# Hong Kong Police Can Now Demand Phone Passwords by Law

> Hong Kong's amended National Security Law lets police demand phone passwords and encryption keys without a warrant, with criminal penalties for refusal.

Published: 2026-03-28
URL: https://daniliants.com/insights/hong-kong-police-can-now-demand-phone-passwords-under-new-security-r/
Tags: encryption, privacy, hong-kong, national-security-law, travel-security, device-security, vpn, legal-risk

---

## Summary

As of 23 March 2026, Hong Kong's amended National Security Law allows police to demand phone passwords, encryption keys, and biometric unlock without a warrant. Refusal carries up to 1 year in jail and HK$100,000 fine; providing fake credentials means up to 3 years. This fundamentally changes the risk calculus for anyone transiting Hong Kong with encrypted devices or sensitive business data.

## Key Insight

- The obligation extends beyond device owners to anyone who knows access details - spouses, business partners, IT admins. Enterprise encryption keys are explicitly covered.
- VPN and encrypted messaging (Signal, etc.) usage itself becomes a liability if authorities classify your communications as a national security concern. The four trigger categories (secession, subversion, terrorism, foreign collusion) are deliberately broad.
- Chief Executive John Lee implemented these changes unilaterally via gazette, bypassing the Legislative Council entirely. No judicial authorization is required for enforcement.
- Since the 2020 NSL enactment, 386 people have been arrested with 176 convictions, showing active enforcement rather than just a deterrent on paper.
- The practical impact: device encryption is only as strong as the legal framework around it. Hardware security becomes irrelevant when unlocking is compelled under criminal penalty.
- Business travelers carrying client data, trade secrets, or privileged communications through Hong Kong now face a direct conflict between data protection obligations (GDPR, contractual NDAs) and local law.