Well, for non-destructive actions that's probably good enough.

For destructive actions (say zeroing an RSA private key or some sort of master key, wiping an HSM, etc.) than you would want a system where the likelihood of false negatives is minimized only so far as the likelihood of a false positive is very remote.

In the former case, you could be compelled to provide the password (or equivalent). In the later case, even if you do they have to brute force the crypto container (assuming no backup of the destroyed data can be found.)

HSMs generally behave destructively to tampering and normally are the exclusive holder of a specific key. They tend to have a metal casing that protects the tamper detection mechanisms from accidental triggering and redundant batteries to avoid running out of power (which is normally a trigger for self-erasure through de-powering SRAM or running off of a capacitor with an high-priority non-maskable power-loss interrupt to trigger zeroing.)

This is where you need to separate the data from the encryption, and where external hardware based authentication becomes useful. If you have a hardware authentication you can destroy the device without losing data, and depending on the ease of getting a new device hold up the ability to access said data. There are all sorts of things you could look at wrt securing/destroying the device, GPS location etc.

If you were to have the devices be stored / issued from somewhere outwith the jurisdiction of your state you might even have something that could stand up to the law. But then you have to worry about someone tampering with the devices - but by that point you're up against intelligence agencies and realistically you can't do anything to stop them - after all your device is Tempest secured, air gapped from the internet etc etc.