Nepal has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

Nepal has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

The government owns shares in some telecommunications companies. In particular, Nepal Telecom (NTC) or Nepal Doorsanchar Company Limited (NDCL), the incumbent telecommunications operator, is a state-owned company with a state shareholding of approximately 90%.

Nepal does not mandate functional separation for operators with significant market power (SMP) in the telecom market. However, there is an obligation of accounting separation.

Nepal has not appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.

It is reported that the Nepal Telecommunications Authority (NTA), the executive authority for the supervision and administration of services in the telecommunications sector, is independent from the government in the decision-making process.

Pursuant to Rule 7A of the National Broadcasting Regulation, licensed over-the-top (OTT) operators offering services to customers or generating revenue within Nepal are obligated to establish a cache server within the country. These operators are required to register customers on a server located in Nepal before granting access to their content and must retain detailed customer information. Additionally, records of all transactions must be securely stored on a Customer Management System Server. However, the regulation does not clearly define the term "Customer Management System Server" or specify whether such a server must be physically situated within Nepal and directly managed by the OTT service providers. The regulation defines OTT as the broadcasting of content on demand via the internet, encompassing media streaming services delivered through various platforms utilising internet connectivity

Section 12.4 of the Privacy Act requires the consent of the data subject for the disclosing, making public, or transferring of the following data: details relating to a medical examination; details relating to property and income; further information relating to employment; details relating to family matters; biometric data and fingerprints; signatures or electronic signatures; further information concerning the political affiliation and voting; and further information pertaining to profession and business. The term 'transfer' may signify the transfer of personal data outside Nepal, thereby requiring specific consent from the individual, although there is no clear evidence about the applicability of this requirement to cross-border data transfers.

Nepal has not joined any agreement with binding commitments to open transfers of data across borders.

Nepal lacks a comprehensive data protection regime. Nevertheless, the Individual Privacy Act 2075 (वैयक्तिक गोपनीयता सम्बन्धी ऐन, २०७५ ) enforces the constitutional right to privacy, incorporating provisions on the collection, storage, and disclosure of data, and mandates individual consent prior to the collection of personal information. Privacy in Nepal is further governed by the Individual Privacy Regulation 2077 (2020), which regulates the implementation of the Privacy Act, and the Data Act 2079 (2022), which regulates the generation, management, storage, and publication of data, delineating the responsibilities of data controllers, producers, and users.

Rule 8 of the National Broadcasting Regulation stipulates that over-the-top (OTT) service providers are required to maintain a record of the programmes they transmit for a minimum duration of 60 days. In addition, these records must be made accessible to the Ministry of Communications and Information Technology, as well as other governmental authorities, for the purpose of investigations. The term "OTT" is defined as the broadcasting of content on demand via the internet, encompassing media streaming services delivered through various platforms utilising internet connectivity.

The Electronic Transactions Act establishes a safe harbour regime for intermediaries for copyright infringements. According to Art. 43, network service providers are not subject to criminal or civil liability arising from third-party content. The only exception is if the network service provider publishes the content fully aware that it contravenes the law.

The Electronic Transactions Act establishes a safe harbour regime beyond intermediaries for copyright infringements. According to Art. 43 of the Act, network service providers are not subject to criminal or civil liability arising from third-party content. The only exception is if the network service provider publishes the content fully aware that it contravenes the law.

It is reported that Nepal imposes an identity requirement for SIM registration. Anyone wanting to purchase a SIM card has to provide their national ID card or a passport in case of foreigners to activate a new prepaid SIM card.

Pursuant to Arts. 6 and 7 of the "Directives on the Operation of Social Networking 2023", operators of social network platforms (SNPs) are required to establish a point of contact within Nepal to handle grievances related to platform usage. This designated contact must identify and address content disseminated on social networks that violate the law. Additionally, under Art. 8, SNPs must develop algorithms and implement measures to prevent the dissemination of information that contradicts prevailing laws. According to Art. 3.7, the Ministry of Communications and Information Technology may ban any SNP from operating in Nepal if it does not comply with these requirements.
Art. 2 of the Directive defines SNPs as Internet or information technology-based operating systems available to the public, such as Facebook, TikTok, Viber, Pinterest, WhatsApp, Messenger, Instagram, YouTube, LinkedIn, WeChat, and others, that allow individuals or organisations to exchange ideas or information with each other or to disseminate user-created content.