BANGLADESH
Reported in 2024
Pillar Technical standards applied to ICT goods and online services |
Indicator Self-certification for product safety
Supplier Declaration of Conformity not allowed for foreign businesses
It is reported that Bangladesh currently lacks a comprehensive type-approval system, governed by a dedicated law, to regulate the approval of telecommunication and radio equipment. Consequently, manufacturers and importers are required to obtain a "No Objection Certificate "(NOC) to import such devices. This certificate is issued upon the request of a licensed local importer and serves as confirmation that the equipment complies with at least the country’s fundamental regulatory requirements. To obtain the certificate, applicants must submit product specifications and test reports to the Bangladesh Telecommunication Regulatory Commission (BTRC), yet in-country testing is not required. An acceptable CE report is required for the issuance of a BTRC NOC in Bangladesh.
Coverage Electronic products
BANGLADESH
Since July 2021
Pillar Online sales and transactions |
Indicator Licensing scheme for e-commerce providers
Digital Commerce Operation Guidelines, 2021 (ডিজিটাল কমার্স পরিচালনা নির্দেশিকা -২০২১)
Pursuant to Section 3.1.18 of the Digital Commerce Operation Guidelines, all foreign digital commerce platforms conducting business in Bangladesh must register in the country and obtain the necessary approvals from the relevant authorities. In addition, in accordance with Section 3.1.13, measures shall be undertaken to ensure that all digital commerce platforms are progressively mandated to acquire a Unique Business Identification Number (UBID). Additionally, as stipulated in Section 3.1.9, the implementation of digital wallets, gift cards, cash vouchers, or other payment alternatives shall not be permitted without the Central Bank's approval.
Coverage Digital commerce platforms
Sources
- https://web.archive.org/web/20250318191931/https://mincom.gov.bd/sites/default/files/files/mincom.portal.gov.bd/notices/60120aa2_5245_442f_ac7a_369485877e2e/2065-Comerce-04%20July%202021(11245-11252)....
- https://web.archive.org/web/20250331211654/https://www.thedailystar.net/law-our-rights/news/overview-the-digital-commerce-operation-guidelines-2021-2128871
- https://web.archive.org/web/20260219155602/https://www.dpp.gov.bd/upload_file/gazettes/45356_29094.pdf
- Show more...
BANGLADESH
Reported in 2022, last reported in 2024
Pillar Online sales and transactions |
Indicator Restrictions on online payments
Reported restrictions on Internet Banking Fund Transfer (IBFT) transactions
It is reported that limitations have been imposed on both individual and institutional Internet Banking Fund Transfer (IBFT) transactions. For individual users, the maximum permissible amount per transaction is 300,000 taka (approx. USD 2,500), with a maximum transaction frequency of 10 times per day, not exceeding a total of 1,000,000 taka (approx. USD 8,000) per day. For corporate entities, the transaction limit is 500,000 taka (approx. USD 4,000) per transaction, with a maximum frequency of 20 transactions per day and a daily limit of 2,500,000 taka (approx. USD 21,000).
Coverage Horizontal
BANGLADESH
Reported in 2022, last reported in 2025
Pillar Online sales and transactions |
Indicator Restrictions on online payments
Reported transfer limits in mobile financial services
Reports indicate a daily transfer limit of Tk 50,000 (approx. USD 400) between mobile financial service accounts and bank accounts, and a monthly limit of Tk 300,000 (approx. USD 2,500). The limit applies in both directions.
Coverage Horizontal
Sources
- http://web.archive.org/web/20250328182609/https://bdnews24.com/business/2f65caa2422a
- https://web.archive.org/web/20250327010204/https://www.thedailystar.net/business/news/bangladesh-bank-fixes-transfer-limit-bank-account-mfs-account-3064391
- https://web.archive.org/web/20250327010734/https://thefinancialexpress.com.bd/economy/bangladesh/bb-re-fixes-mfs-transaction-limit-1657024418
- Show more...
BANGLADESH
Since March 1947, last amended in September 2015
Pillar Online sales and transactions |
Indicator Restrictions on online payments
The Foreign Exchange Regulation Act, 1947 - Act No. VII of 1947 (বৈদেশিক মুদ্রা নিয়ন্ত্রণ আইন, ১৯৪৭ - ১৯৪৭ সালের ০৭ নং আইন)
Bangladesh maintains a highly stringent foreign exchange control regime. The country's foreign exchange laws are broadly applicable to any transaction involving foreign currency or the remittance of funds into or out of Bangladesh. No individual or entity is permitted to engage in foreign exchange dealings without obtaining prior authorisation from the central bank. Pursuant to Section 5 of the Foreign Exchange Regulation Act, 1947, no person in, or resident in, Bangladesh may, except under a general or special exemption granted by Bangladesh Bank, make payments to, or for the credit of, persons resident outside Bangladesh, place sums to their credit, or create or transfer payment rights in their favour. Separately, Section. 10 regulates the duties of persons entitled to receive foreign exchange or payments from persons resident outside Bangladesh. Reports indicate that these regulations affect the operations of fintech companies, preventing their customers from purchasing or selling products on e-commerce platforms using their preferred payment methods. Consequently, they must rely on intermediaries, such as friends, relatives, or agents, who possess access to foreign currency accounts or payment cards.
Coverage Horizontal
Sources
- http://bdlaws.minlaw.gov.bd/act-218/section-3338.html
- https://web.archive.org/web/20250917071726/https://practiceguides.chambers.com/practice-guides/comparison/1026/15058/23622-23623-23624-23625-23626-23627-23628-23629-23630-23631-23632
- https://papers.ssrn.com/sol3/Delivery.cfm/SSRN_ID4616435_code6251136.pdf?abstractid=4616435&mirid=1
- Show more...
BANGLADESH
Reported in 2015, last reported in 2024
Pillar Intermediary liability |
Indicator User identity requirement
Identity requirement for SIM cards
It is reported that mobile network operators must collect and validate users' personal information and proof of identity to sell SIM cards. This also includes biometric registration.
Coverage Horizontal
Sources
- https://web.archive.org/web/20250221013459/https://www.gsma.com/mobilefordevelopment/wp-content/uploads/2021/04/Digital-Identity-Access-to-Mobile-Services-and-Proof-of-Identity-2021_SPREADs.pdf
- https://www.comparitech.com/blog/vpn-privacy/sim-card-registration-laws/
- https://web.archive.org/web/20250221013639/https://freedomhouse.org/country/bangladesh/freedom-net/2024
- https://web.archive.org/web/20250221013646/https://advox.globalvoices.org/2015/12/22/bangladesh-will-demand-biometric-data-from-all-sim-card-users/
- Show more...
BANGLADESH
Since February 2019
Pillar Cross-border data policies |
Indicator Infrastructure requirement
Approval Procedure of Payment System Operator (PSO)/Payment Service Provider (PSP)
As stipulated in Section 4.2 of the "Approval Procedure of Payment System Operator (PSO)/Payment Service Provider (PSP)", payment service providers are required to establish a technological infrastructure within Bangladesh. According to Annexure-B, this infrastructure comprises hardware, software, network communication, integration with banks and other institutions, as well as additional components. It is reported that, due to local banks and government regulations, foreign online transaction platforms such as PayPal cannot operate in the country, which negatively affects the expansion of e-commerce.
Coverage Payment service providers
Sources
- https://web.archive.org/web/20250328235806/https://bb.org.bd/aboutus/regulationguideline/psd/pso_psp_03022019.pdf
- https://web.archive.org/web/20250329000852/https://legalseba.com/bd-licenses/how-to-obtain-a-pso-and-psp-license-in-bangladesh/
- https://web.archive.org/web/20250327000050/https://www.trade.gov/country-commercial-guides/bangladesh-ecommerce
- Show more...
BANGLADESH
Since May 2025
Pillar Intermediary liability |
Indicator Monitoring requirement
Cyber Protection Ordinance, 2025 - Ordinance No. 25 of 2025 (সাইবার সুরক্ষা অধ্যাদেশ, ২০২৫ - ২০২৫ সনের ২৫ নং অধ্যাদেশ)
It has been reported that some provisions of the Cyber Security Act of 2023 categorise the mere transmission of certain content as an offence, and that their broad scope could impose liability on intermediaries even in the absence of malicious intent. In the absence of an explicit mens rea requirement, a service provider transmitting such content without criminal intent could still have been prosecuted. These provisions included Section 21, which criminalised the dissemination of online propaganda, Section 28, which penalised the publication of content deemed to offend religious values or sentiments, and Section 29, which criminalised the dissemination of defamatory material online or in any electronic format. The Cyber Security Act has since been repealed and replaced by the Cyber Protection Ordinance, 2025, Ordinance No. 25 of 2025. However, it is not clear whether the new Ordinance retains equivalent requirements in the same form
Coverage Internet intermediaries
Sources
- https://web.archive.org/web/20260320223338/https://www.dpp.gov.bd/upload_file/gazettes/57587_41613.pdf
- https://web.archive.org/web/20260312072212/http://bdlaws.minlaw.gov.bd/act-1538.html
- https://web.archive.org/web/20250227234302/https://aicasia.org/download/784
- https://web.archive.org/web/20250221013639/https://freedomhouse.org/country/bangladesh/freedom-net/2024
- Show more...
BANGLADESH
Since June 2023, last amended in August 2025
Pillar Cross-border data policies |
Indicator Infrastructure requirement
Guidelines to Establish Digital Bank (ডিজিটাল ব্যাংক প্রতিষ্ঠার নির্দেশিকা)
Section 10.1 of the Guidelines to Establish Digital Bank stipulates that digital banks shall maintain at least a Tier III data centre and a disaster recovery site, each located in a different seismic zone. Section 10.2 further provides that, although digital banks may utilise cloud services, the physical location of such cloud infrastructure must be within Bangladesh's territory.
Coverage Digital banks
BANGLADESH
Reported in 2020, last reported in 2025
Pillar Content access |
Indicator Blocking or filtering of commercial web content
Blocking of commercial web content
Reports indicate that authorities have blocked certain websites, news outlets, social media platforms, and communication services, particularly during periods of political tension. Notably, several news media websites, including Manab Zamin, Samakal, Jamuna Television, and Voice of America (VOA) Bangla, were rendered inaccessible in the lead-up to and during the general elections in Bangladesh in January 2024. In addition, in July 2024, authorities restricted access to major social media and communication platforms, including Facebook, YouTube, WhatsApp, and Signal. Similar restrictions were reimposed in August 2024. Additionally, reports suggest that the Sweden-based website Netra News has remained inaccessible since 2020.
Coverage Websites, news outlets, social media and communication platforms
Sources
- https://web.archive.org/web/20260320221551/https://freedomhouse.org/country/bangladesh/freedom-net/2025
- https://web.archive.org/web/20250214202409/https://freedomhouse.org/country/bangladesh/freedom-net/2024
- https://web.archive.org/web/20250214202442/https://www.state.gov/reports/2023-country-reports-on-human-rights-practices/bangladesh/
- https://web.archive.org/web/20250214202512/https://www.state.gov/reports/2021-country-reports-on-human-rights-practices/bangladesh
- Show more...
BANGLADESH
Since November 2025, entry into force in November 2025
Pillar Cross-border data policies |
Indicator Conditional flow regime
Data Protection Ordinance, 2025 - Ordinance No. 61 of 2025 (ব্যক্তিগত উপাত্ত সুরক্ষা অধ্যাদেশ, ২০২৫ - ২০২৫ সনের ৬১ নং অধ্যাদেশ)
Section 29 of the Data Protection Ordinance provides that personal data, including public or open personal data, internal personal data, confidential personal data, and limited personal data as defined in the Schedule, may be transferred abroad subject to the conditions set out in Section 29 itself. Such transfers are permitted where the consent of the relevant data subject has been obtained, where the transfer is necessary for the exchange of goods or services under a contract to which the data subject is a party, or where, with the consent of the data subject, the transfer relates to matters concerning the data subject’s interests, such as business, education, emigration, or immigration. Also, personal data that is lawfully transferable may be transferred only to countries that possess appropriate technological and infrastructural safeguards for the storage of personal data, as prescribed by regulation. In cases involving the cross‑border transfer of large volumes of sensitive personally identifiable data, notification to the competent authorities is mandatory. For the purposes of this section, sensitive personally identifiable data refers to data whose large‑scale cross‑border transfer may pose risks to national sovereignty, national security, or financial stability, including government‑issued unique identification numbers such as national identity card numbers, passport numbers, and taxpayer or TIN or PAN numbers; biometric identifiers such as fingerprints, facial recognition data, and iris scans; genetic or DNA‑related information; and records of criminal convictions or criminal history.
Coverage Horizontal
Sources
- https://web.archive.org/web/20260505193319/http://bdlaws.minlaw.gov.bd/upload/act/2025-11-16-13-56-48-Ordinance-No.-61-of-2025.pdf
- https://web.archive.org/web/20260505193758/https://dpo-india.com/Resources/Privacy_Regulations_in_Asia_Pacific_Countries/Bangladesh-Personal-Data-Protection-Ordinance,2025(Ordinance.No.61-2025).pdf
- https://www.dataguidance.com/notes/bangladesh-privacy-overview
- Show more...
BANGLADESH
N/A
Pillar Cross-border data policies |
Indicator Participation in trade agreements committing to open cross-border data flows
Lack of participation in agreements with binding commitments on data flows
Bangladesh has not joined any agreement with binding commitments to open transfers of data across borders.
Coverage Horizontal
BANGLADESH
Since November 2025
Pillar Domestic data policies |
Indicator Framework for data protection
Data Protection Ordinance, 2025 - Ordinance No. 61 of 2025 (ব্যক্তিগত উপাত্ত সুরক্ষা অধ্যাদেশ, ২০২৫ - ২০২৫ সনের ৬১ নং অধ্যাদেশ)
The Data Protection Ordinance establishes a comprehensive framework for data protection in Bangladesh, although the competent authority has yet to be constituted. Section 1.3 stipulates that, with the exception of section 23 and sections 31 to 46, the Ordinance shall enter into force immediately. The excepted provisions are to come into operation on such date as the Government may determine by notification in the Official Gazette, following the expiry of 18 months from the date of promulgation of the Ordinance. The provisions subject to deferred commencement primarily concern the appointment of the chief data officer, the mechanisms for lodging complaints, and the imposition of administrative penalties.
Other relevant legislation includes the Cybersecurity Ordinance 2025, the Information and Communication Technology Act 2006, the Telecommunications Act 2001, the Contract Act 1872, the Consumers’ Rights Protection Act, the Penal Code 1860, and the Copyright Act 2000.
Other relevant legislation includes the Cybersecurity Ordinance 2025, the Information and Communication Technology Act 2006, the Telecommunications Act 2001, the Contract Act 1872, the Consumers’ Rights Protection Act, the Penal Code 1860, and the Copyright Act 2000.
Coverage Horizontal
Sources
- https://web.archive.org/web/20260505193319/http://bdlaws.minlaw.gov.bd/upload/act/2025-11-16-13-56-48-Ordinance-No.-61-of-2025.pdf
- https://web.archive.org/web/20260505193758/https://dpo-india.com/Resources/Privacy_Regulations_in_Asia_Pacific_Countries/Bangladesh-Personal-Data-Protection-Ordinance,2025(Ordinance.No.61-2025).pdf
- https://www.dataguidance.com/jurisdictions/bangladesh
- Show more...
BANGLADESH
Since December 2020
Pillar Domestic data policies |
Indicator Minimum period for data retention
BTRC Regulatory and Licensing Guideline For Internet Service Provider (ISP) in Bangladesh
According to Clause 25.4 of the "Regulatory and Licensing Guideline for Internet Service Providers (ISPs) in Bangladesh", licensees are required to maintain individual user history records, system failure records, Simple Network Management Protocol (SNMP) traffic data, and bandwidth utilisation records as daily logs for a minimum period of three months. These records must be made available upon request by the Bangladesh Telecommunication Regulatory Commission or any relevant law enforcement agency.
The 2025 Telecommunications Network and Licensing Policy introduced migration of ISP licences into the Fixed Telecom Service Providers (FTSPs)/District FTSP framework, but it does not expressly repeal the 2020 ISP Guideline, and existing licensees may complete their current licensing terms.
The 2025 Telecommunications Network and Licensing Policy introduced migration of ISP licences into the Fixed Telecom Service Providers (FTSPs)/District FTSP framework, but it does not expressly repeal the 2020 ISP Guideline, and existing licensees may complete their current licensing terms.
Coverage Internet Service Providers (ISPs)
Sources
- https://web.archive.org/web/20250227200236/https://lims.btrc.gov.bd/uploads/service_guideline/Regulatory%20and%20Licensing%20Guideline%20for%20Internet%20Service%20Provider%20(ISP)%20in%20Bangladesh.p...
- https://web.archive.org/web/20250219185057/https://today.thefinancialexpress.com.bd/print/isps-to-keep-records-of-users-for-one-year-1692638399?utm
- https://web.archive.org/web/20260429193452/https://objectstorage.ap-dcc-gazipur-1.oraclecloud15.com/n/axvjbnqprylg/b/V2Ministry/o/office-ptd/2024/12/dc545fba9f8b4a39851a4f3290f5573c.pdf
- Show more...
BANGLADESH
Since July 2021
Pillar Domestic data policies |
Indicator Minimum period for data retention
Digital Commerce Operation Guidelines, 2021 (ডিজিটাল কমার্স পরিচালনা নির্দেশিকা -২০২১)
In accordance with Section 3.1.14 of the Digital Commerce Operation Guidelines, all information pertaining to the operations of digital commerce platforms must be retained for a minimum of 6 years and made available to any government authority upon request.
Coverage Digital commerce platforms
Sources
- https://web.archive.org/web/20250318191931/https://mincom.gov.bd/sites/default/files/files/mincom.portal.gov.bd/notices/60120aa2_5245_442f_ac7a_369485877e2e/2065-Comerce-04%20July%202021(11245-11252)....
- https://web.archive.org/web/20250318192214/https://www.thedailystar.net/law-our-rights/law-analysis/news/marks-be-registered-trademarks-bangladesh-2123921
