Hong Kong DefenseTech Accelerators: Ethics and Export Controls for Defence Technology Startups

Hong Kong’s position as a global financial centre is being tested by a new class of startup: defence technology (DefenseTech). The Hong Kong government’s 2025-26 Budget, delivered on 26 February 2025, allocated HKD 6 billion to the Innovation and Technology Fund (ITF), with a stated priority on “advanced manufacturing, materials, and aerospace” — sectors with clear dual-use applications. This fiscal push, combined with the HKEX’s growing pipeline of deep-tech listings (10 biotech and 6 hardware IPOs on the Main Board in 2024, per HKEX data), has attracted a wave of accelerator programmes targeting DefenseTech founders. However, these founders face a regulatory gauntlet that their fintech or SaaS peers do not: Hong Kong’s own Weapons Ordinance (Cap. 217), the U.S. International Traffic in Arms Regulations (ITAR) via its extraterritorial reach, and the European Union’s Dual-Use Regulation (2021/821). For a startup accepted into a Hong Kong accelerator, the ethical and compliance burden is not optional — it determines whether the company can raise its Series A, or whether its technology is effectively embargoed from key markets.

The Regulatory Architecture: Where Hong Kong Stands

Hong Kong operates a unique intersection of domestic and international export control regimes. The Weapons Ordinance (Cap. 217) governs the manufacture, import, and export of “arms and ammunition,” with the Commissioner of Customs and Excise as the licensing authority. For DefenseTech startups, this ordinance covers physical hardware — drones, ballistics, explosives — but does not explicitly regulate software, algorithms, or data sets. This gap is increasingly problematic as startups develop AI-driven targeting systems or cryptographic communication tools that have no physical component.

ITAR and the Hong Kong Connection

The U.S. International Traffic in Arms Regulations (ITAR) apply to any “defense article” or “defense service” on the U.S. Munitions List (USML), regardless of where the end-user is located. For a Hong Kong startup, this means that any technology developed using U.S.-origin components, software, or technical data — even if the startup is incorporated in Hong Kong — is subject to ITAR. The U.S. Department of State’s Directorate of Defense Trade Controls (DDTC) has enforcement authority. In 2023, DDTC imposed a USD 1.2 million penalty on a Hong Kong-based electronics manufacturer for ITAR violations related to drone components (DDTC Consent Agreement, 2023). Startups in Hong Kong accelerators must therefore conduct a full ITAR audit of their supply chain and technology stack before accepting any U.S. investor capital, as the mere presence of a U.S. limited partner (LP) in a venture fund can trigger ITAR registration requirements.

The EU Dual-Use Regulation

The European Union’s Dual-Use Regulation (2021/821) controls items, software, and technology that can be used for both civilian and military purposes. For a Hong Kong startup, the regulation applies if the technology is exported from the EU or if the startup’s software is used by an EU-based customer. The regulation’s “catch-all” clause (Article 4) allows EU member states to impose controls on items not listed if there is a risk of use in weapons of mass destruction. This creates a compliance burden for startups developing encryption, quantum computing, or advanced materials — all areas where Hong Kong accelerators are actively recruiting.

The Accelerator Landscape: Programs and Their Ethical Frameworks

Hong Kong’s accelerator ecosystem for DefenseTech is nascent but growing. The Hong Kong Science and Technology Parks Corporation (HKSTP) runs the “IDEATION” programme, which accepted 24 startups in 2024, including two with dual-use applications in drone navigation and secure communications. The Hong Kong Cyberport’s “Incubation Programme” has a dedicated “Smart Mobility” track that includes autonomous vehicle software — a clear dual-use technology. Neither programme explicitly publishes a defense-specific ethics code, but both require participants to sign a “Compliance Declaration” covering Hong Kong laws and international sanctions.

The Ethical Gap: No Standardised Framework

Unlike the U.S. Defense Innovation Unit (DIU), which operates under a published “Responsible AI” framework, or the U.K.’s Defence and Security Accelerator (DASA), which mandates ethical review for all projects, Hong Kong accelerators lack a standardised ethics protocol. This gap exposes both the accelerator and the startup to reputational and legal risk. For example, a startup developing facial recognition software for border control — a dual-use technology — could face export restrictions from the EU or U.S. if the software is later used for surveillance in a sanctioned jurisdiction. Without a clear ethical framework at the accelerator stage, the startup may not have the compliance infrastructure to manage this risk.

Case Study: The Drone Startup

Consider a hypothetical Hong Kong startup accepted into the HKSTP IDEATION programme developing an autonomous drone for agricultural monitoring. The drone uses a U.S.-origin GPS chip and a Chinese-manufactured camera. The software, developed in-house, includes an AI algorithm for object detection. Under ITAR, the U.S. GPS chip is not inherently a defense article, but the software could be classified as a “defense service” if it is designed for military-grade targeting. The startup must register with DDTC if it exports the software or if it receives U.S. venture capital. The accelerator should require the startup to conduct an ITAR classification review before demo day.

Practical Compliance: Steps for Founders

For a DefenseTech founder accepted into a Hong Kong accelerator, the compliance process must begin on day one. The following steps are derived from the SFC’s “Guidelines for the Licensing and Supervision of Intermediaries” (2023) and the HKMA’s “Supervisory Policy Manual” on sanctions compliance, adapted for the startup context.

Step 1: Technology Classification

The founder must classify each component of their technology against the U.S. Munitions List (USML) and the EU Dual-Use List. This is a legal determination that requires a qualified export control lawyer. The cost for a full classification is typically between HKD 50,000 and HKD 150,000, depending on complexity. The accelerator should budget for this as part of its startup support package.

Step 2: Supply Chain Audit

The founder must map every component, software library, and data source to its country of origin. A single U.S.-origin integrated circuit can trigger ITAR registration. The audit must be documented and updated quarterly. The HKMA’s “Guideline on Anti-Money Laundering and Counter-Financing of Terrorism” (2023) provides a framework for risk-based auditing that can be adapted for export control.

Step 3: Investor Screening

The founder must screen all prospective investors against the U.S. Department of Treasury’s Specially Designated Nationals (SDN) List, the EU Consolidated Sanctions List, and the Hong Kong Police Force’s “Terrorist Financing” list. A single investor with ties to a sanctioned entity can block the startup from exporting to the U.S. or EU. The accelerator should provide access to a commercial screening tool, such as Refinitiv World-Check or Dow Jones Risk & Compliance.

Step 4: End-Use and End-User Due Diligence

For any customer or partner in a high-risk jurisdiction (e.g., PRC, Russia, Iran, North Korea), the founder must conduct enhanced due diligence. This includes obtaining a signed “End-Use Certificate” from the customer, verifying the customer’s business registration, and conducting a site visit where possible. The SFC’s “Code of Conduct for Persons Licensed by or Registered with the Securities and Futures Commission” (2023) provides a model for this due diligence.

Step 5: Ongoing Compliance Monitoring

The founder must implement a compliance monitoring programme that includes quarterly reviews of export control lists, annual training for all employees, and a whistleblower mechanism. The accelerator should require this as a condition of continued participation.

Closing: Actionable Takeaways for DefenseTech Founders

1. Before accepting a place in any Hong Kong accelerator, commission a full ITAR and EU Dual-Use classification of your technology stack — the cost is a fraction of the potential penalty for non-compliance. 2. Structure your intellectual property (IP) ownership to ensure that all software and algorithms are developed in Hong Kong or a non-U.S. jurisdiction to minimise ITAR exposure. 3. Require the accelerator to provide a written compliance framework covering export controls, sanctions screening, and ethical review — if they cannot, consider a different programme. 4. Screen every investor, partner, and customer against the U.S. SDN List, the EU Consolidated Sanctions List, and the Hong Kong Police Force’s terrorist financing list before any transaction. 5. Engage a Hong Kong-licensed lawyer with export control expertise (a niche field with fewer than 20 practitioners in the territory) as a retained advisor from day one — this is a non-negotiable line item in your budget.