The U.S. government is scrutinizing Chinese ride-hailing service DiDi to assess whether it’s a danger to national security, according to a Department of Defense letter reviewed by Protocol.
Experts say the probe appears to be one of several far-reaching and nearly invisible investigations of Chinese tech companies that the Commerce Department is leading under a rule that allows the U.S. to place a number of restrictions on the firms. The limits could go up to and include total bans on their usage resembling the prohibitions the Trump administration tried to bring down on TikTok and WeChat.
Like those bans, the reviews arose from former President Donald Trump’s declaration in 2019 that certain foreign-owned or -controlled digital services constituted “an unusual and extraordinary threat” to the U.S. The government then developed a little-noticed rule to formalize Trump’s order and apply it to technology ranging from cloud hosting to drones, and a year ago, Secretary of Commerce Gina Raimondo announced the department had “served subpoenas on multiple Chinese companies.” Few details of what could constitute extensive investigations, however, have emerged since.
DiDi’s apparent inclusion among the companies being reviewed was a natural extension of the tensions between the U.S. and China over the national security implications of each country’s tech companies, experts said, but the letter was notable because so few details about the Commerce Department program have trickled out into public so far.
The U.S. has frequently expressed security concerns over China-based companies, saying that any Chinese company must hand over data to Beijing upon request. The revelation of this particular review, however, comes as DiDi is also facing enormous regulatory pressure in China — some of it over the question of whether the app’s data could end up in U.S. hands.
Broad powers
The Department of Defense acknowledged the existence of a U.S. probe into DiDi in a January letter to Republican Rep. Anthony Gonzalez. The congressman wrote to the Pentagon and other departments last October, asking for a ban on the use of DiDi by American military and diplomatic personnel in China, as well as inclusion of the service “in the ongoing Commerce-led, inter-agency review into connected software applications that may pose threats to U.S. national security, foreign policy, and economic objectives.”
In a response reviewed by Protocol, the Department of Defense said it “actively reviews entities that pose a potential threat to national security either because they are directly or indirectly controlled by the Chinese Communist Party (CCP) or their business activities have the potential to be influenced” by Beijing.
The Pentagon was explicit that this assessment for influence includes Chinese “involvement in DiDi” — namely through a government cybersecurity investigation of the company.
The Defense Department also seemed to signal additional details, however, suggesting it was helping the Commerce Department with the review Gonzalez requested — part of the secretive and far-reaching program on the supply chain for information and communications technology and services, also known as ICTS.
The Commerce department and DiDi did not return requests for comment. Gonzalez’s office declined to comment, and the Pentagon said it wouldn’t weigh in “on private correspondence with members of Congress.”
ICTS assessments can allow the U.S. to prohibit the “acquisition, importation, transfer, installation, dealing in, or use of any information and communications technology or service, including … software updates, repairs, or the platforming or data hosting of applications for consumer download.”
In other words, a total ban is on the table.
A ban — or nothing?
The Defense Department letter does not spell out the precise nature of the government’s investigation, much less what the outcome might be. It does, however, make clear that the Commerce Department and other agencies are using “guidelines” originating in an executive order from the Trump White House and a follow-uporder from the Biden administration.
Experts say that almost certainly points to a review under the Commerce Department’s ICTS rule. That regulation formalizes definitions, procedures and mitigation measures that are only broadly outlined in the two executive orders.
“This would be that review, and if it’s not, I’m not sure what other inter-agency review there would be,” said Matthew Rabinowitz, a lawyer specializing in international trade at Pillsbury Winthrop Shaw Pittman.
Although full bans are possible after an ICTS review, the actual result of the probes may be far short of that — including nothing at all. Experts said it was hard to forecast what the U.S. would decide to do.
If Washington just wanted to prohibit, limit or put conditions on potential future efforts by DiDi to invest in, merge with or acquire American companies, the Committee on Foreign Investment in the U.S. could handle it. The multi-agency panel conducts national security reviews of transactions in which a foreign business invests in a U.S. company. Other regulations also would permit a narrower ban that would, for instance, apply to the official devices of U.S. officials in China.
“I would look at this as actually having a much broader implication,” Rabinowitz said.
The use of the ICTS rule, then, may point to an interest in doing something more dramatic, even if any action would still likely focus on specific business decisions by DiDi or its possession of location data.
Yet the earlier TikTok and WeChat bans, which grew out of the order that Trump signed, collapsed in court after judges found they overstepped the government’s authority. The administration also used the bans in a failed attempt to arrange a corporate takeover by allies at Oracle. Biden’s follow-up order and the ICTS rule were designed to eliminate constitutional deficiencies of future actions, but a court might still find problems with a total prohibition on DiDi, creating legal uncertainty and headaches.
Under the ICTS rule, certain factors are also supposed to weigh against more extreme mitigation requirements, including lack of significant U.S. market share and lack of impact on critical U.S. infrastructure. DiDi would seem to be a lower-level threat on both measures.
“That might lead them to either not take action or to reserve taking action until they see how the situation develops,” said James Lewis, director of the strategic technologies program at the Center for Strategic and International Studies think tank.
In addition, under the program, the Commerce Department has a lot of work to do. Little is known about the security reviews — although Alibaba’s cloud unit is reportedly also the subject of one — but Raimondo made clear the department was sweeping in an array of Chinese companies as it pursued ICTS investigations.
In addition to apps with more than a million U.S. users, the ICTS rule says that the reviews can examine networking equipment, satellite tech, webcams, sensors and cloud hosting — as well as tech and services related to artificial intelligence, quantum computing or drones. The rule also goes beyond China, taking in technology that’s been “designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction” of the government in Russia, Iran, North Korea and more.
Trouble at home
The headache of a review in the U.S. also highlights the intense pressure DiDi is getting from both sides, as Washington and Beijing vie to neutralize any geopolitical advantage that the other might receive through its tech companies.
The Cyberspace Administration of China, for instance, has a long-running probe into cybersecurity and DiDi’s data infrastructure. The investigation may have been one reason DiDi decided late last year to delist from U.S. stock exchanges, and has reportedly delayed its plans to go public in Hong Kong as well.
As if that weren’t enough, Chinese nationalists have targeted the company, and last month it reportedly began layoffs that could affect one-fifth of all staff.
“DiDi’s under a lot of pressure from Beijing,” Lewis said. “The problem is, that doesn’t address any of the U.S. concern, which is: that DiDi can come under a lot of pressure from Beijing. So they’re in a tight place.”
