INFORMATION TECHNOLOGY AND CYBER SECURITY BILL 2080 (2024 A.D.)

Introduction

On March 10, 2024, the Ministry of Communication and Information Technology (“Ministry”) released a draft of Information Technology and Cyber Security Bill 2080 (2024 A.D.) (“Bill”) for public comments.

The Bill aims to regulate activities related to information technology and cyber security. The Bill has been introduced to replace the previous Information Technology Bill 2075 (2019 A.D.), which was previously tabled but withdrawn from the Parliament last year.

Stakeholders and interested parties may submit their comments to the Ministry via email: info@mocit.gov.np within 15 days, i.e., by March 25, 2024. A copy of the draft Bill in Nepali language may be accessed by clicking here.

Key provisions of the Bill are summarized below:

Approval to be Obtained by IT Industry

An entity engaged to provide services in information technology field must obtain approval from the Department of Information Technology (“DOIT”) prior to operating its business activities.

License to be Obtained to Operate Data Center/Cloud Service

An entity, which intends to operate data center and/or cloud service, must obtain a license from the DOIT. Service providers, who are currently engaged in providing data centers and/or cloud services, must obtain a license within one year from the date of enactment of the Bill as a legislation. Service providers are required to renew their licenses annually.

Use of Data Centers and Cloud Service Providers by Government Entities

Except as specified otherwise, Government entities are allowed to operate their information systems through the licensed data centers and cloud service providers.

Exemption from Criminal Liability

Service providers are provided exemption from criminal liability for acts performed solely as data center and cloud service providers.