julio 28 2020

The Chamber of No Secrets: What Tech and Data/Content-Driven Companies Need to Know about the Hong Kong National Security Law

Share

Introduction

On 30 June 2020, the Law of the People’s Republic of China on Safeguarding National Security in the Hong Kong Special Administrative Region (NSL), was passed by the Standing Committee of the National People’s Congress in China and officially listed in Annex III of the Hong Kong Basic Law. It came into effect in Hong Kong on the same date – a day before the 23rd anniversary of the transfer of sovereignty over Hong Kong from the U.K. back to the People’s Republic of China (PRC). The NSL was enacted in the aftermath of a year of social unrest in Hong Kong and introduced criminal sanctions against acts of secession, subversion, terrorism, and collusion with foreign or external forces. The NSL aims to regulate behaviour through increased scrutiny but its knock-on effects, including the almost immediate response from the U.S., will likely give rise to far-reaching consequences for the technology and service sectors given the introduction of new export sanctions for Hong Kong, the increased powers of local enforcement authorities to gain access to data as well as other trade issues that will affect the way technology companies and other businesses operate in the region.

Highlights of the NSL

The key features of the NSL can be summarised as follows1:

  • The NSL criminalises acts of secession, subversion, terrorism, and collusion with foreign or external forces. Convictions under any of these provisions carry different sentences up to life imprisonment;
  • Incorporated or unincorporated bodies, for example, companies and organisations, can be held accountable for violations of the NSL, and penalties may be imposed on them, ranging from fines to confiscation of assets;
  • Law enforcement bodies are empowered to take enhanced measures when handling offences that endanger national security, such as searching relevant premises and electronic devices that may contain evidence of the offence, carrying out lawful interception and surveillance, and requiring service providers or individuals to remove information and provide assistance;
  • The city’s new security office, staffed with its own law enforcement personnel from Beijing, has the power to refer certain serious or complex cases for trial in the PRC;
  • The Committee for Safeguarding National Security (Committee), comprised of Hong Kong government officials and a Beijing-appointed adviser, is in charge of enforcing the NSL in Hong Kong. Decisions made by the Committee are not subject to judicial review; and
  • The final right to interpret the NSL is vested in the PRC’s Standing Committee of the National People's Congress, and any conflict or inconsistency between the NSL and the laws of Hong Kong will be resolved in favour of the former.

The NSL purports to have extra-territorial effect and does not just apply to offences committed in Hong Kong, or by Hong Kong permanent residents outside Hong Kong, but also applies to any offences committed outside the region by anyone who is not a Hong Kong permanent resident.

Effects of the NSL on Businesses

The new regime introduced by the NSL will require Hong Kong technology companies to consider their obligations to provide access to data and assistance to law enforcement authorities; review their cross-border data flows and restructure their business given changes to technology export controls. 

(a) Access to Data 

Cases concerning an offence endangering national security allow law enforcement authorities to require access to data held by service providers as well as the deletion of certain information in the context of general assistance with an investigation. Enforcement authorities can order any person who is reasonably suspected to have any information relevant to an investigation, to furnish such information, and they have the power to search any premises or electronic devices which may contain evidence of an offence, without a warrant. How unfettered are these powers? Can enforcement authorities request access to all data, or must they specify the exact data they require? What is the threshold for the enforcement authorities to be able to order the provision of information or to carry out searches – is it low or high? What are the consequences for companies that do not comply with an order, especially if they are not based in Hong Kong or if their data is stored in the cloud? Fines, revocation of business licence or imprisonment? The answers to these questions are not clear at the moment and further implementation rules will likely be issued to provide clarification. 

What is clearer, though, is that the focus of these wide reaching powers will likely be data centre providers, internet service providers, other network operators, mobile app operators and social media platforms which hold a broad range of data on their customers and users, and operate in Hong Kong. For this reason, technology companies operating in Hong Kong need to establish a response plan on how to handle requests from the enforcement authorities. In particular, as the NSL allows police officers to search premises and electronic devices on which evidence relating to an offence may be stored, the risk of dawn raids has to be considered. A good starting point for any company is to assess their potential exposure to such risks and develop a comprehensive playbook setting out appropriate protocols that would need to be adhered to when a dawn raid happens. This will help to minimise business disruption and ensure a well-coordinated response.

As part of developing their response playbook, companies may wish to re-assess and re-evaluate their supply chain and consider adopting solutions that ring-fence their operations in Hong Kong from their global network.

(b) Data flows

In early 2019, a bilateral free trade agreement (FTA) was entered into between Hong Kong and Australia, under which Hong Kong committed to allow free cross-border data flows between the two territories. This was the first time Hong Kong had made such a commitment with a trading partner. However, the promulgation of the NSL and recent moves by sovereign states in response to the passing of the NSL are likely to result in a review of such FTAs. Any existing business contracts that rely on provisions under an FTA (or any other bilateral agreements) may need to be reviewed and attendant risks would need to be re-assessed, and pre-emptive changes should perhaps be considered.

(c) Trade and export control

Since the passing of the NSL, the US government has announced that it will strip away Hong Kong’s special trading status and suspend existing licensing exceptions for the export, re-export and transfer of certain controlled technology products to the region.2 Previously, Hong Kong enjoyed preferential treatment from the United States pursuant to the United States-Hong Kong Policy Act, on the condition that Hong Kong would maintain a sufficient degree of autonomy from the PRC. This included export licensing exceptions whereby US companies could be exempted from acquiring a licence for exporting, re-exporting and transferring sensitive and high-technology products falling under the Export Administration Regulations (EAR), items that would otherwise require an export licence, to Hong Kong. These exceptions were not extended to the PRC.

As a result of the suspension of licensing exceptions, all exports, re-exports and transfers of such classified products to Hong Kong will now be treated as items destined for the PRC, and US companies will be restricted from selling sensitive technology products (e.g., dual-use technologies and defence equipment) to Hong Kong. Similarly, the EU Council has recently released a draft document proposing the implementation of limits on the export of goods to Hong Kong that could be used for surveillance purposes. The proposal is likely to be put into effect in the near future.

The tightened restrictions on sensitive technology exports could have larger implications for multinational companies, such as semiconductor manufacturers, which will now be precluded from shipping sensitive and high-technology products to or receiving them in Hong Kong. Companies that have previously been leveraging Hong Kong’s favourable export control status may now have to carefully review their current compliance policies and procedures for importing and exporting controlled technology items subject to the EAR, and carry out the necessary changes to prepare for the potential disruptions to their operations in Hong Kong. This may include reviews of existing contractual obligations for the supply of technology by building in the additional time needed to obtain export licences and/or seeking partnerships with local technology suppliers in order to maintain service levels for Hong Kong customers.

Customers in Hong Kong relying on such technology that may suffer business disruptions may now have to re-assess their options and adopt alternatives such as embracing different technology solutions and reducing their reliance on US companies by partnering with Chinese companies instead, which are expected to gain a stronger foothold in the Hong Kong market. Maintaining a Hong Kong customer base will require a delicate balancing act on the part of technology companies that now have to contend with new export controls and the threat of access to customer data.

What’s Next?

The ripple effect of the NSL has presented technology companies operating in Hong Kong with additional challenges and hurdles. They will need to revisit and reformulate their overall strategy for Hong Kong, by perhaps adopting a similar strategy to that adopted for their operations in the PRC. Rapidly evolving political developments will reflect the way the NSL is enforced and will have a knock-on effect on data privacy issues and technology imports and exports. More than ever, technology companies need to be as prepared as possible, by arming themselves with NSL playbooks and enforcement response plans, which will need to be revisited and updated on a continuous basis.

The authors would like to thank Sophie Huang, Intellectual Property Officer at Mayer Brown, for her assistance with this Legal Update.


1 For further information on the National Security Law, please refer to the following: https://www.mayerbrown.com/en/perspectives-events/publications/2020/07/hksar-national-security-law#:~:text=It%20is%20stipulated%20under%20the,be%20guilty%20of%20an%20offence.

For further information regarding the revocation of Hong Kong’s preferential status by the U.S., please refer to the following: https://www.mayerbrown.com/en/perspectives-events/publications/2020/07/president-trump-revokes-preferential-treatment-for-hong-kong.

Stay Up To Date With Our Insights

See how we use a multidisciplinary, integrated approach to meet our clients' needs.
Subscribe