unlike many of the prior cybersecurity or privacy related corporate and securities lawsuits, this lawsuit does not involve a data breach or a compromise of private user information. However, the governmental investigation into the company’s cybersecurity measures, based on concerns for user privacy, shows another way that these kinds of concerns can lead to D&O litigation. As overall concerns about cybersecurity and privacy-related issues continue to grow, the likelihood is that government regulators will become increasingly active. As this lawsuit shows, increased regulator action can in turn lead to claims against companies and their management.
Second, this lawsuit involves a U.S.-listed Chinese company. As I have noted in many posts over the years, U.S.-listed Chinese companies have frequently been the subject of U.S. securities class action litigation. The events involved in this lawsuit highlight a particular aspect of the litigation risk for U.S.-listed Chinese companies, and that is the risk associated with the Chinese companies’ vulnerability to the country’s authoritarian government.
As I discussed in a post last November (here) about the U.S. securities lawsuit filed against Chinese Internet company Alibaba after Chinese authorities forced Ant Financial to withdraw its planned U.S.-IPO, there is a substantial component of political risk involved in doing business in, and investing in companies that do business in, China. The fact that political officials and financial regulators might intervene in markets underscores the fact that the political dimension of China’s economy can never be disregarded. These events put a huge asterisk beside the market capitalization and business prospects of any company doing business in China.
Indeed, the developing circumstances surrounding DiDi even further underscore the political risks that Chinese companies face. In a July 7, 2021 article (here), the Wall Street Journal reported that China has said that it would “tighten rules for companies listed overseas or seeking to sell shares abroad, moves that could hinder attempts by homegrown firms to raise money in the U.S.” This heightened level of scrutiny could affect several other Chinese companies that were hoping to complete U.S. IPOs later this year. These further moves highlight the vulnerability Chinese companies face, a vulnerability that can translate into litigation risk.
One final note. The sequence of events involving DiDi also underscores the fact that IPO companies generally face a heighted risk of securities class action litigation, a conclusion that was well documented in a recent post on this site by Stanford Law School Professor Michael Klausner and his co-authors from Stanford Securities Litigation Analytics.