In October 2025, the world adopted its first global treaty against cybercrime in Hanoi. By early 2026, 76 countries including the European Union had already signed the United Nations Convention against Cybercrime. The treaty remains open for signature until 31 December 2026. Bangladesh still has time to decide whether it wants to join the global framework against cybercrime.
Bangladesh has more than 82 million internet users by late 2025, while smartphone use and digital transactions continue to rise. Services such as bKash, Nagad, and Rocket process millions of transactions every day. Government services and businesses increasingly depend on digital systems. The same transformation has also produced a sharp rise in cybercrime.
A recent study by Cyber Crime Awareness Foundation (CCAF) found that cybercrime incidents more than doubled within a single year. Social media and online account hacking accounted for 21 percent of reported cases, while 59 percent of victims were women. Complaints involving online fraud, blackmail, phishing, identity theft, hacking, mobile financial scams and digital harassment are rising. According to Cyber Security Report 2026, there are 18% increase in cyber-attacks over year globally. In addition, there are 48% increase in ransomware activity.
Bangladesh already knows how destructive international cybercrime can be. In 2016, hackers stole about 101 million US dollars from Bangladesh Bank’s account at the Federal Reserve Bank of New York. Most of the money disappeared abroad, and only 15 million US dollars could be recovered. The case exposed a major weakness in the cyberspace. Cybercriminals can move money, data, and evidence across borders within seconds.
This is exactly the problem the UN Convention is designed to solve. Articles 23 and 40 to 46 establish mechanisms for mutual legal assistance which allows states to preserve, collect, and exchange electronic evidence quickly. Article 41 requires every member state to maintain a 24/7 contact point for urgent cybercrime cooperation. Article 42 allows authorities to request the rapid preservation of electronic data before criminals erase or manipulate it. Articles 31, 49, 50, and 52 create procedures for tracing, freezing, confiscating, and returning stolen criminal proceeds across borders.
For Bangladesh, these provisions are not abstract legal language. They could directly strengthen investigations into banking fraud, ransomware attacks, cross-border hacking, cryptocurrency scams, and organized cybercrime networks. The Convention would also improve cooperation with foreign governments, foreign agencies and technology companies holding crucial digital evidence.
The treaty is equally important for protecting ordinary citizens. Articles 14 and 15 require states to criminalize online child sexual abuse material and online grooming. Article 16 addresses the non-consensual sharing of intimate images, a growing problem that disproportionately harms women and girls. Article 34 obliges states to provide assistance, protection, and psychological support for victims. In Bangladesh, many victims of online harassment avoid reporting crimes because of fear, stigma, and social pressure. Stronger legal protections and international cooperation could help victims seek justice more safely and effectively.
The Convention also recognizes the needs of developing countries. Articles 54 and 56 emphasize technical assistance, training, capacity-building, and technology transfer for states with limited resources. Bangladesh still faces shortages of trained digital forensic experts, cyber investigators, prosecutors, and judges familiar with electronic evidence. Law enforcement agencies often struggle to investigate sophisticated cybercrimes involving encrypted systems and foreign servers. By signing the Convention, Bangladesh would gain formal access to all the supports.
Importantly, joining the Convention also fits Bangladesh’s current legal direction. The country has already introduced new cyber legislation and data protection reforms, including the Cyber Protection Act 2026 and the Personal Data Protection Act 2026. Bangladesh Bank has also adopted cybersecurity frameworks for financial institutions. These reforms show that Bangladesh understands the importance of cybersecurity, digital governance, and data protection. Signing the Convention would align these domestic efforts with international standards and make foreign cooperation easier and more credible.
However, Bangladesh should not sign the Convention blindly. The first concern comes from Articles 23 and 35. At first glance, these articles appear useful because they allow countries to cooperate quickly in cybercrime investigations and share electronic evidence across borders. But the problem is that the treaty does not limit this cooperation only to major cybercrimes like hacking, ransomware, or financial fraud. Instead, it expands cooperation to “serious crimes,” which the Convention defines very broadly. Under Article 2, any offence punishable by four years or more in prison can fall within this category.
This is a concern for Bangladesh. Different countries criminalize different types of behavior. Something that is legal or protected in Bangladesh may be treated as a serious offence somewhere else. Under these broad provisions, foreign governments could ask Bangladeshi authorities or technology companies for user data, messages, location records, or online activity connected to investigations abroad. Without strong local protections, Bangladesh’s own digital systems could end up being used to assist politically motivated investigations or controversial prosecutions in other countries.
The second major concern involves Articles 24 and 40. Traditionally, international legal cooperation works through something called “dual criminality.” This means one country can refuse to cooperate if the alleged act is not considered a crime under its own laws. That principal acts as a basic protection for sovereignty and civil liberties.
However, Article 40 weakens this safeguard by making cross-border cooperation much easier, especially for electronic evidence. At the same time, Article 24 talks about safeguards and protections, but leaves most of those protections to domestic law. The Convention does not force all countries to maintain the same high standards of judicial oversight, privacy protection, or independent review.
This matters greatly for Bangladesh because strong protections on paper are not enough. If another country sends a request for digital evidence, Bangladeshi authorities must have clear legal systems to review whether the request is lawful, necessary, and proportionate before sharing any citizen data.
The third concern relates to Articles 28 and 29, which deal with search powers, real-time monitoring, and technical assistance. These provisions allow authorities to collect digital traffic data and, in some cases, intercept communications during investigations. More importantly, Article 28(4) allows governments to compel individuals or technology workers to provide “necessary information” to help authorities access systems or encrypted data.
This creates serious risks for Bangladesh’s growing technology sector. If these powers are implemented carelessly, software engineers, cybersecurity experts, or platform employees could face pressure to weaken digital security systems or create “backdoors” into encrypted services. Such measures could damage Bangladesh’s emerging digital economy.
For this reason, Bangladesh must adopt very clear domestic safeguards before implementing these parts of the Convention. The government should publicly clarify that international cooperation will never require local companies to weaken commercial encryption, compromise source codes, or create secret surveillance tools. Any request involving interception or technical assistance should require judicial approval and strict oversight.
These concerns do not mean Bangladesh should reject the Convention. Cybercrime is now global, and no country can fight it alone. Bangladesh needs faster cooperation to investigate online fraud, ransomware, hacking, financial theft, and child exploitation. The Convention provides valuable tools for evidence-sharing, asset recovery, and international coordination. But cooperation must never come at the cost of privacy, free expression, or digital security.
In conclusion, the real challenge is balance. Bangladesh should sign the UN Convention against Cybercrime before the December 2026 deadline. But it should do so responsibly and with full awareness of its limitations. The treaty offers faster international cooperation, stronger victim protection, better cybercrime investigations, and valuable technical assistance. At the same time, Bangladesh must ensure that powers designed to catch criminals are never quietly turned against its own citizens.
Md Mazhar Uddin Bhuiyan is an Oxford-Felix scholar and Master of Public Policy candidate at the University of Oxford. He can be reached at: [email protected].
Disclaimer: The views and opinions expressed in this article are those of the author and do not necessarily reflect the opinions and views of The Business Standard.
Click Here For The Original Source.
