An icon of an eye to tell to indicate you can view the content by clicking
Signal
Original article date: Jul 05, 2026

Bangladesh Bank Bans Confidential Data in AI Tools: What It Means for Enterprise AI Governance

July 5, 2026
5 min read

Central banks don’t move fast — so when one issues a formal directive against AI data practices, the industry pays attention. On June 28, 2026, Bangladesh Bank ordered all officials and employees to stop inputting confidential or sensitive banking information into AI platforms, effective immediately.

The directive names specific platforms — ChatGPT, Gemini, Claude, Grok, and DeepSeek — and cites one clear concern: using these tools could transfer sensitive financial data outside the country, creating risks of data leakage, policy breaches, and security incidents.

Four Rules, Zero Exceptions

Bangladesh Bank’s order establishes four concrete requirements:

  • No confidential data in AI tools — regardless of the task or platform
  • Prior approval required before using AI for official work such as drafting office notes, formulating policy, or analyzing data
  • Personal use is not exempt — officials must not use work-related information even when using AI tools privately
  • Full compliance with existing information security and cyber risk management policies

The central bank acknowledged that AI platform use had been rising among its staff for tasks including office noting, data analysis, and report preparation — making the directive a response to observed behavior, not just preemptive policy.

Why This Matters Beyond Bangladesh

Regulatory directives from central banks set precedents. As AI usage spreads across enterprises, expect more institutions — in finance, healthcare, and government — to formalize similar data boundaries. The practical question for any organization is no longer whether to adopt AI, but which data those tools are allowed to touch.

Read the full article on TBS News