Didi’s downfall alarms the smart EV companies that are preparing for U.S. IPO

Jul 19, 2021 Transportation


On July 2, the news that Didi was censored by the State Internet Information Office went around like fire.

On July 4, Chinese regulators ordered app store operators in the country to remove the mobile app of Didi Global Inc.'s China service, dealing a second blow to the ride-hailing giant less than a week after its U.S. stock market debut.

The Cyberspace Administration of China (CAC), the country's internet watchdog, citing serious problems involving illegal collection of personal data, also instructed Didi Chuxing, the company’s China business, to address the issues to "ensure the safety of the personal information of users."

On July 9, 25 more Didi-linked apps were removed from stores, which led to a lot of discussion about data security.

The "inadvertent" incident of Didi has also sounded an alarm to all smart EV users and enterprises: a red line related to data security must not be crossed.


Smart EV generate a lot of data every day

Unlike the traditional mechanical-led car era, in the era of smart EV, software-defined cars have become a major trend. Whether the ride-hailing platform or the smart electric car itself, there will be a large amount of data generated every day.

According to the estimation of relevant research institutions, a self-driving test vehicle generates up to 10TB of data every day, and the data types include vehicle driving data, body data, manipulation data, video data, image data, coordinate data and dozens of other categories.

The data mainly comes from external data collection, in-vehicle data collection and remote data transmission and exchange, with the characteristics of "large quantity and many types".

According to the data, the total car sales in China reached 25.32 million units in 2020, of which the proportion of intelligent networked cars with certain automatic assisted driving function is rapidly increasing. Li Auto internally estimates that in 2025, China's smart electric car sales will exceed 8 million units, and by then the data volume of only newly sold models will exceed 8,000 TB a day, and if we count the data generated by the total number of holdings, the data will be even more immeasurable in a year.

The relevant data show that in the first quarter of this year, the number of Didi's MAU reaches 156 million, the number of its annual active users is 377 million, the active drivers reach 13 million, the average daily transactions are 25 million times, in the same period last year, its active users were 493 million, the active drivers were 15 million.

In addition, in 2017, it got the Class A surveying and mapping qualification of "navigation electronic map production", and the "high precision map" will collect a lot of accurate map information data including vehicle positioning and surrounding environment. The amount of data generated every day is enormous.

In the era of smart electric vehicles, data can be said to be everywhere.


There are still huge loopholes in data security

With so much data generated every day, it brings up another issue: data security.

In April 2020, the Cyberspace Administration of China ("CAC") and 11 other government agencies jointly issued the Cybersecurity Review Measures ("Measures"), which require technology products and services procured by critical information infrastructure ("CII") operators to undergo a cybersecurity review, if they present a risk to national security.

On June 10, 2021, after being submitted to the twenty-ninth meeting of the Standing Committee of the Thirteenth National People's Congress ("NPC") for consideration, the text of the Data Security Law was officially released. The Data Security Law will come into effect on September 1, 2021.

However, it is still only in the beginning stages of data security in smart electric vehicles even if many actions have been taken.

"If you give a score to the level of security protection in the smart EV, I think it is about 1 point, give 1 point are given high, many I think are negative points."

Zhou Hongyi, co-founder and CEO of Internet security company Qihoo 360, said that the current smart EV are not doing enough in terms of data security.

"Once I want to provide online services to each car, to each car owner to provide APP consumer services, I have to become a To C manufacturer, that is, an Internet manufacturer. In other words, in the future, every car company has to do APP, have to provide Internet services, car companies have to face the risk brought by opening To C services."

Zhou Hongyi explained that the smart EV industry is now switching from To B to To C. In the past, the car was sold to 4S stores, now sold to consumers, consumers had an APP, and also have to do OTA upgrades to the car remotely, but also to each consumer to do a user APP, which has many loopholes.


Didi's data security sounds the alarm for car companies and users

The Didi incident has sounded an alarm to both smart electric car companies and users: data security should not let down your guard.

There are many threats to the security of intelligent networked vehicles. First, the risk of data leakage is huge, threatening personal privacy; second, there are many network security vulnerabilities, threatening personal and property safety; third, it may threaten national security.

At the 2021 Shanghai Automotive Forum, Huang Peng, deputy chief engineer of the National Industrial Information Security Development Research Center and director of the Information Policy Institute, said that smart EV data security is widely implicated.

First of all, on the user side, data security directly affects the user's life and property security issues.

In the so-called Tesla "brake door" incident, Tesla repeatedly mentioned that its background data was safety, which can directly affect the lives of users, property security.

The real result is unknown, but the impact of this incident is that Tesla agreed to set up a server in China to protect the data security issues.

Similarly, for the enterprises, the Didi incident should cause all smart EV enterprises to reflect on at least two points.

1. To establish a complete data security system

There are three categories. The first is traditional car companies, whose development model is incremental, and their awareness and capabilities in digital transformation are still developing; the second is information-oriented companies such as Baidu, Alibaba, Tencent, Huawei, Didi, Xiaomi, etc. Those enterprises enter the intelligent networked automobile industry by leaps and bounds. The third is the new forces for car building. Companies like Li Auto, NIO, Xpeng have radical development processes, and data security considerations and layouts have their own characteristics.

Huang Peng believes that the intelligent networked vehicle industry currently contains three main categories, their awareness of data security and the ability to protect these are differences.

"In the future, there is no need to attack the car's hardware, as long as the attack on the country's big data center, if the big data center is paralyzed, it is estimated that many cars may be parked on the road and anchored. Therefore, the future security threats car companies, and will become more and more severe, the challenge will become greater. This is not the problem of installing a firewall alone in the car, nor is it the problem of burying a few antivirus software alone in the car, which requires a set of system solutions."

Zhou Hongyi said that in the future, car companies have a lot of work to do on data security. If you do not establish a complete data security system, you may face big trouble in the future.

2.Given the special nature of data security, it will be more and more difficult for smart EV companies to list in the U.S.

"After the Didi incident, the network security review will be tightened across the board."

A senior investment banker said that after the Didi, the network security review will become more strict. The reason lies in the fear of data outflow.

He said the country is now actively formulating the Data Security Law, the Personal Information Protection Law and other related laws to clarify the rights and interests of cross-border data, the rights of the subject, the responsibility of protecting the subject and the rights of regulators.

Article 6 of the "Measures" states that operators who have personal information of more than 1 million users going to list abroad must report to the Cybersecurity Review Office for a cyber security review.

A financial intermediary close to Didi said: "Previously, the regulation does not support Didi to Hong Kong listing, diverted to the United States also depends on whether the regulation will card it. Didi holds a lot of data on urban traffic and user travel in China, and it is necessary to ensure that shareholders such as Softbank and Uber do not get the data."

In the United States, the listing of Chinese concept stocks is also facing great uncertainty. In May 2020, the United States promulgated the "Foreign Company Accountability Act", which requires foreign-listed companies to provide accounting papers to the United States. This means that there is a potential risk that that U.S.-bound listed companies have to provide non-desensitized financial information and data to the U.S. side.

In December 2020, the U.S. Congress formally passed the bill, which also directly led to the collective delisting of the three major operators, China Mobile, China Telecom and China Unicom, from the NYSE.

As China and the United States become more and more stringent in data supervision, Chinese smart EV companies that will go public in the United States in the future will face more uncertainties. By then, only Hong Kong stocks will be available for those companies. So, how will its market value be evaluated?

This is an article from WeChat official accounts Chegemen (ID:chegemen), written by Yu Liuxin, translated by Chris.