Honeypots are common defensive tools, but the laws governing their deployment remain fragmented. We map current statutes and case law to a concise technical taxonomy (interaction levels, honeytokens, dynamic decoys) and assess how "without right"/authorization concepts apply to routine decoy interactions. We compare U.S. subjective and European Court of Human Rights (ECtHR) objective entrapment tests, propose a cross-border cooperation "minimum floor," and evaluate claims for "weaponized" honeypots under public international law. We extract operational guardrails and discuss data sharing/AI uses, closing with role-specific recommendations. Given space limits, this is a deployment-aware synthesis; detailed case studies, grey-zone State practice debates, and full AI evaluations are out of scope.