Security Intelligence

Port and Border Crossing Security: Risk Management for Business Travel | CloseProtectionHire

Q: "Can border officials search an executive's devices without reason?"

"Yes, in many jurisdictions. In the United States, Customs and Border Protection has authority to inspect electronic devices at the border without reasonable suspicion under CBP Directive No. 3340-049A (2017). The UK's Schedule 7 of the Terrorism Act 2000 allows examination of any person (not restricted to terror suspects) passing through a port or border point -- including device inspection. Many authoritarian states assert even broader search powers, with no requirement to justify the exercise. Executives travelling to or through jurisdictions with elevated device search risk should operate on the assumption that any device crossing the border may be examined."

Q: "What is the ISPS Code and does it apply to passenger ports?"

"The International Ship and Port Facility Security (ISPS) Code, adopted under SOLAS amendments in 2002 and in force from July 2004, applies to ships on international voyages and to port facilities that service them. Passenger ports handling international ferry and cruise traffic are within scope. The Code requires port facilities to have an approved Port Facility Security Plan (PFSP), a designated Port Facility Security Officer (PFSO), and security measures calibrated to one of three security levels. ISPS does not apply to domestic ports serving only domestic routes."

Q: "What are Authorised Economic Operator (AEO) programmes and how do they affect border crossing?"

"Authorised Economic Operator (AEO) status, established under the WCO SAFE Framework of Standards (2005) and implemented in the UK through HMRC, is a voluntary accreditation programme for businesses involved in the international supply chain. AEO-accredited businesses are assessed as having robust customs compliance and security standards, and benefit from streamlined customs procedures and, in some jurisdictions, facilitated border processing. AEO is a supply chain security instrument rather than a personal travel facilitation mechanism -- it reduces customs friction for goods movements, not for individual travellers."

Q: "What should an executive do if detained at a border crossing?"

"If detained at a border crossing, the first priority is to remain calm and non-confrontational. Detention by border officials -- even without stated reason in jurisdictions with Schedule 7-style powers -- does not create an immediate physical threat in most environments. The executive should note the time, location, and names of officials if possible, comply with lawful requests while noting anything that appears unlawful, and as soon as possible (when permitted) contact their legal representative, employer security team, or embassy. In jurisdictions with a history of arbitrary detention, pre-travel briefings should include specific guidance on the detention protocol and the contact chain."

Q: "Which border crossings carry the highest risk for executives?"

"Risk at border crossings depends on the combination of: the jurisdictions on either side (particularly whether either is a high-corruption or authoritarian state), the route's use for smuggling or trafficking (which increases the frequency and hostility of security encounters), the executive's nationality and industry (certain nationalities face heightened scrutiny at specific crossings; oil executives, defence contractors, and journalists face elevated risk in some jurisdictions), and current political relations between the executive's home country and the destination state. Land border crossings in conflict-affected regions, and crossings between states with historically adversarial relations, carry the highest situational risk."

Security risks at ports and border crossings: device inspection powers, cargo integrity, facilitated border passage for executives, and safe transit protocols for high-risk crossings. Enquire today.

12 May 2026

Written by James Whitfield, Senior Security Consultant

Speak to the Team

Border crossings and port facilities present a category of security risk that is distinct from most other environments an executive will pass through. The state has exceptional legal authority at the border. Intelligence services use border points as collection opportunities. Criminal networks exploit congestion and distraction at busy crossings. And in some parts of the world, the border crossing is itself a hostile-actor operation.

Understanding what powers officials have, what risks the specific crossing presents, and what preparation reduces those risks is not complicated. But it requires advance thought that most business travel programmes do not provide.

State Powers at the Border: UK and US

Schedule 7, Terrorism Act 2000

Schedule 7 of the Terrorism Act 2000 gives examining officers at designated ports and border points – including airports, seaports, and the Channel Tunnel – powers to stop, question, and detain any person passing through, for up to six hours without arrest. No suspicion of any offence is required. The examining officer can require the person to hand over documents, keys, and devices, and can examine the contents of any device produced.

The Schedule 7 powers were reviewed and amended by the Counter-Terrorism and Security Act 2015, which added safeguards for legally privileged material. But the core power – examination without suspicion at a port point – was retained and is used. A 2023 review by the Independent Reviewer of Terrorism Legislation confirmed approximately 20,000 Schedule 7 examinations per year in the UK.

CBP Directive No. 3340-049A (2017)

US Customs and Border Protection’s directive on border search of electronic devices, updated in 2017, authorises CBP officers to conduct manual searches of electronic devices without reasonable suspicion. An advanced search – connecting the device to forensic equipment – requires reasonable suspicion or a national security concern. The directive applies at all US ports of entry and to all travellers, including US citizens and permanent residents.

The Fourth Amendment protection against unreasonable search and seizure does not apply at the border in the same way it applies domestically – courts have consistently upheld CBP’s border search authority. Litigation challenging the directive continues, but the operational position for executives crossing the US border is that device inspection is legally possible at any point of entry.

Authoritarian State Powers

Both the UK and US frameworks impose some procedural limits on border search. Many authoritarian states do not. China, Russia, Iran, Belarus, Saudi Arabia, and a number of other states assert broad search and seizure powers at borders that are not subject to meaningful independent oversight. In some of these states, border inspection of devices has been used to identify journalists’ sources, gather intelligence on business negotiations, and identify individuals whose communications then become the basis for detention or prosecution.

The Clean Device Protocol

The standard response to elevated border search risk is the clean device protocol: the executive crosses the border with a device that contains no sensitive data.

This can be implemented in two ways:

Wiped travel device: A secondary device is configured for travel, with work applications installed but no locally stored data. All data is cloud-based, accessed via authenticated login after clearing the border. The device itself contains nothing of value if examined.

Factory reset device: A single device is backed up, wiped to factory settings before departure, and restored after returning. This is more disruptive to the traveller but eliminates the need to maintain a secondary device.

For organisations subject to UK GDPR (Article 5 data minimisation and integrity principles), the clean device protocol is not just a security measure – it is part of the legal framework for processing personal data in jurisdictions without adequate data protection laws.

For a fuller treatment of digital security in executive travel, including encrypted communications, hotel network risks, and the Darkhotel threat actor pattern (Kaspersky 2014), see our executive travel data protection guide.

ISPS Code: Port Facility Security

The International Ship and Port Facility Security Code (ISPS Code) was adopted under SOLAS XI-2 amendments in December 2002, entering force on 1 July 2004. It establishes a framework for port facility security that applies to facilities serving international shipping.

Each ISPS-compliant port facility must:

Designate a Port Facility Security Officer (PFSO) responsible for security plan implementation
Produce an approved Port Facility Security Plan (PFSP) covering three security levels
Conduct a Port Facility Security Assessment (PFSA) identifying threats, vulnerabilities, and consequences
Restrict access to secured areas to authorised personnel
Maintain facilities for monitoring and controlling the movement of persons and cargo

Security Level 1 (normal): minimum appropriate security measures are maintained at all times. Level 2 (heightened): additional measures in response to a heightened risk. Level 3 (exceptional): further specific protective measures in response to a probable or imminent incident.

The ISPS Code does not govern the experience of individual travellers passing through port facilities – it governs the facility’s security management system. However, it creates the framework within which any security incident at a major international port is managed.

Land Border Crossings in High-Risk Regions

Land border crossings carry security risks that are structurally different from airport environments. The most significant:

Unofficial checkpoints: In conflict-affected areas and regions with weak state control, unofficial checkpoints operated by militia, criminal groups, or corrupt officials are a persistent risk. These checkpoints are not bound by any legal framework, respond to perceived vulnerability, and can involve extortion, document seizure, vehicle search, or worse. The close protection team’s advance work must specifically address the checkpoint situation on the planned route.

Congestion and distraction crime: Major land border crossings in high-traffic regions are often congested for extended periods. Crowded, stationary traffic is an environment in which organised theft, distraction crime, and surveillance operations are straightforward to execute. Vehicle security during extended border waits – locked doors, no visible valuables, windows closed – is a basic protocol that should be briefed and enforced.

Document control: Some jurisdictions require the surrender of the principal’s passport for processing during border transit. The protocol for this should be agreed in advance – who holds the documents, what the procedure is if documentation is retained beyond the expected period, and what constitutes an unacceptable demand.

For the broader logistics and cargo security considerations that sit alongside personal security at border crossings, see our supply chain and logistics security guide.

Summary

Key takeaways

Device security at borders is a pre-travel decision, not an in-the-moment one

Deciding at the border what to do about a device search is too late. The clean device protocol -- travelling with a device wiped to factory settings, or a temporary device with no sensitive data -- must be decided and implemented before departure. CBP Directive No. 3340-049A (2017) and Schedule 7 of the Terrorism Act 2000 both permit device searches without suspicion. An executive who crosses a border with a device containing commercially sensitive data, privileged legal communications, or personal financial information has created a vulnerability that no in-the-moment response can fully mitigate.

Physical security at land border crossings differs from airports

Airport border crossing security involves structured facilities, regulated queuing, and a relatively predictable encounter with officials. Land border crossings in high-risk regions often do not. Congestion at crossing points creates opportunities for theft, distraction crime, and surveillance of travellers. Unofficial checkpoints -- set up by criminal groups, militia, or corrupt officials -- operate outside any regulatory framework and present a qualitatively different risk. The close protection team's route planning must address the specific crossing, the expected queue time, the alternative crossings available, and the protocol if the planned crossing is closed or controlled.

Cargo integrity matters as much as personal security at ports

For executives responsible for supply chains that move through high-risk ports, the security of the cargo is a direct business risk. Container tampering, contraband concealment (which can result in asset seizure and prosecution), and cargo substitution are recurring features of port security incidents in high-corruption environments. AEO accreditation, container seal inspection protocols, and trusted shipper arrangements reduce but do not eliminate this risk.

Embassy registration is a basic protocol that is consistently overlooked

Registering travel plans with the relevant embassy or high commission (through FCDO's LOCATE service for British nationals, or the equivalent service for other nationalities) provides a channel through which consular assistance can be mobilised if the traveller is detained, involved in an incident, or becomes uncontactable. Registration costs nothing and takes minutes. The proportion of business travellers who complete it is very low.

The protocol for a cancelled or controlled border crossing must be agreed in advance

Border crossings in conflict-affected regions and politically volatile states are occasionally closed at short notice, subjected to heightened security controls, or rendered inaccessible by civil unrest. A close protection team operating in a region with an active conflict should have a planned response to a denied or dangerous border crossing -- including alternative crossings, the decision authority for turning back, and the communications protocol for advising the organisation of the change of plan. Improvising these decisions at the crossing, under time pressure and potentially in view of hostile actors, is avoidable.

FAQ

Frequently Asked Questions

Yes, in many jurisdictions. In the United States, Customs and Border Protection has authority to inspect electronic devices at the border without reasonable suspicion under CBP Directive No. 3340-049A (2017). The UK’s Schedule 7 of the Terrorism Act 2000 allows examination of any person (not restricted to terror suspects) passing through a port or border point – including device inspection. Many authoritarian states assert even broader search powers, with no requirement to justify the exercise. Executives travelling to or through jurisdictions with elevated device search risk should operate on the assumption that any device crossing the border may be examined.

The International Ship and Port Facility Security (ISPS) Code, adopted under SOLAS amendments in 2002 and in force from July 2004, applies to ships on international voyages and to port facilities that service them. Passenger ports handling international ferry and cruise traffic are within scope. The Code requires port facilities to have an approved Port Facility Security Plan (PFSP), a designated Port Facility Security Officer (PFSO), and security measures calibrated to one of three security levels. ISPS does not apply to domestic ports serving only domestic routes.

Authorised Economic Operator (AEO) status, established under the WCO SAFE Framework of Standards (2005) and implemented in the UK through HMRC, is a voluntary accreditation programme for businesses involved in the international supply chain. AEO-accredited businesses are assessed as having robust customs compliance and security standards, and benefit from streamlined customs procedures and, in some jurisdictions, facilitated border processing. AEO is a supply chain security instrument rather than a personal travel facilitation mechanism – it reduces customs friction for goods movements, not for individual travellers.

If detained at a border crossing, the first priority is to remain calm and non-confrontational. Detention by border officials – even without stated reason in jurisdictions with Schedule 7-style powers – does not create an immediate physical threat in most environments. The executive should note the time, location, and names of officials if possible, comply with lawful requests while noting anything that appears unlawful, and as soon as possible (when permitted) contact their legal representative, employer security team, or embassy. In jurisdictions with a history of arbitrary detention, pre-travel briefings should include specific guidance on the detention protocol and the contact chain.

Risk at border crossings depends on the combination of: the jurisdictions on either side (particularly whether either is a high-corruption or authoritarian state), the route’s use for smuggling or trafficking (which increases the frequency and hostility of security encounters), the executive’s nationality and industry (certain nationalities face heightened scrutiny at specific crossings; oil executives, defence contractors, and journalists face elevated risk in some jurisdictions), and current political relations between the executive’s home country and the destination state. Land border crossings in conflict-affected regions, and crossings between states with historically adversarial relations, carry the highest situational risk.

Get in Touch

Request a Consultation

Describe your security requirements below. All enquiries are confidential and handled by licensed consultants.