Weeks before Didi Global Inc. went public in the U.S., China’s cybersecurity watchdog suggested the Chinese ride-hailing giant delay its initial public offering and urged it to conduct a thorough self-examination of its network security, according to people with knowledge of the matter.

But for Didi, waiting would be problematic. In the absence of an outright order to halt the IPO, it went ahead.

The company, facing investor pressure to list after raising billions of dollars from prominent venture capitalists, wrapped up its pre-offering “roadshow” in a matter of days in June—much shorter than typical investor pitches made by Chinese firms. The listing on the New York Stock Exchange raised about $4.4 billion, making it the biggest stock sale for a Chinese company since Alibaba Group Holding Ltd. ’s IPO in 2014.

Back in Beijing, officials, especially those at the Cyberspace Administration of China, remained wary of the ride-hailing company’s troves of data potentially falling into foreign hands as a result of greater public disclosure associated with a U.S. listing, the people said.

Didi’s American depositary shares began trading in New York on Wednesday, just a day before the ruling Communist Party celebrated its centenary.

The Cyberspace Administration waited a day after the major political event to deliver a one-two punch to the company. On Friday, it started its own cybersecurity review into Didi and blocked the company’s app from accepting new users; and on Sunday, it ordered mobile app stores to pull Didi from circulation.

The sudden regulatory actions, which surprised investors in coming just days after the company’s IPO, suggested that protecting national security trumps Beijing’s ambitions for China Inc. to go global. One upshot: Beijing is unlikely to hold fire even if its regulatory moves risk the ability of Chinese firms to court international investors.

According to people familiar with the discussions, the company received mixed signals from different agencies. Some financial regulators have publicly expressed support for companies’ overseas listings, while also stressing the imperative of protecting sensitive data and networks.

It isn’t known whether Didi carried out its own review. The company ultimately decided to go ahead with the IPO as it faced increasing investor pressure for a big payout, according to a person close to the company.

Didi’s listing on the New York Stock Exchange last week raised about $4.4 billion.

Didi’s listing on the New York Stock Exchange last week raised about $4.4 billion.

Photo: brendan mcdermid/Reuters

The Cyberspace Administration didn’t respond to written questions. Didi said in response to questions that it doesn’t comment on speculation and had no knowledge prior to the IPO of the regulator’s decisions to put the company under cybersecurity review and to ban new downloads of its ride-hailing app.

At the heart of Beijing’s concerns is data sovereignty. Since late last year, President Xi Jinping has made stepped-up control of the technology sector and its vast stores of digital data a key area of regulation.

He personally intervened to block the planned blockbuster listing of Alibaba’s giant financial-technology affiliate, Ant Group Co., just days before its scheduled debut in November.

Soon afterward, various market and financial regulators kicked off a campaign to rein in the nation’s tech giants, including Alibaba, conglomerate Tencent Holdings Ltd. and online search firm Baidu Inc.

The effort shows that these tech giants, with their troves of data, deep coffers and reach across all aspects of Chinese life, have become a national-security concern for China’s leaders.

In May, China’s legislature passed a data-security law that will give the state more power to get private-sector firms to share data with authorities but to restrict them from sending information overseas. The law takes effect on Sept. 1.

Looming behind the security fear is rising geopolitical competition between the U.S. and China. American lawmakers have demanded tougher audit requirements that they say are necessary to boost transparency into U.S.-listed Chinese companies—calls that only grew after China’s Luckin Coffee Inc. said last year that a chunk of its sales had been faked, sending its Nasdaq-traded shares down 75% in a matter of days.

The Public Company Accounting Oversight Board has identified more than 200 U.S.-listed foreign companies—most of them based in China—whose audit work the U.S. body can’t inspect.

Sen. Marco Rubio (R., Fla.) last month called for the Securities and Exchange Commission to block Didi’s listing unless it adopted the same audit oversight standards as other U.S.-listed firms.

Beijing has cited laws aimed at protecting national security and state secrets to block U.S. regulators from reviewing the audit papers of Chinese companies.

Last year, China began stopping Chinese companies from cooperating with overseas regulators or handing over documents without government authorization.

President Xi Jinping has pushed greater regulatory control of the Chinese technology sector and its vast stores of digital data.

President Xi Jinping has pushed greater regulatory control of the Chinese technology sector and its vast stores of digital data.

Photo: tingshu wang/Reuters

U.S. securities regulators can’t routinely inspect the audit working papers of U.S.-listed Chinese companies due to the absence of a joint enforcement framework, though Beijing’s securities regulator says it has been trying to engage its U.S. counterpart on the issue. The China Securities Regulatory Commission didn’t respond to questions.

Of particular concern for China’s cybersecurity authority, according to the people familiar with the matter, is a standard U.S. request that prospective listed companies disclose to the SEC “material contracts,” or information concerning the companies’ major vendors and suppliers.

Though companies like Didi store their data on users and traffic flows on servers that are housed within China’s borders, officials at the Cyberspace Administration worry that equipment for those servers, if procured from abroad, could be vulnerable to security breaches upon the company’s disclosure, potentially putting the caches of data in danger, the people said.

Under Chinese law, transportation companies like Didi are classified as “critical infrastructure providers,” adding to the national-security sensitivities. Geographic information and data on traffic flows could be construed as sensitive.

The regulator’s cybersecurity review centers on where Didi purchased the products and services used for its network and what security risks its procurements of such supplies might pose, according to people with knowledge of the investigation.

Analysts say the review process could last for months and involve some dozen government agencies including China’s Ministry of Public Security and its top economic planning agency.

Some analysts think cybersecurity officials have good reason to conduct the investigation. “In my view it would be totally within the bounds of the cybersecurity reviews to look at server suppliers,” says Graham Webster, who leads the DigiChina project at the Stanford University’s Cyber Policy Center. “If any servers were procured and Didi didn’t file for review, they would seem to be in breach or have another reading of the rules.”

Regulators have blocked Didi’s app from accepting new users.

Regulators have blocked Didi’s app from accepting new users.

Photo: alex plavevski/Shutterstock

Before the latest regulatory troubles, Didi was already facing a separate government investigation into whether the company—which boasts hundreds of millions of users in China—inappropriately muscled out smaller competitors by using big data. Agents from government agencies including the country’s top antitrust watchdog, the cyber police and tax authorities have paid surprise visits to its office.

So far, Beijing’s actions against Didi have stopped short of an outright blockage of the company’s IPO. As China’s economy slows, the company, which provides work for tens of millions of drivers, has emerged as a key job generator in major cities.

But as with the regulatory actions targeting other tech firms, the clampdown on Didi has been fueled by broader concerns among Chinese leaders that the country’s tech giants are getting too big and powerful. In recent days, some users of China’s social media also have seized on the composition of Didi’s board, saying it highlights the increasingly clubby nature of the country’s tech world.

Among Didi’s board of directors: Alibaba Chairman Daniel Zhang and Tecent’s president, Martin Lau. Both companies are also shareholders in Didi.

Write to Lingling Wei at lingling.wei@wsj.com and Keith Zhai at keith.zhai@wsj.com