On June 29, the Indian government banned 59 Chinese mobile applications, including popular TikTok and WeChat, citing threat to the country’s “sovereignty and security”. In India, many of these Chinese apps controlled the bulk of the market.
Reacting to the ban, Chinese Foreign Ministry spokesperson Zhao Lijian said that the Chinese government was “strongly concerned” about the ban and that India has a responsibility to uphold the rights of Chinese businesses.
Almost a week after the ban, reports suggested that Bytedance, TikTok and Helo’s parent company, is considering changes in the corporate structure.
A report in The Wall Street Journal said: “Senior executives are discussing options such as creating a new management board for TikTok or establishing a headquarters for the app outside of China to distance the app’s operations from China…”
Bytedance already has a complex ownership structure. It has its headquarters in Beijing and is incorporated in the Cayman Islands. The company also has its offices in the US, Japan, Singapore, the UK, and Hong Kong, but none in mainland China, which implies it is not a Chinese company.
Similarly, another Chinese app SHAREit claims to be a Singapore-based company. However, its major shareholder continues to be Lenovo which is based in China. Therefore, technically, SHAREit is a Singapore-based app.
This raises a pertinent question: does making changes to corporate structure or establishing new headquarters in a neutral third country mean that a digital deep asset of another nation would make it kosher? In addition, these digital deep asset entities are also free to buy any local company that may pose a challenge to the market dominance of these digital entities.
Clearly, this cannot be allowed. A mere relocation of headquarters and change in the country of incorporation cannot suddenly make apps innocuous. So, how does a country respond to fast-paced digital threats? How do other countries respond, when their companies with technologies that are strategic to their nation, are bought by nations that are inimical to the interest of the host country? Do they create custom-built regulations for each such case as technology is always ahead of any regulation? Do they go through a lengthy court proceeding as should be the case in any nation? But isn’t adopting such a process already a lost case? Beacuse by the time the judgments can be passed, based on rules that are archaic in a world of fast-paced development, the nation would have already suffered either in terms of technology or sensitive data or both?
One of the gold standards for dealing with such situations is the CFIUS framework of the US federal government. CFIUS or the Committee on Foreign Investment in the United States is an inter-agency committee that reviews the national security implications of foreign investments in US companies or operations. CFIUS operates pursuant to section 721 of the US Defense Production Act of 1950.
On August 13, 2018, The Foreign Investment Risk Review Modernization Act (FIRRMA), that strengthens and modernises CFIUS, was signed into law by the US. On January 13, 2020, the Department of the Treasury released two final regulations to implement the changes that FIRRMA made to CFIUS’s jurisdiction and processes. The regulations, which were released in two parts, became effective on February 13, 2020.
The CFIUS is an extremely powerful empowered body that is enabled to take overriding decisions on acquisitions of the US technology companies by foreign entities, and potentially block such takeovers. CFIUS does not acknowledge which deals are under review, does not require the involvement of any of the parties of a deal, and does not publicly announce its findings. It simply decides. And this is really the only way that a nation’s interest can be protected from a strategic deep tech perspective. No regulation will be able to address the need to protect diverse technologies from being “bought away” by foreign companies, depriving the nation of critical technologies needed for its growth and for maintaining competitive advantage.
Similarly, no amount of hair pulling would help in coming out with a definition of country of origin of apps (or of products) or to construct a regulation that would protect the country and its people from predatory apps. Such a process will fall flat on its face when being used to decide which apps to be banned and which to be allowed through a normal regulatory process. India needs to adopt a CFIUS-like approach where an empowered committee is able to take a call on which apps to be prohibited from being allowed to operate in India, with the regulatory support required to allow such a committee to function and to have the required teeth, with the appropriate checks and balances being built into the formulation of the committee.
India urgently needs to create a Committee on Foreign Digital Assets, on the lines of CFIUS, to ensure that we do not get exposed to predatory apps and that such companies are not able to slip in by merely relocating their headquarters, while continuing to be under direct or indirect influence of nations that may be inimical to India’s interest. Such a committee should also be able to take a call on not only digital assets such as apps, but also on technology such as 5G. It should not be that we are faced with a fait accompli situation where the digital assets get deeply embedded in our infrastructure while we as a nation contemplate on whether to act or not act on a potentially harmful digital asset company. A late reaction on technology could be a death knell for the security of the country. A CFIUS-like framework is therefore critical to protect our nation.
(The author is president, Centre for Digital Economy Policy Research. Views expressed are personal.)