Staff Reporter:
The interim government has amended the Personal Data Protection Ordinance, 2025 to strengthen data security and make enforcement of the law more effective.
Under the amendment, it has been made mandatory to store a real-time copy of data related to Critical Information Infrastructure (CII) within Bangladesh.
A gazette notification in this regard was published on Thursday (5 Feb) by the Legislative and Parliamentary Affairs Division of the Ministry of Law, Justice and Parliamentary Affairs.
The information was confirmed on Saturday by the ministry’s Public Relations Officer Md Rezaul Karim.
The amended law will be known as the Personal Data Protection (Amendment) Ordinance, 2026 and will come into effect immediately.
The ordinance was promulgated by the president under the authority granted by Article 93(1) of the Constitution.
Significant changes have been introduced to Section 29 of the ordinance. According to the new provision, for entities designated as “Critical Information Infrastructure” under the Cyber Security Ordinance, 2025, at least one synchronised real-time copy of data stored in the cloud must be maintained within the geographical boundaries of Bangladesh.
The same requirement will also apply to restricted personal data.
Amendments have also been made to the penalty provisions outlined in Section 48 of the original ordinance (Ordinance No – 61 of 2025). Under the revised provision, the phrase “imprisonment or fine, or both” has been replaced with “fine” only for specified offences.
As a result, offences punishable under this section will now carry financial penalties only, removing provisions for imprisonment.
