Bangladesh Interim Government’s “Right” to Uninterrupted Internet Access is a Sham

On December 24, 2025, the Council of Advisors of Bangladesh’s Interim Government approved the draft Cyber Security Ordinance 2024, bringing an anticlimactic end to a highly anticipated reform. The draft Ordinance will replace the authoritarian Cyber Security Act 2023 and is currently in the final stages before its promulgation as law by the President. While the final version of the Ordinance is – as of yet – unpublished, copies of it have been circulated internally amongst selective stakeholder groups, and a general sense of discontent is already on the rise.

The proposed Ordinance has been criticized for largely mimicking the broad scope and criminal liability regime of its predecessors – the Cyber Security Act (CSA) 2023 and Digital Security Act (DSA) 2018. Both laws were passed under the recently ousted Awami League regime and had become central tools for state repression and surveillance for nearly five years. The draft has also come under fire due to the definitional ambiguity surrounding categories of restricted speech, broad police investigatory powers, as well as the authorization of a new government agency (the National Cyber Security Agency) to moderate content under provisions similar to those which enabled the Bangladesh Telecommunications Regulatory Commission (BTRC) to arbitrarily order content restriction and removal in the past.

Nevertheless, members of the interim government claim to have achieved major successes with the Cyber Security Ordinance, one of which is the introduction of a new “right” to uninterrupted internet access as part of the definition of “cyber security.” The “right” was instituted in response to popular demand in the aftermath of the Monsoon Revolution in Bangladesh. Between July and August of last year, the Awami League-led government weaponized a series of internet shutdowns to carry out large-scale killings and human rights violations, revealing to the public the significance of internet shutdowns as a threat to a free society. It also exposed how the former regime had systematically centralized control over national digital infrastructure over the last decade to exercise absolute unaccountable power, which enabled it to arbitrarily and extralegally order network shutdowns. Over 34 shutdowns have been documented since 2012, and we are aware of evidence that suggests they were disproportionately ordered by the authorities through phone calls and WhatsApp messages, including in July and August last year, which may have helped conceal responsibility for such orders.

Once promulgated, the new Ordinance will confirm whether the Interim Government is genuinely committed to protecting the people of Bangladesh against future abuses of internet shutdowns. At this stage, however, the “right” to uninterrupted internet access in the draft Ordinance appears to have little legal force, nor is it accompanied by an institutional framework that can oversee and ensure respect for democratic accountability in the context of Bangladesh.

What is the proposed “right” and what legal impact could it have?

The new “right” appears only once in the draft Ordinance. This is in the definitions section (s. 2), specifically under the definition of the phrase “cyber security” (s. 2(1)(ভ)), which stipulates, in part, that for the purposes of the Ordinance, cybersecurity “shall … include the right of citizens to access the internet at all times.” However, the definitions section of a law has no independent legal effect. A definition gains legal force only when the term defined is used in a provision that creates a binding legal rule. Importantly, it is the definition as a whole that becomes effective in this way. In the present case, the “right” is combined with all the other (technical) elements listed in the definition to establish the legal meaning of “cyber security.” That meaning is what is then applied in whatever way the use of the term determines.

This conditional legal effect is far too weak to create a proper right in law, which is why definitions sections are almost never used for this. Usually, a substantive provision of a law establishes a right and defines its content and holder – e.g. s. 12(1) of the Representation of the People Order 1972: “[a]ny elector of a constituency may propose … for election to that constituency, the name of any person qualified to be a[n MP].” A similarly specific legal rule would be needed if the idea was to achieve the goal by establishing a duty for the state. The draft Ordinance’s element-in-a-definition is worlds apart from such serious options; put bluntly, it is not a real legal right in any meaningful sense of the word.

What is its actual legal impact, then? This turns entirely on the use of the term “cyber security” elsewhere in the Ordinance, and the picture that emerges from those provisions is one of the minor improvements at best, which are far from certain to come about. The area in which the “right” might make the greatest difference concerns the National Cyber Security Council, a body of ministers, senior civil servants and intelligence officials that the draft Ordinance establishes and vests with a broad policy-making role. Some of the powers of the Council include the authority to “determin[e] inter-institutional policies for ensuring cyber security” (s. 13(2)(গ)) and “provid[e] necessary directions for redressing cyber security threats” (s. 13(2)(ক)). Any policy or direction under these sections in which the Council attempts to obstruct the public’s internet access is thereby unlawful, as is any action taken to carry it out, because such an act cannot possibly “redress threats against” or “ensure” cybersecurity given the fact that the latter “include[s] … the right of citizens to access the internet at all times.” This creates an unambiguous prohibition on internet shutdowns, so theoretically the Council should never attempt to breach it. Still, the recent history of Bangladesh shows clear evidence of executive overreach of digital communications.

Over the course of its 16-year tenure, the Awami League government strategically consolidated control over private and multinational providers of internet and telecommunications services and curtailed the independence of the national telecom regulator as a statutory body. This enabled politicians and security officials to directly and arbitrarily order network shutdowns, as was the case in July 2024. A lack of due process or oversight previously obstructed legal accountability, and this is unlikely to change with the draft Ordinance, which reinforces – and institutionalizes – the very structures that enabled the abuse of power, this time with the Council as its centerpiece.

Nevertheless, if the Council does abuse its s. 13(2)(গ) or (ক) powers to obstruct internet access, its action could potentially be challenged in the courts. This is by no means an easy course, but it is a feasible one. Cases could be brought by virtually anyone as a public-interest litigant. As outlined above, the language of the Ordinance is very clear; these powers cannot be used to deny internet access, and no good-faith judge could interpret them otherwise.

These sections are, however, only one source of government power, and beyond them, the influence of the “right” becomes much weaker and entirely dependent on judicial interpretation. It has the greatest chance of becoming relevant if a government attempts to use its power to make regulations under s. 49 of the draft Ordinance to obstruct internet access. There is no state power to shut down or slow down the internet under Bangladeshi law (the AL did not bother with formal legality), but a government hostile to digital rights might want to create one in the future. It could look to do so through s. 49 of the Cyber Security Ordinance, since this law will regulate the field as a whole. The “right” to internet access could, then, be invoked to challenge any resulting regulation as violating the Ordinance on which it is based. This is because s. 49 stipulates that the power to make regulations is granted “[f]or achieving the objectives of this Ordinance.” The preamble lists “ensuring cyber security” as one of the Ordinance’s main objectives, and “cyber security” has to be read as including the “right.” A strong argument can be made that a regulation that obstructs internet access would not be “made for achieving the objectives of [the] Ordinance” and, therefore, could not be made using the s. 49 power. However, whether such an argument succeeds depends on the assessment of the judge(s) before whom any such case comes.

Outside the confines of the Ordinance itself, the “right” essentially vanishes. A government could sidestep s. 49 and use a power to make regulations under another law to give itself shutdown powers. (A provision used for this in India, s. 7 of the Telegraph Act 1885, also exists in Bangladesh.) The regulations would only have to comply with the law under which they are made and with the Constitution. The “right” in the Ordinance would be all but irrelevant; at best, it could play a minor persuasive role in court arguments about the general trend of Bangladeshi law. Finally, the “right” would be completely irrelevant if any new Ordinance of the President or Act of Parliament departs from it and restricts internet access.

The continued necessity of reform

The interim government’s proposed “right,” then, is not a significant positive achievement within an otherwise faulty reform. In the ways explained above, s. 2(1)(ভ) does or could bring some minor positive changes. But it is not a real right and not a serious attempt to prevent internet shutdowns from ever recurring. This aspect of the draft Ordinance is exactly the same as its overall pattern - an unaccountable security state is allowed to remain in place and to hold vast powers over citizens, while minor changes obscure this essential fact. The people of Bangladesh will not have a real, practically effective right to access the internet at all times, until and unless genuine reform takes place. Such a reform will need to address the core of the problem – the power of the state in the digital sphere must decrease enormously, and its approach to digital issues must be fundamentally transformed from draconian obsession with control to reasonable regulation of the public sphere of a free society.