The National Security Law (NSL), which came into force in June 2020, has implications for Hong Kong-based businesses in terms of technology and data. For example, Internet service providers must now grant the authorities access to user data and review their cross-border data flows. Technology companies must restructure their business activities if Western export bans apply to sensitive technologies.
With the suspension of the United States – Hong Kong Policy Act, the preferential treatment of the USA in terms of licenses, export and transfer of sensitive technology products is no longer applicable. As a result of the suspension, all exports, re-exports and transfers of such products to Hong Kong are now treated as goods destined for the PRC, and US companies are not allowed to sell sensitive technology products to Hong Kong. The EU will react in a similar way, and a first document introducing restrictions has already been published.
The tightened export restrictions have an impact on companies that can no longer send or receive sensitive and high-tech products to Hong Kong. Accordingly, supply contracts and compliance guidelines should be reviewed and adapted, and cooperation with Chinese technology providers and alternative technologies should be considered.
Companies operating in Hong Kong should evaluate their situation and draw up an action plan to deal with the authorities in the event of a review. We also recommend assessing their own supply chains for new risks associated with the NSL and, if necessary, decoupling the data exchange from the global network. This also applies to Hong Kong’s bilateral agreements, which up to now have allowed the free cross-border flow of data between the contracting parties. Here the risks should be reassessed and existing business contracts reviewed and adjusted.