Submit your Article

In 2081, Nepal navigated a transformative yet turbulent digital landscape, balancing ambitious technological and governance advancements with persistent challenges in digital rights, privacy, and cybercrime. The country strived to cement its place in the global digital arena while grappling with the complexities of regulating an increasingly connected society.

Ambitious digital vision and infrastructure expansion

The government’s commitment to digital progress was evident in its declaration of 2024–2034 as the ‘IT Decade’, a vision backed by Rs 7.25bn allocated for ICT projects in FY 2081/82. This funding fueled broadband expansion, IT park development, and efforts to create a thriving ICT hub aimed at generating jobs and boosting digital payments and e-commerce. Internet penetration soared to 99.38 percent, a remarkable achievement, though rural areas still faced connectivity gaps, highlighting the ongoing digital divide. Initiatives like integrating national databases and automating public services advanced digital governance, with the Nagarik App, formalized under amendments to the Good Governance Act, enabling seamless access to public services via electronic devices. 

Policy and legislative developments

Significant policy advancements shaped the year. The Social Media Operation, Usage, and Regulation Bill, 2081 tabled in Parliament aimed to regulate social media platforms and to moderate social media content. Likewise, draft Information Technology and Cybersecurity Bill, 2080, aimed to regulate online spaces and enhance cybersecurity was released for public consultation. However, both the bills drew criticism for potentially restricting free speech and privacy. Similarly, the Media Council Bill, 2081, sought to promote self-regulation in online media but raised concerns about its regulating agency’s independence and alignment with federalism. A concept paper on Artificial Intelligence (AI) and the Draft AI Policy, 2081, outlined plans to leverage AI across sectors, emphasizing clear policies and global standards. Regulatory efforts also targeted virtual currencies to curb money laundering, while amendments to the Industrial Enterprises Act recognized startups as distinct entities to foster innovation. The E-Commerce Act, 2081, was finally made into law to regulate online transactions and ensure transparency for consumers and businesses.

The draft E-Governance Blueprint and Draft Digital Nepal Framework 2.0 laid out bold plans to modernize public services, enhance digital infrastructure, and address past challenges like weak coordination and limited technical capacity through phased implementation and skill development. The Council of Ministers provided conceptual approval for drafting the Electronic Good Governance Commission Bill to combat corruption, and the Supreme Court’s ruling to uphold mandatory national identity cards for public service access, despite legal challenges, reinforced the push for centralized digital systems—though it sparked debates over accessibility.

Digital rights and privacy at stake 

Digital rights faced significant hurdles, with freedom of expression under strain. Prosecutions under the Electronic Transactions Act (ETA) targeted individuals for political comments, alleged defamation, or disruption, raising fears of a chilling effect on free speech. Critics argued the ETA is being misused to suppress dissent, a concern echoed in the Press Council Nepal’s expanded scrutiny of YouTube and online media, which sparked debates over regulatory overreach. The judiciary’s actions, such as the Sidhakura contempt case, further intensified scrutiny of media freedom. The lifting of the TikTok ban on 22 Aug 2024, was a victory for digital rights, but the lack of transparency around the decision left questions unanswered. The Ministry of Communication and Information Technology’s Directives on Managing the Use of Social Media, 2080, required platforms like TikTok and Facebook to establish local offices and moderate content, yet only TikTok, Viber, and WeeTok complied. A 30-day ultimatum for social media registration in 2081 marked a shift toward stricter enforcement, with potential bans for non-compliant platforms like Meta and X. Minister for Communications and Information Technology, Prithvi Subba Gurung, warned of shutting down social networks if they failed to register by April 13, 2025, emphasizing the urgency of compliance.

In 2081, Nepal faced significant internet disruption, including a major outage on National ICT Day, May 2, caused by disagreements over RTDF taxation between ISPs and the Ministry of Communications (MoCIT).

Further internet connections were disrupted in various places due to natural calamities, beautification of the city, and floods damaging the power supplies, leading to the shutdown of several base transceiver stations (BTS) and cutting off communication in affected areas.

The Supreme Court’s Sept 2024 ruling against unauthorized data access by Nepal Telecom reaffirmed privacy rights, but international reports like CIVICUS highlighted Nepal’s obstructed civic space, citing media censorship and reprisals against activists.

In a related development, the Department of Transport Management, following an appeal by a law student under the Right to Information Act, rectified its practice of publishing personal data such as citizenship numbers in driving test results. The department admitted this breach of privacy laws and committed to upgrading its software to prevent future violations. 

Rise of mis/disinformation and deepfake materials 

Social media also became a breeding ground for misinformation, deepfakes, and racially motivated attacks, with manipulated videos, false narratives, and unchecked mis/disinformation spreading widely. As Nepal’s digital ecosystem grows, combating false and misleading information, particularly during critical moments like elections or public protests, remains a significant challenge. These threats underscore the need for comprehensive strategies to enhance media literacy, promote responsible digital practices, and introduce effective policies addressing disinformation and digital manipulation.

Surge in cybercrime and systemic vulnerabilities

The year was marred by a cybercrime surge, with the Nepal Police Cyber Bureau recording 19,730 FIRs in FY 2080/81—a tenfold rise from five years earlier—and 13,426 complaints within nine months of 2081/82. Cases spanned financial fraud, phishing scams, social media impersonation, and hacking, with incidents like the theft of Rs 34.2m from F1 Soft’s bank account and data breaches by Khalti employees exposing systemic vulnerabilities. Fraudulent schemes exploiting trusted brands, fake government grants, and illegal crypto transactions targeted vulnerable groups, particularly youth and students. The NRB pushed for stronger KYC procedures, real-time monitoring, and public awareness, but the volume of cases strained resources.

Major cybersecurity and infrastructure threats

In 2081, Nepal faced significant cybersecurity challenges, marked by high-profile incidents such as DDoS attacks on government servers and recurring cyberattacks on local government websites, disrupting essential services. Notable breaches included the hacking of the National Vigilance Center’s website, resulting in the loss of registration data, and a malware attack on the Passport Department, causing delays in passport services. Other incidents exposed vulnerabilities in the teacher personnel records system and Tribhuvan University’s online exam platform. Additionally, over a dozen ministry websites went offline due to negligence in renewing licenses, and funding shortages threatened the stability of key digital infrastructure, such as the Integrated Data Management Center and Disaster Recovery Centre. A particularly alarming breach involved the hacking of Nepal’s public grievance platform, Hello Sarkar, by the Russian hacker group ‘Ghudra’, which sold sensitive citizen data on the dark web. Despite the adoption of a National Cybersecurity Policy in 2080, Nepal’s cybersecurity ranking fell to 100th globally, highlighting the government’s struggles to improve its digital security infrastructure.

In 2081, Nepal’s digital journey was a paradox of progress and peril. Ambitious ICT and e-governance initiatives laid a foundation for a connected future, but rural connectivity gaps, regulatory overreach, and rampant cybercrime demanded urgent action. The tension between digital advancement and democratic freedoms underscored the need for balanced policies that protect rights while fostering innovation. As Nepal advances toward its ‘IT Decade’ goals, the lessons of 2081 emphasize inclusive access, transparent governance, and robust cybersecurity as critical to shaping a resilient digital future.

The Social Media Management Guidelines 2080 is part of government efforts to regulate online space and social media through administrative measures. The guidelines and the ban on TikTok undermine the right to freedom of expression enshrined in the Constitution and limitations outlined in the Electronic Transaction Act. The guidelines covers diverse issues like fake ID and trolling without defining them, apart from defining ‘hate speech’ loosely, though the onus is on the Parliament to define the term. It bars social media users from creating and sharing contents through anonymous/fake IDs or commenting on shared contents. The right to be a part of cybersphere is key to safeguarding constitutionally-guaranteed digital rights also enshrined in international human rights instruments. Such a provision will violate people’s right to use social media for causes dear to them. Instead of opting for administrative measures to regulate the cybersphere, government should go for legislative regulation. 

The author is Executive Director at Digital Rights Nepal 

International human rights instruments have traditionally held states accountable for the protection of human rights. However, as businesses continue to grow in power and influence, they are increasingly being recognized as responsible for respecting human rights. This is due to the acknowledgment of the negative impacts that businesses can have on human rights, such as environmental degradation and labor violations. As a result, businesses are now expected to prevent human rights abuses and provide remedies for any harm caused. This is reflected in global initiatives, such as the UN Guiding Principles on Business and Human Rights. The United Nations Guiding Principles on Business and Human Rights (UNGPs), adopted through Resolution 17/4 on June 16, 2011, are rooted in the recognition of both the obligation of the state and the responsibilities of the business sector to respect, protect, and provide remedies for human rights violations. The UNGPs provide essential principles for both the state and the business sector to ensure the protection of and respect for human rights while conducting and regulating business activities. These principles are applicable to all states and business enterprises, irrespective of their size, sector, location, ownership, or structure, including transitional ones. The United Nations (UN) has called upon all nations to create, implement, and update national action plans (NAP) on business and human rights, as part of their duty to disseminate and apply the UNGPs. A number of states in South Asia have started the process already. Pakistan was the first country to adopt BHR NAP in December 2021, whereas India released the National Guidelines for Responsible Business Conduct in 2019 and made public the zero draft of the BHR NAP in March 2020. The UN is involved in providing technical assistance and building capacity of the states and stakeholders to promote business and human rights with the UN South Asia Forum on Business and Human Rights as one such initiative. The fourth edition of the forum, happening in Kathmandu on March 20-22, 2023, aims to bring attention to the workers fueling development in Asia and the role that States and businesses must play to protect and respect the workers' rights. This forum also plans to discuss and debate the ongoing challenges and opportunities for workers in the sub-region against the backdrop of structural inequalities and power dynamics that results in differential impacts on workers. As a member-state of the UN, Nepal also has the obligation to enforce the UN business and human rights principles. In compliance with this obligation, the Government of Nepal has tasked the Ministry of Labour, Employment, and Social Security (MoLESS) with formulating a distinct action plan on business and human rights as part of its 5th National Human Rights Action Plan (NHRAP) adopted in 2020. The ministry has formed a taskforce for formulating a national action plan for business and human rights. The taskforce members include representatives of the Federation of Nepali Chambers of Commerce and Industries (FNCCI) and trade union, which is commendable. Furthermore, prior to releasing a preliminary NAP for public consultation last month, the taskforce conducted a series of consultations with a wide range of stakeholders such as the business sector, journalists, human rights activists, civil society members, lawyers, indigenous peoples organizations, and consumer groups. However, given the novelty of the business and human rights discourse in Nepal, the consulted stakeholder groups were not well-equipped to provide nuanced or informed recommendations on the draft guidelines. Additionally, the two-week deadline imposed by the government for collecting input on the draft was insufficient, and no public outreach or information dissemination was conducted to elicit feedback. Nonetheless, it is incumbent upon the government to uphold transparency and disclose a list of suggestions and recommendations received and deliberated upon during the plan's finalization. The priorities identified by the government in the draft action plan includes labor rights, right to the environment, rights of indigenous communities, consumer rights, rights of women and children, right to gender equality and non-discrimination. It is interesting to note that all these rights prioritized in the draft BHR NAP are guaranteed as fundamental rights in the Constitution of Nepal 2015, and there are legislative measures as well to implement these rights. Despite suggestions and recommendations received from the consultations with the stakeholder, the draft has failed to include digital rights such as right to privacy and data protection. With an ever-growing level of digitalization and datafication, it is important to bring the digital rights and ICT businesses into the discussion of BHR in Nepal. Adoption of the BHR NAP is only the first step and the beginning. Both the government and the business sector need to do a lot to ensure that principles transform into practice. Nepal has a poor track record of implementing its plans and policies, including the NHRAP itself: the fourth NHRAP had concluded without even having a single meeting of the high-level committee established to implement the plan. Thus, the government needs to show serious commitment and allocate adequate resources for the implementation of the BHR NAP. According to the representatives of the business sector, the current BHR NAP draft has failed to guide the business sector on their roles in ensuring human rights. The UNGPs clarify what is expected of business enterprises with regard to human rights and outline the process through which companies can identify their negative human rights impacts and demonstrate that their policies and procedures are adequate to address them. However, Nepal draft BHR NAP has failed to clarify this and missed the opportunity to integrate the important aspect of human rights due diligence, which is the core of the UNGPs. It is the obligation of the State to provide effective guidance to business enterprises on how to respect human rights throughout their operations. As the concept of BHR is new in Nepal, the government is also required to invest in raising awareness and building capacity of the businesses to integrate human rights into businesses. Investing in BHR not only facilitates ethical and sustainable business operations but also enhances the reputation and social acceptability of businesses. Furthermore, it can contribute to the broader developmental objectives of the country, such as promoting inclusive growth and social cohesion. Advocate Sigdel is the co-founder of Digital Rights Nepal, a civil society organization promoting digital rights

Nepal recently elected a new House of Representatives and a government through a general election. The previous parliament was unable to accomplish much in terms of policy making, with several sessions ending without passing any bill. Previous governments were preoccupied with dissolving the parliament or securing a vote of confidence, making policymaking a low priority. As a result, the law and policy making process was hindered, leading to several digital rights initiatives being neglected. The newly-installed coalition government faces its own set of challenges. Early indications are not promising, as much of its energy appears to be channelized on keeping the coalition intact. To regain the trust of the public, media, and civil society, who are closely monitoring its performance, it is crucial for the government to redirect its focus and priorities. Failure to prioritize policy making will not only hinder the development of the ICT sector and compromise digital security, but also negatively impact the digital rights of citizens. This write-up aims to highlight the significant issues regarding digital rights and security in Nepal, and to encourage the legislative and government bodies to prioritize these issues to safeguard, enhance, and fortify the digital rights and security of its citizens. IT bill In Nepal, the Electronic Transaction Act 2063 (ETA 2063) is the only existing law to regulate and monitor cyberspace. The act has been amended once, solely to address online gender-based violence. Despite various issues and shortcomings in the ETA 2063, no timely update has been made to keep up with advancements in the digital world. Additionally, stakeholders such as the Federation of Nepali Journalists and other civil society organizations have reported that authorities have misused provisions of the act to restrict the freedom of expression. A case challenging the legality of Section 47 of the act is pending at the Supreme Court. The prior administration created the Information Technology Bill 2075 to regulate the IT sector, replacing ETA 2063. The bill was presented to the lower house of Parliament in Falgun 2075 and has been scrutinized by stakeholders, who have called for the removal of overly strict and unclear provisions that could limit freedom of speech. It's crucial for the government to hasten the introduction of this bill through an open and transparent consultation with stakeholders. Comprehensive data protection law The Constitution of Nepal guarantees the Right to Privacy as a fundamental right under Article 28. To further reinforce this right, Nepal passed the Individual Right to Privacy Act in 2075. However, the Act lacks comprehensive coverage of all data protection aspects. With the growing use of the internet and increase in datafication, the government has been collecting a large amount of citizens' data, including personal information and biometric data, for purposes such as national ID cards, voter cards, smart driving licenses, passports, etc. The government must safeguard these data from potential attacks and misuse. Currently, Nepali laws do not clearly define the government's responsibility for managing and storing this information. A comprehensive data protection law must also specify the obligations of private entities. In recent data breaches at private companies, there has been no accountability, and the questions of due diligence, security assessments, and potential neglect have gone unaddressed. The new law must address these issues. Furthermore, as Nepal seeks to draw foreign investment through liberal foreign investment policies and a conducive investment atmosphere, having a robust set of data protection laws and regulations is essential. Thus, the new legislative body and the government must make the adoption of a comprehensive data protection law a top priority. Regulatory policy Nepal lacks a comprehensive data governance policy. The Constitution (Schedule 8) designates the local government with the responsibility of managing data and records. As part of delivering public services, each local government collects and maintains citizens' data. State and federal governments also collect and manage data in accordance with Schedules 5 and 6 of the Constitution. For efficient operations, the three levels of government must coordinate with each other and share data among them. However, there is currently no policy or law in place to facilitate data sharing between different governments. Agencies within the same tier even struggle to access data maintained by other agencies. The Statistics Act 2079 has recently been implemented in Nepal with the aim of updating and integrating laws on statistics to enhance policymaking, policy implementation, resource management, and service delivery at the federal, provincial, and local levels. The act aims to make data production, processing, storage, publication, and distribution more reliable, systematic, and timely. Despite this, the act contains unclear provisions that regulations are supposed to clarify. Even five months after materialization of the act, necessary regulations pertaining to the act are yet to be introduced. To address this problem, the government needs to promptly adopt a data management policy to establish a uniform process for data sharing within government departments or between different tiers of government. Cybersecurity in focus Cybersecurity is now a crucial aspect of national security policy, but Nepal has yet to fully recognize its significance. The recent increase in cyberattacks on the country's digital infrastructure highlights the need for a strong cybersecurity policy. The Ministry of Communication and Information Technology drafted a National Cybersecurity Policy in 2021, but it failed to address human rights and rights-based approaches. The government must restart the process, involve stakeholders, address any shortcomings, finalize the draft, and implement it. Moreover, the United Nations Office of Counter-Terrorism (UNOCT) has established a cybersecurity program aimed at improving the capacities of member-states and private organizations to prevent cyberattacks. The Council of Europe is providing support to countries globally to strengthen their criminal justice capacities in addressing cybercrime and electronic evidence through the Budapest Convention on Cybercrime. Given the rising threats of cybercrime, cyberattacks on crucial infrastructure, and interception of data in cyberspace, Nepal requires prompt international collaboration to address these challenges. E-commerce legislation In Nepal, there are thousands of registered commercial websites and the e-commerce sector is growing, albeit in an unstructured manner. The use of social media platforms, such as Facebook and Twitter, for business promotion and advertising has also increased. However, there are no specific laws or policies in place to regulate these services. This has led to complaints from customers about receiving damaged products, being charged different prices, and a lack of return and refund policies. To protect consumers, the government needs to regulate these services and establish a regulatory mechanism. In 2019, Nepal proposed an e-commerce bill that came under fire as it was formulated without proper public consultations and lacked a rights-based approach. Without proper regulation, this potentially huge sector may not be able to live up to its full potential; in fact it could even decline. It's imperative for the new government to prioritize the regulation of e-commerce. National ID card The Nepali government has introduced a National ID Card as part of plans for a "Digital Nepal" and improved e-governance. The ID card contains personal information and biometric data, which is supposed to be kept confidential according to the National ID Card and Registration Act. However, the implementation of the card system has faced challenges like privacy and security concerns, digital inequality, and a lack of transparency. The government has yet to provide adequate security measures to protect citizens' information and prevent misuse. Additionally, there is a risk of further digital exclusion for marginalized and vulnerable populations if digital initiatives are not implemented with consideration for those lacking access to the internet. The government must implement adequate security measures to prevent the misuse of citizens' information. Additionally, if digital initiatives are implemented without consideration for a large population, which lacks access to the internet, it could deepen the digital divide further, exacerbating the marginalization of vulnerable citizens. E-governance The integration of ICTs in public service delivery has ushered in a new era of e-governance. The government has placed high priority on e-governance and has drafted a master plan with the aim of improving governance and socioeconomic development through the implementation of effective, efficient, and productive e-government services. The government has rolled out several ICT-based services and initiatives, such as the Nagarik App and the National Identity Card system. However, a legal framework to regulate e-governance in the country is lacking. Recognizing this, the new government should consider adopting e-governance law as a top priority. The Digital Nepal Framework was introduced in 2076 by the government as a blueprint for contributing to economic growth and addressing major challenges  through digital initiatives. The lack of universal internet access and relevant policies have hindered the implementation of this important move toward a digital future. The government must focus on improving information and communication technologies, internet quality, and digital literacy for effective implementation. The project also needs more stakeholder feedback and consultation. Monitoring social media titans According to a report from the Nepal Telecommunications Authority, there are 27.76 million individuals in Nepal with internet access. Also, there were 13.70 million social media users in January 2022 as reported by Reportal. The growth in social media users has resulted in an increased influence of social media on almost every sector of the country, including politics, such as elections. However, this growth has also led to a rise in cybercrimes, including social media-based offenses, and the spread of misinformation and disinformation. Thus, it is imperative that regulations are introduced and enforced to address the activities of social media companies. Nepal has yet to establish regulations or guidelines for monitoring the behavior and activities of large social media companies such as Facebook, Twitter, and Instagram, which have millions of Nepali users. The IT Bill contained provisions to regulate social media, but these provisions lacked clarity and did not impose clear responsibilities on social media platforms to protect the rights of citizens. The previous government also created a ‘Social Media Management Directive’ to regulate the use and registration of social media in Nepal, but this draft faced criticism from several stakeholders. They argued that if implemented, it would grant the government immense power to request user data from these companies without a court order. In order to address the current challenges surrounding social media, the government needs to establish a comprehensive policy that outlines the responsibilities of these platforms. This policy should address key issues such as data protection, user accountability, and the obligation to respect human rights. This includes matters such as storage and processing of personal data, and requirements for transparency and cross-border data transfers. The challenges in prioritizing digital initiatives and digital rights in Nepal require immediate attention from the government and the parliament. A transparent policymaking process that involves experts, stakeholders, and civil society must be adopted to drive development, uphold citizens' rights, and foster a sense of ownership. Policies must be formulated with a comprehensive understanding of the issues, considering the views of all relevant parties and ensuring equity and inclusiveness. Without proper policy understanding and implementation, digital initiatives may not have the intended impact on the nation and its people. It is crucial for the government and the parliament to prioritize this issue and take swift action to make sure that digital initiatives are inclusive and beneficial for all members of society.  The author is Chairperson at Digital Rights Nepal