29 Organisations Listed As ‘Critical Information Infrastructure’ under DSA

The ICT Division on Monday declared 29 organisations as ‘critical information infrastructure’ under the Digital Security Act for the safety of sensitive data under which any illegal access to computers, digital devices or networks is a punishable offence.

‘Critical information infrastructure’ in the controversial Act means any external or virtual information infrastructure declared by the government that controls, processes, circulates or preserves any information-data or electronic information and, if damaged or critically affected, may adversely affect public safety or financial security or public health and national security or national integrity or sovereignty.

Section 15 of the Digital Security Act authorizes the government to declare any computer system, network or information infrastructure as ‘critical information infrastructure”.

The law states anyone causing or trying to cause damage to a critical information structure or render it inactive intentionally through illegal access will be doing an offence.

It defines illegal access as “making or abetting to make illegal access to any computer, computer system or computer network” and “making or abetting to make illegal access with intent to commit an offence”.

Such an offence will be punished with imprisonment for a maximum term of seven years, or a fine not exceeding Tk 2.5 million, or both.

Accessing the systems illegally with the intent of harming it will carry a prison term for a maximum of 14 years, or a fine not exceeding Tk 10 million, or both.

A second or further attempt to breach the system illegally will be met with imprisonment for life, or fine not exceeding Tk 50 million, or both.

Journalists’ groups, human rights organisations including Human Rights Watch and Amnesty International have criticised the Digital Security Act and said it would stifle freedom of expression, but the government says it is needed to protect people’s privacy and sensitive data that matters to the country.

In a notice issued by the ICT Division on Monday listed the following organisations under the ‘critical information infrastructure’.

President’s office

Prime Minister's Office

National Board of Revenue

Bangladesh Data Center Company Ltd

Bridges Division

Department of Immigration and Passports

National Data Center of Bangladesh Computer Council

Bangladesh Telecommunication Regulatory Commission

National Identity Registration Wing of Election Commission Secretariat

Central Procurement Technical Unit

Rooppur Nuclear Power Plant Establishment Project

Biman Bangladesh Airlines

Immigration Police

Bangladesh Telecommunication Company Ltd

Bangladesh Water Development Board

Power Grid Company of Bangladesh

Titas Gas Transmission and Distribution Company Ltd

Bangabandhu Satellite Company Ltd

Civil Aviation Authority Bangladesh

Birth and Death Registration unit of the Office of the Registrar General

Bangladesh Bank

Sonali Bank

Agrani Bank

Janata Bank

Rupali Bank

Central Depository Bangladesh Ltd

Bangladesh Securities and Exchange Commission

Dhaka Stock Exchange

Chattogram Stock Exchange