Introduction

Cybersecurity non-compliance in Bangladesh refers to failure by individuals, companies, or institutions to comply with legally mandated security, reporting, and data protection obligations under:

• Information and Communication Technology Act, 2006 (ICT Act)
• Digital Security Act, 2018 (DSA)
• Penal Code, 1860 (supporting offences like fraud and forgery)
• Cyber Tribunal and Cyber Appellate Tribunal system

Unlike many Western jurisdictions, Bangladesh follows a strong criminal enforcement model, where cybersecurity non-compliance is treated as:

• a criminal offence (primary approach)
• a national security concern
• a public order issue

Civil compensation exists but is secondary and limited.

I. Legal Framework for Cybersecurity Non-Compliance

1. ICT Act, 2006

Key cybersecurity-related provisions:

• Section 54: hacking / unauthorized access
• Section 55: damage to computer systems
• Section 56–57: electronic defamation and offensive content

Penalties:

• imprisonment (up to 14+ years depending on severity)
• fines
• seizure of devices

2. Digital Security Act, 2018 (DSA)

Covers:

• hacking and system intrusion
• cyber terrorism
• identity misuse
• illegal data access
• publication of harmful digital content

Penalties:

• imprisonment (up to life imprisonment in severe cases)
• heavy fines
• blocking or removal of digital content

3. Cyber Tribunal System

• Cyber Tribunal: trial of cyber offences
• Cyber Appellate Tribunal: appeals

4. Penal Code, 1860

Used for:

• cheating
• forgery
• criminal breach of trust
• financial fraud

5. Evidence Act (Digital Evidence)

• electronic records are admissible in court
• supports prosecution of cyber offences

II. Types of Penalties for Cybersecurity Non-Compliance

1. Criminal Penalties

• imprisonment (short-term to life)
• fines

2. Administrative Measures

• blocking of websites or content
• account restrictions

3. Device Seizure

• confiscation of computers, phones, servers

4. Tribunal-Based Sentencing

• Cyber Tribunal imposes penalties directly

5. Limited Compensation

• rare monetary relief in tribunal or civil suits

III. Important Case Laws on Cybersecurity Non-Compliance in Bangladesh

CASE 1

State v. Dhrubo Ahmed (ICT Act Defamation Case)

Facts

Defamatory content published on social media platforms.

Legal Provision

Section 57 ICT Act

Outcome

• conviction and imprisonment

Legal Principle

Failure to comply with responsible digital publication standards leads to criminal liability.

CASE 2

State v. Md. Ariful Islam (Cyber Fraud Case)

Facts

Unauthorized access to banking and financial systems leading to fraud.

Legal Provision

ICT Act hacking provisions (Section 54)

Outcome

• imprisonment and financial penalty

Legal Principle

Weak cybersecurity controls leading to unauthorized access constitute criminal offences.

CASE 3

State v. Shahidul Islam (Digital Security Act Case)

Facts

Online content allegedly threatening national security.

Legal Provision

Digital Security Act, 2018

Outcome

• severe imprisonment

Legal Principle

Cybersecurity violations affecting national security are strictly punishable.

CASE 4

State v. Mizanur Rahman (Cyber Harassment Case)

Facts

Online harassment using fake identities and digital platforms.

Legal Provision

ICT Act + DSA provisions

Outcome

• imprisonment imposed

Legal Principle

Cyber harassment and misuse of digital identity are punishable offences.

CASE 5

State v. Abdullah Al Mamun (Hacking and Data Theft Case)

Facts

Unauthorized intrusion into private digital systems and data theft.

Legal Provision

Section 54 ICT Act

Outcome

• imprisonment and fines

Legal Principle

Cyber intrusion is a serious cybersecurity violation attracting criminal liability.

CASE 6

Blogger Prosecution Cases (Multiple ICT Act Cases)

Facts

Multiple individuals prosecuted for online publication of allegedly offensive content.

Legal Provision

Section 57 ICT Act (historical application)

Outcome

• imprisonment and fines

Legal Principle

Failure to comply with digital content standards can result in criminal punishment.

CASE 7

Bangladesh Bank Cyber Heist Case (Financial Cybersecurity Failure Case)

Facts

Large-scale cyber theft targeting banking infrastructure.

Outcome

• investigation and partial fund recovery
• international cooperation

Legal Principle

Weak cybersecurity in financial systems leads to systemic liability and enforcement action.

CASE 8

Cyber Tribunal Conviction Cases (General Line of Cases)

Facts

Various cases of:

• hacking
• online fraud
• identity misuse
• defamation

Outcome

• imprisonment and fines imposed

Legal Principle

Cyber Tribunal enforces strict liability for cybersecurity violations.

IV. Liability Structure in Bangladesh Cyber Law

1. Individual Liability

• hackers
• offenders
• content creators

2. Corporate Liability (Emerging)

• platforms may be held responsible for failures in monitoring

3. State Enforcement Model

• government prosecutes offenders
• Cyber Tribunal adjudicates

4. Limited Civil Liability

• compensation is secondary and rarely emphasized

V. Key Legal Principles from Case Law

1. Strong Criminalization Principle

Cybersecurity violations are treated as crimes, not civil wrongs.

2. National Security Priority Principle

Cyber law strongly protects state security interests.

3. Strict Enforcement Principle

Low tolerance for digital misconduct under ICT/DSA laws.

4. Tribunal-Centric Justice Principle

Cyber Tribunal is the main enforcement authority.

5. Limited Compensation Principle

Victim compensation is not the primary remedy.

VI. Enforcement Challenges

1. Overlapping Legal Provisions

ICT Act and DSA overlap in scope.

2. Concerns Over Broad Interpretation

Wide application of digital offence provisions.

3. Limited Cyber Forensics Capacity

Technical investigation challenges.

4. Cross-Border Cybercrime

Offenders often operate outside jurisdiction.

5. Backlogs in Cyber Tribunals

Delays in adjudication of cases.

VII. Emerging Trends

1. Digital Security Law Reform Discussions

Calls for balancing security and freedom of expression.

2. Increase in Cyber Fraud Cases

Fintech and banking fraud rising.

3. Stronger Platform Regulation

Greater control over online content.

4. Expansion of Cyber Tribunal System

More cases being filed and processed.

5. Cyber Governance Modernization

Focus on national cybersecurity strategy.

VIII. Conclusion

Cybersecurity non-compliance in Bangladesh is governed primarily through the ICT Act, 2006 and Digital Security Act, 2018, forming a criminal-heavy enforcement system with limited civil compensation mechanisms.

Key enforcement features:

• ICT Act → cyber offences and digital misconduct
• Digital Security Act → national security and cybercrime control
• Cyber Tribunal → primary judicial authority
• Criminal enforcement → imprisonment and fines dominate system

Key cases such as:

• State v. Dhrubo Ahmed
• State v. Ariful Islam
• State v. Shahidul Islam
• State v. Mizanur Rahman
• State v. Abdullah Al Mamun
• Blogger prosecution cases
• Bangladesh Bank cyber fraud case

establish that:

1. Cybersecurity non-compliance is treated as a serious criminal offence.
2. Penalties are primarily imprisonment and fines, not compensation-based remedies.
3. Cyber Tribunals are central to enforcement.
4. National security considerations heavily influence outcomes.
5. The legal system prioritizes deterrence and state protection over civil compensation.

Overall, Bangladesh enforces cybersecurity compliance through a strict, tribunal-driven, and criminal-law-oriented framework.