English Translation

Author: Qiu Kaijun

After its listing on the US stock market on June 30, Didi has faced one hit after another from the regulators. Its core values have been damaged significantly.

What are the charges against Didi?

Those mentioned directly by the regulatory agency include:

• Suspected violation of the Network Security Review Measures;

• Severe illegal collection and use of personal information;

• Illegal implementation of operator concentration.

Those that may be added include:

• Other unfair competition practices;

• Compliance issues with the online car-hailing industry;

• Cross-border securities violations, and the like.

These charges may not be limited to Didi alone. Other smart electric car companies, operators, and charging-related industries may be affected as well.

For instance, other apps, companies or platforms have been fined for the three reasons mentioned by the Cyberspace Administration of China (CAC), including auto manufacturers, charging operators and online ride-hailing platforms.

EV Observer has reviewed the legal provisions and circumstances under which Didi may have violated the law and consulted professionals and practitioners.

What are the regulatory challenges that automobile enterprises, operators, and charging businesses may face currently?

Suspected violation of the Network Security Review Measures

The first hit that came after Didi’s listing was from the Network Security Review Office of the Cyberspace Administration of China (CAC) (officially known as the Cyberspace Administration of China and the Office of the Central Leading Group for Cyberspace Affairs).

On July 2, the Network Security Review Office announced on its website that it was conducting a network security review of Didi. The announcement stated that in order to cooperate with the review, prevent risk expansion, and guarantee network security, Didi had stopped accepting new user registrations during the review period.

The announcement cited the Network Security Review Measures. According to the CAC’s official website, this is the first time the regulation has been cited for reviewing an enterprise.

The Network Security Review Measures are a departmental regulation developed by the CAC in collaboration with 12 other ministries and commissions such as the National Development and Reform Commission. The regulation governs the procurement of network products and services by “critical information infrastructure operators” and behaviors that affect or may affect national security. Its purpose is “to ensure the security of the supply chain for critical information infrastructure and safeguard national security.”

What kind of enterprises will be defined as “critical information infrastructure operators”?According to the Internet Security Law and the document issued by the Ministry of Public Security, regulatory authorities in important industries and fields such as public communication and information services, energy, transportation, water conservancy, finance, public services, e-government, and national defense technology and industry should establish rules for identifying critical information infrastructure in their respective industries and fields, and report to the Ministry of Public Security for record keeping. After these departments identify their own critical information infrastructure, they should notify relevant operators of the facilities and report to the Ministry of Public Security.

The categories of critical information infrastructure include basic networks, large-scale private networks, core business systems, cloud platforms, big data platforms, the Internet of Things, industrial control systems, intelligent manufacturing systems, emerging Internet, and emerging communication facilities.

Didi’s business is extensive and has penetrated into various corners. It has purchased a large amount of information infrastructure services and also holds a huge amount of data.

Currently, we have not seen the results of the smart electric vehicle industry and the operation industry being designated as critical infrastructure by the departments of communication and transportation, nor have we seen the list of relevant operators.

However, from the fact that the Cyberspace Administration of China first reviewed Didi, and later reviewed “Yunmanman”, “Huochetou”, and “BOSS Zhipin”, they were all identified as operators of critical infrastructure.

What kind of behavior could endanger the supply chain security of critical information infrastructure and national security?

The introduction of the “Review Measures” helps us understand this.

According to an interpretation article from Zhong Lun Law Firm, when the draft “Review Measures” were soliciting opinions in 2019, the U.S. Department of Commerce had just released the Executive Order on Ensuring the Security of Information and Communications Technology and Services Supply Chain for public comment. The solicitation of opinions only lasted for one year, and the “Review Measures” was officially passed, inseparable from the current international political and economic situation.

The U.S. version of the executive order on information and communication supply chain security is very straightforward:

Given the increasing use by foreign adversaries of vulnerabilities in information and communications technology and services … to commit malicious cyber-enabled actions, including economic and industrial espionage against the United States and its people. Information and communications technology and services are the backbone of our economy and infrastructure, store and communicate vast amounts of sensitive information, and support services that are vital to national defense, emergency services, and the day-to-day functioning of our society. Despite the risks and stakes involved, the executive branch has never comprehensively assessed the full scope of the economic and national security risks posed by these vulnerabilities.

China’s “Review Measures” are not aimed at any specific country. However, in the expert interpretation released by the Cyberspace Administration of China, it also mentioned that “non-technical factors such as political, diplomatic, and trade factors have increased the possibility of supply interruption. The source and reliability of suppliers, and other non-technical factors have become important aspects of assessing the security risks of the supply chain in multiple countries.”Overall, the main concern of the “Review Measures” is the threat that “foreign opponents” may pose to China’s critical information infrastructure, as proposed in the U.S. version of the supply chain security policy.

Returning to Didi, the regulatory authority did not launch a cybersecurity review of Didi before it went public overseas, but after the IPO, the relevance is more obvious. Didi’s primary problem is likely to be this.

Didi Chuxing founder and CEO Cheng Wei (right) and Didi Chuxing president Liu Qing. This time, Didi’s listing was extremely low-key, presumably deliberately done by shareholders and management.

In addition, on July 12, the Cyberspace Administration of China issued the “Review Measures” (draft for soliciting comments on the revision), adding new parts to the revision, almost all of which are aimed at foreign listing. Special emphasis is placed on the addition, “Operators who have access to personal information of more than 1 million users and who go public overseas must apply for a cybersecurity review to the Cybersecurity Review Office.”

In addition, “the risk of national security posed by foreign listings” has been included as a key evaluation content. Factors to be considered include “the risk of core data, important data or considerable amount of personal information being stolen, leaked, destroyed, illegally utilized or leaving the country, and the risk of core data, important data or considerable amount of personal information being influenced, controlled, or maliciously utilized by foreign governments after going public overseas.”

In addition, the China Securities Regulatory Commission has been included in the departments participating in cybersecurity reviews; the submission of review documents has added “IPO materials to be submitted,” and so on.

The “Review Measures” and its revisions are also in response to the policies of the United States and other countries. In December 2020, the United States passed the “Holding Foreign Companies Accountable Act,” which requires foreign companies going public in the United States to provide audit papers until the SEC is “satisfied.” Failure to submit for three consecutive years will result in delisting penalties. In addition, foreign companies seeking listings in the United States also need to disclose whether they have government-controlled shares, and submit a list of senior executives or board members who are CCP officials or related entities.

According to conventional understanding, the audit documents requested by the SEC should only be related to business operations and should not involve state secrets and other information.

However, an expert who once served on the Internet Association of China Standardization Working Committee told the “Electric Vehicle Observer” that the power struggle between countries is not only conducted openly and through legal procedures, but also by national intelligence agencies, which are also ruthless. “It is difficult to accurately judge whether the other party’s request for this information is malicious. It can be used to verify the authenticity of business, but if it is used for other analysis, it may involve state secrets.”Therefore, for the network security, intelligent electric vehicle industry, and upstream and downstream enterprises, it is necessary to determine whether they are listed as “operators of critical information infrastructure” and to predict whether the procurement of products and services may affect or may affect national security.

If it is predicted that there may be an impact, a network security review must be declared before formally signing the contract with the supplier. When listed overseas, including operators involving 1 million users, they must apply to the Cyberspace Administration of China for review; otherwise, they will be subject to post-event review like Didi.

Illegal collection and use of personal information

The second blow to Didi came from the Cyberspace Administration of China, for “serious violations of the collection and use of personal information.”

On July 4th, the Cyberspace Administration of China released a “Notice on Didi Chuxing’s App being removed from the shelf”. The notice required the App Store to remove the “Didi Chuxing” App and required Didi to seriously rectify existing problems and effectively guarantee the personal information security of users.

On July 9th, the Cyberspace Administration of China issued another notice, expanding the scope of removal to 25 related Didi Apps, with the same reason of “serious violations of the collection and use of personal information.”

Illegal and improper collection of personal information can be said to be a common practice among Chinese internet service providers and operators. Since May 2021, there have been four direct reports on violations of the collection and use of personal information published by the Cyberspace Administration of China, involving 351 Apps.

Almost all the popular types of Apps have been affected. For example, news and information Apps such as Today’s Headlines, Tencent News, Yidian News, Sina News, and Sohu News; short video Apps such as Douyin and Kuaishou; browser Apps such as Browser, 360 Browser, vivo Browser, Sogou Search, and Baidu Browser; recruitment Apps such as LinkedIn, Zhaopin, and 51job; navigation Apps such as Gaode, Baidu, and Tencent Maps; live streaming Apps such as Huya; sports Apps such as Keep…

Didi was directly named for “serious violations of the collection and use of personal information” only after going public, and it was directly judged to be removed from the shelf, which indicates that there may be accounting after the fact.

However, for the collection of personal information, enterprises in the intelligent electric vehicle industry and their upstream and downstream that have launched Apps are likely to cross the line.

How to judge the scope of personal information collection? The principle of the supervisory authority is “necessary”.The Bureau of Secretaries of the National Cyberspace Administration, together with the Office of the Ministry of Industry and Information Technology, the Office of the Ministry of Public Security, and the Office of the State Administration for Market Regulation, released the “Necessary Personal Information Scope Requirements for Common Types of Mobile Internet Applications” (referred to as the “Scope Requirements”) in March 2021. As early as 2019, these four departments released the “Method for Determining Illegal Collection and Use of Personal Information by Apps” (referred to as the “Method for Determination”).

The “Scope Requirements” specifies the necessary information for 39 types of applications. Regarding intelligent electric vehicles and related upstream and downstream information, there is no explicit explanation of the necessary information scope for car manufacturer apps and charging and swapping apps.

However, it is still possible to infer the “necessary” scope from the necessary information listed in the “Scope Requirements.”

For example, for navigation apps, the necessary personal information is only location information, departure location, and destination.

For network car-hailing apps, the necessary personal information only includes 1. registered user’s mobile phone number; 2. passenger’s departure and destination location and location information; and 3. payment information such as payment time, payment amount, and payment channel.

For car manufacturer apps, since many of them have a community attribute, the necessary personal information is only the registered user’s mobile phone number, and there is nothing else.

From these three categories, the scope of personal information is very narrow. Any information collection outside of the function is unnecessary and collecting such information is illegal.

For charging apps, according to the spirit of the “Scope Requirements,” the only necessary information that can be collected includes the registered user’s mobile phone number, vehicle information, charging time, electricity consumption, payment time, payment amount, and payment channel.

One of China’s largest charging operators, Techrules, told “Electric Vehicle Observer” that the only information they require from customers is their phone number, which is used as their Techrules login account. They do not force the collection and filling of other information.

According to the “Method for Determination” and its upper-level law “Cybersecurity Law,” all types of operators not only have to legally collect personal information but also store, apply, and transmit it in accordance with regulations to prevent leakage and excessive mining.

In this regard, Techrules collects data according to different levels and categories, stores and manages it in a self-built data storage cluster, encrypts core data, and provides service using encrypted APIs. When collaborating with universities, the relevant data is desensitized, and no user information can be deduced from these data. The data is not provided to third parties in other scenarios.

For car manufacturers, collecting personal information in car manufacturer apps is not critical. As cars are highly intelligent now, they are equipped with various information collectors such as cameras and radars. A batch of intelligent new models are ready to be equipped with LIDAR. As intelligent hardware, the data collected by the entire vehicle is more abundant and potentially more sensitive.

In this regard, the country’s laws, regulations, and standards are being improved. The “Several Provisions on the Security Management of Automotive Data (Draft for Soliciting Opinions)” (referred to as the “Automotive Data Regulations”) directly regulates the collection and application of intelligent automobile data.

The “Automotive Data Regulations” have very broad and clear requirements for automotive data management.

First of all, all enterprises participating in the automotive industry, including automakers, parts and software providers, dealers, maintenance institutions, ride-hailing companies, insurance companies, etc., are included as automotive data operators.

Secondly, the “Automotive Data Regulations” have made very detailed regulations on data collection and processing.

The “Automotive Data Regulations” divide the protected data into personal information and important data.

The personal information includes personal information of the car owner, driver, passenger, pedestrian, etc., as well as various information that can infer personal identity and describe personal behavior.

Important data includes:

(1) Flow data of people and vehicles in military management areas, national defense industry, county-level and above party and government organs, and other important sensitive areas;

(2) Surveying and mapping data with precision higher than the one released by the government;

(3) Operating data of the automotive charging network;

(4) Vehicle type, vehicle flow and other data on the road;

(5) Audio and video data outside the car containing faces, sounds, license plates, etc.;

(6) Other data clearly defined by the National Internet Information Office and relevant departments of the State Council that may affect national security and public interests.

For these pieces of information, the “Automotive Data Regulations” advocates that operators adhere to several principles during the processing:

In-car processing principle, not provided to the outside of the car unless necessary;

Anonymization processing principle, for those that need to be provided to the outside of the car, perform anonymization and desensitization to the greatest extent possible;

Minimum retention period principle, determine the data retention period according to the types of functional services provided;

Accuracy range application principle, determine the coverage and resolution of cameras, radars, etc. according to the accuracy requirements of the functional services provided;

Default non-collection principle, unless necessary, the default is set to non-collection status every time the vehicle is driven, and driver’s consent authorization is only valid for the current driving.

Data outflow is still a very sensitive issue. The “Automotive Data Regulations” clearly stipulate that personal information or important data should be stored in China in accordance with the law, and if necessary to provide them outside China, a data outflow security assessment organized by the National Internet Information Office should be conducted.

Currently, the “Automotive Data Regulations” have not been officially promulgated. However, companies like Tesla have already stated that they store Chinese car owners’ data within China.An authoritative cybersecurity researcher pointed out that there are two safety issues facing the automotive industry. The first one is that once the vehicle is connected to the Internet, it may be hacked, which may cause damage to the car or human safety. “We cracked Tesla in 2014. After 2015, almost every domestically produced vehicle, including vehicle modules, has been cracked by us.”

The second is a security issue regarding the data collected by Internet companies, such as Didi. Firstly, the security of personal information that is collected; secondly, Didi’s vehicles, including some company-developed high-level intelligent driving vehicles, can record the location of some confidential offices and detailed information about roads, forming high-precision maps or conducting big data analysis, which involves highly sensitive information. “For example, in 2015, a study conducted by the Didi Research Institute analyzed sensitive information such as which department, what time, etc.”

The legal regulations related to data management, such as intelligent electric vehicle manufacturers, operation companies, and charging and swapping operation companies, are strictly conducted by the authorities. The definition of the necessity of data is very narrow.

This point may not be conducive to enterprise innovation, especially the stories that many companies always like to tell – based on big data mining, providing derivative services – becoming less feasible.

On the one hand, the derivative services claimed by various companies are beyond the scope of App, terminal product services, and functionality itself. On the other hand, more data is often required to discover opportunities. Both of these are contrary to the will of the regulatory authorities.

Monopoly and unfair competition are also concerns. The State Administration of Market Regulation has issued a third penalty to Didi. On July 7th, the State Administration of Market Regulation issued 22 cases of illegal business concentration in the Internet field. Eight companies owned by Didi were involved and fined 4 million yuan.

The cause of these 22 cases was that they violated Article 21 of the Anti-Monopoly Law, constituting illegal business concentration. But the assessment believed that it did not have the effect of excluding and restricting competition, so only a fine was imposed.

Looking at the specific punishment decision, the reason why Didi and its joint ventures were fined is mainly that they did not declare it, violating the declaration standards stipulated in Article 3 of the “Regulations of the State Council on Standards for the Declaration of Business Concentration”.

The third article of the regulation specifies the standards:
(1) The total global turnover of all operators participating in the concentration in the previous fiscal year exceeds RMB 10 billion, and at least two operators have domestic operating income in the previous fiscal year exceeding RMB 400 million;
(2) The total domestic operating income of all operators participating in the concentration in the previous fiscal year exceeds RMB 2 billion, and at least two operators have domestic operating income in the previous fiscal year exceeding RMB 400 million.The declaration standard is mainly based on the scale, and in simple terms, if your company’s revenue exceeded 400 million yuan in the previous year and you want to cooperate with companies with over 1.6 billion yuan in revenue, you must apply. Even if you go beyond your main business scope and have a low market share, you still need to apply. For example, if Alibaba invests in Evergrande Football, they should also apply.

DIDI’s main data: DIDI operates in 15 countries. As of March 31, 2021, during the 12 months, the global annual active users reached 493 million, with 15 million active drivers, a daily average of 41 million orders, and the total transaction volume of the platform was 341 billion yuan. From 2018 to March 31, 2021, the total income of platform drivers was about 600 billion yuan in three years.

The eight subsidiaries of Didi are fined, but it is not serious because the investigation determined that it did not eliminate or restrict the effects of competition. In terms of anti-monopoly, Didi did not apply for the two major mergers with Kuaidi and Uber in the early years. How should the regulatory authorities handle these two major merger cases in the collective settlement of Didi this time?

From a factual point of view, the impact of these two mergers is much greater, and the original intention of the three-party merger was to eliminate or restrict competition. Therefore, if it is confirmed after review, the consequences will be more severe.

The punishment method for violating the provisions of the Anti-Monopoly Law for implementing concentration of undertakings is that the anti-monopoly enforcement agency of the State Council orders to stop implementing concentration, dispose of shares or assets within a time limit, transfer business within a time limit, and take other necessary measures to restore the state before the concentration. A fine of up to 500,000 yuan may be imposed.

The fine is not worth mentioning, but if it is restored to the state before the concentration, although it is impossible to restore the concentration before the merger due to the fact that the three-party merger has been several years ago, it is not excluded that Didi will be split again. That would be a near-fatal blow to Didi.

For other companies under the regulation of the Anti-Monopoly Law, what enlightenment can Didi’s experience and risks bring?

First, companies with revenue exceeding 400 million yuan should check whether they need to apply if they want to cooperate with larger companies.

Secondly, companies with a large market share should check whether they have monopolistic behavior.

In fact, the Anti-Monopoly Law does not target monopolistic status, nor does it target monopolistic enterprises, but monopolistic behavior.

The Anti-Monopoly Law identifies three monopolistic behaviors:
(1) Undertakings reach monopoly agreements;
(2) Undertakings abuse their dominant position in the market;
(3) Undertakings with or potentially having the effects of excluding or restricting competition.

The merger of Didi and Kuaidi, and Uber obviously violates the third item. In addition, the behavior of Didi and its subordinate Xiaojuche charging platform requiring vehicle or charging operators to sign exclusive agreements violates the second item.# The First Behavior Described

The first behavior described usually refers to the agreement, decision, or other collaborative behavior of multiple enterprises to exclude or restrict competition, i.e. forming a price alliance.

Smart electric vehicle and its upstream and downstream enterprises may want to check whether there are behaviors that may be targeted by the antitrust regulatory authorities.

Currently, the production, manufacturing, and sales of smart vehicles are very decentralized, and there is basically no room for monopoly behavior.

In the charging field, some operators’ collaborative actions in some local markets may involve monopoly agreements.

In the field of ride-hailing operation, many of Didi’s competitors believe that Didi has been abusing its dominant position and excluding or restricting competition.

In the freight operation field, a senior executive of a freight platform company said that the regulatory authorities hope to promote the platform’s opening and integration, rather than development in the form of binding the platform. Each platform will also move in this direction.

In addition to the suspected violation of the Anti-Monopoly Law, Didi was also involved in other unfair competition investigations and disputes.

In March of this year, Didi’s community group buying business was fined by the State Administration for Market Regulation for low-price dumping and price fraud.

In May of this year, eight government departments interviewed Didi and other 10 vehicle operation platform companies, pointing out that the ride-hailing platform companies have high commission rates, opaque distribution mechanisms, arbitrary adjustment of pricing rules, and monopoly of freight information on the Internet. And other issues such as maliciously lowering freight rates and arbitrarily increasing membership fees, and proposing rectification requirements.

At the beginning of the expansion of platform companies, they grabbed the market with low prices and subsidies. In the later stage, they excessively exploited the interests of the upstream and downstream of the industrial chain with their market position, which has become a common practice.

However, this measure is increasingly being constrained by government regulatory authorities.

In July of this year, the State Administration for Market Regulation issued the “Administrative Punishment Regulations for Price Violations (Revised Draft for Solicitation of Comments)”, regulating low-price dumping, price discrimination, price collusion, profiteering and other behaviors. The regulation also specifically singled out “price violations in new formats”, targeting big data killing and low-price dumping for market grabbing.

According to this regulation, the low-price market-grabbing behavior of some new-entering charging platform companies such as Evergrande Star Charging, Fast Electric, etc., may involve price violations. Currently, these enterprises’ low-price market-grabbing initiatives have sparked some disputes. Operators have filed complaints in Guangzhou, Qingdao, Xi’an and other places, and even subsidiaries of State Grid Corporation of China have condemned low-price dumping. Some local market regulatory authorities are also interviewing relevant companies.

In addition, in terms of Didi, compliance issues have always been a pain point that has not been resolved.

Didi’s prospectus shows that it has 13 million active drivers in China. However, according to statistics from the national platform for network-based ride-hailing regulation, as of May 31, 2021, a total of 3.41 million network-based ride-hailing driver certificates were issued across the country. Even if all the 3.41 million certificates are calculated as belonging to Didi, three-quarters of its drivers are not compliant. However, compliant drivers receive more orders. The compliance rate of orders exceeds one-fourth.In the field of ride-hailing industry, state-owned enterprises have better compliance records and regard it as their core competitiveness to operate in compliance. However, without strong regulatory control from the authorities, these enterprises still have not gained actual operational advantages in their business strategies.

Illegal Cross-Border Securities

In addition to the criticism of Didi, the “Opinions on Cracking Down on Securities Violation Activities in Accordance with the Law” (referred to as the “Opinions”) issued by the Office of the Central Committee of the Communist Party of China and the Office of the State Council on July 6th may also affect Didi’s business.

Article 5 of the “Opinions” specifically discusses cross-border regulatory law enforcement and judicial cooperation. Paragraph (19) calls for strengthening cross-border regulatory cooperation, improving relevant laws and regulations on data security, cross-border data flow, and management of confidential information. It also urges the revision of regulations on confidentiality and archive management for securities issuance and listing overseas and to strengthen the responsibility of information security of overseas listed companies.

The joint release of the “Opinions” by the two offices shows its high specifications. The Chairman of the China Securities Regulatory Commission, Yi Huiman, deliberately accepted an interview with Xinhua News Agency. He explained that the intention of the “Opinions” is mainly to cope with the high incidence of illegal behaviors such as financial fraud and insider trading and market manipulation by listed companies and to maintain the order of the domestic securities market.

However, Didi has faced continuous questioning from regulatory authorities shortly after its listing, and many investors questioned whether it fully disclosed the risks.

Currently, there have been investors who initiate lawsuits against Didi in the US. In China, Beijing Hao Junbo Law Firm, which specializes in cross-border reports and cross-border securities collective litigation, has called for investors of Didi, Manbang, and Boss Zhipin on Weibo.

Hao Junbo told the “Electric Vehicle Observer” that “more investors who suffered losses from Didi have contacted us. For Manbang and Boss Zhipin, so far no investors have explicitly requested to participate in the litigation.”

Regarding the involvement of Didi, Manbang, and Boss Zhipin in the category of “Key Information Infrastructure Operators” under the “Network Security Review Measures,” he believes that the definition is somewhat broad, but it basically fits the nature and characteristics of these internet platform companies. “Because they do have access to user-related information, and without this type of information, they cannot provide relevant services.”

Regarding the tightening of information and data management for overseas listed companies, he believes that the regulation of the cross-border listing of companies involved in network information security will undoubtedly become stricter. If companies with large amounts of user information want to go public overseas, they will face more stringent regulatory scrutiny from regulatory authorities.

However, he also emphasized that if a company wants to go public, full disclosure of information is necessary, otherwise, don’t go public at all.

Many professionals in the automobile industry believe that the reason for Didi’s recent heavy punishment by regulatory authorities is due to the violation of their will and the forced listing in the United States.

According to the “Opinions on Crackdown on Illegal Activities in Securities”, companies that were previously listed overseas through the VIE structure will increase the domestic review process to fill loopholes. Intelligent electric vehicle industry chain enterprises that aspire to list overseas not only need confirmation from regulatory authorities, but also recognition from securities regulatory authorities. Especially regarding cross-border information and data flow, one must be extremely cautious.

Some professionals in the industry have bluntly pointed out that Didi’s illegal collection of personal information, monopolistic behavior, and unreasonable competition are not the key issues. Instead, the issue may be related to the leakage of information and data during the overseas listing process, which has caused concern for national security among regulatory authorities. Recent tightening of regulatory policies mainly targeted internet platform companies, with little impact on manufacturing and other real economy sectors.

However, issues such as infringement of network security, illegal collection of information, monopolistic behavior, unfair competition, and data security related to overseas listing all have legal and regulatory basis and have been the focus of regulatory authorities in recent years. Although intelligent electric vehicles and related industries are China’s strategic emerging industries, it is still necessary to understand and be familiar with relevant laws, regulations, and standards and to develop in compliance with the law.

Success is achieved through adequate preparation, and failure through lack of preparation.

This article is a translation by ChatGPT of a Chinese report from 42HOW. If you have any questions about it, please email bd@42how.com.