On June 8, 2026, Home Affairs Adviser Salahuddin Ahmed told Bangladesh's parliament that the interim government has begun amending the country's cyber security law to add fresh definitions of 'rumour,' misinformation, defamation and AI-generated content, attach new penalties, and expand the legal meaning of 'cyber space' to explicitly cover social media and online platforms. The amendment would also set mandatory content-removal timeframes for international platforms and — most consequentially — extend takedown and blocking authority to the National Cyber Security Agency and the Bangladesh Telecommunication Regulatory Commission (BTRC), rather than confining it to law-enforcement agencies.
The direction is the opposite of the one Bangladesh's own reformers set barely a year ago. It deserves scrutiny precisely because this government came to power promising to dismantle the speech-policing machinery it now proposes to rebuild.
The case the government is making
The strongest version of Dhaka's argument is real, and worth stating plainly. Generative AI has made convincing fabricated imagery cheap and fast. Non-consensual intimate deepfakes, fraudulent impersonation, and synthetic media that defames identifiable people are genuine harms, and large platforms are often slow to act on takedown requests from smaller jurisdictions. Salahuddin Ahmed pointed to neighbouring countries that compel Meta to act on harmful content within 24 hours, and asked why Bangladesh should have less leverage. A government with no enforceable removal mechanism against an international platform is, in practice, dependent on that platform's goodwill — and that is a legitimate problem for any sovereign regulator.
The difficulty is not the goal. It is the instrument.
What the track record actually shows
Bangladesh has run this experiment before, and the results are documented. The Digital Security Act, 2018 (DSA) generated more than 1,000 cases within two years of enactment, according to Prothom Alo's reporting on tribunal data. Yet of roughly 990 cases settled at the Dhaka cyber tribunal over seven years, only 25 produced a proven allegation — 24 under the older ICT Act and just one under the DSA itself. The conviction rate is not a footnote; it is the whole story. A law under which a thousand people are charged and almost none are convicted is not a law that catches criminals. It is a law that punishes through process — arrest, bail denial, and pre-trial detention — regardless of outcome.
When the DSA was rebranded as the Cyber Security Act, 2023 (CSA), Amnesty International found the relabelling cosmetic: 58 of the 62 DSA provisions survived, 28 of them verbatim. The vague offences that enabled the harassment were carried straight across.
That is the history the interim government inherited after August 2024 — and, to its credit, initially moved to correct.
The 2025 reform the amendment walks back
On May 21, 2025, the government gazetted the Cyber Security Ordinance, 2025 (Ordinance No. 25 of 2025), repealing the CSA. The ordinance scrapped the most-abused speech sections, made expression-related offences bailable, and — importantly — introduced judicial oversight of government-ordered content removals, requiring courts to review takedowns after the fact and restore content found to have been wrongly removed. Civil-society analysts at the Tech Global Institute still flagged unresolved problems: undefined terms, a government-controlled National Cyber Security Agency, and warrantless search powers. But the trajectory was toward narrower offences and more judicial control over blocking.
The June 2026 proposal points the other way on every axis. It adds new speech categories — 'rumour,' 'misinformation,' 'defamation,' 'confusing content' — that are notoriously resistant to precise definition. And it relocates blocking authority away from courts and law enforcement and into executive bodies, BTRC and the cyber agency, that answer to the government of the day. The 2025 ordinance's signal achievement was forcing takedowns through a judge. Vesting the same power in a telecom regulator removes that check.
Why the design, not the intent, is the problem
'Misinformation' and 'rumour' are not legally tractable categories the way fraud, incitement, or non-consensual intimate imagery are. They turn on contested judgements about truth, and in Bangladesh's own recent past those judgements were made to protect the reputations of powerful figures — the 2023 CSA explicitly criminalized content deemed defamatory of national symbols and leaders. A definition broad enough to capture a viral falsehood is broad enough to capture a critical news report or a satirical post, which is exactly how the DSA's 1,000-plus cases accumulated.
A proportionate alternative is available, and Bangladesh was already most of the way there. Keep the 2025 ordinance's judicial-review requirement for every blocking order. Define platform obligations around concrete, demonstrable harms — verified non-consensual deepfakes, financial fraud, content courts have ruled unlawful — not around 'rumour.' Make removal timeframes reciprocal with an appeal and reinstatement right, so a wrong takedown is cured quickly rather than litigated for years. And keep coercive blocking power inside the judiciary, where the constitution's expression guarantees can actually bite.
The interim government's mandate was to end lawfare against speech, not to re-platform it with new vocabulary and a telecom regulator's stamp. AI-driven harms are a reasonable thing to legislate against. Reviving executive takedown power under undefined terms is not a solution to them — it is the problem the 2025 reform was written to fix.