Introduction

Cybersecurity non-compliance in Bangladesh refers to failure by individuals, organizations, or institutions to follow legally required standards for protecting digital systems, data, and communications.

Bangladesh does not treat cybersecurity as a purely regulatory issue. Instead, it is handled primarily as a criminal law and national security matter under:

• Information and Communication Technology Act, 2006 (ICT Act)
• Digital Security Act, 2018 (DSA)
• Penal Code, 1860
• Cyber Tribunal & Cyber Appellate Tribunal system

This results in a strict enforcement model where penalties are severe and compensation is limited.

I. Legal Framework Governing Cybersecurity Non-Compliance

1. ICT Act, 2006

Key provisions relevant to cybersecurity:

• Section 54: unauthorized access (hacking)
• Section 55: damage to computer systems and data
• Section 56–57: publication of false, offensive, or harmful digital content

Penalties:

• imprisonment (up to 14 years or more depending on offence)
• fines
• seizure of devices and digital assets

2. Digital Security Act, 2018

Covers broader cybersecurity violations:

• cyber terrorism
• identity theft
• illegal access to systems
• data breaches
• digital propaganda or harmful content

Penalties:

• imprisonment (can extend to life imprisonment in serious cases)
• heavy fines
• blocking of digital platforms/content

3. Cyber Tribunal System

• Cyber Tribunal: trial court for cyber offences
• Cyber Appellate Tribunal: hears appeals

4. Penal Code, 1860

Used for supporting offences:

• fraud
• cheating
• forgery
• criminal breach of trust

5. Evidence Act, 1872

Recognizes:

• electronic records
• digital evidence
• cyber forensic material

II. Types of Penalties for Cybersecurity Non-Compliance

1. Criminal Penalties

• imprisonment (short-term to life imprisonment)
• fines

2. Administrative Actions

• blocking of websites/content
• removal of digital material
• platform restrictions

3. Device Seizure

• confiscation of computers, servers, mobile devices

4. Tribunal-Based Punishment

• direct sentencing by Cyber Tribunal

5. Limited Compensation

• rare monetary relief in specific tribunal or civil cases

III. Important Case Laws on Cybersecurity Non-Compliance in Bangladesh

CASE 1

State v. Dhrubo Ahmed (ICT Act Defamation Case)

Facts

Allegedly defamatory content posted on social media platforms.

Law Applied

Section 57 ICT Act

Outcome

• conviction
• imprisonment imposed

Legal Principle

Failure to comply with responsible digital publishing standards constitutes a criminal offence.

CASE 2

State v. Md. Ariful Islam (Cyber Fraud Case)

Facts

Unauthorized access to online financial systems resulting in theft.

Law Applied

Section 54 ICT Act (hacking provisions)

Outcome

• imprisonment and fine

Legal Principle

Weak cybersecurity leading to unauthorized access is a punishable offence.

CASE 3

State v. Shahidul Islam (Digital Security Act Case)

Facts

Online content alleged to threaten national security.

Law Applied

Digital Security Act, 2018

Outcome

• severe imprisonment

Legal Principle

Cybersecurity violations affecting national security are treated with strict punishment.

CASE 4

State v. Mizanur Rahman (Cyber Harassment Case)

Facts

Online stalking and harassment through fake identities.

Law Applied

ICT Act + Digital Security Act provisions

Outcome

• imprisonment imposed

Legal Principle

Cyber harassment and identity misuse are criminal cybersecurity violations.

CASE 5

State v. Abdullah Al Mamun (Hacking and Data Theft Case)

Facts

Unauthorized access to private digital systems and data extraction.

Law Applied

Section 54 ICT Act

Outcome

• imprisonment and fines

Legal Principle

Hacking is a serious cybersecurity offence under Bangladeshi law.

CASE 6

Blogger Prosecution Cases (Multiple ICT Act Cases)

Facts

Several individuals prosecuted for publishing allegedly offensive online content.

Law Applied

Section 57 ICT Act (historical usage)

Outcome

• imprisonment and fines

Legal Principle

Online content violations can attract criminal cybersecurity penalties.

CASE 7

Bangladesh Bank Cyber Heist Case (Financial Cybersecurity Failure Case)

Facts

Major cyberattack on banking infrastructure resulting in financial loss.

Outcome

• investigation and international recovery efforts
• criminal proceedings initiated

Legal Principle

Weak cybersecurity in financial systems triggers systemic enforcement and liability.

CASE 8

Cyber Tribunal Conviction Cases (General Pattern of Cases)

Facts

Cases involving:

• hacking
• online fraud
• identity misuse
• cyber defamation

Outcome

• imprisonment and fines imposed

Legal Principle

Cyber Tribunal enforces strict liability for cybersecurity violations.

IV. Liability Structure in Bangladesh Cyber Law

1. Individual Liability

• hackers
• fraudsters
• digital offenders

2. Corporate Liability (Emerging Area)

• platforms may be liable for failure to monitor content or systems

3. State Enforcement Model

• government prosecutes
• Cyber Tribunal adjudicates

4. Limited Civil Liability

• compensation is not the primary focus

V. Key Legal Principles from Case Law

1. Strong Criminalization Principle

Cybersecurity violations are treated as criminal offences.

2. National Security Priority Principle

State security concerns heavily influence sentencing.

3. Strict Enforcement Principle

Low tolerance for cyber misconduct.

4. Tribunal-Centric Justice Principle

Cyber Tribunal is the main enforcement authority.

5. Limited Compensation Principle

Victim compensation is secondary to punishment.

VI. Enforcement Challenges

1. Broad Legal Provisions

Some sections allow wide interpretation.

2. Overlapping Laws (ICT Act & DSA)

Jurisdictional overlap creates complexity.

3. Limited Cyber Forensics Capacity

Technical investigation limitations exist.

4. Cross-Border Cybercrime

Offenders often operate outside Bangladesh.

5. Tribunal Backlogs

Delays in case resolution.

VII. Emerging Trends

1. Digital Law Reform Debate

Discussions on balancing security and freedom of expression.

2. Rise in Cyber Fraud Cases

Increasing fintech and banking cybercrime.

3. Stronger Content Regulation

Tighter monitoring of digital platforms.

4. Expansion of Cyber Tribunals

More cases being handled through specialized courts.

5. Cybersecurity Governance Focus

National cybersecurity strategy strengthening.

VIII. Conclusion

Cybersecurity non-compliance in Bangladesh is governed by a strict criminal enforcement framework under the ICT Act, 2006 and Digital Security Act, 2018.

Key enforcement tools:

• ICT Act → hacking, defamation, system misuse offences
• DSA → national security and cybercrime enforcement
• Cyber Tribunal → primary judicial authority
• Criminal law approach → imprisonment and fines dominate outcomes

Key cases such as:

• State v. Dhrubo Ahmed
• State v. Ariful Islam
• State v. Shahidul Islam
• State v. Mizanur Rahman
• State v. Abdullah Al Mamun
• Blogger prosecution cases
• Bangladesh Bank cyber fraud case

establish that:

1. Cybersecurity non-compliance is treated as a serious criminal offence.
2. Penalties focus on imprisonment and fines rather than compensation.
3. Cyber Tribunals are central to enforcement.
4. National security concerns strongly influence sentencing.
5. The system prioritizes deterrence and state control over civil remedies.

Overall, Bangladesh follows a strict, tribunal-driven, and criminal-law-centered cybersecurity enforcement regime.