Bangladesh: President implemented Personal Data Protection (Amendment) Ordinance, 2026 (Ordinance No. 23 of 2026)

On 5 February 2026, the President of Bangladesh promulgated the Personal Data Protection (Amendment) Ordinance, 2026 (Ordinance No. 23 of 2026) to amend the Personal Data Protection Ordinance, 2025. The Amendment Ordinance amends data residency requirements for critical information infrastructure and limited personal data. Under the new provisions, at least one synchronised real-time copy of data stored in the cloud must be maintained within the borders of Bangladesh if it is categorised as restricted data or processed by Critical Information Infrastructure (CII) as defined in the Cyber Security Ordinance, 2025. Additionally, the ordinance modifies Section 48 of the original 2025 law by replacing criminal penalties involving imprisonment for managing directors of companies found to violate data subject rights with monetary fines only.