Bangladesh Bank Bans Confidential Data in AI Tools: What It Means for Enterprise AI Governance
Central banks don’t move fast — so when one issues a formal directive against AI data practices, the industry pays attention. On June 28, 2026, Bangladesh Bank ordered all officials and employees to stop inputting confidential or sensitive banking information into AI platforms, effective immediately.
The directive names specific platforms — ChatGPT, Gemini, Claude, Grok, and DeepSeek — and cites one clear concern: using these tools could transfer sensitive financial data outside the country, creating risks of data leakage, policy breaches, and security incidents.
Four Rules, Zero Exceptions
Bangladesh Bank’s order establishes four concrete requirements:
- No confidential data in AI tools — regardless of the task or platform
- Prior approval required before using AI for official work such as drafting office notes, formulating policy, or analyzing data
- Personal use is not exempt — officials must not use work-related information even when using AI tools privately
- Full compliance with existing information security and cyber risk management policies
The central bank acknowledged that AI platform use had been rising among its staff for tasks including office noting, data analysis, and report preparation — making the directive a response to observed behavior, not just preemptive policy.
Why This Matters Beyond Bangladesh
Regulatory directives from central banks set precedents. As AI usage spreads across enterprises, expect more institutions — in finance, healthcare, and government — to formalize similar data boundaries. The practical question for any organization is no longer whether to adopt AI, but which data those tools are allowed to touch.
Read the full article on TBS News
Stay in Rhythm
Subscribe for insights that resonate • from strategic leadership to AI-fueled growth. The kind of content that makes your work thrum.
More from Thrum
Additional pieces exploring adjacent ideas
