How to ensure publicly funded software serves the public

Bangladesh has taken a bold step in declaring that software developed with public funds will be treated as a national asset. The ICT Division's draft National Source Code Policy 2025, with its tagline "Public Money, Public Code," seeks to embed ownership, transparency, security, and reusability into the country's digital governance. It is a visionary initiative, but one that requires careful scrutiny.

The policy applies to all software systems, applications, Application Programming Interfaces (APIs), and digital services developed or acquired through the national budget, foreign loans, or donor financing under government projects. It is mandatory for ministries, departments, statutory bodies, and autonomous and semi-autonomous organisations. At its core, the policy requires that all source code be deposited in a central repository managed by the Bangladesh Computer Council. No software can be deployed in production until its code is stored there, ensuring traceability, auditability, and security. It also introduces the principle of "Reuse First," obliging agencies to reuse existing solutions before developing new ones and to justify in writing if reuse is not possible. Most significantly, the policy declares that government-owned source code will be open by default, unless exempted for national security, defence, or privacy reasons. Even exempted systems must be registered and reviewed periodically.

The merits of this approach are clear. Transparency will allow citizens to see how public money is spent and what code is produced. Reusability will save costs and prevent duplication. Security will be strengthened through centralised oversight, vulnerability scanning, and licence compliance. Innovation will be encouraged as open code fosters collaboration between government, academia, and industry. In many ways, the policy aligns Bangladesh with broader international movements towards open-source and public-code principles. India's open source policy encourages government adoption of open source software, and European Union institutions have open source software strategies and collaborative platforms that promote sharing and reuse of publicly developed code and software.

Nevertheless, risks remain. Many agencies lack skilled developers to follow secure coding guidelines and Continuous Integration/Continuous Delivery (CI/CD) pipelines, raising the danger of superficial compliance. Over-centralisation could create bottlenecks and reduce agility. Exemptions for national security may be overused, thereby undermining transparency and openness. Contractors may resist open licensing, fearing the loss of commercial advantage. And without proper documentation, open code risks becoming "abandonware"—technically open but practically unusable.

Bangladesh has already seen how fragile digital governance can be when national databases are mismanaged. In 2023, a major breach exposed the data of over five crore citizens, shaking public trust in digital systems. That episode serves as a cautionary reminder: openness alone is not enough. Without strong documentation, oversight, and security protocols, even well-intentioned initiatives can falter and compromise national assets.

Bangladesh can learn from global experiences. The European Union emphasises documentation and community support, recognising that open code without documentation is meaningless. South Korea integrates open-source adoption with strict security audits, showing that openness must be paired with cybersecurity rigour. Singapore's GovTech runs a government technology stack where reusable components are shared across ministries, proving the importance of modular design and developer training. In the Global South, countries like Brazil and Kenya have adopted public code principles but struggled with sustainability, as projects often collapse after donor funding ends. Bangladesh must ensure long-term maintenance budgets and community engagement.

To make the policy effective, Bangladesh must invest in capacity building, training developers and auditors in secure coding and open-source practices. Documentation standards must be mandated, ensuring that code is not just open but usable. While a central repository is useful, agencies should retain autonomy to manage linked sub-repositories to avoid bottlenecks. Exemptions must be clearly defined and independently overseen. Contractors should be incentivised to contribute to open code through recognition and reuse credits. Sustainability must be ensured through dedicated budgets for maintenance and updates. Finally, Bangladesh should build global partnerships with Japan, Korea, and Singapore to adopt best practices and strengthen regional networks for open government software.

The draft National Source Code Policy 2025 is visionary in recognising that software built with public money is a public asset. It seeks to embed transparency, security, and reusability into the DNA of Bangladesh's digital governance. But vision must be matched with capacity, clarity, and sustainability. Without training, documentation, and oversight, the policy risks becoming symbolic rather than transformative. By learning from international experiences and adapting them to local realities, Bangladesh can turn "Public Money, Public Code" from a slogan into a civic contract. If implemented wisely, it can transform Bangladesh's digital infrastructure into a true national asset, serving not just the government, but the people whose money built it.

Sahadat Hossain is a business consultant and ICT strategist. He can be reached at hisahadan@gmail.com.
 

Views expressed in this article are the author's own. 

Follow The Daily Star Opinion on Facebook for the latest opinions, commentaries, and analyses by experts and professionals. To contribute your article or letter to The Daily Star Opinion, see our guidelines for submission.