Bangladesh Recording Laws: All-Party Consent Rules and Penalties (2026)

Quick Answer: Is Bangladesh All-Party Consent for Recording?

Bangladesh is an all-party consent jurisdiction. Under Section 71 of the Telecommunication Act 2001 (Act No. XVIII of 2001), intentionally intercepting the telephone conversations of two other persons is a criminal offense punishable by up to two years' imprisonment, a fine of up to five crore taka, or both. Article 43 of the Constitution of Bangladesh extends this protection to all means of communication, including digital platforms, messaging applications, and in-person conversations in private settings. No single comprehensive recording statute consolidates all rules in one place. The all-party consent requirement instead emerges from the combined operation of the Constitution, the Penal Code 1860, the Telecommunication Act 2001, the ICT Act 2006, and the Cyber Security Ordinance 2025. The practical rule for anyone in Bangladesh is: obtain clear, affirmative consent from every party before recording any conversation, whether by phone, in person, or through any digital channel.

For individuals navigating world recording laws, Bangladesh sits firmly in the all-party consent category alongside countries such as Australia and Germany.

Constitutional Foundation: Article 43

The right to privacy of communication in Bangladesh begins with the Constitution. Article 43 of the Constitution of the People's Republic of Bangladesh provides the foundational protection upon which all subsequent recording statutes rest.

Text and Scope of Article 43

Article 43 states that every citizen shall have the right, subject to any reasonable restrictions imposed by law in the interests of the security of the State, public order, public morality, or public health:

• To be secured in his home against entry, search, and seizure
• To the privacy of his correspondence and other means of communication

This article falls within Part III of the Constitution, which contains the Fundamental Rights of Bangladeshi citizens. Because Article 43 is a fundamental right, any law that violates it can be challenged in the High Court Division of the Supreme Court of Bangladesh.

Judicial Interpretation

Bangladesh courts have interpreted Article 43 broadly. In The State and Others v. Oli and Others [2019], a judge of the High Court Division of the Supreme Court observed that citizens' right to privacy in correspondence and other means of communication is guaranteed under Article 43 and "cannot be easily violated at the instance of any interested quarter." The court found that the routine collection of call details and audio records from telecommunications providers by state agencies, without warrant or knowledge of the affected customers, constituted a breach of fundamental rights under Article 43.

The phrase "other means of communication" has been interpreted to cover modern communication technologies including emails, text messages, social media messages, and voice or video calls conducted through digital platforms.

Permitted Restrictions

Article 43 is not absolute. The Constitution permits reasonable restrictions imposed by law in four specific circumstances:

• Security of the State
• Public order
• Public morality
• Public health

These exceptions provide the constitutional basis for government surveillance powers granted under the Telecommunication Act 2001 and subsequent legislation. Any restriction must be enacted through formal law and must meet the standard of reasonableness.

Penal Code 1860 and Evidence Act Framework

Before the Telecommunication Act 2001 created a dedicated interception offense, the Penal Code 1860 (Act No. XLV of 1860) provided the foundational criminal-law basis for privacy protection in Bangladesh. The Penal Code remains in force today alongside newer statutes.

Criminal Breach of Trust Under Sections 405 to 409

Sections 405, 407, 408, and 409 of the Penal Code penalize the violation of privacy through criminal breach of trust. Section 405 defines criminal breach of trust as dishonest misappropriation or disposal of property entrusted to a person in violation of any direction of law. Courts and legal commentators have applied these provisions to private communications that a person received in confidence and then disclosed or recorded without authorization.

Section 409 provides an enhanced penalty when the breach of trust is committed by a public servant, banker, merchant, or agent, with imprisonment of up to 10 years and a fine. This provision is relevant where a government official or telecommunication employee unlawfully records or discloses private communications.

Evidence Act 1872: Disclosure Without Consent

Sections 122, 124, 126, 127, and 129 of the Evidence Act 1872 independently recognize the right to privacy regarding the disclosure of information without consent or authorization. Section 122 protects communications made during marriage; Section 126 protects communications between advocate and client; Section 129 protects confidential communications with legal advisers. While these provisions protect specific privileged relationships, they signal a broader principle: that unauthorized disclosure of private communications can render information inadmissible and create legal liability for the disclosing party.

Voyeurism and Covert Intimate Recording

Bangladesh has not adopted a standalone voyeurism provision equivalent to Section 354C added to the Indian Penal Code in 2013. Instead, covert recording of intimate acts in Bangladesh is prosecuted under the Pornography Control Act 2012, which prohibits producing, distributing, or possessing pornographic material. The Cyber Security Ordinance 2025, Section 25, extended coverage to AI-generated and digitally distributed intimate content. Section 509 of the Penal Code (as amended in 1991) addresses words or acts intended to insult the modesty of a woman, including intruding upon her privacy, with imprisonment up to one year or fine or both.

The Telecommunication Act 2001: Core Recording Prohibition

The Bangladesh Telecommunication Act 2001 (Act No. XVIII of 2001) is the primary statute governing the interception and recording of telephone communications. Section 71 contains the central criminal prohibition.

Section 71: Eavesdropping Offense

Section 71 of the Act states that if a person intentionally intercepts the telephone conversations of two other persons, that act constitutes an offense. The provision targets any unauthorized capture of communications between parties who have not consented to being recorded.

The original penalties under Section 71 are:

• Imprisonment for a term not exceeding 2 years
• Fine not exceeding 5 crore taka (approximately USD 420,000 at current rates)
• Or both imprisonment and fine

The Telecommunication (Amendment) Ordinance 2025 revised Section 71 to increase penalties for unauthorized interception or misuse of intercepted data to imprisonment up to 5 years and a fine of up to 1 crore taka, or both. The revised Section 71 also makes misuse of SIM registration data or device registration data to surveil or harass individuals a specifically punishable offense.

2007 Amendment: Government Agency Exemptions

Section 71 was amended in 2007 to add a proviso exempting specified government agencies from the eavesdropping prohibition. The following entities are excluded from Section 71 restrictions when duly authorized by the government:

• Government intelligence agencies
• Law enforcement agencies
• National security agencies
• Investigation agencies

This exemption operates in conjunction with Section 97 of the Act, which establishes the framework for government interception authority.

Section 97: Government Surveillance Authority

Section 97(Ka) of the Telecommunication Act grants the government authority to empower specified agencies to conduct surveillance on grounds of national security and public order. Under this provision, authorized agencies may:

• Suspend or prohibit the transmission of any data or voice call
• Record or collect user information relating to any telecommunications subscriber
• Monitor communications for purposes related to state security

The Bangladesh Telecommunication Regulatory Commission (BTRC) oversees licensed telecommunications service providers and may require them to cooperate with lawful interception requests from authorized agencies.

Telecom Service Providers

Telecommunications service providers regulated by the BTRC may retain call data records for regulatory and billing purposes, but recording the content of calls requires legal authorization. Under the Telecommunication Amendment Ordinance 2025, service providers may be required to install monitoring equipment and provide technical assistance to the Centre for Information Support (CIS) when conducting authorized lawful interceptions.

ICT Act 2006: Digital Communication Privacy

The Information and Communication Technology Act 2006 (Act No. 39 of 2006) extended privacy protections into the digital communication sphere. While parts of the Act have been superseded by newer legislation, Section 63 remains in force.

Section 63: Confidentiality of Correspondence

Section 63 of the ICT Act 2006 makes it illegal to disclose to another person any correspondence, information, or material without the consent of the person concerned. This provision applies to all forms of electronic communication and personal information. It reinforces the all-party consent standard by criminalizing not only the act of recording but also the subsequent disclosure of recorded material.

The penalty for violating Section 63 is:

• Imprisonment for a term which may extend to 2 years
• Fine which may extend to 2 lakh taka (approximately USD 1,650 at current exchange rates)
• Or both imprisonment and fine

Sections Superseded by Later Legislation

Section 57 of the ICT Act 2006, which criminalized the publication of material deemed to defame or harm religious feelings, was effectively replaced when the Digital Security Act 2018 absorbed and expanded its scope. The Cyber Security Ordinance 2025 subsequently removed several of the DSA-derived provisions. Practitioners should verify which ICT Act provisions remain operative against the current landscape of digital legislation.

From Digital Security Act 2018 to Cyber Security Ordinance 2025

Bangladesh's digital privacy and cybercrime legislation has undergone three major transitions since 2018. Understanding this progression is essential for anyone navigating the current legal framework.

Digital Security Act 2018

The Digital Security Act (DSA) 2018 was Bangladesh's first comprehensive digital crime statute. Section 26 of the DSA made it illegal to collect, use, possess, or provide identity information of another person without consent. "Identity information" was defined broadly to include biometric data, personal identifiers, and communication records.

The penalty under Section 26 of the DSA was imprisonment for up to 5 years, a fine of up to 5 lakh taka, or both. For repeat offenses, the penalty rose to 7 years' imprisonment and a fine of up to 10 lakh taka.

The DSA drew sustained criticism from civil society organizations, international human rights groups, and press freedom advocates. Committees including the United Nations Human Rights Committee flagged the DSA's broad definitions as enabling suppression of journalists, activists, and political opponents.

Cyber Security Act 2023

In September 2023, Bangladesh's parliament passed the Cyber Security Act (CSA) to replace the DSA. The CSA retained many provisions, including Section 26 on unauthorized identity information collection, but reduced penalties. Under the CSA, violation of Section 26 carried imprisonment of up to 2 years, a fine of up to 5 lakh taka, or both.

The CSA also granted authorities significant surveillance powers under Section 42, including the ability to conduct raids, searches, and arrests based on suspicion of cybercrime. Officers of the rank of police inspector were authorized to search and arrest without warrant in certain circumstances. Critics noted that the CSA retained the structural problems of the DSA while reducing only the headline penalty figures.

Cyber Security Ordinance 2025

On May 21, 2025, the interim government published the Cyber Security Ordinance 2025 (Ordinance No. 25 of 2025), repealing the Cyber Security Act 2023. The ordinance omitted nine sections from the prior Act: sections 21, 24, 25, 26, 27, 28, 29, 31, and 34. All ongoing cases, proceedings, or investigations under those sections were automatically annulled, and any penalties or fines previously imposed by courts under those sections were cancelled.

The Cyber Security Ordinance 2025 also, for the first time, recognized internet access as a civic right in Bangladesh. Critics, including ARTICLE 19, noted that the ordinance retained Sections 8, 25, 26, and 36 of the CSA framework in modified form, including provisions allowing authorities to conduct searches and arrests in certain cybercrime investigations, and that vague language remained that could enable continued misuse.

Despite these retained concerns, the core recording and interception prohibitions under the Telecommunication Act 2001 and the ICT Act 2006 remain in full effect under the new legal landscape.

Deepfake and AI-Assisted Recording Crimes

The Cyber Security Ordinance 2025 introduced Bangladesh's first statutory provisions specifically addressing artificial intelligence in the context of recording and digital harm. Bangladesh thereby became the first country in South Asia to criminalize offenses committed using artificial intelligence.

Section 25: Digital Harassment and AI Content

Section 25(1) of the Cyber Security Ordinance 2025 criminalizes the intentional or knowing use of websites or digital or electronic means to:

• Engage in blackmailing, sexual harassment, revenge pornography, or sextortion
• Create, obtain, store, transmit, publish, or broadcast information, videos, images, audio-visual content, still images, graphics, or digitally captured data including AI-generated or AI-edited content that is harmful or intimidating to a person
• Create or distribute child sexual abuse material through digital means

The section explicitly covers AI-generated content, meaning that a deepfake video recording of a person without that person's consent for purposes of harassment or intimidation falls within the offense.

Penalties and Limitations

The penalty under Section 25 is imprisonment of up to 2 years, a fine of up to 10 lakh taka (approximately USD 8,300 at current rates), or both. All offenses under Section 25 are classified as bailable, meaning accused persons can obtain bail as a matter of right.

As of mid-2026, legal commentators and civil society groups have noted two significant limitations. First, no AI-related case has yet been successfully filed and prosecuted under the ordinance. Second, the ordinance does not define "artificial intelligence" or provide a framework for prosecuting AI-assisted crimes, creating investigative and evidentiary challenges for law enforcement.

Deepfakes and the Recording Consent Rule

The deepfake provisions interact with the broader all-party consent requirement. A person who creates an AI-generated audio or video of another person in a recording context without that person's consent may violate:

• Section 25 of the Cyber Security Ordinance 2025 (if the content is harmful or intimidating)
• The Pornography Control Act 2012 (if the content is intimate or pornographic)
• Article 43 of the Constitution (if the recording intrudes upon the subject's right to privacy of correspondence)

Telecommunication Amendment Ordinance 2025

On December 24, 2025, the Advisory Council approved the Bangladesh Telecommunication (Amendment) Ordinance 2025, introducing major reforms to the surveillance and interception framework.

Lawful Interception Framework

The amendment defines the scope and conditions of lawful interception, limiting it to specific purposes:

• National security
• Law enforcement
• Emergency life-saving operations
• Judicial or investigative purposes
• Cross-border matters

All lawful interception now requires strict adherence to due legal process. The Telecommunication Amendment Ordinance 2025 also permanently prohibits the shutdown of internet or telecommunications services under any circumstances, a provision directly responsive to the government-ordered internet blackouts during the July-August 2024 protests.

New Oversight Mechanisms

The ordinance established the Centre for Information Support (CIS) under the Ministry of Home Affairs (Section 97A) to replace the National Telecommunications Monitoring Centre (NTMC). The CIS is intended to provide technical assistance for lawful interception only and is not authorized to conduct surveillance on its own initiative.

A quasi-judicial council must approve any lawful interception request before it proceeds. The Parliamentary Standing Committee is required to publish an annual national report detailing the scope, grounds, and frequency of interceptions.

Operational note (February 2026): The home ministry granted the NTMC a one-year extension to continue operating while the rules required to establish the CIS are finalized. As of May 2026, the NTMC remains the operative interception body in practice, even though the Telecommunication Amendment Ordinance 2025 formally abolished it.

Enhanced Penalties for Unauthorized Interception

Under the revised Section 71, unauthorized interception or misuse of intercepted data carries:

• Imprisonment of up to 5 years
• Fine of up to 1 crore taka (approximately USD 85,000 at current rates)
• Or both imprisonment and fine

Human Rights Concerns

International rights organizations including ARTICLE 19 have raised concerns about the amendment. Critics note the ordinance authorizes interception on broad grounds such as "national unity" or "public safety" without requiring prior judicial authorization in all cases. These provisions potentially conflict with Article 43 constitutional protections and Bangladesh's obligations under the International Covenant on Civil and Political Rights (ICCPR), to which Bangladesh is a party.

Personal Data Protection Ordinance 2025

The Personal Data Protection Ordinance 2025 (Ordinance No. 61 of 2025), gazetted on November 6, 2025, introduces Bangladesh's first comprehensive data protection framework. It directly affects how recording data is collected, stored, transferred, and used.

Core Principles

The ordinance establishes that every citizen is the rightful owner of their personal data, not the government or any organization that happens to hold it. Key provisions include:

• Explicit consent is mandatory before collecting, storing, transferring, or using personal data
• Data is classified into four categories: public/open, internal, confidential, and restricted
• Confidential and restricted personal data must be stored within Bangladesh
• Citizens have the right to access, correct, delete, and restrict automated decisions made using their data

Enforcement: National Data Governance Authority

A National Data Governance Authority (NDGA) will be established under the ordinance to issue regulations, compliance codes, and technical standards, and to enforce the ordinance's requirements. Organizations that fail to comply after the implementation period will face administrative fines, penalties, and other enforcement measures as prescribed by the NDGA.

Implementation Timeline

The substantive compliance obligations under the Personal Data Protection Ordinance 2025 take effect 18 months after the gazette publication date of November 6, 2025, which places the compliance deadline in approximately May 2027. During this transitional period, organizations are expected to review consent mechanisms, appoint data protection officers, strengthen cybersecurity infrastructure, and train employees in responsible data handling.

2024 Political Transition and Impact on Recording Laws

Bangladesh's recording law landscape cannot be understood without the context of the country's August 2024 political transition. The transition directly caused the legislative changes in the Cyber Security Ordinance 2025 and the Telecommunication Amendment Ordinance 2025.

The July-August 2024 Uprising

Starting in early July 2024, a student-led movement protesting government job quotas grew into a nationwide uprising. On August 5, 2024, Prime Minister Sheikh Hasina resigned and left the country. Muhammad Yunus took oath as Chief Advisor of the Interim Government of Bangladesh on August 8, 2024.

During the protests, the then-government ordered complete internet and telecommunications blackouts. The Telecommunication Amendment Ordinance 2025's permanent ban on internet shutdowns was a direct legislative response to those blackouts.

Student protesters and journalists documented police actions by recording video on mobile phones. These recordings played a central role in accountability discussions, including the UN Human Rights Office's subsequent investigation into lethal force used against protesters.

DSA Prosecutions and the New Legal Landscape

The Hasina government had used the Digital Security Act 2018 and, after September 2023, the Cyber Security Act 2023 to target journalists, activists, and political opponents. The interim government's Cyber Security Ordinance 2025 automatically cancelled all cases pending under the nine removed sections of the prior Act.

However, civil society organizations and press freedom groups have noted that the Yunus interim government has itself been associated with over 1,000 incidents of journalist harassment, violence, and prosecution between August 2024 and November 2025, according to documentation by the Rights and Risks Analysis Group. The practical risk environment for recording and journalism in Bangladesh has therefore not resolved simply because the legal framework changed.

Impact on Press Freedom and Recording Practices

Under the current ordinance framework, the core all-party consent requirement for private recording remains unchanged. The specific risks for journalists and activists shifted from the DSA's broad defamation and "offensive content" provisions (now removed) to the retained provisions of the Cyber Security Ordinance 2025 and the unchanged Telecommunication Act 2001 interception framework. Journalists recording public officials in Bangladesh should be aware that no specific journalist shield or recording-police exception exists in statute, and that practical enforcement risk depends substantially on the political environment.

Recording Phone Calls in Bangladesh

Phone call recording in Bangladesh is governed primarily by Section 71 of the Telecommunication Act 2001 and the constitutional protections of Article 43.

Private Individuals

Private individuals in Bangladesh may not record a phone call without the consent of all parties to the conversation. Even if you are a participant in the call, recording it without the other party's knowledge and agreement violates the all-party consent requirement.

This applies to:

• Landline telephone calls
• Mobile phone calls
• Voice over Internet Protocol (VoIP) calls
• Calls made through messaging applications such as WhatsApp, Viber, or Messenger

For businesses recording customer service calls, announcing at the start of the call that the conversation will be recorded and allowing the customer an opportunity to decline constitutes compliance with the consent requirement under standard interpretations of Section 71.

Recording In-Person Conversations

In-person conversation recording in Bangladesh falls under the broader privacy protections of Article 43 of the Constitution, Section 63 of the ICT Act 2006, and the Penal Code 1860 provisions on criminal breach of trust.

Private Settings

Recording a conversation in a private setting without the consent of all participants is illegal. This includes conversations in homes, offices, meeting rooms, and any location where participants have a reasonable expectation of privacy.

The all-party consent requirement means that hidden recording devices, concealed microphones, or covert use of smartphone recording applications in private conversations are all prohibited. A party who covertly records a private meeting and then shares the recording commits two separate violations: the unauthorized recording itself and the unauthorized disclosure under Section 63 of the ICT Act 2006.

Public Spaces

Bangladesh's recording laws do not draw a bright statutory line between public and private recording. Recording in public spaces where there is no reasonable expectation of privacy generally carries lower legal risk. However, targeted recording of specific individuals in public, particularly recording that captures private conversations, may still violate privacy protections under Article 43 and the ICT Act 2006.

Recording Police and Public Officials

No specific statute in Bangladesh authorizes or prohibits citizens from recording police officers or public officials in the performance of their public duties. The general all-party consent rule applies, but enforcement context is critical.

During the July-August 2024 protests, citizens and journalists used mobile phone recordings to document police conduct. These recordings were subsequently used in international human rights investigations. The student uprising demonstrated that recording police in public settings is practically significant and was not prosecuted during the protest period under the recording-specific provisions of the Telecommunication Act.

However, as legal commentators have noted, recordings of public officials that are then shared publicly could invite prosecution under the retained cybercrime provisions of the Cyber Security Ordinance 2025 if authorities characterize the publication as harassment or defamation. The legal risk is not from the recording act itself but from downstream disclosure decisions.

Workplace Recording and Employee Monitoring

Bangladesh does not have a dedicated workplace surveillance statute. Workplace recording is governed by the general privacy framework, the Bangladesh Labour Act 2006, and the emerging Personal Data Protection Ordinance 2025.

Employer Obligations

Employers in Bangladesh must balance legitimate business interests with employee privacy rights. The Bangladesh Labour Act 2006, while not directly addressing electronic surveillance, informs workplace practices through its broader protections of employee rights.

Key principles for workplace recording include:

• Transparency: Employers should inform employees about any monitoring or recording practices in the workplace
• Proportionality: Monitoring should be proportionate to the legitimate business purpose
• Consent: The all-party consent requirement of the Telecommunication Act 2001 applies to recording workplace conversations
• Minimization: Recording and data collection should be limited to what is necessary for the stated purpose

CCTV and Video Surveillance

Video surveillance in workplaces operates in a legal gray area in the absence of a specific CCTV statute. The constitutional right to privacy under Article 43 and general privacy principles apply. Employers who install video surveillance should notify employees and avoid placing cameras in areas where employees have a heightened expectation of privacy, such as restrooms and changing areas.

Personal Data Protection Ordinance 2025 and Workplace Recording

The Personal Data Protection Ordinance 2025 directly affects workplace surveillance practices. Under the ordinance:

• Every employee is the rightful owner of their personal data, including recordings of their voice and image
• Explicit consent is mandatory before recording employees
• Recorded data classified as confidential or restricted must be stored within Bangladesh
• Employees have the right to access and request deletion of their recorded data

Organizations operating in Bangladesh must have compliance programs meeting the PDPO 2025 requirements in place by approximately May 2027 (18 months from the November 6, 2025 gazette date). The National Data Governance Authority will issue detailed compliance codes before that deadline.

Admissibility of Recordings in Court

The admissibility of recordings as evidence in Bangladesh courts is governed by Section 65B of the Evidence Act 1872, constitutional principles under Article 43, and evolving judicial practice.

Evidence Act 1872, Section 65B

Section 65B provides that any information contained in a digital record that is printed, stored, recorded, or copied by a computer shall be deemed a document and shall be admissible in any proceeding, provided that:

• The digital record was produced by a computer that was regularly used for the relevant activities during the relevant period
• The information was regularly supplied to the computer in the ordinary course of those activities
• The computer was operating properly throughout the relevant period
• The information reproduces or is derived from information supplied to the computer in the ordinary course of activities

A certificate from a responsible official confirming these conditions is required to admit a digital record as evidence under Section 65B.

Constitutional Challenge to Unlawfully Obtained Recordings

The High Court Division in The State and Others v. Oli and Others [2019] established that phone recordings obtained without due process constitute a violation of Article 43. Courts have discretion in determining whether to admit unlawfully obtained recordings, and such recordings may be challenged on constitutional grounds even if they otherwise meet the technical requirements of Section 65B.

Recordings made with the consent of all parties and meeting the technical conditions of Section 65B are generally admissible. Recordings made without consent face both the constitutional challenge and potential exclusion at the court's discretion.

Evidence Act 1872: Privilege Provisions

Sections 122, 124, 126, 127, and 129 of the Evidence Act 1872 provide absolute or qualified privileges against compelled disclosure for communications between spouses, communications of state affairs, communications between advocate and client, and communications with legal advisers. Recordings capturing these privileged communications are inadmissible for the privileged content.

Penalties Summary

Bangladesh imposes criminal penalties for unauthorized recording and interception across multiple statutes:

Note: USD conversions are approximate at a rate of approximately 120 BDT per USD as of early 2026.

Cross-Border Recording Scenarios

Recording that spans Bangladesh's borders raises questions about which law applies and whether recordings may lawfully be transferred out of the country.

Which Law Applies to Cross-Border Calls

When a Bangladesh resident calls or is called by someone in another country, Bangladesh courts will generally apply Bangladeshi law to the portion of the communication occurring in Bangladesh. The all-party consent rule therefore applies from the Bangladeshi party's perspective. If the foreign jurisdiction also requires all-party consent, both standards must be met. If the foreign jurisdiction requires only one-party consent, the higher all-party standard of Bangladesh law governs the Bangladesh party's conduct.

Data Localization Under the PDPO 2025

The Personal Data Protection Ordinance 2025 classifies personal data into four tiers. Confidential and restricted personal data must be stored within Bangladesh. Recordings of private communications will generally qualify as confidential or restricted data. Businesses seeking to store call recordings on servers outside Bangladesh will need to assess whether the recordings fall within the data localization requirement and, if so, implement compliant storage arrangements before the May 2027 compliance deadline.

Transfers to Third Countries

Internal or confidential data may be transferred abroad only with the data subject's consent or for contractual purposes, and only to countries with data protection standards that the NDGA recognizes as adequate. As of 2026, the NDGA has not yet issued an adequacy list, leaving significant uncertainty for multinational companies that routinely transfer recorded communications to overseas data centers.

Export Control on Surveillance Technology

Bangladesh does not have a specific export-control regime for surveillance and recording technology equivalent to those in place in the European Union or the United States. However, the Telecommunication Amendment Ordinance 2025 introduced requirements that service providers comply with lawful interception standards, which may indirectly affect the types of recording and monitoring technology that can be deployed in Bangladesh.

Business Compliance Guidelines

Businesses operating in Bangladesh should implement the following compliance measures to align with the country's recording laws:

Call Recording for Customer Service

Businesses that record customer service calls must obtain explicit consent from callers before the recording begins. An IVR announcement at the start of the call stating that the conversation will be recorded and giving the caller the option to proceed or disconnect satisfies the consent requirement under standard legal interpretations. The consent notice should specify the purpose of the recording and how long the recording will be retained.

Data Classification and Storage

Under the Personal Data Protection Ordinance 2025, businesses must classify recorded data appropriately. Recordings of customer or employee communications will generally be confidential or restricted data, requiring storage within Bangladesh. Data retention policies should specify how long recordings are kept and the process for secure deletion after the retention period expires.

Employee Training

Organizations should train employees who handle recorded communications on:

• The all-party consent requirement and how it applies to their role
• Proper procedures for obtaining and documenting consent before recording
• Secure handling and storage of recorded materials
• Penalties for unauthorized recording or disclosure
• The PDPO 2025 data subject rights (access, correction, deletion)

PDPO 2025 Compliance Deadline

Businesses must have full PDPO 2025 compliance programs in place by approximately May 2027. The National Data Governance Authority will issue detailed regulations and compliance codes before that date. Businesses should monitor NDGA publications and begin internal compliance assessments now rather than waiting for the deadline.

Disclaimer

This article provides general legal information about recording consent laws in Bangladesh. It does not constitute legal advice and should not be relied upon as a substitute for advice from a lawyer licensed to practice in Bangladesh. The information was verified as of May 2026 against publicly available official sources. Laws and their interpretation may change. Readers with specific questions about their legal obligations or rights under Bangladesh recording, telecommunications, or data protection law should consult a qualified Bangladeshi advocate.