On June 20, 2026, one of the architects of Bangladesh's Cyber Safety Act 2026 published a documented account of how the law he designed to end political persecution is already being used for political persecution — by the Bangladesh Nationalist Party government that championed its passage. The Netra News investigation is unusual not for its anger but for its precision: it names the provisions, the complainants, and the procedural failures that allowed two clearly abusive cases to proceed.
The first involved content creator A.M. Hasan Nasim, taken from his Dhaka home on April 17, 2026. His offence: a cartoon depicting Chief Whip Nurul Islam Moni distributing seafood to MPs — a parliamentary joke already circulating widely on social media. The complainant was a BNP activist who had no standing under the section he invoked; the Cyber Safety Act explicitly requires that only the allegedly injured party or an authorised representative may file a complaint. The magistrate who authorised the investigation at the mandatory 24-hour hearing applied neither the standing rule nor the statutory gatekeeping function the Act built in precisely to prevent this kind of abuse. Nasim was granted bail on April 21, but his detention served its purpose: a warning to anyone considering political satire.
The second case was filed June 18, 2026. Acting editor Rezwanur Islam and five colleagues from the daily Agrajatra Pratidin were charged under the Cyber Safety Act alongside criminal defamation and extortion counts, after the paper published a corruption investigation into State Minister for Local Government Mir Shahe Alam. The complaint was filed by the Bogura Press Club Treasurer — a third party with no apparent injury from the reporting. Alam himself subsequently expressed regret that any action had been taken. The Committee to Protect Journalists called for all charges to be dropped.
Eight Years, Four Laws, Same Pattern
Bangladesh has now passed four successive cyber speech laws since 2006, and the pattern is well documented. Under the Digital Security Act 2018, the government's own data — cited by the Centre for Governance Studies — recorded 7,001 cases filed against 21,867 people between October 2018 and January 2023. A CGS analysis of traceable complaints found that roughly 70 percent came from law enforcement agencies or Awami League affiliates. A Clooney Foundation for Justice examination of 222 DSA journalist prosecutions found exactly one conviction — confirming that prosecutions functioned as instruments of harassment and career disruption, not law enforcement.
The Cyber Security Act 2023 was billed as a fix. It was not. Amnesty International found it retained 58 of the DSA's 62 provisions. After Hasina's fall in August 2024, the interim government enacted the Cyber Security Ordinance 2025, removing nine abusive sections and automatically dismissing pending cases filed under them — published as Ordinance No. 25 of 2025 in the Bangladesh Government Gazette.
The Cyber Safety Act 2026, passed by the new BNP-led parliament in April 2026, represented the most substantively reformed version yet. It eliminated provisions systematically weaponised under the DSA: wounding religious sentiments, defaming officials, transmitting content deemed "offensive or threatening." In their place came genuine harms — incitement to communal violence, sexual harassment, revenge pornography, and CSAM. Section 34 required police to obtain a magistrate's warrant before any search or seizure. Cases under key sections had to reach a magistrate within 24 hours for authorisation.
The Gap No Statute Fills Alone
A steelman for Bangladesh's cyber speech laws deserves honest acknowledgment. Bangladesh has experienced real episodes of mob violence triggered by social media posts — attacks on religious minorities following manipulated images, coordinated harassment of women journalists, disinformation cascades during elections. A legal regime with teeth against genuine incitement and online sexual abuse is legitimate public policy, and the 2026 Act's framers tried to limit its reach to those actual harms.
But the Nasim cartoon case and the Agrajatra Pratidin prosecution demonstrate that well-drafted provisions are insufficient when three structural conditions are absent.
First, standing enforcement. The BNP activist who filed the Nasim case had no legal basis under the section he cited. The magistrate at the 24-hour hearing had both the authority and the obligation to dismiss it. The failure was not statutory — it was institutional.
Second, prosecutorial independence. The pattern under both the AL and BNP is identical: party machinery files complaints on behalf of officials who either did not ask for proceedings or — as with Minister Alam — actively opposed them. A prosecution service that cannot filter such complaints perpetuates the cycle regardless of what the law says.
Third, sustained civil society documentation. The CGS's DSA case tracker built the evidentiary base that eventually forced that law's repeal. A comparable tracker for CSA 2026 cases — recording complainants, accused parties, charges, and outcomes — would provide the foundation for judicial review and international pressure.
Front Line Defenders, reviewing the Cyber Protection Ordinance that became the 2026 Act, warned that Section 25 — prohibiting content that "insults, harasses or defames" — retained language vague enough to chill legitimate criticism. The Nasim case appears to have been filed under exactly these residual provisions. That the drafter of the law published a public exposé naming specific violations within weeks of its passage suggests the reform coalition is not passive. But the institutional architecture needed to make this law different from its predecessors — independent prosecution, genuine magistrate gatekeeping, a systematic public record — remains incomplete. Building it is now the work.