Authorities in Hong Kong have introduced new rules under the National Security Law that make it a criminal offense to refuse to provide passwords or assist in decrypting personal electronic devices.
The changes, which took effect on March 23, apply to residents, visitors, and even travelers transiting through Hong Kong International Airport.
The update grants police broader authority to access data stored on phones, laptops, and other devices, as well as to seize and retain equipment they deem relevant to national security investigations.
The development expands existing enforcement powers and introduces new obligations around digital access.
Hong Kong criminalizes refusal to unlock personal devices
Under the revised rules, according to the U.S. Consulate, individuals may be required to provide passwords or assist authorities in decrypting electronic devices during an investigation. Refusal to comply is now considered a criminal offense.
The scope of the law is wide, covering all personal electronic devices and applying regardless of nationality. This means foreign nationals, including business travelers and transit passengers, may be subject to the same requirements while in Hong Kong.
Authorities are also empowered to take and retain devices as evidence if they believe the contents are linked to national security concerns. However, the threshold for such determinations has not been clearly defined in public guidance.
Law extends to travelers and transit passengers
Including transit passengers broadens the policy’s reach beyond residents and visitors entering the city. Individuals passing through Hong Kong International Airport may be subject to the same requirements, even if they are not formally entering the territory.
This has implications for international travelers who routinely carry sensitive personal or corporate data on their devices. Legal obligations may apply regardless of whether a traveler’s stay is temporary or incidental.
Implications for digital privacy and crypto users
While the policy is not specific to digital assets, it has potential implications for individuals who store financial or sensitive information on their devices.
Crypto wallet applications, exchange accounts, and authentication tools are often accessible via smartphones or laptops.
In cases where access to a device is compelled, this could expose account-level information or transaction histories, even if assets themselves remain secured elsewhere.
The changes highlight broader tensions between regulatory enforcement and digital privacy, particularly as financial activity becomes increasingly tied to personal devices.
Final Summary
- Hong Kong’s updated rules require individuals to unlock devices on request, extending enforcement powers under national security law.
- The policy raises new privacy considerations, including for users who access crypto accounts on personal devices.
