The Evolving Digital Frontier: Freedom of Expression and Security in Post-July 2025 Bangladesh

Abstract 

The digital governance landscape in Bangladesh has undergone a significant transformation since the political transition in July 2025. This report provides a detailed analysis of the legislative evolution, arguing that the passage of the Cyber Security Ordinance (CSO) 2025 marks a critical and substantive departure from the repressive legal frameworks that preceded it, namely the Digital Security Act (DSA) 2018 and the Cyber Security Act (CSA) 2023. While the CSO represents a major victory for human rights and press freedom advocates by repealing the most frequently abused provisions and annulling pending cases, a complex reality persists on the ground. A deep-seated culture of self-censorship remains a significant obstacle, and a new, multi-actor threat landscape has emerged, characterized by arbitrary executive actions from the interim government and the rise of powerful non-state groups. This article concludes that while the legal framework has been substantially improved, a complete and fundamental shift away from digital repression has yet to be fully realized. 

Introduction 

Following the political upheaval of July 2025, Bangladesh embarked on a new phase of digital governance, with the interim government promising to address the widespread concerns over freedom of expression and human rights that had come to define the digital space under the previous administration. This period has centered on a high-stakes legal and political struggle over a series of controversial laws designed to regulate the digital sphere. This article provides a forensic analysis of the evolution of these laws, from the controversial Digital Security Act (DSA) 2018 to the subsequent Cyber Security Act (CSA) 2023, and culminating in the landmark Cyber Security Ordinance (CSO) 2025. The analysis extends beyond a mere comparison of legal texts to examine the tangible, on-the-ground impact of these legislative shifts on journalists, activists, and civil society in the post-July 2025 environment. 

Legal Framework 

The Digital Security Act (DSA) 2018 was enacted with the stated purpose of preventing the spread of extremism and hate speech, as well as combating cybercrime. However, from its inception, the law was widely condemned by human rights organizations, legal experts, and media watchdog groups as a “Draconian” instrument of state control. It was seen as a more malicious successor to the equally controversial Section 57 of the older Information and Communication Technology Act (ICT) 2006. The DSA’s repressive nature stemmed from its legislative design, which was built upon intentionally “vague and ambiguous” provisions that were “open to interpretation or prone to abuse”. These provisions, many of which were defined with overly broad terms, criminalized legitimate forms of expression, including defamation (Section 29), hurting religious sentiments (Section 28), and publishing content that could “deteriorate law and order” (Section 31) or be considered “propaganda against the spirit of liberation war” (Section 21). 

In response to mounting national and international pressure, the government introduced the Cyber Security Act (CSA) 2023, presenting it as a major reform. However, a close examination of the CSA by organizations like Amnesty International and Transparency International Bangladesh revealed that it was essentially a “repackaging” of the DSA’s most repressive features. While some punishments were reduced and a handful of provisions were altered, the CSA retained 58 out of 62 of the DSA’s provisions, including the broad, “authoritarian speech offences” and the extensive powers of warrantless search and seizure. 

The political transition in July 2025 provided the opportunity for a significant and material break from this cycle of legal repression. The interim government formally approved and issued the Cyber Security Ordinance (CSO) 2025, explicitly “cancelling” the prior Cyber Security Act 2023 and annulling any ongoing cases filed under its most contentious sections. The CSO’s most critical and rights-affirming feature is the explicit repeal of nine key sections that had been the primary legal tools for suppressing dissent. These omitted provisions included those that had been used to criminalize the spread of defamatory information (Section 29) and content that “deteriorates law and order” (Section 31). Additionally, the ordinance takes a crucial step by automatically dismissing all ongoing cases, proceedings, or investigations under these repealed sections, providing immediate relief to thousands of victims. The CSO also introduces several progressive provisions, including the recognition of “internet access as a civic right for the first time in South Asia” and the criminalization of offenses committed using artificial intelligence. 

Critical Analysis 

Despite the positive legislative reforms, the struggle for freedom of expression in Bangladesh continues to face complex and deeply ingrained challenges. Years of repression under the DSA created a pervasive culture of self-censorship among journalists, media professionals, and activists. This habit of restraint, born from the fear of imprisonment or enforced disappearance, has proven difficult to shake, even after the departure of the government that enacted the law. This enduring climate of fear means that a simple change in legislation does not automatically translate into a full restoration of media freedom. 

The threats to freedom of expression have also evolved and diversified beyond the single, central threat of the DSA. The post-July 2025 landscape has presented new challenges that highlight the fragility of the political transition. The interim government itself has engaged in actions that have raised serious concerns. The cancellation of press accreditations for 167 journalists without clear justification in November 2024 has been condemned by media watchdogs as an action that “encourages self-censorship” and risks “fostering a climate of exerting control” over the media. Furthermore, “extremely grave but baseless accusations” of killing protesters have been brought against nearly 140 journalists, with 25 facing charges of “crimes against humanity”.

This exertion of executive power demonstrates that while the old legal framework has been dismantled, the institutional capacity and willingness to arbitrarily target journalists remain. A parallel and equally concerning threat has emerged from non-state actors. In November 2024, protesters attacked the offices of prominent newspapers like The Daily Star and Prothom Alo, accusing them of being “agents of India” and promoting “anti-Islamic” ideals. These attacks were amplified by online “mob censorship” and social media smear campaigns, creating a new and dangerous form of intimidation. This shift illustrates a fundamental transformation in the nature of repression. Before July 2025, the primary antagonist was the state, acting through a specific law. In the post-July 2025 era, the threat landscape has become a multi-actor one, where the lingering effects of the old law are compounded by new arbitrary executive actions and the rise of violent, powerful non-state groups. 

Suggestion 

While the Cyber Security Ordinance 2025 represents a critical step forward, a number of significant challenges remain. The analysis of new proposed legislation, such as the Cyber Protection Ordinance (CPO) and the Personal Data Protection Ordinance (PDPO), reveals that the problem of ambiguous legal language has not been fully resolved. These drafts still rely on “undefined, ambiguous, and/or overbroad terms and provisions” that could be misinterpreted or abused to suppress dissent, particularly against marginalized communities and civil society. For example, terms such as “obscene video” and “cyber terrorism” are left vaguely defined, preserving a loophole for authorities to arbitrarily apply the law for political ends. 

Furthermore, the issue of independent oversight remains unaddressed. The DSA and CSA established government-controlled agencies which had sweeping powers and were not subject to robust, independent oversight. Human rights groups have emphasized that new frameworks must establish truly independent bodies for digital governance and data protection, free from government control and subject to public accountability and judicial review. The absence of such safeguards leaves the door open for continued abuse of power, even under a seemingly improved

legal framework. 

Conclusion 

The passage of the Cyber Security Ordinance 2025 represents a critical legal victory for digital rights in Bangladesh. It has provided a much-needed break from the repressive legacy of the Digital Security Act and the Cyber Security Act. However, a nuanced understanding of the post-July 2025 environment reveals that the struggle for freedom of expression is far from over. The lingering culture of self-censorship, combined with new arbitrary executive actions and threats from non-state actors, demonstrates that the problem extends beyond the letter of the law to a complex, multi-faceted reality. The path forward demands not only continued legal reform but also a fundamental commitment to institutional and societal change to secure a truly open and free digital future. 

Reference(S):

• ARTICLE 19, ‘Bangladesh: Digital laws must be transparent and protect free expression’ (ARTICLE 19, 25 February 2025) https://www.article19.org/resources/bangladesh-digital-laws-must-be-transparent-and-prot ect-free-expression/ accessed 1 September 2025. 
• Amnesty International, Bangladesh: Human Rights Under Attack (2024).
• Access Now, ARTICLE 19, Human Rights Watch, PEN International, Robert F. Kennedy Human Rights, and Tech Global Institute, ‘Joint Statement: Emerging Digital Laws in Bangladesh Raise Concerns’ (Human Rights Watch, 25 February 2025) https://www.hrw.org/news/2025/02/25/joint-statement-emerging-digital-laws-bangladesh accessed 1 September 2025. 
• ‘The PRC’s Evolving Cyber Laws and Implications for Southeast Asia’s Digital Economy and Integration’ (CSIS, 4 August 2025)https://www.csis.org/blogs/new-perspectives-asia/prcs-evolving-cyber-laws-and-implicatio ns-southeast-asias-digital accessed 1 September 2025. 
• ‘Bangladesh: UN report highlights repression by former government as journalists targeted and draft cybersecurity ordinance raises concerns’ (Civicus Monitor, 25 November 2024) https://monitor.civicus.org/explore/bangladesh-un-report-highlights-repression-by-former government-as-journalists-targeted-and-draft-cybersecurity-ordinance-raises-concerns/ accessed 1 September 2025. 
• ‘Cybersecurity law: 9 contentious sections shed’, The Daily Star (Dhaka, 6 May 2025) https://www.thedailystar.net/news/bangladesh/news/cybersecurity-law-9-contentious-secti ons-shed-3888196 accessed 1 September 2025. 
• ‘Digital Security Act, 2018’ (Wikipedia) https://en.wikipedia.org/wiki/Digital_Security_Act,_2018 accessed 1 September 2025.
•  Media Defence, ‘Cybercrimes in South and Southeast Asia’ (Media Defence, 2025) https://www.mediadefence.org/resource-hub/cybercrimes-south-southeast-asia/ accessed 1 September 2025. 
• Rajat Kumar, ‘Bangladesh’s Digital Security Act: Demise of Media Freedom?’ (Friedrich Naumann Foundation for Freedom, 17 January 2021) https://www.freiheit.org/bangladesh/bangladeshs-digital-security-act accessed 1 September 2025. 
• ‘Govt issues gazette of Cyber Security Ordinance’, Prothom Alo (22 May 2025) https://en.prothomalo.com/bangladesh/government/5gj5obvmuw accessed 1 September 2025. 
• Transparency International Bangladesh, Position Paper on Digital Security Act 2018 and Draft Cyber Security Act 2023 (2023). 
• ‘Defensive Journalism in Bangladesh: Consequences of the Digital Security Act 2018 on Journalistic Autonomy and Self-Censorship’ (2024) 12 Journal of Human Rights Practice4.