According to the notification, the government has recently declared 29 government institutions including the office of the President and the Prime Minister as critical information infrastructure or CII (Critical Information Infrastructure) to protect sensitive and important information from cyber attacks.

Taking cyber security into account, the information and communication technology (ICT) division of the government has recently issued a notification declaring these institutions as CIIs under the provisions of Section 15 of the Digital Security Act-2018.

Financial sector regulatory bodies such as Bangladesh Bank, National Board of Revenue (NBR) and Bangladesh Securities and Exchange Commission (BSEC) are also listed in institutions declared as critical information infrastructure.

The list also includes Bridges Division, Department of Immigration and Passport, National Data Center and Bangladesh Computer Council, National Identity Registration Wing and Election Commission Secretariat, Biman Bangladesh Airlines, Bangladesh Power Development Board, Titas Gas Transmission and Distribution Company, Bangabandhu Satellite Company Limited and so on.

According to Section 16(1) of the Digital Security Act, the Director General of the Digital Security Agency shall inspect and monitor any important information infrastructure occasionally to ensure that the provisions of the Act are being properly followed. Unauthorised access to critical information infrastructure is punishable by imprisonment for up to seven years or a fine of up to Tk 2.5 million or both.

Illegal entry into the infrastructure and causing damage or attempting to cause damage is punishable with imprisonment for 14 years or a maximum fine of Tk 10 million or both. Apart from this, if a person commits such offence for the second time or further, there is a provision of imprisonment for life or with a fine not exceeding Tk 50 million or with both.

The editors’ council fears enlisting 29 government institutions as critical information infrastructures has violated the right of journalists to get information as all the 29 institutions are related to public interests. Due to this notification, reporters will not be able to get the relevant information if the concerned institutions fail to ensure public services and services, which is a threat to independent journalism. At the same time, this notification will encourage internal corruption, irregularities and lack of accountability in the concerned institutions. While right to information is presently recognised as a fundamental right under the Right to Information Act, the notification issued declaring 29 institutions as critical information infrastructure requires detailed clarification.

It is mentioned in the statement that the Digital Security Act-2018 is already creating obstacles to freedom of speech and free intellectual practice including in social media. Journalists, jurists, human rights activists, representatives of civil society and several government ministers and members of parliament have continued to express various suggestions, recommendations and concerns about the changes, modifications, additions and subtraction to the law.

Earlier, the Editors’ Council had issued a statement expressing concern about the amendment of the Press Council Act without consulting with the stakeholders.