Cybersecurity - Bangladesh

Bangladesh's cybersecurity law evolved from the Digital Security Act 2018 to the Cyber Security Act 2023 (Act No. 46 of 2023, passed 13 September 2023), and most recently to the Cyber Security Ordinance 2025, gazetted 21 May 2025 by the interim government. Each iteration replaced the prior law in full.

The Ordinance establishes the NCSA as the primary regulatory authority empowered to designate Critical Information Infrastructure, issue mandatory security directions, conduct audits, prescribe technical standards, and coordinate with law enforcement. The apex policy body is the National Cyber Security Council (NCSC), which approves national cybersecurity policy and reviews NCSA performance.

The government retains sole authority to designate CII sectors (energy, banking, government systems, etc.). CII operators must deploy mandated security controls, localize sensitive data domestically, and establish security operations capabilities. Warrantless search, seizure, and arrest powers apply to CII-related cyber incidents.

BGD e-GOV CIRT (Bangladesh Government Computer Incident Response Team) serves as the national operational incident response body; organizations are directed to report indicators of compromise and suspicious activity to BGD e-GOV CIRT/NCSA. The Ordinance mandates incident response protocols and emergency procedures, including digital forensics coordination.

The Ordinance criminalises unauthorised access, hacking, cyberterrorism, cyber fraud, e-transaction crimes, incitement of religious/ethnic hatred, sexual harassment, blackmail, and online obscenity, with graded penalties. The 2025 reform made many offences (cyber fraud, sexual harassment, blackmail) bailable and removed 9 sections of its predecessor dealing with speech-based offences (defamation, 'offensive' content, false information).

The 2025 Ordinance explicitly recognises internet access as a citizen's right—a first for Bangladesh. However, Article 19, Human Rights Watch, and local civil-society groups have flagged that vague and undefined terms in the Ordinance still risk chilling free expression and press freedom, and called for further revision.