In response to objections raised by conscious citizens, several aspects of the Cyber Protection Ordinance 2025 have been amended, and new provisions have been added. The ordinance, which is set to replace the Cyber Security Act 2023, marks the government’s next step towards enhancing digital governance. On Wednesday afternoon, ICT Secretary Shish Haider Chowdhury is scheduled to brief the media about the revised ordinance at the ICT Tower.
A review of the finalized draft reveals significant updates, including the removal of Section 27 on anti-terrorism provisions, while adding clauses addressing sexual harassment. Cyberbullying has been excluded from the ordinance. Additionally, a new sub-clause under Section 8(3) mandates the public disclosure of information regarding blocked content for transparency.
The ordinance also introduces measures to limit unilateral authority. The Director General of the National Cyber Security Council will now have reduced powers, with provisions to co-opt private-sector experts and representatives from civil society through a gazette notification. This move ensures greater inclusivity by allowing citizen representation in the council.
In light of widespread criticism, provisions for the seizure of digital devices used in cybercrimes now require the seized items to be presented in court within 24 hours. The scope for warrantless arrests has been narrowed to apply only in cases involving hacking of Critical Information Infrastructure (CII). Furthermore, under Section 36, police officers are now required to provide written justification for any seizures they make.
Other notable updates include criminalizing the distortion of national identification cards and broadening punishable offenses to include the dissemination of hate speech and incitement against religious or ethnic groups.
The revisions aim to strike a balance between robust cyber protection and safeguarding civil liberties while incorporating recommendations from various stakeholders.