Verify any claim · lenz.io
Claim analyzed
Legal“The Hong Kong national security law makes it a criminal offense to refuse to provide passwords to authorities.”
The conclusion
Hong Kong's national security framework, as amended through 2024–2026 implementation rules, does criminalize refusing to provide passwords or decryption assistance to police. However, the claim omits important conditions: the offense applies only when police lawfully demand passwords during a national security investigation, and only when the person has no "reasonable excuse." It is not a blanket obligation to surrender passwords in all circumstances. The core claim is accurate but its unqualified phrasing overstates the scope of the law.
Caveats
- The offense is conditional: it applies only when police issue a lawful requirement during a national security investigation and the person lacks a 'reasonable excuse' for non-compliance.
- The password-disclosure offense was introduced through 2024–2026 amendments and implementation rules, not the original 2020 National Security Law text.
- The law targets devices or data reasonably believed to contain evidence of national security offenses — it is not a general obligation to disclose passwords on demand in all situations.
Sources
Sources used in the analysis
A person commits an offence if the person, without reasonable excuse, fails to provide any password or other decryption method necessary to enable access to any electronic equipment or stored data that is reasonably believed to contain evidence of an offence endangering national security. A person who commits an offence under this section is liable on conviction to a fine at level 6 and to imprisonment for 1 year.
Section 5A: A person who, without reasonable excuse, fails to provide any assistance, password, decryption method or other information required by a police officer under section 4 to access an electronic device commits an offence and is liable on conviction to a fine at level 6 and to imprisonment for 1 year.
On March 23, 2026, the Hong Kong government changed the implementing rules relating to the National Security Law. It is now a criminal offense to refuse to give the Hong Kong police the passwords or decryption assistance to access all personal electronic devices including cellphones and laptops. This legal change applies to everyone, including U.S. citizens, in Hong Kong, arriving or just transiting Hong Kong International Airport.
The Amendment Ordinance empowers police officers to require a person to provide any assistance, password, decryption method or other information necessary to access electronic devices in national security investigations. Refusal without reasonable excuse is a criminal offence punishable by up to 1 year imprisonment and a fine.
It is now a criminal offense to refuse to give the Hong Kong police the passwords or decryption assistance to access all personal electronic devices including cellphones and laptops. This legal change applies to everyone, including U.S. citizens, in Hong Kong, arriving or just transiting Hong Kong International Airport.
The Amendment adds provisions allowing police officers to request any 'designated person' to provide the password or other decryption method for electronic devices reasonably believed to contain evidence related to national security offenses. Refusal to comply is a crime, punishable by a fine of HK$100,000 and imprisonment for one year upon conviction on indictment.
It is now a criminal offense to refuse to give the Hong Kong police the passwords or decryption assistance to access all personal electronic devices including cellphones and laptops. This legal change applies to everyone, including U.S. citizens, in Hong Kong.
Hong Kong police can now demand that people suspected of breaching the city's national security law provide mobile phone or computer passwords in a further crackdown on dissent. Refusing to comply could lead to up to one year's jail and a fine of up to HK$100,000 ($12,773), while providing false or misleading information could bring up to three years' imprisonment and a fine of up to HK$500,000.
Hongkongers who refuse to provide passwords for smartphones or other electronic devices during national security investigations face up to a year in jail under legal changes... The amendments, gazetted on Monday, are the first substantial changes to the implementation rules of the national security law since it was imposed by Beijing in 2020.
People in Hong Kong will now face a year in jail if they refuse to give police their phone or computer passwords in investigations involving the city's strict national security law... One of the amendments that came into effect on Monday requires people to provide 'any password or other decryption method' necessary to allow police to access electronic equipment that is believed to hold evidence.
The government of the Hong Kong Special Administrative Region (HKSAR) amended its National Security Law on Monday to expand law enforcement powers, giving police the ability to require suspects in “national security” investigations to reveal passwords to their electronic devices. Failure to provide a password can be punished by up to one year in prison and a fine of HK$100,000 ($12,774 USD).
Police officers may require any specified person to provide the required password or other decryption method to the police officer, and 'failure to comply with the requirement to provide a password is a criminal offense.' Upon conviction on indictment, a fine of HK$100,000 and imprisonment for 1 year may be imposed.
Hong Kong has revised the implementation rules of Article 43 of the National Security Law, adding that 'failure to comply with requirements to provide passwords is a crime.' Anyone who does not comply is guilty of an offense, and upon conviction on indictment, may be fined HK$100,000 and imprisoned for one year.
The Hong Kong government recently changed the implementing rules related to its National Security Law, making it a criminal offense to refuse police requests for passwords or decryption assistance to access personal electronic devices. The revised rules apply to all individuals in Hong Kong, including U.S. citizens, as well as those arriving in or transiting through Hong Kong International Airport.
People in Hong Kong will now face a year in jail if they refuse to give police their phone or computer passwords in investigations involving the city's strict national security law, the government said on March 23. One of the amendments that came into effect on March 23 requires people to provide “any password or other decryption method” necessary to allow police to access electronic equipment that is believed to hold evidence.
Hong Kong government revised the implementation rules of the Hong Kong National Security Law on March 23, adding provisions on electronic devices. If refusing to provide phone or computer passwords during investigation, one may be fined HK$100,000 (about US$13,000) and imprisoned for 1 year.
Under the new regulations, if suspects refuse to provide unlock passwords for electronic devices such as phones and computers, this behavior itself constitutes a crime. The maximum penalty for refusing to hand over passwords is up to one year in prison.
Hong Kong police can require a person under investigation to provide passwords or technical help to access electronic devices in national security cases. Non-compliance carries penalties up to one year in prison and a fine; providing false information increases penalties to three years.
Hong Kong's National Security Law has been updated, and it's now a legal requirement to provide police with access to all electronics, including passwords. This includes transit passengers at Hong Kong Airport, and refusing to do so could result in prosecution.
Hong Kong police can now legally demand passwords to your phone or laptop if they suspect you of breaching the city's National Security Law—and refusing is a criminal offense. Critics decry the move as a severe blow to privacy and fair trial rights, further tightening Beijing's grip on the city's once-open society.
The 2020 NSL was supplemented by local Article 23 legislation in 2024; 2026 amendments to implementation rules explicitly added section on mandatory disclosure of passwords/decryption for devices in NSL cases, distinguishing it from general police powers under other laws. No prior equivalent offense existed specifically under NSL.
The Hong Kong Special Administrative Region Government gazetted the 'Implementation Rules of Article 4 of the Law of the People's Republic of China on Safeguarding National Security in the Hong Kong Special Administrative Region (Amendment) 2026' on the 23rd, which came into effect immediately. Police officers may request any 'designated person' to provide the password or other decryption method for electronic devices. Refusal to comply is a crime, punishable by a fine of HK$100,000 and imprisonment for one year upon conviction on indictment.
According to the provisions, Hong Kong police can require anyone to provide passwords or decryption methods for electronic devices if needed. Non-compliance constitutes a crime, with a maximum penalty of HK$100,000 fine and 1 year imprisonment. This is more stringent than mainland China, where there is no such mandatory legal requirement.
Expert review
How each expert evaluated the evidence and arguments
Primary legal texts in the Gazette and HKLII state that a person commits an offence if they fail, without reasonable excuse, to provide a password/decryption method or assistance required by police to access electronic devices/data in national-security investigations (Sources 1, 2, 4, 6), which directly supports the core proposition that refusal can be criminally punishable in that context. However, the claim's unqualified phrasing (“refuse to provide passwords to authorities”) omits the key conditions (lawful requirement, national-security case nexus, and “without reasonable excuse”), so while the underlying idea is correct, the inference to an absolute/blanket criminalization is overbroad.
The claim omits key limiting conditions in the legal texts—password/decryption disclosure is only criminalized when police lawfully require it in a national-security investigation and the person fails to comply “without reasonable excuse,” and it is implemented via amendments/implementation rules rather than being a blanket rule for all situations (Sources 1, 2, 6). With that context restored, the core point remains accurate that Hong Kong's NSL framework now creates an offence for refusing to provide passwords when properly demanded in NSL cases, but the unqualified phrasing makes the overall impression broader than the law actually is.
The highest-authority sources in this pool are the Hong Kong Government Gazette entries (Sources 1, 2, 6) — primary legal texts carrying maximum authority — which explicitly state that failing "without reasonable excuse" to provide passwords in national security investigations constitutes a criminal offence. These are independently corroborated by the Hong Kong Legal Information Institute (Source 4), the U.S. Consulate General (Source 3), and two U.S. Department of State alerts (Sources 5, 7), all of which are high-authority, government-issued sources with no conflict of interest in confirming the law's existence. The opponent's nuance — that the offense is conditional on "without reasonable excuse" and was introduced via amendment rather than the original 2020 law — is technically accurate per the primary sources, but does not undermine the core claim: the national security law framework, as currently amended and in force, does criminalize refusal to provide passwords. The "without reasonable excuse" qualifier is a standard legal element of the offense, not a negation of criminalization, and the claim's reference to "the Hong Kong national security law" reasonably encompasses its implementing rules and amendments. The evidence pool is exceptionally strong, with multiple independent, authoritative, and recent (2024–2026) primary and governmental sources unanimously confirming the claim's substance.
Expert summary
What do you think of the claim?
The arguments
Two AI advocates debated this claim using the research gathered.
The Hong Kong national security legal framework explicitly criminalizes refusing to provide device passwords/decryption assistance when required by police in national security investigations: the National Security (Amendment) Ordinance 2024 creates an offence for failing “without reasonable excuse” to provide “any assistance, password, [or] decryption method” (Source 2; see also the consolidated presentation in Source 4). This is reinforced and operationalized in the NSL implementation rules as gazetted—stating a person “commits an offence” for failing to provide “any password or other decryption method” needed to access electronic equipment/data believed to contain national-security evidence (Source 1; updated again in Source 6), a change independently summarized as making refusal a criminal offense by the U.S. Consulate and U.S. State Department (Sources 3 and 5).
Your argument actually vindicates my position rather than defeating it: by quoting the phrase "without reasonable excuse" from Sources 1 and 2, you concede that the offense is conditional and not an absolute criminalization of refusal — meaning the claim as stated, which says the law "makes it a criminal offense to refuse to provide passwords" without qualification, remains overbroad and misleading. Furthermore, your appeal to Sources 3 and 5 as independent corroboration is a weak appeal to authority, since those U.S. government summaries are secondary characterizations aimed at traveler warnings, not legal texts, and they themselves oversimplify the conditional nature of the offense that the primary legal sources — Sources 1, 2, and 6 — make explicit.
The claim as stated is misleadingly overbroad: the law does not criminalize refusal to provide passwords in all circumstances, but only when a police officer issues a requirement in the context of a national security investigation and the person lacks a "reasonable excuse" — a critical qualifier confirmed even by Source 1 (Hong Kong Government Gazette) and Source 2 (National Security Amendment Ordinance 2024), which both explicitly include the phrase "without reasonable excuse," meaning the offense is conditional, not absolute. Furthermore, the claim attributes this power to the "Hong Kong national security law" as a monolithic instrument, yet Sources 1, 6, and 21 clarify that the password-disclosure offense was only introduced through 2025–2026 amendments to implementation rules — meaning the original national security law, as enacted, did not contain this provision, making the claim historically and legally imprecise as a characterization of what "the Hong Kong national security law" makes criminal.
You're attacking a straw man: the claim says refusal is a criminal offense, and Sources 2 and 4 (National Security (Amendment) Ordinance 2024) and Sources 1 and 6 (Implementation Rules amendments) explicitly make it an offence to fail to provide passwords/decryption when lawfully required in national-security cases—so the “without reasonable excuse” qualifier doesn't negate criminalization, it just defines the offence's elements. And your “not in the original 2020 text” point is irrelevant to the motion's present-tense legal reality, because the national security law framework as amended and implemented now criminalizes refusal (Sources 6, 2), which is exactly what the claim asserts.