Does the Cyber Security Act 2023 apply to SMEs in Bangladesh?

Yes. The Act applies to any person or entity. While Critical Information Infrastructure (CII) obligations target larger entities, prohibitions on hacking, data theft, and the requirement for reasonable security practices apply universally to SMEs.

How do I remove defamatory content from social media in Bangladesh?

You must legally preserve evidence (hash values), send a formal legal notice to the platform's local agent or legal portal citing the Cyber Security Act, and potentially file a complaint with the BTRC or local cyber tribunal.

Is storing data on international clouds (AWS/Azure) legal in Bangladesh?

It is not strictly illegal but carries regulatory risk under upcoming Data Protection laws. Organizations should implement Standard Contractual Clauses (SCCs) and ensure data sovereignty compliance where required by sector-specific regulations (e.g., Banking).

Digital & Cyber Law in Bangladesh: The Definitive Guide 2026 | Afzal & Associates

Digital & Cyber Law in Bangladesh: The Definitive Professional Guide

By Afzal Hosen Mandal, Legal Advisor & Digital Law Specialist, Afzal & Associates

Published: May 4, 2026 | Updated: May 4, 2026 | Reading Time: 35 Minutes

1. Introduction: The Digital Imperative and the Stakes in Bangladesh

Dhaka skyline transitioning into digital data streams representing Digital Law in Bangladesh — *The convergence of physical and digital legal realms in Bangladesh.*

The transformation of Bangladesh into a digital economy is no longer a prediction—it is the operating environment of 2026. With internet subscribers exceeding 130 million and Mobile Financial Services (MFS) processing billions daily, the legal landscape has shifted dramatically.

For organizations, the challenge is no longer whether to address these laws, but how. The Cyber Security Act 2023 and the impending Data Protection Act have created a regime where legal ignorance is a direct path to financial loss and reputational damage. At Afzal & Associates, led by Afzal Hosen Mandal, we view digital law not just as a shield, but as a proactive enabler of trust.

2. The Complete Legal Framework: Annotated Acts (2026 Update)

Official Law Scrolls of Bangladesh Digital Framework

A robust defense begins with knowing the statutes. Below are the primary laws governing the digital space in Bangladesh, linked to official sources:

2.1 Core Digital & Cyber Laws

Information and Communication Technology Act, 2006: The genesis statute. It legalizes electronic records and signatures. Sections 54-56 remain critical for defining hacking and source code tampering.
Cyber Security Act, 2023: The current premier legislation. It replaces the DSA 2018, establishing the Digital Security Agency and defining Critical Information Infrastructure (CII). Section 17 (Illegal Entry into CII) carries severe penalties (up to 14 years).
Data Protection Act (Draft/Framework): The upcoming GDPR-style law. It introduces extraterritorial scope and heavy fines for data mishandling.

2.2 Supporting Legislation

Evidence Act, 1872 (Sections 45A & 65B): Governs the admissibility of digital forensic evidence.
Penal Code, 1860: Applies to digital fraud (Section 420) and defamation (Section 499).
Consumer Rights Protection Act, 2009: Regulates e-commerce fairness and delivery.

3. Digital Law in Depth: Transactions & Identity

Digital law annihilates the need for paper. Under the ICT Act 2006, an electronic record is legally valid if it meets integrity and accessibility criteria. Digital Signatures, issued by licensed Certifying Authorities, are the functional equivalent of wet-ink signatures.

However, the Cyber Security Act 2023 adds layers of compliance. It mandates that digital service providers maintain specific logs and cooperate with the Digital Security Agency. At Afzal & Associates, we help clients draft "Terms of Use" and "Privacy Policies" that satisfy these statutory requirements while protecting commercial interests.

4. Cybersecurity Law: A Proactive Mandate

Cybersecurity Shield protecting server infrastructure

The era of reactive security is over. The law now demands "Reasonable Security Practices."

Critical Information Infrastructure (CII): If your organization is designated as CII (energy, finance, telecom), you must appoint a Chief Information Security Officer (CISO) and report incidents immediately.
Incident Reporting: Failure to report a breach to the National Computer Emergency Response Team (CERT-BD) is now a punishable offense.

Afzal Hosen Mandal assists organizations in conducting "Legal Cyber Audits" to map technical controls against these statutory duties.

5. Data Protection: Operationalizing Privacy

With the Data Protection Act on the horizon, organizations must pivot to a "Privacy by Design" model. The core principles are:

Accountability: You must prove compliance.
Consent: Must be explicit, informed, and revocable. Pre-ticked boxes are illegal.
Data Minimization: Collect only what is strictly necessary.
Cross-Border Transfer: Sending data outside Bangladesh (e.g., using US cloud servers) requires specific legal safeguards like Standard Contractual Clauses (SCCs).

6. Cybercrime Law: Navigating the Justice System

Digital Justice Scale and Cybercrime Defense

Cybercrime cases hinge on Electronic Evidence. Under Section 65B of the Evidence Act, a certificate identifying the electronic record and the manner of its production is mandatory. Without this, server logs and chat histories are inadmissible.

Our Approach: Whether defending a client accused of defamation or representing a victim of financial fraud, Afzal Hosen Mandal scrutinizes the "Chain of Custody." A broken chain of evidence is often the key to a successful defense.

7. The Afzal & Associates Service Methodology

We move clients from uncertainty to resilience through a 4-phase process:

Diagnostic Deep Dive: A confidential audit of your current digital legal posture.
Strategic Blueprint: A prioritized roadmap for compliance (DSA, Data Protection, etc.).
Implementation: Drafting policies, contracts, and incident response plans.
Oversight: Continuous monitoring of legal changes and regulatory updates.

8. Illustrative Client Scenarios

The Fintech Startup: We restructured their user consent flow to meet upcoming Data Protection standards, preventing future regulatory fines.
The Ransomware Victim: When a manufacturer was hit, we managed the legal privilege of the investigation, handled police reporting, and negotiated with insurers, minimizing downtime.
The False Accusation: We successfully defended an IT executive accused of data theft by proving the prosecution's digital evidence lacked a valid Section 65B certificate.

9. Frequently Asked Questions

Does the Cyber Security Act apply to Small Businesses (SMEs)?

Yes. While CII rules apply to large infrastructure, the prohibitions against hacking, data theft, and the requirement for "reasonable security" apply to everyone. SMEs are frequently targeted and must have basic legal protections in place.

How do I remove defamatory content from Facebook/TikTok in Bangladesh?

First, preserve evidence legally (screenshots are often insufficient; hash values are better). Second, serve a legal notice to the platform's local representative or legal portal. Third, if necessary, file a complaint with the Cyber Tribunal. We handle this entire process for clients.

Is using international cloud storage (Google Drive/AWS) legal?

It is generally permitted but regulated. For sensitive personal data, you must ensure the provider offers adequate security safeguards. Under the new Data Protection framework, cross-border transfer mechanisms (like SCCs) will become mandatory.

10. Conclusion: Secure Your Digital Future

The digital legal framework in Bangladesh is sophisticated. It creates liability, but also competitive advantage for those who comply. Do not wait for a legal notice to take action.

Ready to secure your organization?
Contact Afzal Hosen Mandal for a confidential consultation on your digital legal posture.

Search This Blog

Digital & Cyber Law in Bangladesh: The Definitive Professional Guide by Afzal Hosen Mandal