Ministry of Communications and Informational Technology has recently published National Cybersecurity Policy, 2021 for public feedback and sought public feedback. So far, the Electronic Transaction Act, 2006 (ETA) is the only instrument that deals with Cybersecurity cases. Last year, Nepal Telecommunications Authority had enforced the Cybersecurity Bylaws, 2020. This bylaw was basically intended for telecom operators that brought significant changes to the cybersecurity scenario within the telecommunications sector. Furthermore, Nepal Telecommunications Authority had prepared a National Cybersecurity Policy, 2016, but it was never adopted.
This policy aims to protect all categories of data and from theft and damage and includes the provisions for securing sensitive data, personality identifiable information, protected health information, personal information, intellectual property, data and government, and Industry information system. In addition, this policy is mandated to make necessary legal arrangements to build reliable, Secure, and Resilient cyberspace in the next 3 years and establish institutional and organizational prerequisites to build reliable, Secure, and Resilient cyberspace in the next 5 years.
The current draft has come at such a time when the political environment is highly volatile. Also, the situation caused by the COVID-19 has limited wider consultation scope as well. However, consultation among the stakeholders is prime. Lack of consultation and ownership crates controversy and become irrelevant. Considering the importance of the stakeholder consultation, Internet Governance Institute, Forum for Digital Equality and Digital Rights Nepal, along with its collaborating partners, is holding a stakeholders consultation.