Exhibit 99.3
Risk Factors
This section includes material updates in certain risks relating to us since April 22, 2021, the date of our annual report on Form 20-F for the year ended December 31, 2020 (the “Annual Report”). This section is a supplement to and should be read in conjunction with the section titled “Risk Factors” included in the Annual Report.
The Chinese government exerts substantial influence over the manner in which we must conduct our business activities and may intervene or influence our operations at any time with little advance notice, which could result in a material change in our operations and the value of our Class A Ordinary Shares.
The Chinese government has exercised and continues to exercise substantial control over virtually every sector of the Chinese economy through regulation and state ownership. Our ability to operate in China may be harmed by changes in its laws and regulations, including those relating to securities regulation, data protection, cybersecurity and mergers and acquisitions and other matters. The central or local governments of these jurisdictions may impose new, stricter regulations or interpretations of existing regulations with little advance notice that would require additional expenditures and efforts on our part to ensure our compliance with such regulations or interpretations.
Government actions in the future could significantly affect economic conditions in China or particular regions thereof, and could require us to materially change our operating activities or divest ourselves of any interests we hold in Chinese assets. Our business may be subject to various government and regulatory interference. We may incur increased costs necessary to comply with existing and newly adopted laws and regulations or penalties for any failure to comply. Our operations could be adversely affected, directly or indirectly, by existing or future laws and regulations relating to our business or industry.
Given recent statements by the Chinese government indicating an intent to exert more oversight and control over offerings that are conducted overseas and/or foreign investment in China-based issuers, any such action could significantly limit or completely hinder our ability to offer or continue to offer securities to investors and cause the value of such securities to significantly decline or become worthless.
Recently, the General Office of the Central Committee of the Communist Party of China and the General Office of the State Council jointly issued the Opinions on Severely Cracking Down on Illegal Securities Activities According to Law, or the Opinions, which was made available to the public on July 6, 2021. The Opinions emphasized the need to strengthen the administration over illegal securities activities, and the need to strengthen the supervision over overseas listings by Chinese companies. Effective measures, such as promoting the construction of relevant regulatory systems, will be taken to deal with the risks and incidents of China-concept overseas listed companies. As of the date of this prospectus, we have not received any inquiry, notice, warning, or sanctions from PRC government authorities in connection with the Opinions.
On June 10, 2021, the Standing Committee of the National People’s Congress of China, or the SCNPC, promulgated the PRC Data Security Law, which took effect in September 2021. The PRC Data Security Law imposes data security and privacy obligations on entities and individuals carrying out data activities, and introduces a data classification and hierarchical protection system based on the importance of data in economic and social development, and the degree of harm it will cause to national security, public interests, or legitimate rights and interests of individuals or organizations when such data is tampered with, destroyed, leaked, illegally acquired or used. The PRC Data Security Law also provides for a national security review procedure for data activities that may affect national security and imposes export restrictions on certain data an information.
In early July 2021, regulatory authorities in China launched cybersecurity investigations with regard to several China-based companies that are listed in the United States. The Chinese cybersecurity regulator announced on July 2 that it had begun an investigation of Didi Global Inc. (NYSE: DIDI) and two days later ordered that the company’s app be removed from smartphone app stores. On July 5, 2021, the Chinese cybersecurity regulator launched the same investigation on two other Internet platforms, China’s Full Truck Alliance of Full Truck Alliance Co. Ltd. (NYSE: YMM) and Boss of KANZHUN LIMITED (Nasdaq: BZ). On July 24, 2021, the General Office of the Communist Party of China Central Committee and the General Office of the State Council jointly released the Guidelines for Further Easing the Burden of Excessive Homework and Off-campus Tutoring for Students at the Stage of Compulsory Education, pursuant to which foreign investment in such firms via mergers and acquisitions, franchise development, and variable interest entities are banned from this sector.
On July 10, 2021, the Cyberspace Administration of China, or the CAC released the Cybersecurity Review Measures (Revised Draft for Solicitation of Comments), or the Revised Draft, pursuant to which operator holding more than one million users/users’ (which to be further specified) individual information shall be subject to cybersecurity review before listing abroad. The cybersecurity review will evaluate, among others, the risk of critical information infrastructure, core data, important data, or a large amount of personal information being influenced, controlled or maliciously used by foreign governments after going public overseas. The procurement of network products and services, data processing activities and overseas listing should also be subject to cybersecurity review if they concern or potentially pose risks to national security. According to the effective Cybersecurity Review Measures, online platform/website operators of certain industries may be identified as critical information infrastructure operators by the CAC, once they meet standard as stated in the National Cybersecurity Inspection Operation Guide, and such operators may be subject to cybersecurity review. The scope of business operations and financing activities that are subject to the Revised Draft and the implementation thereof is not yet clear. As of the date of this prospectus, we have not been informed by any PRC governmental authority of any requirement that we file for approval for this offering.
On August 17, 2021, the State Council promulgated the Regulations on the Protection of the Security of Critical Information Infrastructure, or the Regulations, which took effect on September 1, 2021. The Regulations supplement and specify the provisions on the security of critical information infrastructure as stated in the Cybersecurity Review Measures. The Regulations provide, among others, that protection department of certain industry or sector shall notify the operator of the critical information infrastructure in time after the identification of certain critical information infrastructure.
On August 20, 2021, the SCNPC promulgated the Personal Information Protection Law of the PRC, or the Personal Information Protection Law, which will take effect in November 2021. As the first systematic and comprehensive law specifically for the protection of personal information in the PRC, the Personal Information Protection Law provides, among others, that (i) an individual’s consent shall be obtained to use sensitive personal information, such as biometric characteristics and individual location tracking, (ii) personal information operators using sensitive personal information shall notify individuals of the necessity of such use and impact on the individual’s rights, and (iii) where personal information operators reject an individual’s request to exercise his or her rights, the individual may file a lawsuit with a People’s Court.
Given that the above mentioned newly promulgated laws, regulations and policies were recently promulgated or issued, and have not yet taken effect (as applicable), their interpretation, application and enforcement are subject to substantial uncertainties. See also “Risk Factor—We may be liable for improper use or appropriation of personal information provided by our customers”, “Risk Factors—The M&A Rules and certain other PRC regulations establish complex procedures for some acquisitions of Chinese companies by foreign investors, which could make it more difficult for us to pursue growth through acquisitions in China.” and “Risk Factors—We are exposed to the uncertainty with respect to China’s crackdown on cryptocurrency-related business.”
It is uncertain whether any new PRC laws or regulations relating to variable interest entity structures will be adopted or if adopted, what they would provide. PRC regulatory authorities could disallow this structure, which would materially adversely affect our operations and the value of our Class A Ordinary Shares, and could cause the value of such securities to significantly decline or become worthless. See “Risks Related to Our Corporate Structure.”
We may be liable for improper use or appropriation of personal information provided by our customers.
Our business involves collecting and retaining certain internal and customer data. We also maintain information about various aspects of our operations as well as regarding our employees. The integrity and protection of our customer, employee and company data is critical to our business. Our customers and employees expect that we will adequately protect their personal information. We are required by applicable laws to keep strictly confidential the personal information that we collect, and to take adequate security measures to safeguard such information.
The PRC Criminal Law, as amended by its Amendment 7 (effective on February 28, 2009) and Amendment 9 (effective on November 1, 2015), prohibits institutions, companies and their employees from selling or otherwise illegally disclosing a citizen’s personal information obtained in performing duties or providing services or obtaining such information through theft or other illegal ways. On November 7, 2016, the SCNPC issued the Cyber Security Law of the PRC, or Cyber Security Law, which became effective on June 1, 2017. Pursuant to the Cyber Security Law, network operators must not, without users’ consent, collect their personal information, and may only collect users’ personal information necessary to provide their services. Providers are also obliged to provide security maintenance for their products and services and shall comply with provisions regarding the protection of personal information as stipulated under the relevant laws and regulations.
The Civil Code of the PRC (issued by the PRC National People’s Congress on May 28, 2020 and effective from January 1, 2021) provides legal basis for privacy and personal information infringement claims under the Chinese civil laws. PRC regulators, including the CAC, the Ministry of Industry and Information Technology, or MIIT, and the Ministry of Public Security, have been increasingly focused on regulation in data security and data protection.
The PRC regulatory requirements regarding cybersecurity are evolving. For instance, various regulatory bodies in China, including the CAC, the Ministry of Public Security and the State Administration for Market Regulation, or the SAMR (formerly known as State Administration for Industry and Commerce, or the SAIC), have enforced data privacy and protection laws and regulations with varying and evolving standards and interpretations. In April 2020, the Chinese government promulgated Cybersecurity Review Measures, which came into effect on June 1, 2020. According to the Cybersecurity Review Measures, operators of critical information infrastructure must pass a cybersecurity review when purchasing network products and services which do or may affect national security.
In July 2021, the CAC and other related authorities released the draft amendment to the Cybersecurity Review Measures for public comments through July 25, 2021. The draft amendment proposes the following key changes:
| ● | companies who are engaged in data processing are also subject to the regulatory scope; |
| ● | the CSRC is included as one of the regulatory authorities for purposes of jointly establishing the state cybersecurity review working mechanism; |
| ● | the operators (including both operators of critical information infrastructure and relevant parties who are engaged in data processing) holding more than one million users/users’ (which to be further specified) individual information and seeking a listing outside China shall file for cybersecurity review with the Cybersecurity Review Office; and |
| ● | the risks of core data, material data or large amounts of personal information being stolen, leaked, destroyed, damaged, illegally used or transmitted to overseas parties and the risks of critical information infrastructure, core data, material data or large amounts of personal information being influenced, controlled or used maliciously shall be collectively taken into consideration during the cybersecurity review process. |
If the draft amendment is adopted into law in the future, we may become subject to enhanced cybersecurity review. Certain internet platforms in China have been reportedly subject to heightened regulatory scrutiny in relation to cybersecurity matters. As of the date of this prospectus, we have not been informed by any PRC governmental authority of any requirement that we file for a cybersecurity review. However, if we are deemed to be a critical information infrastructure operator or a company that is engaged in data processing and holds personal information of more than one million users, we could be subject to PRC cybersecurity review.
As there remains significant uncertainty in the interpretation and enforcement of relevant PRC cybersecurity laws and regulations, we could be subject to cybersecurity review, and if so, we may not be able to pass such review in relation to this offering. In addition, we could become subject to enhanced cybersecurity review or investigations launched by PRC regulators in the future. Any failure or delay in the completion of the cybersecurity review procedures or any other non-compliance with the related laws and regulations may result in fines or other penalties, including suspension of business, website closure, removal of our app from the relevant app stores, and revocation of prerequisite licenses, as well as reputational damage or legal proceedings or actions against us, which may have material adverse effect on our business, financial condition or results of operations.
On June 10, 2021, the SCNPC promulgated the PRC Data Security Law, which took effect in September 2021. The PRC Data Security Law imposes data security and privacy obligations on entities and individuals carrying out data activities, and introduces a data classification and hierarchical protection system based on the importance of data in economic and social development, and the degree of harm it will cause to national security, public interests, or legitimate rights and interests of individuals or organizations when such data is tampered with, destroyed, leaked, illegally acquired or used. The PRC Data Security Law also provides for a national security review procedure for data activities that may affect national security and imposes export restrictions on certain data an information.
As uncertainties remain regarding the interpretation and implementation of these laws and regulations, we cannot assure you that we will comply with such regulations in all respects and we may be ordered to rectify or terminate any actions that are deemed illegal by regulatory authorities. We may also become subject to fines and/or other sanctions which may have material adverse effect on our business, operations and financial condition.
While we take various measures to comply with all applicable data privacy and protection laws and regulations, our current security measures and those of our third-party service providers may not always be adequate for the protection of our customer, employee or company data. We may be a target for computer hackers, foreign governments or cyber terrorists in the future.
Unauthorized access to our proprietary internal and customer data may be obtained through break-ins, sabotage, breach of our secure network by an unauthorized party, computer viruses, computer denial-of-service attacks, employee theft or misuse, breach of the security of the networks of our third party service providers, or other misconduct. Because the techniques used by computer programmers who may attempt to penetrate and sabotage our proprietary internal and customer data change frequently and may not be recognized until launched against a target, we may be unable to anticipate these techniques.
Unauthorized access to our proprietary internal and customer data may also be obtained through inadequate use of security controls. Any of such incidents may harm our reputation and adversely affect our business and results of operations. In addition, we may be subject to negative publicity about our security and privacy policies, systems, or measurements. Any failure to prevent or mitigate security breaches, cyber-attacks or other unauthorized access to our systems or disclosure of our customers’ data, including their personal information, could result in loss or misuse of such data, interruptions to our service system, diminished customer experience, loss of customer confidence and trust, impairment of our technology infrastructure, and harm our reputation and business, resulting in significant legal and financial exposure and potential lawsuits.
We are exposed to the uncertainty with respect to China’s crackdown on cryptocurrency-related business.
We recently announced the launch of our first ASIC cryptocurrency mining equipment and plan to expand into the cryptocurrency industry. In May 2021, China made cryptocurrency transactions illegal for Chinese citizens in mainland China. The Chinese government has also called for a crackdown on cryptocurrency mining and trading. The majority of bitcoin miners in China were taken offline. We plan to launch sales of our mining equipment in the United States, Canada and Europe. We cannot anticipate all the ways in which this regulatory action and any additional restrictions could adversely impact our industry and business. If further regulation or government action in China follows, for example, in the form of prohibition on production of the mining equipment, we may have to incur additional costs and change our operations. Additionally, it is uncertain whether any disruptions to the supply chain for cryptocurrency hardware would occur, for example, as result of imposition of new tariffs, trade barriers and bilateral trade frictions, our results of operations may be negatively affected. Such events could have a material adverse effect on our business, prospects, financial condition, and operating results.
The M&A Rules and certain other PRC regulations establish complex procedures for some acquisitions of Chinese companies by foreign investors, which could make it more difficult for us to pursue growth through acquisitions in China.
The Regulations on Mergers and Acquisitions of Domestic Enterprises by Foreign Investors, or the M&A Rules, adopted by six PRC regulatory agencies in 2006 and amended in 2009, and some other regulations and rules concerning mergers and acquisitions established additional procedures and requirements that could make merger and acquisition activities by foreign investors more time-consuming and complex, including requirements in some instances that the anti-monopoly law enforcement agency be notified in advance of any change-of-control transaction in which a foreign investor takes control of a PRC domestic enterprise.
For example, the M&A Rules require that MOFCOM be notified in advance of any change-of-control transaction in which a foreign investor takes control of a PRC domestic enterprise, if (i) any important industry is concerned, (ii) such transaction involves factors that impact or may impact national economic security, or (iii) such transaction will lead to a change in control of a domestic enterprise which holds a famous trademark or PRC time-honored brand. Moreover, the PRC Anti-Monopoly Law promulgated by the Standing Committee of the National People’s Congress effective 2008 requires that transactions which are deemed concentrations and involve parties with specified turnover thresholds (i.e., during the previous fiscal year, (i) the total global turnover of all operators participating in the transaction exceeds RMB10 billion and at least two of these operators each had a turnover of more than RMB400 million within China, or (ii) the total turnover within China of all the operators participating in the concentration exceeded RMB2 billion, and at least two of these operators each had a turnover of more than RMB400 million within China) must be cleared by the anti-monopoly enforcement authority before they can be completed. In addition, in 2011, the General Office of the State Council promulgated a Notice on Establishing the Security Review System for Mergers and Acquisitions of Domestic Enterprises by Foreign Investors, also known as Circular 6, which officially established a security review system for mergers and acquisitions of domestic enterprises by foreign investors. Further, MOFCOM promulgated the Regulations on Implementation of Security Review System for the Merger and Acquisition of Domestic Enterprises by Foreign Investors, effective 2011, to implement Circular 6. Under Circular 6, a security review is required for mergers and acquisitions by foreign investors having “national defense and security” concerns and mergers and acquisitions by which foreign investors may acquire the “de facto control” of domestic enterprises with “national security” concerns. Under the foregoing MOFCOM regulations, MOFCOM will focus on the substance and actual impact of the transaction when deciding whether a specific merger or acquisition is subject to security review. If MOFCOM decides that a specific merger or acquisition is subject to a security review, it will submit it to the Inter-Ministerial Panel, an authority established under Circular 6 led by the National Development and Reform Commission, and MOFCOM under the leadership of the State Council, to carry out security review. The regulations prohibit foreign investors from bypassing the security review by structuring transactions through trusts, indirect investments, leases, loans, control through contractual arrangements or offshore transactions. There is no explicit provision or official interpretation stating that the merging or acquisition of a company engaged in the internet content business requires security review, and there is no requirement that acquisitions completed prior to the promulgation of the Security Review Circular are subject to MOFCOM review.
In the future, we may grow our business by acquiring complementary businesses. Complying with the requirements of the above-mentioned regulations and other relevant rules to complete such transactions could be time consuming, and any required approval processes, including obtaining approval from MOFCOM or its local counterparts may delay or inhibit our ability to complete such transactions. We believe that it is unlikely that our business would be deemed to be in an industry that raises “national defense and security” or “national security” concerns. However, MOFCOM or other government agencies may publish explanations in the future determining that our business is in an industry subject to the security review, in which case our future acquisitions in China, including those by way of entering into contractual control arrangements with target entities, may be closely scrutinized or prohibited.
You may experience difficulties in effecting service of legal process, enforcing foreign judgments or bringing actions in China against us or our management named in the prospectus based on foreign laws.
We are an exempted company incorporated under the laws of the British Virgin Islands. We conduct all of our operations in China. In addition, all our senior executive officers reside within China for a significant portion of the time and all of them are PRC nationals. As a result, it may be difficult for our shareholders to effect service of process upon us or those persons inside China.
The recognition and enforcement of foreign judgments are basically provided for under the PRC Civil Procedures Law. PRC courts may recognize and enforce foreign judgments in accordance with the requirements of the PRC Civil Procedures Law based either on treaties between China and the country where the judgment is made or on principles of reciprocity between jurisdictions. China does not have treaties providing for the reciprocal recognition and enforcement of judgments of courts with the United States, the British Virgin Islands or many other countries and regions. Therefore, recognition and enforcement in China of judgments of a court in any of these non-PRC jurisdictions in relation to any matter not subject to a binding arbitration provision may be difficult or impossible. In addition, according to the PRC Civil Procedures Law, the PRC courts will not enforce a foreign judgment if it is decided as having violated the basic principles of PRC laws or national sovereignty, security or public interest. As a result, it is uncertain whether and on what basis a PRC court would enforce a judgment rendered by a court in the United States or the British Virgin Islands.
The SEC, U.S. Department of Justice and other U.S. authorities often have substantial difficulties in bringing and enforcing actions against non-U.S. companies and non-U.S. persons, including company directors and officers, in certain emerging markets, including China. Legal and other obstacles to obtaining information needed for investigations or litigation or to obtaining access to funds outside the United States, lack of support from local authorities, and other various factors make it difficult for the U.S. authorities to pursue actions against non-U.S. companies and individuals, who may have engaged in fraud or other wrongdoings. Additionally, public shareholders investing in the Class A ordinary shares have limited rights and few practical remedies in emerging markets where we operate, as shareholder claims that are common in the United States, including class actions under securities law and fraud claims, generally are difficult or impossible to pursue as a matter of law or practicality in many emerging markets, including China. As a result of all of the above, you may have more difficulties in protecting your interests in your emerging market investments.
We may rely on dividends and other distributions on equity paid by our PRC subsidiaries to fund any cash and financing requirements we may have, and any limitation on the ability of our PRC subsidiaries to make payments to us could have a material and adverse effect on our ability to conduct our business.
We are a British Virgin Islands holding company and we rely principally on dividends and other distributions on equity from our PRC subsidiaries for our cash and financing requirements, including the funds necessary to pay dividends and other cash distributions to our shareholders and services of any debt we may incur. Our PRC subsidiaries’ ability to distribute dividends is based upon its distributable earnings. Current PRC regulations permit our PRC subsidiaries to pay dividends to their respective shareholders only out of their accumulated profits, if any, determined in accordance with PRC accounting standards and regulations. In addition, each of our PRC subsidiaries is required to set aside at least 10% of its after-tax profits each year, if any, to fund a statutory reserve until such reserve reaches 50% of its registered capital. These reserves are not distributable as cash dividends. If our PRC subsidiaries incur debt on their own behalf in the future, the instruments governing the debt may restrict their ability to pay dividends or make other payments to us.
To address the persistent capital outflow and the RMB’s depreciation against the U.S. dollar, the People’s Bank of China and the State Administration of Foreign Exchange, or SAFE, have implemented a series of capital control measures since 2016, including stricter vetting procedures for China-based companies to remit foreign currency for overseas acquisitions, dividend payments and shareholder loan repayments. For instance, the Circular on Promoting the Reform of Foreign Exchange Management and Improving Authenticity and Compliance Review, or the SAFE Circular 3, issued on January 26, 2017, provides that the banks shall, when dealing with dividend remittance transactions from domestic enterprise to its offshore shareholders of more than US$50,000, review the relevant board resolutions (or resolutions of partners), original tax filing form and audited financial statements of such domestic enterprise based on the principle of genuine transaction. The PRC government may strengthen its capital controls from time to time and our PRC subsidiaries’ dividends and other distributions may be subject to tightened scrutiny in the future. Any limitation on the ability of our PRC subsidiaries to pay dividends or make other distributions to us could materially and adversely limit our ability to grow, make investments or acquisitions that could be beneficial to our business, pay dividends, or otherwise fund and conduct our business.
In addition, the Enterprise Income Tax Law and its implementation rules provide that a withholding tax at a rate of 10% will be applicable to dividends payable by Chinese companies to non-PRC resident enterprises unless reduced under treaties or arrangements between the PRC central government and governments of other countries or regions where the non-PRC resident enterprises are tax resident.
PRC regulation of loans to and direct investment in PRC entities by offshore holding companies and governmental control of currency conversion may restrict or delay us from using the proceeds of this offering to make loans or additional capital contributions to our PRC subsidiaries, which could adversely affect our liquidity and our ability to fund and expand our business.
Any funds we transfer to our PRC subsidiaries, either as a shareholder loan or as an increase in registered capital, are subject to approval by or registration with relevant governmental authorities in China. According to the relevant PRC regulations on foreign-invested enterprises, or FIEs, in China, capital contributions to our PRC subsidiaries are subject to registration with SAMR or its local counterpart and registration with a local bank authorized by SAFE. In addition, (i) any foreign loan procured by our PRC subsidiaries is required to be registered with SAFE or its local branches and (ii) any of our PRC subsidiaries may not procure loans which exceed the difference between its total investment amount and registered capital or, as an alternative, they may only procure loans subject to the calculation approach and limitation as provided by the People’s Bank of China.
On March 30, 2015, the SAFE promulgated the Circular on Reforming the Management Approach Regarding the Foreign Exchange Capital Settlement of Foreign-Invested Enterprises, or SAFE Circular 19, which took effect as of June 1, 2015. SAFE Circular 19 launched a nationwide reform of the administration of the settlement of the foreign exchange capitals of FIEs and allows FIEs to settle their foreign exchange capital at their discretion, but continues to prohibit FIEs from using the renminbi fund converted from their foreign exchange capital for expenditure beyond their business scopes, providing entrusted loans or repaying loans between nonfinancial enterprises. The SAFE issued the Circular on Reforming and Regulating Policies on the Control over Foreign Exchange Settlement of Capital Accounts, or SAFE Circular 16, effective on June 9, 2016. Pursuant to SAFE Circular 16, enterprises registered in China may also convert their foreign debts from foreign currency to renminbi on a self-discretionary basis. SAFE Circular 16 provides an integrated standard for conversion of foreign exchange under capital account items (including, but not limited, to foreign currency capital and foreign debts) on a self-discretionary basis which applies to all enterprises registered in China. SAFE Circular 16 reiterates the principle that renminbi converted from foreign currency-denominated capital of a company may not be directly or indirectly used for purposes beyond its business scope or prohibited by PRC laws or regulations, while such converted renminbi shall not be provided as loans to its non-affiliated entities. On October 23, 2019, SAFE further issued the Circular of the State Administration of Foreign Exchange on Further Promoting the Facilitation of Cross-Border Trade and Investment, or the Circular 28, which took effect on the same day. Circular 28 allows non-investment foreign-invested enterprises to use their capital funds to make equity investments in China as long as such investments do not violate then effective negative list for foreign investments and the target investment projects are genuine and in compliance with laws. In addition, Circular 28 stipulates that qualified enterprises in certain pilot areas may use their capital income from registered capital, foreign debt and overseas listing, for the purpose of domestic payments without providing authenticity certifications to the relevant banks in advance for those domestic payments. As this circular is relatively new, there remains uncertainty as to its interpretation and application and any other future foreign exchange-related rules. Violations of these circulars could result in severe monetary or other penalties.
7
