EXECUTIVE SUMMARY
The rapid digitization in Bangladesh has not only accelerated economic growth and expanded connectivity but has also profoundly transformed social dynamics. However, these developments come with complex regulatory challenges, as the state has sought to govern this digital expansion within a legal framework that, despite reform attempts, has not fully adapted to a digital-first reality. The primary legislative instruments governing digital activities—the Bangladesh Telecommunication Regulation Act, 2001, the Cyber Security Act, 2023, the Information and Communication Technology Act, 2006, and other laws—present a paradox. While these laws purport to secure cyberspace and safeguard public interests, they often fall short of meeting constitutional requirements and international human rights standards, creating an environment where digital rights, innovation, and national security are simultaneously at risk. Additionally, despite their promise, laws like the Children Act, 2013, the Prevention of Women and Children Repression Act, 2000, and the Pornography Control Act, 2012 fail to provide robust protections against pressing online abuses such as child sexual abuse materials (CSAM) and technology-facilitated sexual violence (TFSV), leaving significant gaps in addressing the unique vulnerabilities of the digital ecosystem and undermining efforts to create a safe and equitable online environment. Other legislative instruments, such as the Competition Act, 2012 and the Consumers’ Right Protection Act, 2009, were crafted with traditional markets in mind and fail to adequately address the complexities of the digital economy or provide sufficient protection for competitors and consumers in the digital domain.
These legislative instruments are set against the backdrop of Bangladesh’s complex socioeconomic and political realities. A significant number of these laws were enacted or amended during the 16-year rule under former Prime Minister Sheikh Hasina that prioritized consolidation of the state through prioritizing political control over key institutions, including the security sector, media, and the judiciary. As a result, they failed to address structural disenfranchisement of vulnerable communities, such as women, children and minority communities that extend to online spaces and has led to multiple bouts of fatal riots, communal violence, and targeted attacks.
Of particular concern is Bangladesh’s Constitution, which—despite its progressive framework inspired by globally recognized instruments such as the ICCPR and the Universal Declaration of Human Rights, along with principles from established constitutional democracies—has been systematically exploited by successive administrations to centralize executive power while curtailing parliamentary autonomy and judicial independence. In particular, the Westminster-style parliamentary system, intended to ensure accountability through a prime minister-led cabinet answerable to parliament, has instead devolved into an apparatus dominated by the ruling party, sidelining opposition voices and consolidating decision-making authority within the executive branch. Such a systemic imbalance has facilitated unchecked executive overreach and paved the way for the enactment of repressive laws. Compounding these issues, the judiciary, which could have served as a bulwark against these trends, has often failed to rise to the challenge. Rather than championing a forward-leaning, rights-respecting approach, judicial interpretations have frequently adopted overly broad and restrictive views, particularly in defining what constitutes “reasonable” restrictions on fundamental freedoms such as speech and privacy. These interpretations often lack proportionality and fail to establish clear boundaries, undermining the protection of individual rights. Moreover, the absence of adequately reasoned judicial decisions has exacerbated ambiguity, leaving the scope and legitimacy of such restrictions open to manipulation. Collectively, these systemic failures have undermined the Constitution’s role as a safeguard for democratic governance and fundamental rights.
One of the core issues in the current information and technology legislations in Bangladesh is the overbroad and ambiguous nature of its regulatory provisions, including poorly structured definitions, granting significant discretionary powers to policymakers, regulators, and law enforcement agencies (LEAs). For instance, the Bangladesh Telecommunication Regulation Act, 2001 allows for extensive surveillance, data interception, and information control. While justified on national security or public order grounds, they are often deployed without adequate oversight mechanisms or procedural safeguards, infringing on privacy and freedom of expression. With the absence of transparency and accountability mechanisms, or robust data protection legislation, a culture of impunity has evolved with the resulting environment not only restricting fundamental freedoms but also deterring foreign investment. Moreover, crucial terms such as “propaganda,” “disrepute to the state,” and “hurting religious sentiments” under the Cyber Security Act, 2023, or “pornography” under the Pornography Control Act, 2012, lack clear and objective definitions, enabling subjective interpretation and selective enforcement. Consequently, these legislations have led to the criminalization of online dissent, self-censorship, suppression of opposition voices, and erosion of trust in state institutions, underscoring the urgent need for reform to better align national security priorities with citizens’ fundamental rights.
The regulatory approach to digital governance in Bangladesh also reflects an overarching reliance on security-first frameworks. Key institutions, such as the National Cyber Security Agency (NCSA), operate under close ministerial supervision, with leadership from state agencies and limited representation from independent experts or civil society. Similarly, Bangladesh Telecommunication Regulatory Commission (BTRC) operates without meaningful political or structural independence, often prioritizing state control over safeguarding individual rights, compromising the agency’s ability to serve as an impartial regulator. Moreover, intelligence agencies such as Directorate General of Forces Intelligence (DGFI), National Security Intelligence (NSI), and National Telecommunication Monitoring Centre (NTMC) operate without publicly accessible mandates, transparent oversight mechanisms, or clear procedural guardrails, fostering an environment of fear and self-censorship that undermines democratic governance and the protection of human rights. This security-focused framework has resulted in an imbalance, where policies aimed at securing cyberspace have not been coupled with robust protection for individual freedoms or innovation. Such an approach, in its current form, is both misaligned with domestic constitutional obligations and inconsistent with Bangladesh’s commitments under the International Covenant for Civil and Political Rights (ICCPR).
The colonial underpinning of digital governance exacerbated both enforcement and ethical challenges. For instance, the Cyber Security Act, 2023 consolidates governmental authority over online expression, cybersecurity, and data-related offenses but does so in ways that do not adequately delineate between these offenses, and risk stifling innovation and economic growth in the digital sector. Likewise, the Bangladesh Telecommunication Regulation Act, 2001, originally intended to establish a regulatory framework for the telecommunications sector, has frequently been repurposed to justify surveillance and restrict digital content, often without clear statutory mandates or procedural safeguards.
Some of these laws borrow language directly from colonial-era statutes, such as the Penal Code, 1860, and are structurally modeled on archaic legislative paradigms like the Code of Criminal Procedure, 1898. For example, treating speech-related offenses as criminal offenses have fostered an environment of self-censorship, particularly among journalists, activists, and opposition voices, thereby limiting the scope of public debate and eroding democratic norms. Notably, criminal libel has been systemically used to erode the fundamental rights of citizens, serving as a weapon for political warfare both offline and online. Overbroad penal provisions, coupled with non-bailable clauses and cognizable offenses, enable LEAs to arrest individuals without warrants, often on subjective grounds and without following due process. These reflect colonial extractive values being imposed on modern rulemaking, rendering them unfit to tackle the myriad of challenges in the digital space. This creates an environment where the very foundations of governance come at the expense of protecting individual rights and advancing an innovation-friendly and inclusive digital ecosystem. This combination of inadequate safeguards and excessive penalties underscores the need for legal reforms that emphasize proportionality, judicial oversight, and procedural safeguards.
The inadequacy of laws to regulate the digital ecosystem in Bangladesh goes beyond online expression, safety and privacy, to areas like competition that are foundational in shaping the market. While countries in South and Southeast Asia, Europe, and the United States have utilized competition laws to hold technology companies accountable (to various degrees of success) by deterring the abuse of dominant positions and enhancing an environment where smaller businesses can thrive, Bangladesh’s Competition Act, 2012 remains underutilized and inadequate for addressing the challenges of the digital economy. One notable case involved an online-based food delivery service that was fined BDT 1 million (approximately USD 8,500), an amount far from sufficient to serve as a meaningful deterrent. Similarly, the Consumer Rights Protection Act, 2009 is ill-equipped to address issues in the digital domain, as crucial definitions exclude significant portions of the digital economy, such as zero-cost digital platforms, and fails to address modern anti-consumer practices like algorithm manipulation, dark patterns, or privacy exploitation.
Bangladesh stands at a pivotal moment in shaping a digital ecosystem that aligns with global standards for human rights and accountability, while simultaneously undergoing a decolonization exercise. The need for a comprehensive and rights-respecting approach to digital regulation is clear, as current policies often prioritize security at the expense of individual freedoms, innovation and democratic principles. By pursuing the recommended reforms, Bangladesh can develop a digital governance model that promotes security, fosters innovation, and respects the rights of its citizens.
However, legal reforms alone are insufficient to propel Bangladesh toward an inclusive, rights-respecting digital economy. Structured interventions are equally critical to address the country’s deep-rooted societal challenges related to religion, ethnicity, gender, education, and income inequality. Moreover, investing in healthy and competitive media and information environments is equally important in ensuring citizens can exercise their rights. In absence of a nuanced and comprehensive interrogation and overhaul of digital governance within the constraints of societal structures, even the most well-crafted laws will struggle to address the multifaceted challenges of digital harms and cybersecurity. Effective digital regulation needs to be adaptive and context-sensitive, integrating legal, technical, and societal dimensions, while being sufficiently future-proof and technology-neutral to address new and emerging technological developments. For Bangladesh, this means not only reforming outdated and repressive laws, but also creating an enabling environment that can chart a path toward a more equitable, inclusive and safe digital future, and setting a precedent for other countries grappling with similar challenges.
KEY RECOMMENDATIONS
-
Amend surveillance and interception protocols, and information disclosure mandates
Existing laws on electronic and digital surveillance, interception, and information disclosure need amendments to ensure compliance with domestic and international standards for privacy protection. Activities infringing individual privacy and organizational information security should be subject to robust, independent judicial oversight, ensuring that LEAs are accountable to the courts in conducting investigations. Clearer guidelines on data collection, use, transmission, and retention should be adopted to prevent misuse and overreach, with explicit limits on how data collected for specific legal purposes may be stored and shared. At all material times, regulatory transparency must be maintained to ensure accountability and public trust.
-
Introduce new online safety standards and procedures for content regulation
Existing and proposed regulations on online content are inadequate to effectively address harmful online content and should therefore be repealed. Drawing from successful regulatory models in other countries, a new statute should be introduced to address speech-related offenses in alignment with domestic and international standards for free speech. Specifically, non-violent and non-harmful speech should be decriminalized to prevent the misuse of legal provisions to silence journalists, activists, and ordinary citizens, with civil remedies or administrative penalties for cases involving minor offenses. Harmful content, such as CSAM and TFSV, should be subject to stricter sanctions. Additionally, the Bangladesh Telecommunication Regulation Act, 2001 should be amended to enhance the independence of BTRC, empowering it to assess content removal requests based on legal grounds rather than political pressures, ensuring that content regulation upholds democratic discourse. To prevent misuse and ensure fairness, robust procedural safeguards must be integrated into both the new and amended laws. -
Introduce a robust but balanced cybersecurity framework with diverse governance
Existing laws on cybersecurity are fragmented and inadequate to effectively address non-content technology-enabled crimes and should therefore be repealed. Within the framework of the online safety statute, legal mechanisms to counter cybersecurity crimes—like hacking, identity theft, financial fraud, ransomwares, unauthorized data modification and access, and other offenses related to digital infrastructures and other information communications technologies—should be strengthened. Furthermore, the governance structure of cybersecurity institutions, particularly the NCSA, should include independent experts, civil society representatives, and data protection specialists to ensure that security measures do not encroach upon civil liberties. An inclusive governance approach would promote transparency, accountability, and public trust, balancing the state’s security imperatives with the protection of individual rights.
-
Strengthen competition and consumer protection in the digital ecosystem
The existing competition statute is not fully adapted to the digital economy, enabling technology companies to abuse their dominant position in markets to the detriment of consumers and competitors. Similarly, consumer protection laws are not fully adapted to the digital economy, exposing users to fraud and data vulnerabilities in online transactions. A comprehensive digital competition and consumer protection framework, and a separate e-commerce statute, should be established, incorporating precise and inclusive definitions and extraterritorial provisions, defining standards for e-commerce, privacy in consumer data, and penalties for fraudulent activities, while harmonizing with related laws to avoid conflict of law. Such reforms would also promote confidence in Bangladesh’s digital economy, protecting both consumers and responsible businesses, while encouraging foreign investment.
-
Introduce a personal data protection statute
Currently, there is no comprehensive, cross-sectoral personal data protection statute in Bangladesh to safeguard citizens’ privacy rights and establish standards for data security. A new data protection law should be enacted, outlining data processing limits, storage standards, and consent requirements, ensuring data is collected and processed responsibly by both public and private entities. Robust data protection would also enhance trust in digital services and enable Bangladesh to comply with international data protection frameworks.
-
Introduce a consistent and proportionate sentencing guideline along with a centralized case tracking system
Currently, there are no structures or systems to ensure balanced and consistent sentencing in criminal cases. Without sentencing guidelines or recommendation system, or a centralized system for tracking case precedents, judges are left with broad discretion, undermining the fairness and consistency of the sentencing process. Establishing these systems would ensure uniformity and proportionality in the application of penalties, limit judicial discretion, and avoid arbitrary sentencing.
