Cybercrime policies/strategies
In 2015, the Government of Nepal, through its Ministry Of Communications And Information Technology, issued its National Information and Communication Technology Policy (ICT Policy 2072) (NE) which presents various objectives to guide the digitalization of the country. The document sets the targets of digitalization in terms of infrastructure and Internet access, implying a transition towards an e-administration and e-economy to follow in the upcoming years. In this context, fighting cybercrime, enhancing cybersecurity and data protection are mentioned as means to build confidence and security and increase the use of ICT among citizens.
To meet these expectations, in the ICT Policy 2072 the government commits to improve existing legislation on cybercrime and cybersecurity, and to increase the capabilities of law enforcement agencies and prosecution services on cybercrime matters. The policy establishes also new units within existing government institutions or agencies to enforce the law, such as the Computer Crimes Investigation Unit, the National Electronic Communication Security Centre and an Information Security Response Team (NPCERT).
The 2019 Digital Nepal Framework proposes to finish setting up the National Electronic Communication Security Centre by 2021. In general, cybercrime is subsumed under the umbrella of cybersecurity, which is evident in this most recent digital framework when it comes to developing relevant legislation.
Cybercrime legislation
State of cybercrime legislation
Provisions within Nepal’s current legal framework correspond only to some extent to the Budapest Convention. The current legal framework on cybercrime and electronic evidence in Nepal mostly addresses crimes against electronic and financial transactions through its Electronic Transactions Act, 2063 (2008)/ETA and Banking Offence and Punishment Act 2064 (2008).
However, the country has entered the process of drafting new cybercrime legislation under the name Information and Technology Bill, which the government expects will be addressing the current cybercrime gaps (Nepali Times, Feb 2020).Substantive law
The piece of legislation that provides substantive law provisions criminalizing some online offences is the Electronic Transactions Act, 2063 (2008). The Act provides definitions such as computer system, computer, computer network, computer resource, computer database, data, originator (Section 2), unauthorized access (Section 45), damage to any computer and information systems (Section 46) etc., but they are not edited and conceived as a criminal law on cybercrime. However, the Act’s focus is on ensuring and regulating the safety, authenticity and security of electronic transactions, leaving room for legislation that would address the full spectrum of cybercrimes and the use and handling of electronic evidence in traditional crimes.
Other relevant pieces of legislation are:
The Banking Offence and Punishment Act 2064 (2008) codifies a number of relevant offences in Ch. 2 – Banking Offences:
- Section 5: unauthorized withdrawals or payments;
- Section 6: unauthorized payments via electronic means;
- Section 12: alterations to account/ledger, forgery or fraud.
- Punishments are prescribed in Ch. 3.
The Children's Act, 2048 (1992), 2049/2/7 (May 1992 A.D.) offers some limited protection from online exploitation in Ch. 2 – Rights and Interests of Children, Section 16. (1-3) and Ch. 6 – Miscellaneous, Section 53: punishment.
The Copyright Act, 2059 (2002) addresses infringements to copyrights in Sections 25-29 (Ch. 6).
The National Penal Code Act (2017) (EN):
- Section 35: prohibition of abetment;
- Section 276: prohibition of forgery;
- Section 298: prohibition of breaching privacy through electronic means;
- Section 300: prohibition of writing letters with dishonest intention of causing annoyance;
- Section 307: punishment for libel.
Procedural law
Safeguards
We find some safeguards in various legal sources, as listed below, however serious concerns persist with proposed draft legislation and the apparent misuse of current legislation to control certain freedoms (e.g. freedom of speech, association) as outlined above in the State of Cybercrime Legislation section:
- Part 3: Fundamental Rights and Duties16. Right to live with dignity
17. Right to Freedom
18. Right to equality
19. Right to communication
20. Right to justice
22. Right against torture
23. Right against preventive detention
27. Right to information
28. Right to privacy
- Part 25: National Human Rights Commission
National Penal Code Act (2017) (EN):
- Section 302: prohibition of unauthorized entry into other’s residence;
Related laws and regulations
- Constitution of Nepal;
- National Penal Code Act (2017) (EN);
- National Criminal Procedure Code Act (2017; EN);
- ETA: The basic law in cybercrime related matters in Nepal is the Electronic Transactions Act, 2063 (2008) (EN);
- Banking Offence and Punishment Act 2064 (2008, EN);
- ETR: In exercise of the powers conferred by Section 78 of the Electronic Transaction Act, 2063 (2007), the Government of Nepal has framed the following Rules: Electronic Transactions Rules 2064 (2007).
- GC: The Muluki Ain (General Code) Act Number 67 of the year 2019 is the general law that contains the procedural law as well as the substantive law provisions, which are applicable when no specific laws are applicable.
- CA: The Children's Act, 2048 (1992), 2049/2/7 (May 20, 1992 A.D.) is the Act relating to protect the rights and interest of Children
- TA: The Nepal Communications Act 2053 (1997)
- CRA: The Copyright Act, 2059 (2002)
- Consumer Protection Act 2075 (2018)
- EA: The Nepal Evidence Act, 2031, Date of Authentication and publication 2031.7.5 (1974 Oct. 21).
- MLA: Mutual Legal Assistance 2070 (2014, EN), Date of Authentication and Publication 2070.12.12;
- Mutual Legal Assistance Regulation 2070 (2014, EN);
- Extradition Act, 2070 (2014, EN – starting page 39), repealed the Extradition Act, 2045 (1988).
Specialised institutions
- Ministry of Foreign Affairs: via diplomatic channels, seems to be the default Central Authority for mutual legal assistance and extradition matters. However, the Mutual Legal Assistance 2070 (2014) provides that the Central Authority for MLA would be decided for each bilateral treaty upon publication in the Nepal Gazette.
- Ministry of Home Affairs: according to the Extradition Act, 2070 (2014) Section 9, once the request for extradition reaches the Ministry of Foreign Affairs through diplomatic channels, the request is then forwarded to the Ministry of Home Affairs for processing.
- Cyber Bureau: part of the Nepali Police, the office was set up in 2018 to: (1) investigate cybercrimes (including on critical infrastructure); (2) undertake capacity building; (3) coordinate and cooperate on information exchange and cybercrime investigations with national and international organisations/bodies and security agencies; (4) form the national CERT. Contact information here.
- Information Security Response Team Nepal (NPCERT): established in 2016, was created to deal with cyber security threats like hacking and phishing, to help identify and respond to cyber risks (and limit their impact on operations), and to coordinate with other domestic and international CSIRTs (Computer Security Information Response Team) and related organisations.
International cooperation
Competent authorities and channels
The Mutual Legal Assistance 2070 (2014), Section 3, provides a general rule that legal assistance can be provided to a foreign country on the basis of a bilateral treaty or on the basis of reciprocity commitment from the foreign country.
The Extradition Act, 2070 (2014) , Sections 3 and 5, covers the conditions to offer and refuse extradition. Extraditable offences are presented in Section 4.
Even though Nepal has bilateral relations with some 169 countries and international entities (e.g. European Union), it appears none have integrated MLAs for criminal justice international cooperation.
Jurisprudence/case law
Sources and links
ICT Policy 2072 (2015);
President Yadav certifies 10 different Acts (27 Mar 2014), The Kathmandu Post;
Compendium of Bilateral and Regional Instruments for South Asia: International Cooperation in Criminal Matters (2015). United National Office on Drugs and Crime;
Cyber Security and Internet Governance in Nepal (Apr 2020), Manish Jung Pulami, Nepal Institute for International Cooperation and Engagement;
Ministry of Foreign Affairs, Bilateral Relations.
These profiles do not necessarily reflect official positions of the States covered or of the Council of Europe.
Are you aware of the latest legislative or policy developments on cybercrime and electronic evidence?
Share this information with us helping to keep this platform up to date.
- Cybercrime website
- Template: Mutual Legal Assistance Request for subscriber information (Art. 31 Budapest Convention). English and bilingual versions available.
- Template: Data Preservation Request (Articles 29 and 30 Budapest Convention). English and bilingual versions available.