Tech Global Institute (TGI) and Bangladesh Legal Aid and Services Trust (BLAST) welcome the initiatives of getting rid of the Cyber Security Act, 2023 and speech-related offences, and the withdrawing of ongoing cases under these offences. However, BLAST and TGI are concerned that the offences related to harmful content are not defined well in the Cyber Security Ordinance, 2025 (officially gazetted on May 22). As a result, there is a risk that the law could be applied differently to different individuals. Besides this, persisting uncertainties regarding the judicial process and the excessive and unfettered powers of regulatory authorities and law enforcement agencies may present barriers to the proper enforcement of constitutional rights.
Concerns:
- “Unlawful physical relations” is included in the definition of sexual harassment but is not defined, and no clear criteria is stated for who determines whether a relationship is “unlawful.”
- Reference to “pornographic content” is made without defining “pornography”, leading to reliance on the Pornography Control Act, 2012, which in turn uses vague terms like “obscenity” and “semi-nudity.”
- Revenge porn definition should not require intent to harm; instead, the act of sharing intimate content without consent should suffice to constitute a crime. This crucial component is missing from the ordinance.
- National Cyber Security Agency is government-controlled like previous iterations, posing a threat to freedom of expression, protected under the Constitution and international treaties. The National Cyber Security Agency also falls under the ICT Division and BTRC, possibly causing conflicts or obstacles in executing content-blocking provisions.
- National Cyber Security Council is led by high-level government officials, thus posing risks of abuse of power and increased state surveillance.
- Police are empowered to conduct searches, seizures, and arrests without warrants in Critical Information Infrastructure (CII)-related cyber incidents.
- Government has sole authority to designate CII.
- Vague definitions of “hacking” and “cyberattack.”
- Numerous cases remain under DSA and Section 57 of ICT Act. No equivalent legal protection is offered to those accused under these past laws.
Recommendations:
- Clearly define “unlawful physical relations” and establish who decides its legality.
- Include a clear and objective definition of “pornography” in the ordinance to avoid subjective interpretation.
- Redefine “revenge porn” to consider non-consensual sharing of intimate content as a punishable offense, regardless of intent.
- Specify the grounds for content blocking by the Agency more clearly and ensure safeguards to protect freedom of speech and expression. Also, clarify the roles and coordination between institutions to avoid bureaucratic inefficiencies or conflicts of interest.
- Include independent experts or civil society representatives in the National Cyber Security Council and establish transparent oversight mechanisms for accountability.
- Limit warrantless powers of police and ensure judicial oversight.
- Define key terms like “hacking” and “cyberattack” clearly.
- Extend the same legal protections and relief to individuals prosecuted under DSA and ICT Act (2006), and consider dismissing or reviewing all similar pending cases to ensure equal justice.
