Hong Kong is a free port, which means that no tariff is charged on the import or export of goods. Therefore, there is no need to implement a de minimis threshold.

Pursuant to Art. 43 of the Law of the People's Republic of China on Safeguarding National Security in the Hong Kong Special Administrative Region (National Security Law), the Chief Executive may authorise the interception of communications or the covert surveillance of an individual if they think it is necessary and proportionate to the purpose for which such actions are sought. As a result, it is reported that the Law allows the government to request sensitive data if national security is deemed to be at risk and that such authorisations are not legally reviewable. The National Security Law is implemented through the Implementation Rules for Art. 43 of the Law of the People’s Republic of China on Safeguarding National Security in the Hong Kong Special Administrative Region.

The Copyright Ordinance establishes a safe harbour regime for intermediaries for copyright infringements. The liability of Internet service providers (ISPs) will depend on the type of service being provided. The Copyright Ordinance (CO) provides specific exemption from liability for those service providers who merely provide physical facilities, such as the hardware and network infrastructure, to clients/customers for network communications and access through the internet. In addition, for other ISPs, liability for copyright infringement can arise if the ISP itself is found to have engaged in unauthorised acts or it is held responsible for contributing to or making possible the act of infringement by another. Depending on the type of service provided by the ISP, it may be liable for direct copyright infringement, either as a primary or secondary infringer. Under section 22(2) of the CO, even if an ISP does not commit direct infringement, it can still be liable on the basis that it "authorised" the infringing acts.

A basic legal framework on intermediary liability beyond copyright infringement is absent in Hong Kong's law and jurisprudence. On 31 October 2019, the High Court handed down an interim injunction against the "promotion, encouragement and incitement of the use or threat of violence via Internet-based platform or medium". Subsequently, the High Court amended its injunction to restrain only those who willfully assist others in posting inciting material online. In other words, online service providers (OSPs) are not in breach of the injunction, even if they enable posts to be made on their platforms without knowing the facts or contents of such publications. Furthermore, the injunction does not impose a positive duty on OSPs to search for or filter out unlawful content uploaded by others.

The Telecommunications (Registration of SIM Cards) Regulation has taken effect in September 2021 to implement the Real-name Registration Programme for Subscriber Identification Module (SIM) Cards. According to Art. 5 of the Regulation, telecommunications operators must not activate SIM cards unless users have registered their personal data, including their full name in English and Chinese, HKID number or other identity document number, a copy of their identity document and date of birth.

Hong Kong has appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.

It is reported that the Office of the Communications Authority (OFCA), the executive authority for the supervision and administration of services in the telecommunications sector, is independent from the government in the decision-making process.

Under Section 33 of the Personal Data (Privacy) Ordinance, there are prohibitions against the transfer of personal data outside Hong Kong except in specified circumstances. However, this Section has not yet come into operation. If the data is transferred by a data controller to its outsourcing agent situated outside Hong Kong for processing the data, the data user remains liable for all acts done by its agent in relation to the mishandling of the personal data.

Hong Kong’s Securities and Futures Commission released a circular in October 2019 that requires banks and other regulated groups to store data locally or ensure that their cloud provider will hand over information on request.

Hong Kong has joined an agreement with binding commitments to open transfers of data across borders: the Australia-Hong Kong Free Trade Agreement and associated Investment Agreement [Art. 11.7(2) and 11.15(1)].

The Personal Data (Privacy) Ordinance, as amended in 2012 ('the PDPO'), is the main legislation in Hong Kong which aims to protect the privacy of individuals in relation to personal data and to regulate the collection, holding, processing, or use of personal data based on a set of data protection principles ('DPPs').

Hong Kong is a party to the World Trade Organization (WTO) Agreement on Government Procurement (GPA), and its commitments also cover the services sectors considered most important for digital trade, namely telecommunication services (CPC 752), telecommunication-related services (CPC 754), and computer and related services (CPC 84).

According to the Communications Authority Ordinance and the Companies Ordinance, there are no ownership restrictions for telecommunications, manufacturing of information and communication technology goods and products, computer and related services, and online broadcasting. In addition, it is reported that there are no foreign ownership limitations in the telecom sector.

Hong Kong is a party to the Patent Cooperation Treaty (PCT).

Hong Kong has a clear regime of copyright exceptions that follows the fair dealing model under the Copyright Ordinance, which enables the lawful use of copyrighted work by others without obtaining permission. These exceptions include research, private study, criticism, reviews and news reporting.