This piece marks the third installment in our ongoing series analyzing compelled decryption laws. As digital evidence continues to play a central role in modern investigations, legal systems worldwide are actively addressing the friction between encrypted devices and law enforcement access. For this chapter, our geographic focus shifts to East Asia. The region provides a highly practical comparative landscape for observing how neighboring jurisdictions weigh the technical demands of modern forensics against individual procedural rights. To map these diverse approaches, the following sections review the current legal mechanisms in mainland China, Hong Kong, Taiwan, Japan, and South Korea.

Mainland China

Key Points:

• A legal system that prioritizes state security and investigative access over a broad individual right to refuse cooperation.
• The clearest decryption duties fall on network operators, telecommunications companies, and internet service providers.
• Cybersecurity and counter-terrorism laws explicitly require these entities to provide technical support, including decryption assistance in some contexts.
• The system strongly favors state access, but current statutes do not clearly create a standalone criminal offense for an ordinary suspect who refuses to unlock a personal device.

In the People’s Republic of China, digital investigations operate within a framework that prioritizes state security and investigative access over an individual right to refuse cooperation. Rather than building the justice system around an expansive right to silence, mainland law gives security authorities broad access powers and imposes specific duties of technical assistance on regulated entities, particularly in matters of national security, public safety, and counter-terrorism.

However, the legal mechanics of compelled decryption are more specific than often assumed. While criminal procedure laws impose a general civic duty to report crimes, they do not contain a blanket decryption mandate for ordinary citizens. Instead, the clearest and most forceful digital-access rules target corporate entities.

Under the country’s cybersecurity and counter-terrorism statutes, the burden of access falls heavily on network operators, telecommunications companies, and internet service providers. These laws legally bind operators to provide technical support to public and state security organs. In terrorism investigations, the mandate goes even further, expressly requiring service providers to supply technical interfaces and decryption assistance, backed by severe corporate penalties for non-compliance.

This creates a distinct legal reality: mainland Chinese law unequivocally compels decryption assistance from regulated technology providers. What it does not clearly do—at least on the face of current statutes—is create a neatly defined, standalone criminal offense that automatically penalizes an ordinary individual simply for refusing to hand over a personal passcode. The system undeniably favors state access, but it anchors its strictest decryption duties and enforceable penalties on the entities operating the networks rather than the individual suspect.

This framework, however, remains fluid. On January 31, 2026, the Ministry of Public Security published a Draft Law on Cybercrime Prevention and Control. While currently only a draft rather than enacted law, it signals an ongoing effort to consolidate and potentially expand the state’s oversight of digital spaces.

Hong Kong

Key Points:

• The implementation of the National Security Law significantly altered the region’s legal landscape.
• Amendments enacted in March 2026 explicitly empower law enforcement to compel individuals to provide device passwords, specifically within the context of national security investigations.
• Authorities are required to obtain legal authorization before compelling decryption, and refusing a lawful request is a criminal offense punishable by fines and up to a year in prison.

Once a territory under the British Crown, Hong Kong was transferred back to Chinese sovereignty under the premise of “one country, two systems.” This diplomatic arrangement was designed to maintain the region’s status quo, preserving its independent judiciary, capitalist economy, and common law legal traditions distinct from the mainland. However, observing the current legal environment reveals a gradual shift in that structural separation, particularly in how digital rights and investigative powers are managed.

The implementation of the National Security Law (NSL) served as the primary catalyst for altering the region’s legal landscape, bridging the gap between Hong Kong’s common law history and a more centralized, security-oriented approach. Under amendments to the NSL implementation rules enacted in March 2026, law enforcement agencies are now empowered to compel individuals to hand over device passwords and provide decryption assistance. The scope of these provisions is formally restricted to cases involving matters of national security. Furthermore, procedural scrutiny is required; officials have clarified that police cannot randomly demand passcodes from the public. Law enforcement must first secure the appropriate legal authorization or a warrant to search the device before a password demand can be made.

Once that legal authorization is obtained, however, the burden is placed directly on the device owner or user. In these specific national security contexts, refusing to cooperate is not shielded by the traditional right to remain silent. The updated rules classify non-compliance as a criminal offense carrying substantial penalties that include fines of up to HK$100,000 and up to a year in prison.

Taiwan

Key Points:

• A self-governing democracy that maintains strict constitutional barriers against state coercion in digital spaces.
• Article 95 of the Taiwanese Code of Criminal Procedure explicitly protects the right against self-incrimination.
• The prevailing legal consensus views compelled password disclosure as a violation of procedural protections.
• Authorities are unable to legally criminalize a suspect’s refusal to supply an encryption key, relying instead on independent forensic capabilities.

Taiwan operates as a self-governing democracy, maintaining its distinct political and legal systems while navigating the persistent geopolitical threat of annexation. This ongoing reality has fostered a legal environment that is highly sensitive to state overreach and firmly anchored in democratic due process.

Reflecting these principles, the jurisdiction maintains strict barriers against state coercion in digital investigations. Article 95 of the Taiwanese Code of Criminal Procedure explicitly protects a suspect’s right against self-incrimination, a safeguard that the legal community applies directly to digital devices. The prevailing legal consensus across the country is that compelling an individual to disclose a password or encryption key constitutes a clear violation of these core procedural protections. Consequently, authorities cannot legally criminalize a suspect’s refusal to unlock a device. To access encrypted evidence, Taiwanese law enforcement must rely entirely on independent forensic capabilities and technical analysis rather than legal compulsion, preserving a definitive boundary between state investigative powers and the right to remain silent.

The Chinese Ecosystem: A Comparative Summary

Observing this specific geographic and political cluster provides a clear illustration of how different governance models directly shape the rules of digital evidence.

Mainland China anchors one end of the spectrum, operating under a framework where individual digital autonomy is structurally subordinated to the mandates of the security apparatus. The legal baseline strongly favors state access, placing the clearest and strictest decryption duties on network operators, telecommunications companies, and internet service providers.

Hong Kong currently occupies a practical middle ground. The territory applies these state-first compliance rules strictly to matters involving national security, while generally preserving its traditional protections against self-incrimination for standard criminal investigations.

Across the strait, Taiwan offers a direct contrast by actively defending the right against self-incrimination across the board. The jurisdiction maintains a recognized boundary between the state’s investigative reach and individual procedural rights, leaving the burden of decryption entirely on the authorities.

Japan

Key Points:

• A system navigating the friction between constitutional protections against self-incrimination and statutory requests for investigative cooperation.
• Article 38 of the Constitution guarantees the right to silence and prohibits coerced confessions.
• Article 111-2 of the Code of Criminal Procedure allows authorities executing a warrant to ask suspects to operate a device or provide “some other form of cooperation,” a phrase understood to include decryption.
• The core ambiguity lies in this permissive wording: the statute authorizes a request for cooperation, but does not resolve how far investigators can push that request before violating Article 38.

Japan’s justice system faces a unique friction point when it comes to digital evidence. At the constitutional level, Article 38 guarantees the right to remain silent and prohibits convictions based on coerced confessions. However, this foundational shield intersects with the country’s Code of Criminal Procedure. Under Article 111-2, when officers execute a search or seizure warrant involving electronic-record media, they may ask the person subject to the measure to operate the computer or provide “some other form of cooperation” – a clause understood to include decryption.

This is where the ambiguity arises. Article 111-2 gives investigators a statutory basis to request assistance, but its wording is strictly permissive. Officers “may ask” for cooperation, but the law does not expressly criminalize refusal or settle how far that request can be pressed against Article 38’s protection against self-incrimination. Because pushing a suspect to unlock a device raises immediate constitutional concerns, Japanese law enforcement tends to tread carefully. Rather than relying strictly on direct legal pressure, investigators lean on third-party forensic tools to unlock devices independently, or use standard interrogation to persuade suspects to grant access voluntarily. This approach reflects a system actively trying to navigate the digital barrier while reducing the risk of a constitutional clash.

South Korea

Key Points:

• A highly digitized society actively debating how digital evidence intersects with the right to remain silent.
• Constitutional protections against self-incrimination frequently stall investigations when suspects refuse to unlock devices.
• A prominent 2020 legislative push attempted to criminalize the refusal to provide a password, but the proposal was ultimately scrapped.
• The push faced severe pushback from civil rights advocates, maintaining that forced decryption violates fundamental constitutional boundaries.

South Korea presents the case of a highly digitized society still debating how to handle digital evidence. Rooted in constitutional protections against self-incrimination, the legal system frequently runs into a familiar barrier when suspects withhold their passcodes. This creates a distinct bottleneck for law enforcement, as prosecutors and police often find their inquiries stalled when key figures simply refuse to unlock their smartphones or computers.

To address this investigative standstill, there was a prominent legislative push in 2020 to introduce a compelled decryption law. The proposal sought to penalize non-compliance, effectively treating the refusal to provide a phone password as an independent criminal offense. However, the effort was later scrapped amid intense criticism and human rights concerns. Civil rights groups and legal professionals argued that forcing an individual to disclose a password crosses a fundamental boundary, directly violating the constitutional protection against compelled self-incrimination.

This leaves South Korea in an unsettled position. While authorities actively seek a statutory mechanism to ensure investigative access, the legal basis for compelling an ordinary suspect to unlock a personal device remains contested in light of existing constitutional safeguards.

Conclusion

Ultimately, the East Asian landscape provides a clear map of a growing bifurcation in global law regarding compelled decryption. Looking at the region’s varied approaches to digital forensics and individual rights, two distinct paths emerge. Jurisdictions structured around centralized state control generally give investigative authorities broader access powers and impose stronger duties of technical assistance, especially on regulated service providers. In contrast, jurisdictions that emphasize democratic due process continue to work through the everyday friction between modern investigative demands and the historical preservation of the right against self-incrimination.