ICT Division publishes draft National Source Code Policy

The Information and Communication Technology (ICT) Division published on Thursday the draft of the National Source Code Policy 2025 on its official website, with the slogan "Public Money, Public Code".
The proposed policy aims to formally recognise the government-funded software as a national asset as well as ensure public ownership, transparency, security and reusability of software developed using public resources.
The policy will apply to all software systems, applications, apps, APIs and digital services - developed or adopted by the government and funded through the national budget, foreign loans or support of development partners.
An official handout stated that compliance will be mandatory for all the ministries, divisions and directorates along with the statutory, autonomous or semi-autonomous entities.
The ICT Division has invited public feedback on the draft, especially from Bangladeshi experts at home and abroad, academics, representatives of relevant government agencies, industry stakeholders and development partners.
Written opinions or recommendations may be submitted via email to secretary@ictd.gov.bd, or posted to the Secretary, Information and Communication Technology Division, ICT Tower (4th Floor), Agargaon, Dhaka.
Under the draft policy, all source code, software components and related documentation of the government-funded systems must be stored in the National Source Code Repository, which will be managed by the Bangladesh Computer Council under the supervision of the designated authority.
The repository will be equipped to ensure complete traceability and auditability, and an escrow mechanism may be introduced where necessary. No software may be deployed in production unless its source code has been properly archived.
The draft also mandates a "Reuse First" approach, requiring organisations to prioritise reusing existing solutions before developing new software. If reuse is not possible, written justification must be submitted to the authority.
As a core principle, the government-owned source code will be treated as open source by default, unless an exemption is granted under the rule of "public money, public code".
Exemptions may only apply in matters of national security, defence, confidentiality or other exceptional cases. Even when exemptions apply, storing the code in the repository will remain compulsory, and exempted projects will undergo registration, written justification and periodic review.
To ensure secure development practices, the policy proposes a framework led by a Standard Coding Guideline Committee. It will be mandatory to follow an approved CI/CD pipeline for deployment, incorporating automated testing, vulnerability assessment, licence verification and manual approval prior to production release.
Access to the source code repository will follow a role-based access control system, and contributors, approvers, maintainers or auditors must sign a government-approved non-disclosure agreement before access is granted.

bdsmile@gmail.com