Pursuant to Rule 7A of the National Broadcasting Regulation, licensed over-the-top (OTT) operators offering services to customers or generating revenue within Nepal are obligated to establish a cache server within the country. These operators are required to register customers on a server located in Nepal before granting access to their content and must retain detailed customer information. Additionally, records of all transactions must be securely stored on a Customer Management System Server. However, the regulation does not clearly define the term "Customer Management System Server" or specify whether such a server must be physically situated within Nepal and directly managed by the OTT service providers. The regulation defines OTT as the broadcasting of content on demand via the internet, encompassing media streaming services delivered through various platforms utilising internet connectivity

Section 12.4 of the Privacy Act requires the consent of the data subject for the disclosing, making public, or transferring of the following data: details relating to a medical examination; details relating to property and income; further information relating to employment; details relating to family matters; biometric data and fingerprints; signatures or electronic signatures; further information concerning the political affiliation and voting; and further information pertaining to profession and business. The term 'transfer' may signify the transfer of personal data outside Nepal, thereby requiring specific consent from the individual, although there is no clear evidence about the applicability of this requirement to cross-border data transfers.

Nepal has not joined any agreement with binding commitments to open transfers of data across borders.

It is reported that Nepal lacks sufficient resources to maintain qualified patent examiners, and enforcement officials are not adequately trained. In addition, it is reported that insufficient fines do not deter patent infringement.

Nepal lacks a comprehensive data protection regime. Nevertheless, the Individual Privacy Act 2075 (वैयक्तिक गोपनीयता सम्बन्धी ऐन, २०७५ ) enforces the constitutional right to privacy, incorporating provisions on the collection, storage, and disclosure of data, and mandates individual consent prior to the collection of personal information. Privacy in Nepal is further governed by the Individual Privacy Regulation 2077 (2020), which regulates the implementation of the Privacy Act, and the Data Act 2079 (2022), which regulates the generation, management, storage, and publication of data, delineating the responsibilities of data controllers, producers, and users.

Nepal is not a signatory of the 1996 World Trade Organization (WTO) Information Technology Agreement (ITA) nor the 2015 expansion (ITA II).

According to Art. 15 of the Public Procurement Act, international bidding is used for public procurement only when goods cannot be procured at competitive prices, if no bid has been submitted in the national bid for procurement of goods and services, or if it is certified by a public entity that goods to be procured is of complex and special nature.

According to Section 17 of the Public Procurement Regulation, a public entity shall, in making procurement by selecting any method set forth in the Regulation, provide a 15% price preference to the Nepali goods.

According to Section 31(F), introduced in 2019 through an amendment of the Public Procurement Regulation, domestic bidders are given preference even when public procurement is done through international bidding. Domestic firms, organisations, or companies that participate solely or in joint ventures with domestic firms, organisations, or companies are preferred in international bidding with a price preference margin of up to 5%.

Section 70.2(A) of the Public Procurement Regulations stipulates that foreign participation in the procurement of consultancy services estimated to cost less than NPR 100 million (approx. USD 800,000) is not permitted. However, exceptions may apply if a foreign entity forms a joint venture with a domestic individual, firm, or consulting company.

Nepal is not a party to the World Trade Organization (WTO) Agreement on Government Procurement (GPA), nor does it have observer status.

According to Section 5.6.2 of the Telecommunication Policy Act, foreign ownership in the telecommunications sector is subject to a maximum equity limit of 80%.

According to Art. 3 of the Foreign Investment and Technology Transfer Act, no industry operated with foreign investment may make foreign investment of profits earned or in any other manner in any sector referred to in the Schedule of the Act. Pursuant to the Schedule Relating to Sub-section (2) of Section 3, foreign investment in consultancy services is subject to a maximum foreign equity limit of 51%. In addition, according to the Schedule, foreign investment in both computer training services and accounting, engineering, and legal consultancy is prohibited.