A Critical Analysis of Digital Rights Reform and Governance Transformation

Abstract
Bangladesh’s revocation of the Cyber Security Act 2023 in favor of the Cyber Security Ordinance 2025 is a big move for the country towards digital governance and civil rights. This change, brought about by a gazette notification issued by the Ministry of Law, Justice and Parliamentary Affairs in May 2025, scrapped nine contentious sections, which had been widely criticized by civil society, media bodies and international human rights organisations.
The reform, pioneered by Dr. Asif Nazrul, Law Adviser, had 25 modifications after wide-ranging consultations with stakeholders, which was a significant departure from previous digital security legislations, which took a top-down approach. The new law includes several progressive components, including, for the first time in the legal framework of Bangladesh, acknowledging internet access as a civic right, made to counter new digital threats to the citizens like AI-driven criminal activities, and more protection for the vulnerable groups.
This legal history is part of wider democratic changes underway in Bangladesh, and the intersecting considerations about how to balance national security and fundamental rights in the digital era that they raise.
A Historical Background and Legislative
-
- The Cyber Security Act: Its Legacy and Faults
Instead, the Cyber Security Act of 2023 replaces the incredibly controversial Digital Security Act 2018, which was roundly condemned by both national and international voices as repressive of free speech, especially online. The manner in which the Digital Security Act has been applied in Bangladesh served to escalate the “climate of digital authoritarianism,” and hindered the legitimate exchange of ideas and formation of public opinion which are inherent to democratic societies, Rapporteurs said. It was purported to protect cyber space by apprehending, preventing, controlling and punishing digital or electronic crimes, yet the 2023 Act was “not very dissimilar” from other laws and merely reduced fines with no significant changes to penalties.
The earlier version of the Noxious Cyber Security 2023 had extensive chapters ranging from the setting up of the National Cyber Security Agency to the definitions and penalties for cybercrimes. Hard sections were introduced with clauses for punishments over hate-inciting, misleading and defamatory propaganda against themes of liberation war, national symbols and historical persons, in addition to far-reaching powers for removing and blocking digital contents. Certain of these provisions, in particular ss 21, 24, 25, 26, 27, 28, 29, 31 and 34, received criticism as open to abuse and likely to have a chilling effect on activities that were genuine expressions. The inclusion of terms such as “defamation,” “identity theft” and “transmission of offensive information” in the Act was criticised by free speech advocates, who felt the language was vague and potentially to be used at the discretion of law enforcement.
Migration to the 2025 Ordinance Model
The shift from the Cyber Security Act 2023 to the Cyber Security Ordinance 2025 is no mere legislative upgrade -it is a seismic reimagining of Bangladesh’s relationship with digital governance. The process of developing the ordinance started with a first draft being released by the ICT Division on December 1, 2024, the process for public feedback finished by December 4, a recommendation by its Advisory Council on December 24, and final approval in early May 2025. This process of dialogue and participation was quite a departure from previous law making and showed that the interim government was serious about inclusion in policy making.
The most important contribution of the new ordinance is that it recognizes explicitly Internet access as a citizen’s right, placing Bangladesh alongside the most forward-thinking countries that recognize that digital connectivity is a requirement for modern citizenship. This is a recognition with important implications for governments, not least public responsibility for digital infrastructure development, access, and affordability. The ordinance also incorporated new offences related to modern technologies and other contemporary concerns including crimes committed by the aid of AI rendering Bangladesh the first country in the South Asia to have criminalized AI facilitated crimes directly. Furthermore, government and civil society efforts to prevent children and women from cyberspace bullying and sexual exploitation reflect the new appreciation of digital violence and its gendered aspect.
Scrutiny of the Repealed Provisions
-
- Magnitude and Importance of Omitted Sections
The withdrawal of nine particular sections of the Cyber Security Act 2023 is a welcome move to resolve some of the worst problems within Bangladesh’s digital laws. Provisions of section 21, part of the much-criticized Law, stipulated “punishment of false propaganda against liberation war, spirit of liberation war, Father of the Nation, and national anthem or flag” had also been criticized as a tool to silence political opposition. The sweeping nature of these provisions weaponised authorities to stifle legitimate criticism and the open exchange of historical ideas under the cover of protecting symbols of the nation, thus establishing super categories of political speech that went against international freedom of expression norms.
Articles 24 (identity fraud) and 29 (defamatory information) had established a parallel scope alongside criminal law and had established more severe digital-related penalties that in many cases were disproportionate. Repealing these sections removes redundant legal coverage and diminishes the risk of forum shopping of prosecutors who’d like to apply maximum penalties for online expression. Of such subjective language and arbitrary application, section 25a€s prohibition on “transmission publication etc. of offensive, false or threatening data-information” was the arguably most troubling.
Immediate relief towards those who were being prosecuted under the Draconian laws of the past, subsequently admitted by the new government as repressive has been extended by automatic closure of the pending cases filed under these, now repealed sections. Adviser to LXX Act Dr. Asif Nazrul said some 95% of the cases filed under the Cyber Security Act 2023 were slapped with a case under these nine sections, indicating how they were used as tools for harassment instead of being used for ensuring justice. This statistical surprise reveals that the deficiencies of the previous laws were always systemic, and that civil society was right to be worried about their abuses.
Reform of Institutions and Procedure
-
- Amendment of Enforcement Devices
The Cyber Security Ordinance 2025 keeps the same infrastructure as created under the 2023 Act, including the National Cyber Security Agency and the National Cyber Security Council, albeit with new operational specifications. The retention of these institutions, means that Bangladesh undertakes a continuation of the existing cybersecurity architecture, but with the possibility of process oriented reforms to correct past implementation failures. The Agency’s capabilities to delete or obstruct information remain the same, but the absence of broad content offences could restrict the reach of these interventions.
A The computer emergency response provision and digital forensic laboratory remain in place under the new ordinance, providing computer capabilities necessary for legitimate network security activities. These institutional components are what can be called the uncontroversial core of cyber governance that stakeholders largely agree on. But the sustainability of these bodies will rest on their independence and transparency, and their resistance to political hijacking that plagued prior incarnations.
The critical information infrastructure protection provisions of the ordinance retain a security-centric slant but they could have arguably curbed the political misuse, if any. Finding a way to prevent both the over classification of Web infrastructure and to protect critical digital services will be a fine line that will need to be tread for the law to work and not be overturned. Explicit standards to determine what constitutes critical information infrastructure and open procedures for supervision and inspection are critical to avoid random enforcement.
Comparison with Previous Studies and Guidelines
The Cyber Security Ordinance 2025 “puts connectivity on the same plane as civil rights,” as the global significance of universal access to the internet as a human right increases. The UN’s special rapporteur on freedom of expression has stated the importance of internet access in order to exercise freedom of expression in the digital age, and a number of national constitutions provide digital rights. Pakistan’s Cybercrime bill includes a repressive global norm on freedom of expression that focuses of constraining speech, information and ideas.
The ordinance prioritizes the protection of children and women from digital violence, including online sexual harassment, and reflects global best practice to end online gender-based violence. However there are still discrepancies with international freedom of expression standards, in relation to some of the content-based prohibitions and the continued range of enforcement agencies, and more work remains to be done if the full panoply of international human rights law is to be honored. The ordinance’s compliance with international standards would, indeed, be tested in practice and the jurisprudence it creates.
- Comparative Context and Global Best Practices
Compared to global standards, Bangladesh’s ordinance shows both alignment and gaps:
Aspect |
Bangladesh Cyber Security Ordinance 2025 |
Global Best Practices |
Judicial Oversight |
Retrospective tribunal reporting, no pre-search warrants |
Pre-authorization by an independent judiciary |
Definition Clarity |
Vague terms allowing broad interpretation |
Precise, narrowly tailored legal definitions |
Public-Private Collaboration |
Limited mandate for threat intelligence sharing |
Formalized frameworks for cross-sector cooperation |
Sectoral Coverage |
No specific protocols for critical infrastructure |
Sector-specific cybersecurity standards (e.g., NIST) |
Transparency in Lawmaking | Minimal public consultation |
Multi-stakeholder, transparent policy development |
These contrasts highlight the need for Bangladesh to adopt more transparent, rights-respecting, and technically informed approaches to cyber legislation.
Challenges to Implementation and Future Directions
-
- Capacity building and training needs
Categories: Capacity building for implementing progressive laws, law enforcement, and judiciary The new Cyber Security Ordinance, 2025 in Bangladesh - enough capacity building for law enforcers and judiciary to enforce the progressive sections? The intricacy of the AI-driven criminal offenses means that technical proficiency will be needed, and that may be lacking in the types of law enforcement entities of the past. The effective implementation of some of the more progressive provisions of the ordinance, however, rests in ensuring that investigators, prosecutors, and judges are trained. The decoupling of care-based content from content-based offenses may also necessitate retraining of law enforcement, who have been taught to use more general cybersecurity laws as content regulation tools. There is a need to build digital forensics to combat sophisticated AI-enabled crimes and maintain forensics laboratories for reliable evidence in challenging cybercrime prosecutions.
Implications for Digital Privacy Rights Overall
The proposed Cyber Protection Ordinance would entrench mass surveillance and undermine the rights to privacy and freedom of expression in Bangladesh. It reproduces many of the authoritarian characteristics of the old laws (such as the Digital Security Act 2018 and Cyber Security Act 2023), which faced broad condemnation due to provisions facilitating state repression and blanket censorship. The broad-reaching governmental powers and lack of judicial safeguards alongside vague legalistic language of the ordinance has the potential to undermine the rights of all citizens to privacy, free expression, and access to information in the digital space.
How might recognizing internet access as a civic right change digital inclusion policies
Acknowledging ICT access as a civic right in Bangladesh is leading to integrated preparedness of digital inclusion policies and strategies to bridge the urban-rural gap in infrastructure and affordability. We are also aggressively investing in fiber optic and broadband expansion to connect every village by 2025, through the Tk 946 crore initiative to boost rural internet capacity at upazila and union levels, and through a targeted collaboration deploying novel wireless last-mile technologies to address the geographic challenges.
To make services affordable, there are policies that encourage subsidies, tax waivers on essential equipment, and the enforcement of universal service obligations, bringing internet services to the poor and vulnerable, including women, the disabled, and people in rural areas. In addition to connectivity, the government is focusing on digital literacy and capacity building so that citizens are enabled to get educated, participate in economic opportunities and engage in citizen participation.
Protective measures in the form of legislation are being developed to minimize unwarranted shutdowns and unequal treatment as an open and free internet is endeavored to be maintained as a forum for freedom of speech and information. This rights-based approach ensures that Bangladesh’s digital policies are consistent with international human rights norms and UN obligations to enable inclusive and equitable access for sustainable development and social empowerment at all levels of society.
Conclusion
The Cyber Security Act 2023 to Cyber Security Ordinance 2025 of Bangladesh: A move towards reconciling cybersecurity and human rights in the digital society. Dropping nine odious provisions that had been regularly abused for political persecution, along with a range of progressive advances including the recognition of internet access as a human right as well a recognition of AI-driven crimes, should show to moe the capacity for truly radical digital rights reform even in places with a long history of digital authoritarianism.
Author ROKIBUL ISLAM is a Student, Department Of Law, Dhaka International University.
Reference:
Bangladesh Draft Cyber Protection Ordinance(2025) Analysis.
Hossain, M. S., & Mallika, M. (2025). Cyber Security Governance Under the Cyber Laws of Bangladesh: An Overview. International Journal of Research in Social Sciences and Humanities, 9(4), 3796-3811.
Global Network Initiative. (2025). Statement on Recent Digital Regulations in Bangladesh.
Dhaka Tribune. (2025). Govt Issues Gazette of Cyber Security Ordinance.
The Daily Star. (2025). Draft Cyber Ordinance Gets a Scrubbing.