Traveling Overseas? Your Telephone Might Be The First Checkpoint: The Increasing Attain of Electronic Machine Searches | Insights

Introduction

Electronic units equivalent to cellphones, tablets, and laptops routinely retailer years of delicate firm and private data, together with emails, confidential communications, monetary information, and private particulars starting from well being information to household pictures. That focus of knowledge has made the authorized authority of border officers to request or require entry to digital units probably the most urgent compliance points for multinational organizations and their workers.

Several jurisdictions have expanded—or extra actively exercised—their border inspection and enforcement powers in recent times, pushed by evolving nationwide safety priorities and advances in digital surveillance capabilities. While the particular authorized frameworks range, the general development is obvious: governments are asserting broader authority to entry and evaluate the contents of digital units carried by vacationers.

Recent developments in Hong Kong and the United States illustrate the vary of approaches and the compliance challenges they create.

Hong Kong: Scope of the Recent Amendments

On March 23, 2026, the Hong Kong Special Administrative Region (HKSAR) authorities published amendments to the Implementation Rules for Article 43 of the Law of the People’s Republic of China on Safeguarding National Security within the Hong Kong Special Administrative Region. The amendments increase the powers of regulation enforcement officers in issues involving suspected nationwide safety offenses.

Under the amended guidelines, law enforcement officials could require any individual suspected of endangering nationwide safety to offer passwords, decryption keys, or different data essential to entry digital units. The Hong Kong government has clarified that officers usually want a court docket warrant issued by a Justice of the Peace, though a warrantless search could also be performed in sure circumstances. The amendments additionally empower officers to grab objects deemed to have “seditious intention” (i.e., intent to incite civil dysfunction or dissent) even the place there was no arrest in reference to these objects.

The penalties for noncompliance are important. Refusing to offer a password or decryption help is now a prison offense punishable by as much as one yr of imprisonment and a positive of as much as HK$100,000 (roughly US$12,800). Providing false or deceptive data carries a extra extreme penalty of up to a few years of imprisonment and a positive of as much as HK$500,000 (roughly US$64,000).

These obligations apply to all people in Hong Kong, together with residents, guests, and people transiting by way of Hong Kong‘s airport. The regulation additional extends to anybody an officer believes to know a related password, probably encompassing administrative assistants or members of the family who could have entry to a tool.

The amendments fall inside the broader framework of the National Security Law (NSL), which was imposed by mainland China in 2020 and punishes acts together with secession, terrorism, subversion, and collusion with international forces with penalties as much as life imprisonment.

United States: Border Search Authority

In distinction, the United States illustrates how a special authorized system addresses the identical basic rigidity between border safety and digital privateness. While each governments allow the inspection of digital units on the border, the authorized frameworks, procedural safeguards, and penalties for noncompliance differ considerably.

US Customs and Border Protection (CBP) could conduct “basic” handbook searches of digital units with out a warrant or individualized suspicion, and “advanced” forensic searches (e.g., connecting tools to repeat and/or analyze saved information) usually require cheap suspicion or a nationwide safety justification.

CBP emphasizes that it makes use of border searches of digital units to determine illicit actions and evaluate statements regarding travelers’ intentions upon entry or exit. The penalties for refusing to unlock a tool at a US border or airport rely on the traveler’s citizenship or immigration standing: US residents can’t be denied entry for refusing; noncitizens could also be refused admission. In each situations, the gadget could also be detained for additional examination.

Beyond the authorized framework itself, a key improvement is the marked shift in enforcement posture. Over the previous few years, as a part of an enhanced vetting and admissibility evaluate course of, searches of digital units have grown considerably. Increasingly, border searches focus not solely on what vacationers are bodily carrying, but in addition on their digital footprint as a way of assessing intent and danger profile.

In a Privacy Impact Assessment (PIA), the Department of Homeland Security observed that, prior to now, a traveler may need carried a briefcase containing photos, work supplies, private notes, or journals, however with the availability of digital storage, each domestically on units and within the cloud, the quantity of non-public and enterprise data carried throughout the border by a single particular person has “increased exponentially.” According to the PIA, smartphones and tablets at the moment are used for communications and sharing private ideas in methods a bodily briefcase by no means was, making “a search of their electronic device more invasive due to the amount of information potentially available on and now accessible by electronic devices.”

Recently, there was a rise in requests to unlock units or present passwords. Although vacationers are usually not all the time legally compelled to comply, the sensible penalties of refusal are important and embody gadget seizure, processing delays, or denial of entry for non-US residents. Once entry is granted, forensic capabilities permit for extra refined evaluation of gadget information, though CBP coverage prohibits officers from utilizing a tool to entry data that’s solely saved remotely, and units have to be positioned in airplane mode throughout inspection.

These developments don’t replicate a change within the underlying authorized authority. Rather, the Department of Homeland Security is utilizing longstanding authorities extra actively, supplemented by clarifying steerage. Most not too long ago, CBP issued a directive in January 2026 that builds on prior insurance policies by clarifying the scope of permissible searches on the US border.

Comparing the Two Frameworks

Global Implications for Organizations and Travelers

The developments in Hong Kong and the United States replicate a broader world shift in how governments method gadget inspections at borders. Organizations accustomed to routine enterprise journey could assume that if their journey patterns haven’t modified, their danger profile has not modified both. That assumption is more and more unreliable. Expanded inspection powers and/or enforcement postures don’t simply have an effect on particular person vacationers; additionally they expose the organizations that make use of them, and the compliance challenges they current more and more span a number of jurisdictions.

Legal protections relevant in a single jurisdiction, equivalent to attorney-client privilege, could not be acknowledged by officers imposing the nationwide safety or border legal guidelines of one other. Any information accessible on or by way of a tool, together with privileged communications, consumer work product, e mail correspondence, textual content messages, pictures, monetary purposes, and saved credentials, could fall inside the scope of compelled disclosure. Where inspection protocols don’t clearly distinguish between domestically saved information and data accessible by way of the gadget, a traveler who’s logged into cloud-based e mail, doc administration, or collaboration platforms on the time of examination may inadvertently expose way over what’s bodily saved on the gadget. Hong Kong’s amended guidelines include no limitation on cloud-based entry; the United States, by distinction, has an express coverage towards accessing cloud-stored content material. This distinction underscores the significance of understanding the particular guidelines in every jurisdiction by way of which workers journey.

At the identical time, organizations topic to international information safety regimes (e.g., the European Union’s General Data Protection Regulation (GDPR); mainland China’s Cybersecurity Law, Data Security Law, and Personal Information Protection Law; and related frameworks in different places) could face conflicting authorized obligations. For instance, an obligation to guard private information beneath the legal guidelines of 1 jurisdiction could conflict with a authorized obligation to reveal that very same information beneath the legal guidelines of one other. Compelled disclosure at any border may set off notification obligations, contractual breaches, or regulatory publicity.

Technical safeguards equivalent to encryption and powerful password protections stay necessary safety practices, however they don’t change the authorized calculus in jurisdictions that criminalize a refusal to decrypt. Where the regulation explicitly requires vacationers to offer entry credentials, technical protections can’t be relied upon to stop disclosure.

Further, the place authorities have the ability to grab and retain units, vacationers could lose entry to crucial enterprise instruments for an indeterminate interval, with penalties that stretch effectively past the person to the group‘s operational continuity. For instance, when a senior govt‘s gadget is seized, the disruption could ripple throughout the enterprise, affecting deal timelines and consumer relationships.

Key Takeaways

The points raised by Hong Kong’s and the United States’ respective border inspection legal guidelines and practices are usually not restricted to these jurisdictions. The organizations greatest positioned to handle increasing border inspection authority are people who deal with the difficulty as a cross practical planning matter quite than an remoted authorized query tied to any single vacation spot. As with heightened scrutiny at US borders, the vacationers and corporations that fare greatest are people who have ready prematurely. The following steps are designed to be sensible, globally relevant, and implementable.

For Travelers

• Know the regulation in each jurisdiction you enter or transit. Inspection powers range broadly. Understand the particular authorities that border officers could train in every nation by way of which you journey, together with transit stops.

• Travel with the suitable gadget. Review the information saved on the gadget to find out whether or not you might be snug with it being topic to inspection. Consider utilizing a devoted journey gadget that’s configured solely with the purposes and restricted information crucial in your journey. The contents of any gadget you carry ought to be proportionate to the aim of your journey. For instance, in case you are attending a convention, there’s usually no must have entry to your full consumer file archive. Taking this method not solely minimizes publicity within the occasion of inspection, but in addition mitigates sensible issues related to worldwide journey, equivalent to loss, theft, or unauthorized entry.

• Manage your digital footprint. Before departure, sign off of all cloud-based e mail, doc administration methods, messaging platforms, and collaboration instruments on the gadget you plan to hold. This step is especially necessary when touring by way of jurisdictions that don’t clearly limit inspections to domestically saved information.

• Anticipate questions on the border. If you might be requested to clarify your journey or gadget contents throughout inspection, keep composed and reply clearly and concisely. You ought to have the ability to describe the aim of your journey in a single or two sentences. Know your rights beneath native regulation and the limits of these rights. Attorneys ought to be ready to say privilege as acceptable.

• Follow firm protocols and have key contacts accessible. Adhere to your group‘s journey and safety protocols, and guarantee you have got a delegated firm or authorized level of contact available. Store the contact data and your house nation‘s consulate particulars in a format accessible even when your gadget is seized. US residents may additionally enroll within the State Department‘s Smart Traveler Enrollment Program.

For Organizations

• Update journey and information governance insurance policies. Evaluate whether or not the present frameworks tackle the danger of compelled disclosure at borders and whether or not they account for potential conflicts with information and privateness obligations beneath the GDPR, mainland China‘s information safety legal guidelines, and different relevant frameworks. Policies ought to be jurisdiction-specific and frequently up to date as new inspection legal guidelines and directives take impact.

• Provide pre-travel briefings. Employees touring to or by way of jurisdictions with expanded border inspection authority ought to obtain clear, sensible steerage not simply on the regulation, however on the right way to put together units, what information to hold, what to go away behind, how to reply to inspection requests, and what to anticipate on the border. Advance preparation is far more practical than making an attempt to say privilege or handle a disaster at the border reactively. Mayer Brown can ship jurisdiction-specific briefings tailor-made to your group‘s danger profile and journey patterns.

• Establish journey protocols. Consider implementing a course of for workers to request devoted journey units. This just isn’t supposed to evade inspection; quite, it’s a acknowledged method to limiting the quantity of delicate information that may very well be uncovered throughout any border interplay or loss or theft of a tool throughout journey.

• Coordinate throughout features. Effective administration of those dangers requires coordination throughout authorized, compliance, privateness, Information Technology, human assets, and the enterprise groups that authorize journey. Organizations ought to monitor which workers journey to or by way of high-risk jurisdictions and the way ceaselessly. They also needs to be certain that crucial information and workflows are usually not depending on a single gadget.

• Monitor authorized and regulatory developments. Border inspection practices and governing frameworks are evolving quickly throughout a number of jurisdictions. Organizations ought to monitor enforcement actions and coverage adjustments that will have an effect on border inspection authority in each jurisdiction related to their operations.

Conclusion

The increasing scope of governmental authority to examine digital units at borders is a worldwide development with important implications for multinational organizations and worldwide vacationers.

These developments require quick consideration to journey protocols, information governance frameworks, and the delicate data saved on or accessible by way of digital units. With considerate planning and cross-functional coordination, these dangers may be mitigated.

Mayer Brown will proceed to observe developments throughout jurisdictions and supply well timed updates. We can be found to assist proactive planning, pre-travel briefings, compliance assessments, and danger administration options tailor-made to your group‘s wants.