When Was Cyber Law Introduced in Nepal?

      Explore Nepal's cyber law, the Electronic Transactions Act, cybercrime provisions, privacy laws, and upcoming AI and cybersecurity regulations.

      P

      By

      SEO Content Writer

      Published 4 hours ago

      Cyber Law in Nepal

      What is Cyber Law?

      Cyber law, also known as digital law, deals with the legal guidelines that control digital transactions, online behavior, and electronic communications. It discusses both the criminal and civil sides of technology use, such as e-commerce, data protection, computer-related offenses, and digital intellectual property.

      Key Highlights

      • Nepal's first cyber law, the ETA 2063, took effect on September 2, 2006.
      • It legally recognizes electronic records and digital signatures.
      • It criminalizes hacking, data damage, illegal content, and online fraud.
      • Nepal's Individual Privacy Act and Data Act now protect digital privacy rights.
      • A new bill is pending to regulate AI, deepfakes, and impose stricter penalties.

      In reality, it controls user privacy, intellectual property, freedom of expression, online communication, and internet-connected devices while outlining safeguards for individuals and companies as well as punishments for cybercrime.

      As more Nepalis rely on smartphones for banking, shopping, and communication, understanding cyber law has become increasingly important. 

      When Was Cyber Law Introduced?

      Before the middle of the 2000s, Nepal did not have a specialized legal system for cyberspace. Traditional law had no response if a cybercrime took place or if someone attempted to use an email as proof in court. In 2006, the Nepalese government enacted the Electronic Transactions Act (ETA), 2063, marking the introduction of its initial cyber legislation to establish formal cyber regulations in the country.

      Timeline of Nepal's First Cyber Law:

      • The Blueprint (2004): The earliest version of cyber law in Nepal came through the temporary Electronic Transactions Ordinance, 2061 (2004), meant to fill the immediate regulatory gap.
      • Official Commencement (September 2, 2006): The Electronic Transactions Act, 2063 formally came into effect on 24 Bhadra 2063 B.S. (September 2, 2006).
      • House Approval & Authentication (December 2006): The House of Representatives approved the bill on December 4, 2006, with formal authentication and publication following on December 8, 2006 (22 Mangsir 2063 B.S.).
      • The "2008" Designation: The Act is often written as "The Electronic Transactions Act, 2063 (2008)" simply because that's the year its official English translation was gazetted, not because the law itself came later.

      Why was it introduced?

      Nepal modeled the ETA directly on the UNCITRAL Model Law on Electronic Commerce (1996), with three core goals in mind:

      • Bridging the digital trust gap by giving legal validity to digital transactions and signatures
      • Securing government and private networks as Nepal began adopting e-governance
      • Penalizing emerging digital threats, hacking, system damage, and online fraud that traditional criminal law had no framework to prosecute.

      There are various laws that govern cyberspace in Nepal. Read on to learn more about each of them below.

      The Law That Governs Cyberspace in Nepal

      The Electronic Transactions Act, 2063 

      Electronic Transaction Act Nepal

      The Electronic Transactions Act, 2063 (2008) remains the foundational law governing Nepal's cyberspace. It covers:

      • Legal recognition of electronic records and digital signatures, giving digital data the same legal standing as paper evidence.
      • Unauthorized access to computer systems, outlawing hacking and data breaches
      • Damage to computer data or programs, penalizing malware and intentional system disruption
      • Publication of illegal or harmful content online, covering cyberbullying, hate speech, and obscenity
      • Data theft and computer fraud, criminalizing identity theft and online financial scams
      • Specialized cyber courts, through the OCCA (Office of the Controller of Certification) and the Information Technology Tribunal

      Penalties under the ETA can reach up to 5 years imprisonment, a fine of up to NPR 200,000, or both, depending on the offence.

      National ICT Policy

      The National ICT Policy, 2015, which is Nepal's strategic roadmap for digital transformation, is implemented by the ETA, which enforces cyber law. It presented a "Government-led, Private Sector-driven" strategy for establishing a "Digital Nepal" and was created by the Ministry of Information and Communication.

      Key Targets & Initiatives:

      • Infrastructure: Connecting 90% of the population to broadband, with a 75% digital literacy target
      • E-Health: A national telemedicine program, paired with patient data privacy guidelines
      • Climate (E-Adaptation): Software to mitigate environmental impact, alongside e-waste management guidelines

      Funding for Startups & Innovation:

      • National ICT Research and Development Fund : financing local apps and digital content
      • ICT Enterprise Development Fund : venture capital-style seed funding for tech startups
      • Software and Services Industry Promotion Board : a public-private body focused on lowering entry barriers for domestic IT firms.

      Privacy-Related Legal Provisions

      Nepal's digital privacy laws, which were formerly dispersed, are now supported by legislative and constitutional frameworks as part of a larger trend toward modernizing technology-related regulations in the country. The right to privacy of one's body, residence, property, correspondence, and reputation is protected as a basic right under Article 28 of Nepal's Constitution.

      Building on this, Nepal enacted the Individual Privacy Act, 2075 (2018) as its primary data protection statute, later complemented by the Data Act, 2079 (2022).

      Core pillars of Nepal's privacy framework:

      • Explicit consent required
      • Right to rectification
      • Meaningful penalties for violations

      Users should also keep their devices and applications updated to reduce known security vulnerabilities.

      Emerging Regulatory Frameworks

      Nepal's digital legal system is shifting to address newer challenges, social media safety, and AI. Key developments to watch:

      • The Information Technology and Cyber Security Bill: It is  proposed to fully replace the ETA, introducing penalties of up to 5 years' imprisonment and fines up to NPR 10,00,000 for offences like phishing, hacking, and password theft.
      • AI and Deepfake Regulation: As AI-powered tools become more accessible, deepfake scams are becoming easier to create and harder to detect. The proposed bill introduces legal penalties for AI misuse, including deepfakes and automated scams.
      • Cloud & Data Security: New mandates requiring data center operators and cloud providers to obtain licenses, undergo security audits, and meet strict data privacy standards

      Cyber Crime in Nepal

      Cyber Crime in Nepal

      In Nepali, cybercrime is referred to as साइबर अपराध (cyber aparadh). Under the Electronic Transaction Act, common categories include:

      Online Fraud and Financial Scams

      It is the most frequently reported category of cybercrime in Nepal, including:

      • Fake online shopping websites that collect payment without delivering products
      • Phishing schemes targeting banking credentials and payment accounts
      • Investment scams promising unrealistic returns
      • Lottery and prize frauds via email and social media

      The Nepal Police Cyber Bureau reports hundreds of such cases annually, with losses running into millions of rupees.

      Social Media Misuse and Identity Theft

      Social Media Misuse and Identity Theft are growing alongside platforms like Facebook and TikTok; common forms include:

      • Fake profiles impersonating real individuals
      • Unauthorized use of someone's photos or personal information
      • Romance scams using stolen identities
      • Business email compromise, impersonating company executives

      Identity theft often becomes a gateway to further crimes, including financial fraud and reputational harm.

      Cyber Bullying and Online Harassment 

      Cyber Bullying and Online Harassment disproportionately affect young people and women in Nepal, including:

      • Persistent online stalking and threats
      • Sharing private images without consent
      • Coordinated harassment campaigns
      • Defamatory content aimed at damaging reputation

      The psychological toll can be severe, yet many cases go unreported due to stigma or limited awareness of legal remedies.

      Hacking, Phishing, and Data Breaches

      Hacking

      Targeting both individuals and organizations, recent incidents in Nepal have included:

      • Unauthorized access to government websites and databases
      • Corporate network intrusions resulting in data theft
      • Ransomware attacks on businesses and institutions
      • Credential theft through sophisticated phishing campaigns.

      As cyber threats continue to grow, the demand for cybersecurity professionals is also increasing. This has created more opportunities for aspiring professionals, including women interested in building a career in cybersecurity. 

      Conclusion

      Nepal's cyber law journey began in 2006 with the Electronic Transactions Act, giving the country its first real legal footing in digital transactions, electronic signatures, and cybercrime prosecution. Nearly two decades later, that same Act still forms the backbone of Nepal's digital legal system, even as the threats it was built to address have evolved dramatically, from simple email fraud to sophisticated phishing, identity theft, and AI-driven scams.

      Nepal's legal framework is clearly playing catch-up with its own digital growth. The National ICT Policy, the Individual Privacy Act, and the newly proposed Information Technology and Cyber Security Bill all signal a system working to modernize, but until that new bill passes, the ETA of 2063 remains the primary law standing between Nepali internet users and the digital threats they face today.

      For everyday users, the takeaway is simple: 

      Staying informed about cyber laws is only one part of staying safe online. Practicing good digital security habits and keeping up with the latest technology developments can help reduce everyday cyber risks.

      Article Last updated: July 15, 2026

      Best Tech Deals

      How did we do with this article?

      Conversation

      We’d love to hear your thoughts! Let's keep it respectful and on-topic. Any inappropriate remarks may be removed. Happy commenting! Privacy Policy

      Be the first to share your thoughts-start the conversation!

      Latest Articles