E-Commerce & Digital Contracts in Bangladesh — The 2025 Operator’s Playbook

A deep, practical guide by Tahmidur Remura Wahid (TRW) Law Firm

Bangladesh’s digital economy has matured from “F-commerce” pages and COD at the door to platform marketplaces, B2B procurement hubs, SaaS exporters, and omni-channel retail. The law hasn’t stood still either: electronic records and signatures are recognized, a dedicated Digital Commerce Operational Guidelines 2021 regime governs delivery, refunds, and disclosures, DBID registration is rolling out for online businesses, a central complaints portal (CCMS) exists, and cyber rules were overhauled in 2023. This guide distills what founders, platforms, and in-house counsel actually need to implement—contract architecture, signature strategy, platform governance, payments and refunds, evidence, tax/VAT, privacy/security, and enforcement.

TRW advises marketplaces, payment providers, logistics networks, SaaS exporters, and retailers on day-one setups and scale-up refactors across Bangladesh and cross-border. We build enforceability into UX, not just PDFs.

1) Legal foundations (what’s binding and where)

Core statutes & instruments you’ll touch:

• Contract Act, 1872 — offer, acceptance, consideration, capacity; applies online like offline.
• ICT Act, 2006 (as amended) — legal recognition of electronic records and (digital) signatures, with a PKI under the Controller of Certifying Authorities (CCA). (SAMSN)
• Digital Commerce Operational Guidelines, 2021 — the e-commerce “rulebook” for disclosures, delivery windows, refunds, and marketplace duties. (Department of Printing and Publications)
• DBID Registration Guidelines, 2022 — Digital Business Identification for online businesses; increasingly treated as mandatory in practice. (Department of Printing and Publications, dbid.gov.bd)
• Cyber Security Act, 2023 — replaces DSA; offences and platform-relevant duties. (Refworld)
• VAT & SD Act, 2012 — VAT registration (BIN), rate application, invoicing, and e-filing for digital sales. (National Board of Revenue)
• Consumer protection & complaints — CRPA 2009 + Central Complaint Management System (CCMS) for e-commerce grievances. (bdnews24.com)
• Bangladesh Bank FX/Circulars — repatriation for online exports through OPGSPs/“acquiring service”, PSPs, NRTA, etc. (BB)

2) Forming a digital contract that sticks

2.1 Assent design: click-wrap beats browse-wrap

Make acceptance affirmative and provable:

• A pre-checked box is not consent. Use an unchecked “I agree” checkbox beside a conspicuous Terms link.
• For high-risk events (subscription, auto-renewal, BNPL, heavy-discount preorders), add a second confirmation modal or OTP step.

2.2 Evidence you should store (and why)

Courts and authorities look for electronic records: capture the exact terms version hash, timestamp (with timezone), IP/device, session ID, and the UX state presented when the user clicked “Pay/Place Order”. Bangladesh law recognizes electronic records and digitally signed artifacts, and CCA guidance supports time-stamping and certificate validation under national PKI. (SAMSN)

2.3 “Pay” button wording & dark-pattern hygiene

• The final button should label the commercial effect (“Pay BDT X” / “Place Order & Pay COD”), not generic “Continue”.
• No hidden fees: display all-in price (item, delivery, service fees, VAT) before acceptance per the 2021 Guidelines’ transparency objective. (Department of Printing and Publications)

2.4 Stamping & registrable instruments

Electronic execution ≠ stamp-exempt. If an instrument class is stamp-chargeable (e.g., certain deeds/POAs, immovable-property transfers), budget e-stamp/physical stamping or you risk inadmissibility later. (Check your document categories against the Stamp Act and current SROs.)

3) E-signatures that travel: choosing the right signature for the job

Two tiers in practice:

• Digital signatures (PKI-based, CCA-licensed) — cryptographic certificates issued under Bangladesh’s hierarchical PKI; strongest evidentiary weight, ideal for B2B MSAs, merchant onboarding, high-value orders, credit terms, and data-processing addenda.
• Simple e-signatures (typed name, tick-box + OTP) — adequate for B2C checkouts if the assent flow and logs are rigorous.

Operator rule-of-thumb (TRW):

• Always use digital signatures for merchant/seller onboarding, platform financing/escrow, and any document with authority or liability implications.
• For everyday B2C, maintain robust formation logs; escalate to digital signatures at defined value/risk thresholds (e.g., >BDT X or long-term subscriptions).

4) The 2021 Digital Commerce Guidelines — what they actually require

Here is how the Guidelines translate to product and ops:

A. Transparent storefront & pre-contract disclosures
■ Legal identity (legal name), contact, and key policies visible (ToS, Privacy, Complaints, Returns).
■ Total price and delivery fee before checkout; no bait pricing.
■ Accurate product descriptions and truthful promotions. (Department of Printing and Publications)

B. Delivery & refunds: time-boxes and obligations
■ Delivery windows typically 5–10 days depending on location; missed timelines trigger refunds.
■ If unavailable or not delivered—refund within 10 days, to the original payment method (don’t trap funds in closed wallets). (Department of Printing and Publications)

C. Marketplace duties
■ Seller onboarding diligence; display seller identity; define platform vs seller responsibilities; maintain an internal complaint channel and escalate unresolved cases to CCMS. (Department of Printing and Publications)

D. Dangerous/counterfeit goods
■ Takedown mechanisms and cooperation with authorities; comply with IP and safety rules the Guidelines reference. (Department of Printing and Publications)

5) DBID — Digital Business Identification (what, who, when)

What it is. A unique digital identifier for online/digital businesses, introduced to bring order and traceability to the sector. Official portal: dbid.gov.bd. (dbid.gov.bd)

Why it matters. Ministries and the Registrar have Guidelines (2022) and public comms indicating DBID is required for e-commerce businesses and increasingly for bank/payment onboarding or marketplace participation. (Department of Printing and Publications)

Practical moves:
■ Obtain DBID early and display it on storefronts and social-commerce pages.
■ Align DBID, Trade Licence, TIN, and BIN (VAT); keep certificates handy for PSPs and couriers.

6) Complaints & consumer protection: CCMS + DNCRP

The Ministry of Commerce launched CCMS, a centralized portal where customers file e-commerce complaints. Operators should:
■ provide an in-site complaint link;
■ integrate internal SLAs that hit CCMS timelines;
■ maintain audit trails of each ticket. The portal URL is published in local press as ccms.govt.bd. (bdnews24.com)

7) Payments, refunds, chargebacks, and escrow (how the rails and the law meet)

In Bangladesh: online payments run through AD bank rails, PSPs/PSOs, MFS providers, and card acquirers; settlement cycles, refund flows, and chargeback handling must reflect your PSP and Guideline obligations (e.g., 10-day refunds, “return to original tender”). (Department of Printing and Publications)

For exports & SaaS receipts: Bangladesh Bank’s FE Circular No. 31 (31 July 2025) reaffirms that proceeds for goods and services exported online can be received through multiple channels, including “acquiring service”, OPGSPs, non-resident Taka accounts, and others—subject to AD bank processes. Align your checkout and invoicing with your AD bank’s chosen method. (BB)

Operationalize it:
■ Map each payment method to automatic refund paths (same method; strict timelines).
■ Store evidence packs for disputes: POD scans, courier logs, OTP/timestamp, device/IP, customer communications.
■ For marketplaces, add escrow/release logic tied to carrier delivery scans or buyer confirmation.

8) VAT & invoicing (how tax shows up in the UI)

• Register for BIN and display VAT-inclusive prices at checkout; generate VAT-compliant e-invoices and file returns via NBR.
• Determine who is the supplier of record (platform vs seller) per your business model and contract chain.
• Default VAT rate is set by the VAT & SD Act 2012 with current schedules; product-specific rates/exemptions may apply. Integrate a tax engine and keep it synchronized with NBR updates. (National Board of Revenue)

9) Privacy & data governance (future-proofing in a moving space)

Bangladesh does not yet have a comprehensive, enacted data-protection statute as of Aug 28, 2025; proposed frameworks and policy work are ongoing. Build to global best practice now: purpose limitation, lawful basis (consent/contract), data minimization, security by design, retention limits, and transparent notices. (Drafts and policy notes evolve frequently; treat this as active compliance terrain.)

10) Cybersecurity & platform liability

The Cyber Security Act 2023 defines offences relevant to platform operations (unauthorized access, system interference, certain content-related offences). For platforms and networks, pair this with an intermediary due-diligence posture: prompt takedown for notified illegal listings, security baselines (MFA, encryption, access controls), incident response, and log retention. (Refworld)

11) Marketplace governance (seller KYC → content → fulfilment)

TRW governance spine:

■ Seller onboarding & KYC — verify identity, DBID, BIN, trade licence, and beneficial ownership; require digitally signed seller agreements.
■ IP & product safety — notice-and-takedown, repeat-infringer policy, proactive screening for prohibited/dangerous goods.
■ Listing accuracy — enforce truthful claims; pre-approve marketing creatives.
■ Fulfilment & returns — negotiated SLAs with couriers; pre-printed waybills; QR returns; automated refund triggers on failed scans.
■ Finance & settlement — clear settlement cycles; clawback on returns; reconciliation reports.

12) Cross-border playbook (SaaS, digital services, and goods)

Receipts & FX

• For services/digital exports, agree the AD bank pathway—e.g., OPGSP or acquiring—under the 31 July 2025 circular; ensure invoices and buyer flows match what your bank will accept (descriptor, evidence, payer details). (BB)

Tax

• Many foreign jurisdictions levy VAT/GST on B2C digital services (e.g., EU). Use a compliance vendor or register as needed.

Disputes

• For B2B cross-border contracts, specify arbitration (SIAC/ICC) with a seat you can actually enforce (Dhaka or Singapore are common); keep B2C consumer rights intact for domestic users.

13) Contract architecture (documents you’ll actually need)

Consumer layer (B2C)

• Terms of Service (ToS) with clear acceptance flow, pricing transparency, delivery windows, refunds (including 10-day refund rule where applicable), prohibited conduct, data notice, and disputes/complaints path (internal → CCMS). (Department of Printing and Publications, bdnews24.com)
• Returns & Refunds Policy and Complaints Policy (Bangla summaries for clarity).

Marketplace layer

• Seller/ Merchant Agreement (digital signature; KYC/DBID; listing rules; IP warranties; SLAs; refund/chargeback and settlement mechanics; audit rights).
• Brand Protection & Takedown Policy.

Ops layer

• PSP/Acquirer Agreement (settlement cycles, dispute windows, data security).
• Courier/3PL SLAs (scan requirements, POD standards, loss/damage allocation).
• Data-Processing Addendum (DPA) with subprocessors.

Risk layer

• Security Policy (MFA, encryption, backups, incident response).
• Business Continuity/DR (RTO/RPO targets).

14) UX patterns that drive enforceability

• Consent journaling: versioned Terms with SHA-256 hashes and deployment commit IDs.
• “Key notice” in checkout: short Bangla summary box (delivery timeframes, refund triggers, warranty, complaint link).
• Subscriptions: bold renewal frequency/price; separate “Confirm auto-renew” checkbox.
• High-value orders: escalate to digital signature and verified KYC.

15) Model drafting snippets (Bangladesh-tuned)

Formation & assent

“By clicking ‘Pay BDT [amount]’ you (i) accept the [Terms of Service v[hash]] and (ii) confirm you have reviewed the Returns & Refunds Policy and delivery timeframes presented above. An electronic record of your acceptance (timestamp, device and IP) will be retained.”

Delivery & refunds

“Unless otherwise stated on the product page, deliveries within the same city complete within 5 business days and inter-city within 10 business days. If delivery does not occur within the applicable window or an order is unavailable, we will initiate a refund to the original payment method within 10 days.” (Department of Printing and Publications)

Marketplace role & seller liability

“For third-party listings, the Seller is the supplier of record responsible for listing accuracy, fulfilment, and warranty. The Platform provides payment and logistics facilitation and operates a complaint channel integrated with CCMS.”

E-signature

“Merchant onboarding documents are executed using CCA-licensed digital signatures. Parties agree such signatures and electronic records have the same legal effect as handwritten signatures and paper records.”

Disputes (B2C)

“Consumers may lodge complaints through our internal process and, if unresolved, through the Central Complaint Management System (CCMS) operated under the Ministry of Commerce.” (bdnews24.com)

(Always have TRW tailor the clauses to your business model and payment/logistics stack.)

16) Compliance features to build into your product (checklist)

A. Identity & disclosures
■ Show legal name, DBID, BIN, contact points on your footer and checkout. (dbid.gov.bd)
■ Product pages list full price (incl. delivery/VAT), delivery window, warranty, and returns link. (Department of Printing and Publications)

B. Consent & evidence
■ Click-wrap with Terms version hash and timestamp; preserve device/IP. (SAMSN)
■ OTP confirmation for subscriptions/BNPL.

C. Complaints & refunds
■ Single “File a complaint” entry point; escalation workflow to CCMS. (bdnews24.com)
■ Auto-refund within 10 days; original tender only. (Department of Printing and Publications)

D. Security & privacy
■ MFA for admin, encryption in transit/at rest, vendor due diligence, breach runbook consistent with CSA 2023. (Refworld)

E. VAT & invoicing
■ BIN on invoices; tax engine synced to VAT & SD Act 2012 schedules. (National Board of Revenue)

F. Cross-border
■ Pick an AD bank pathway (OPGSP/acquiring/NRTA) per FE Circular 31/2025; align invoice descriptors and evidence. (BB)

17) Red-flags we fix most often (and quick TRW remedies)

■ Browse-wrap only → upgrade to click-wrap; store versioned assent logs.
■ No DBID/BIN visible → add to storefront/social pages; keep certs handy for PSP/courier onboarding. (dbid.gov.bd)
■ Wallet-only refunds → enable source-of-fund refunds within 10 days; auto-trigger on failed delivery scans. (Department of Printing and Publications)
■ Loose seller onboarding → digital-sign merchant agreements; KYC for identity, DBID, BIN; product safety checks.
■ Unstamped documents → identify stamp-chargeable classes and integrate e-stamp into doc automation.
■ FX receipts mismatch → invoices/flows not matching your AD bank’s method; re-paper to FE 31/2025 pathways. (BB)

18) KPIs & logs your GC will thank you for

Customer: delivery-on-time %, refund TAT, CCMS escalation rate and win-rate, chargeback ratio by tender.
Marketplace: seller KYC pass-rate, counterfeit takedown time, relisting violations, SLA compliance by 3PL.
Risk & security: MFA coverage, access reviews closed, incident MTTD/MTTR.
Tax: e-invoice error rate, VAT filing timeliness, BIN mismatches caught.

19) 90-day implementation roadmap (operator edition)

Days 1–30 — Foundations

• Inventory every customer/seller/ops contract; flag which need digital signature.
• Acquire DBID; refresh footer and policy pages with legal identity and complaint link. (dbid.gov.bd)
• Rewrite ToS/Refunds/Complaints with Bangla summaries; implement click-wrap in checkout.

Days 31–60 — Payments & logs

• Align PSP/acquirer flows to refund obligations; enable auto-refund on SLA miss. (Department of Printing and Publications)
• Stand up consent/evidence logging (hashes, OTP, device/IP).
• Connect tax engine to VAT & SD Act 2012 schedules; validate BIN printing and returns filing. (National Board of Revenue)

Days 61–90 — Governance & scale

• Seller KYC + merchant e-sign; counterfeit takedown SOP; product safety lists.
• Security controls and incident runbook consistent with CSA 2023. (Refworld)
• Build CCMS escalation path; simulate 5 complaint scenarios end-to-end. (bdnews24.com)

20) Enforcement & disputes (where the paperwork pays off)

• Evidence wins: click-wrap logs + delivery scans + comms history close most disputes cheaply.
• CCMS can resolve many B2C issues; document good-faith steps and refund TAT. (bdnews24.com)
• Arbitration for B2B: choose seat/rules you can enforce (Dhaka/Singapore common); keep consumer carve-outs in B2C.

21) Social-commerce & live-shopping (special notes)

• F-commerce and live-commerce are not law-free zones; apply the same disclosures (identity, full price, delivery window, refund rules) on pages and live streams.
• Use templated order confirmation DMs (with policy links), and route payments through compliant PSP/MFS integrations.
• If you operate at scale, obtain DBID and keep seller identities visible even on social listings. (dbid.gov.bd)

22) Summary table — E-commerce & digital contracts in Bangladesh

23) How TRW executes these projects

• UX-first enforceability: we redesign checkout, onboarding, refund, and complaint touchpoints to maximize legal validity without tanking conversion.
• Signature strategy: we slot CCA-licensed digital signatures where risk demands, and keep the rest fast with robust e-sign logs.
• Payments & refunds: we align PSP/acquirer contracts and ops to Guidelines and scheme rules; refunds that actually happen within 10 days. (Department of Printing and Publications)
• Governance: seller KYC playbooks, IP/counterfeit takedowns, safety gates.
• Tax & FX: VAT-compliant invoicing, BIN hygiene, and AD bank pathways for exports per FE 31/2025. (BB)

If you’d like a red-flag review of your Terms, checkout, seller agreement, payments stack, and refunds/complaints flows, TRW can deliver a prioritized, 90-day remediation plan. See our insights at Tahmidur Remura Wahid (TRW) → tahmidurrahman.com (internal).

Key references (select)

• ICT Act 2006 — legal recognition of electronic records/signatures. (SAMSN)
• Digital Commerce Operational Guidelines 2021 (official gazette). (Department of Printing and Publications)
• DBID Registration Guidelines 2022 + official portal. (Department of Printing and Publications, dbid.gov.bd)
• Cyber Security Act 2023. (Refworld)
• VAT & SD Act 2012. (National Board of Revenue)
• Bangladesh Bank FE Circular No. 31 (31 July 2025) (exports via acquiring/OPGSP/NRTA). (BB)
• CCMS launch (press reports). (bdnews24.com)

TRW — Tahmidur Remura Wahid (TRW) Law Firm
Dhaka (Head Office): House 410, Road 29, Mohakhali DOHS
Dubai: Rolex Building, L-12 Sheikh Zayed Road
Contact: +8801708000660 · +8801847220062 · +8801708080817 · info@trfirm.com | info@trwbd.com | info@tahmidur.com

This guide is general information, not legal advice. Regulations and circulars evolve; TRW tracks changes and tunes your stack as they land.