Make ICT policy a priority, not a side show

In the first days of a new government, it is always the immediate anxieties that set the tone. People want to know whether the streets will be calmer, whether corruption will loosen its grip, or whether the price of essentials will hold steady. Prime Minister Tarique Rahman has already addressed these concerns. However, the government’s real challenge in the long term will be to prove that its ministerial portfolios are fit to withstand the test of time, and few matter more than the ICT portfolio, which feels sidelined in high-level conversations about growth, reforms, and good governance.

Tech policies are no longer a side project on the global stage. Today, they increasingly determine how economies compete, how states protect critical systems, how businesses handle data, and how safely citizens can speak and organise online. Countries that treat this brief as an afterthought do not get to opt out; they simply end up living under rules written elsewhere.

Yet our tech governance has too often followed a familiar script: heavy compliance burdens, weak incentives for risk-taking, and a preference for control over capability. Public benefit has remained limited because the state has consistently failed to build the institutional competence that a fast-moving, high-stakes sector demands. The digital economy has grown nonetheless, driven by entrepreneurs and firms operating despite policy rather than because of it.

In a fast-moving policy landscape, delay is often punished. By the time a state realises a law is unworkable, or that a regulatory approach has fallen behind, the world may have already moved on. Standards shift, supply chains relocate, platforms change their enforcement, and what once looked manageable becomes expensive to repair. Bangladesh has already paid some of that price in the past.

Enforcement of regulatory frameworks such as the Digital Security Act, 2018 and the Cyber Security Act, 2023 has repeatedly attracted controversy, while reports of data leaks and breaches have periodically jolted the public. These episodes make headlines, then fade, which points to a deeper problem—a troubling approach to tech policy that seems more comfortable asserting authority than building competence, more inclined towards restrictive law than enforceable standards, and more willing to treat the ICT portfolio as a political instrument rather than a governance discipline.

What is striking here is how often the scale of harm is underestimated. Digital systems sit inside everyday routines, so the consequences of database leaks are not abstract; they are felt in real life. When digital laws are loosely drafted or unpredictably enforced, the impact is felt through fear, self-censorship, and a loss of trust in institutions. The effects also travel beyond borders, shaping how Bangladesh is judged by investors, platforms, partners, and the wider world.

The interim government’s attempt to undo years of damage in the digital policy sector often risked reproducing the same weaknesses. Rights groups repeatedly urged the administration to stop fast-tracking sweeping digital ordinances and to adopt transparent, inclusive, realistic and evidence-based lawmaking. Some of those concerns were addressed, however, most were not.

Can the new government’s ICT portfolio, led by Fakir Mahbub Anam, avoid repeating that cycle? It can, but only if it trades reform maximalism for implementable competence.

The first cultural shift this portfolio demands is intellectual humility, particularly from ministers and senior officials who may be tempted to treat digital governance as an extension of conventional bureaucracy. In tech policy, much of the most consequential knowledge sits outside the state—in start-ups, telecom operators, universities, civil society, diaspora networks, and the engineers who actually build systems. If consultation is reduced to a box-ticking exercise, policy will again be captured by incumbents, blindsided by technical realities, or rejected by the public.

What’s needed instead is the boring, discipline-building work: publishing draft laws well ahead of passage, responding to critiques in time, clearly explaining which suggestions were accepted and why others were not, and creating structured channels for public input. In a country where mistrust of state intent around digital rules is high, transparency across the legislative process is paramount.

The second change needed is to stop pretending that rights and security sit at opposite ends of a seesaw. Bangladesh has long lived with the consequences of weak cyber hygiene and poor data governance. It doesn’t need broader oversight powers, vaguer offences, or more discretionary enforcement. What’s needed is enforceable standards, clearer accountability, and independent oversight that gives citizens and investors the confidence that security policy is not a euphemism for control.

A credible, modern ICT portfolio would prioritise three things at once: operational security, legal clarity, and public legitimacy. That requires an enforceable data protection regime suited to a services economy, alongside serious investment in government-wide security standards, incident response capacity, and basic digital hygiene training for officials. It also requires recognising that cybersecurity is not a single ministry’s project. It is a whole-of-government discipline, with clear audit requirements, procurement rules, and consequences for negligence.

Previous governments had a habit of announcing the future in slogans while leaving the present untouched. This government should resist that temptation, particularly on emerging technologies such as AI. A national launch of “AI revolution” may generate headlines; it will not, on its own, generate trust or capability.

Any good policy should take inspiration from global best practice. But that should not mean copying just about any foreign model. Bangladesh’s context is its own. It is densely populated, overwhelmingly young, anchored by a major garments export sector, increasingly shaped by a growing start-up ecosystem, and still recovering politically from a tumultuous period. The point here is to understand the trade-offs embedded in global models of tech governance and to build a Bangladeshi approach that is realistic, grounded, enforceable and credible.

The most important cultural change, however, must be internal. Digital capacity across the country remains uneven, so there is no alternative to sustained training, proper incentives, and real accountability. Officials responsible for sensitive systems must grasp the basics of cyber hygiene—phishing awareness, access controls, credential management, data minimisation—because ignorance or lack of awareness can easily lead to leaks, outages, and national embarrassment.

None of this transformation will be easy. That is precisely why the ICT portfolio is one of the most difficult jobs in government. It sits at the intersection of commerce and sovereignty, growth and rights, security and openness. Bangladesh cannot afford to treat it as just a platform for announcements, optics, and slogans. The priority must be the hard governance of the infrastructure and rules that increasingly determine national power.

The warnings from our past missteps are written in plain sight. The question for Tarique Rahman’s government is whether it reads them as history, or as a manual.

Zarif Faiaz is editor of the Tech & Startup section at The Daily Star and a research fellow at Tech Global Institute. He can be reached at faiaz@thedailystar.net.

Views expressed in this article are the author's own. 

Follow The Daily Star Opinion on Facebook for the latest opinions, commentaries, and analyses by experts and professionals. To contribute your article or letter to The Daily Star Opinion, see our guidelines for submission.