Hong Kong police now possess the legal authority to demand passwords for phones and computers from individuals suspected of violating the territory’s wide-ranging National Security Law (NSL), as reported by BBC News. These new amendments, gazetted on Monday, March 23, 2026, also empower customs officials to seize items deemed to have “seditious intention.”

Refusal to comply with a password demand can result in up to a year in jail and a fine of up to HK$100,000 (approximately $12,700 USD or £9,600 GBP). Individuals found providing false or misleading information could face even harsher penalties, including up to three years in prison.

Context of the National Security Law

The National Security Law was originally imposed on Hong Kong by Beijing in 2020, following extensive pro-democracy protests in 2019. Hong Kong authorities assert that these laws are essential for maintaining stability and order within the territory.

“activities endangering national security can be effectively prevented, suppressed and punished, and at the same time the lawful rights and interests of individuals and organisations are adequately protected,” stated Hong Kong authorities regarding the amendments.

However, critics argue that the NSL is a tool used to suppress dissent and curtail the freedoms previously enjoyed in the autonomous region. The law broadly defines offenses such as secession, subversion, terrorism, and collusion with external forces, and permits certain trials to be held behind closed doors. The city’s leader, John Lee, announced these new amendments without requiring approval from the legislative council.

Impact on Digital Privacy and Dissent

Since the NSL’s introduction, hundreds of protesters, activists, and former opposition lawmakers have been arrested in Hong Kong. These new powers allowing police to demand device passwords significantly escalate the state’s ability to access private digital communications and data, further impacting digital privacy and freedom of expression. This action mirrors concerns seen in other regions, such as when Dutch police have accessed iPhones for surveillance or when spyware has been found on journalists’ iPhones, highlighting a global trend of government and state-backed entities seeking access to personal devices for intelligence gathering, as also seen with groups like APT28 spying on military personnel.

Recent cases highlight the broad application of the NSL and related laws. In February 2026, the father of a pro-democracy activist in exile was jailed for attempting to cash out her insurance policy, under a homegrown law that expands on the NSL. Similarly, media tycoon Jimmy Lai received a 20-year prison sentence after being convicted of foreign collusion and publishing seditious material under the NSL.

About the Author