China is requiring companies that have large user data sets to apply to regulators for approval to be listed overseas.

China’s Cyberspace Administration (CAC), a powerful body that regulates its country’s technology sector, will begin to implement network security reviews, as it did last year.

Internet sites that store personal information for more than one million people must submit a request to the regulators for a security assessment of their network before they can conduct an initial public offer (IPO) overseas.

CAC stated that the rules apply to companies involved in data processing activities that may affect national security.

A company can be listed overseas if it is found that its data processing activities are not threatening national security.

Beijing’s tech sector has been subject to a number of changes over the past 12 months. This is in an effort to control the size of China’s companies and eliminate anti-competitive conduct.

The government has always been focused on data. China was the largest market in last year’s fiscal year. passed its first major data protection law.

In addition, last year the country held its first cybersecurity review. probe into ride-hailing giant DidiJust days following its IPO in America, the company was still under review. According to reports, the company listed in the U.S. after it had completed a thorough review. Didi stated in December that it will delist from New York Stock Exchange to seek a listing on Hong Kong.

Hong Kong has been a hot spot for Chinese tech IPOs despite growing regulation and uncertainty about the potential for Chinese firms overseas to list.