China proposed new rules that would require nearly all companies seeking to list in foreign countries to undergo a cybersecurity review, a move that would significantly tighten oversight over its internet giants.

Companies holding data on more than 1 million users must now apply for cybersecurity approval when seeking listings in other nations because of the risk that such data and personal information could be "affected, controlled, and maliciously exploited by foreign governments,” the Cyberspace Administration of China said in a statement on Saturday. The cybersecurity review will also look into the potential national security risks from overseas IPOs, it said.

The move announced on Saturday, which confirms a previous report by Bloomberg, is one of the most concrete steps taken yet to restrain the ability of technology firms to raise capital in the U.S. through a so-called Variable Interest Entity model that the likes of Alibaba Group Holding Ltd. to Baidu Inc. and Didi Global Inc. have adopted. Regulators are also considering requiring VIEs like Alibaba that have already gone public to seek approval for additional share offerings in the offshore market, people with knowledge of the matter have said.