China summoned U.S. Consul General Gregory May after the American mission warned citizens about Hong Kong security powers. The dispute centers on password access, device searches and the legal risks facing travelers or companies with sensitive data. On March 29, 2026, the diplomatic protest showed how national security law continues to reshape Hong Kong's position as a business and data hub.

Diplomatic tension escalated quickly after the US mission published its alert on official communication channels. The notice warned travelers and residents that failing to comply with password demands could lead to detention and criminal prosecution under newly implemented internal security measures. Chinese officials characterized the advisory as a deliberate attempt to smear the legal environment of the special administrative region.

China maintains that internal security matters fall strictly under sovereign jurisdiction.

Officials at the Ministry of Foreign Affairs office in Hong Kong demanded that the US refrain from what they termed interference in domestic legal affairs. The summons reflects a tightening of the diplomatic perimeter surrounding the financial hub. Article 23, the local legislation that supplements the 2020 national security law, provides the legal basis for these expanded police powers.

Password Access Rules Spark Diplomatic Confrontation

Specific provisions within the Safeguarding National Security Ordinance allow law enforcement officers to seek judicial warrants for digital access. These warrants authorize the seizure of smartphones, laptops, and encrypted storage media. If a suspect refuses to unlock a device, the law permits a court to impose penalties including fines or imprisonment for non-compliance. The US alert highlighted these specific risks, suggesting that the lack of clear judicial guardrails could expose foreigners to arbitrary data extraction. American businesses operating in the territory have expressed quiet concern about the privacy of proprietary data. The US Consulate General argued that transparency regarding local laws is a standard consular function intended to protect citizens. Beijing countered by stating that the laws are no different from those in Western jurisdictions where counter-terrorism and national security needs dictate access to private communications.

Data from the US Department of State indicate that over 1,200 American firms maintain a presence in the city.

Security experts note that the technical requirements for password handover bypass traditional encryption protections. Police can demand passwords not just from the owner of the device, but also from service providers if the information is stored locally. This development places tech companies in a difficult position, caught between their privacy commitments to users and the legal mandates of the Hong Kong administration.

Hong Kong National Security Law Expansion Details

The Safeguarding National Security Ordinance was fast-tracked through the Legislative Council to close what officials called legal loopholes. It targets five categories of crimes: treason, insurrection, theft of state secrets, sabotage, and external interference. The password requirement falls under the investigative powers granted to the police to prevent the destruction of evidence related to these crimes. $11 billion in annual trade flows through the region, much of it reliant on the free movement of information. Critics of the law argue that the definition of state secrets remains broad enough to include economic data and corporate research. The inclusion of the password mandate suggests that the privacy protections once enjoyed under the Basic Law are being adjusted to prioritize state interests. Authorities have dismissed these concerns, stating that the law only targets a tiny minority of individuals who threaten public safety.

Public records show that the 2020 national security law has already led to the arrest of more than 290 individuals. The new password rules represent a serious expansion of the toolkit available to the specialized national security department of the police force.

US Consulate Issues Warning to American Citizens

The American mission emphasized that the legal landscape has become increasingly complex for those carrying sensitive business or personal information. Its alert advised travelers to consider the use of burner phones or to minimize the amount of data stored on devices when crossing the border. Such practical advice is what triggered the formal protest from the Ministry of Foreign Affairs, which viewed the suggestions as alarmist. Consular alerts of this nature often precede broader changes in travel advisories issued by Washington. The State Department currently maintains a Level 2 travel advisory for Hong Kong, urging increased caution due to the arbitrary enforcement of local laws. If the password rules lead to the detention of an American citizen, the diplomatic rift could widen sharply.

Economic analysts point to the potential for a brain drain if international staff feel their digital privacy is compromised. Recruitment firms in the region report that the ability to guarantee data security is now a primary question from prospective executive hires moving from London or New York. The summons of the envoy confirms that the Chinese government will not allow these concerns to be voiced by foreign diplomats without a forceful response.

Business Community Reacts to Digital Privacy Erosion

Global financial institutions have begun reviewing their data handling protocols in response to the legislative changes. Some banks have reportedly moved their regional data hubs to Singapore or Tokyo to avoid the reach of the new security ordinances. While the Hong Kong government insists that the business environment remains stable, the physical summons of a top diplomat suggests a higher level of political friction than many corporate boards are comfortable with.

Information security consultants are seeing an uptick in requests for local data encryption audits. These audits focus on ensuring that data can be wiped remotely if a device is seized, though even this action could be interpreted as a violation of the national security law under the sabotage or obstruction of justice clauses. The legal ambiguity surrounding these scenarios creates a chilling effect on the technology sector.

The current environment leaves little room for the diplomatic detail that previously characterized US-China relations in the city. Government officials in Beijing have signaled that they will continue to monitor the statements of foreign consulates closely. Any further advisories that characterize the Hong Kong legal system as high-risk will likely meet with similar diplomatic pushback. The summons of May is a clear message that the era of Western missions acting as vocal monitors of Hong Kong internal policy has come to an end.