2. ARTICLES
  3. feature

Cyber-Crime Legislation in Bangladesh and India: A Critical Analysis

Repoter : News Room
Published: 17 September, 2025 12:08 pm
Cyber-Crime Legislation in Bangladesh and India: A Critical Analysis
cyber-crime

Abstract

This article compares and critically analyses the principal laws, rules and enforcement practices that govern cyber-crime, content regulation and data protection in Bangladesh and India. It highlights how both countries have used ICT-era laws to pursue legitimate cybersecurity and public-order objectives while creating significant risks to freedom of expression, privacy and due process. The piece concludes with targeted recommendations to align legal design and enforcement with human-rights norms and effective cybercrime governance.

Introduction

Rapid digitization across South Asia has produced new opportunities and new harms: online fraud, identity theft, doxing, child sexual abuse material, and sophisticated intrusions now sit alongside long-standing concerns about defamation, political speech and disinformation.

States respond by updating criminal law, adopting intermediary rules and—more recently— legislating data protection. Yet legal texts, enforcement practices and institutional capacity differ substantially between Bangladesh and India, producing distinct risks and remedies for citizens, businesses and civil society.

Legal Frameworks: A Snapshot

Bangladesh

Bangladesh’s cyber law architecture is rooted in the Information and Communication Technology (ICT) Act, 2006 (amended 2013) and, from 2018, the Digital Security Act (DSA) 2018. The ICT Act originally created cyber-tribunals and defined computer-related offences; many of its earlier provisions (notably the contentious Section 57 of the 2006 Act) were perceived as overly broad and later replaced in effect by the DSA.

The DSA (in force since 1 October 2018) consolidates a wide range of offences—ranging from hacking to “propaganda and false information” online—and prescribes severe penalties, including lengthy imprisonment. The law has been widely criticised by human-rights organisations for vagueness, disproportionate penalties and chilling effects on free speech.

India

India’s cybersecurity and cyber-crime regime is centred on the Information Technology Act, 2000 (and its 2008 amendments), supplemented by executive rules (notably the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021) and sectoral regulators. Key criminal provisions were added by amendment (e.g., the infamous Section 66A penalising “offensive” online messages), but the Supreme Court struck down Section 66A in ShreyaSinghal v. Union of India (2015) for vagueness and overbreadth, reaffirming constitutional free-speech guarantees.

In parallel, India passed its first dedicated data-protection statute—the Digital Personal Data Protection (DPDP) Act, 2023—which was enacted by Parliament in August 2023 but whose operationalisation and subordinate rules remain evolving and, for much practical effect, still being phased. The Centre’s Intermediary Rules (2021) place extensive due-diligence and traceability obligations on large platforms.

Comparative Analysis

Scope and drafting clarity

  • Bangladesh: The DSA’s drafting has been criticised for ambiguous language (e.g., “propaganda” or “false information”) that gives broad discretion to enforcement authorities and invites arbitrary interpretation. Such vagueness undermines legal certainty and invites self-censorship. Carnegie Endowment
  • India: The IT Act contains clearer technical offences (unauthorised access, data theft, tampering), but some provisions (as shown by the former Section 66A) demonstrated that poorly worded criminalisation can re-emerge through rules or executive action. The Intermediary Rules add compliance burdens on platforms that are operationally precise but raise due-process and privacy concerns (e.g., rapid takedown timelines and requirements for appointing grievance officers and nodal points). MeitY

Freedom of expression vs. regulation of harmful content

Both countries balance public-order concerns against expression, but practice diverges. Bangladesh’s DSA has been deployed frequently against journalists, bloggers and activists—prompting sustained criticism from rights groups and international bodies that the law chills dissent. India’s legal landscape shows a mixed record: while the Supreme Court has protected free speech (striking Section 66A), executive rules (Intermediary Guidelines) and blocking powers (e.g., under Section 69A of the IT Act) create mechanisms that can be used to restrict content. Carnegie Endowment+1

Data protection and privacy

India has recently moved to a statutory data-protection framework (DPDP Act, 2023), aiming to define rights of data principals, obligations for data fiduciaries, and penalties for breaches. However, as with many new statutes, implementation depends on rules, supervisory architecture and judicial review.

Bangladesh currently lacks a comprehensive, standalone data-protection law of equivalent ambition (its legal patchwork addresses some privacy matters but not via a consolidated statute comparable to India’s DPDP). This gap leaves Bangladeshi citizens more exposed to unregulated data processing and weak remedies. Wikipedia

Enforcement institutions and capacity

Both countries rely on a mix of specialised cybercrime units (police), telecom authorities, and national CERTs (Computer Emergency Response Teams). Practical constraints—limited digital forensic capacity, inconsistent training, judicial backlogs, and weak independent oversight—impede timely, rights-aware enforcement in both jurisdictions. Where enforcement is assertive but oversight weak, there is a substantive risk of misuse for political or extrajudicial ends. SAMSN+1

Notable Case-Law and Incidents (illustrative)

  • ShreyaSinghal v. Union of India (2015) — Supreme Court of India struck down Section 66A (overbroad restriction on speech online), a landmark protection for online expression. PRS Legislative Research
  • Bangladesh: numerous documented prosecutions under the DSA involving journalists, political critics and social-media users have raised alarms among international rights groups and observers about disproportionate application. Carnegie Endowment+1

Policy Concerns and Human-Rights Implications

  1. Vague criminal offences and chilling effects. Laws that use broad terms (e.g., “false information” or “hurting religious sentiment”) without clear mensrea or public-interest exceptions risk penalising legitimate journalism, criticism and satire. This is a central critique of Bangladesh’s DSA and part of the reason for sustained calls for reform. Carnegie Endowment+1
  2. Due-process and accountability. Rapid takedown powers, mandatory traceability orders and the use of emergency blocking powers can circumvent judicial scrutiny if sufficient safeguards are absent. Both countries need stronger procedural guardrails—judicial warrants, notice-and-appeal mechanisms, transparency reporting and independent oversight. MeitY
  3. Data governance gaps. Without robust, enforceable privacy protections and redress mechanisms, citizens’ personal data can be exploited by private actors or insecurely maintained by public bodies. India’s DPDP Act creates a legislative foundation, but its protective value hinges on rulemaking, institutional independence and proportionality in exemptions. Wikipedia
  4. Capacity and international cooperation. Cybercrime often crosses borders. Effective investigation requires cross-border mutual legal assistance, interoperable digital-forensics standards, and sustained capacity-building for law enforcement that respects human rights. Both countries should continue investing in training and multilateral cooperation.

Recommendations

For Bangladesh

  • Narrow and clarify offence definitions in the DSA to meet international human-rights standards (necessity, proportionality, legal certainty). Explicitly carve out protections for journalism, academic work and legitimate public interest reporting. Carnegie Endowment
  • Establish independent oversight (ombudsperson or review board) for content takedown and surveillance orders; require transparency reporting by agencies.
  • Priorities a standalone data-protection law with clear rights (access, correction, deletion), enforcement mechanisms and capacity-building for regulators.

For India

  • Ensure that Intermediary Rules are applied with robust procedural safeguards: time-bound judicial review, independent audits for traceability demands, and clearer limits on obligations that could infringe privacy. MeitY
  • Operationalise the DPDP Act transparently and swiftly, with stakeholder consultations on rules and a strong, independent supervisory authority empowered to enforce compliance and investigate breaches. Wikipedia

For both countries

  • Invest in forensic capacity while embedding human-rights training in police and prosecutorial units.
  • Adopt multi-stakeholder transparency: regular public reporting on cybercrime prosecutions, use of blocking orders, and data requests.
  • Strengthen regional cooperation (mutual legal assistance, joint task forces) and adopt shared standards for digital evidence handling.

Conclusion

Bangladesh and India face similar policy trade-offs: the need to prevent real cyber harms while preserving fundamental rights in democratic societies. Bangladesh’s DSA exemplifies the danger of broad criminalisation without sufficient safeguards; India’s experience shows that even where courts protect speech, regulatory instruments and executive practice can reintroduce risks.

The path forward requires clearer statutes, stronger procedural checkpoints, independent oversight and a determined investment in technical and judicial capacity. Only then can cyber-law serve both security and rights.

Selected References (web sources consulted)

  • Carnegie Endowment for International Peace — How Bangladesh’s Digital Security Act Is Creating a Culture of Fear. Carnegie Endowment
  • Amnesty International — Bangladesh: Interim Government must restore freedom of expression and repeal Cyber Security Act. Amnesty International
  • ICJ — Information and Communication Technology Act: Draconian assault on free expression (Bangladesh). International Commission of Jurists
  • Government of India, MeitY — Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (PDF). MeitY+1
  • PRS/analysis and historic reporting on Section 66A / ShreyaSinghal judgment. PRS Legislative Research
  • Digital Personal Data Protection Act, 2023 — summary sources and comparative analyses. Wikipedia+1

Author Shahinur Rahman, PhD Scholar (Student), Mangalayatan University, India

Related News  

Marital rape: our laws and lacks

Marital rape: our laws and lacks

Climate Literacy in Bangladesh: In Search of An Impeccable Framework

Climate Literacy in Bangladesh: In Search of An Impeccable Framework

Cyber-Crime Legislation in Bangladesh and India: A Critical Analysis

Cyber-Crime Legislation in Bangladesh and India: A Critical Analysis

 Cyber Crime Justice Challenges in Bangladesh

 Cyber Crime Justice Challenges in Bangladesh

RIGHT TO PRIVATE DEFENCE

RIGHT TO PRIVATE DEFENCE

Time to frame guidelines for M. Phil and PhD Program

Time to frame guidelines for M. Phil and PhD Program

ADR and Legal Aid Must Be Vanguard of Judicial Reform : CJ

ADR and Legal Aid Must Be Vanguard of Judicial Reform : CJ

An Advocate’s Conduct is the Mirror of Law

An Advocate’s Conduct is the Mirror of Law