Hong Kong has enacted new rules under its National Security Law that criminalize refusing to provide passwords or assist in decrypting personal electronic devices. The changes grant police broader authority to access data on phones and laptops, apply to residents, visitors, and transit passengers, and raise significant concerns for digital privacy and crypto users.
Authorities in Hong Kong have introduced new rules under the National Security Law that make it a criminal offense to refuse to provide passwords or assist in decrypting personal electronic devices. The changes, which took effect on March 23, apply to residents, visitors, and even travelers transiting through Hong Kong International Airport.
The update grants police broader authority to access data stored on phones, laptops, and other devices, as well as to seize and retain equipment they deem relevant to national security investigations. The development expands existing enforcement powers and introduces new obligations around digital access.
Under the revised rules, according to the U.S. Consulate, individuals may be required to provide passwords or assist authorities in decrypting electronic devices during an investigation. Refusal to comply is now considered a criminal offense.
The scope of the law is wide, covering all personal electronic devices and applying regardless of nationality. This means foreign nationals, including business travelers and transit passengers, may be subject to the same requirements while in Hong Kong.
Including transit passengers broadens the policy’s reach beyond residents and visitors entering the city. Individuals passing through Hong Kong International Airport may be subject to the same requirements, even if they are not formally entering the territory.
This has implications for international travelers who routinely carry sensitive personal or corporate data on their devices. Legal obligations may apply regardless of whether a traveler’s stay is temporary or incidental.
While the policy is not specific to digital assets, it has potential implications for individuals who store financial or sensitive information on their devices. Crypto wallet applications, exchange accounts, and authentication tools are often accessible via smartphones or laptops.
In cases where access to a device is compelled, this could expose account-level information or transaction histories, even if assets themselves remain secured elsewhere. The changes highlight broader tensions between regulatory enforcement and digital privacy, particularly as financial activity becomes increasingly tied to personal devices.
