Table of Contents
The Electronic Transactions Act 2063 (2006) is Nepal's primary cyber law governing electronic communications, digital transactions, and cybercrime. As Nepal's digital economy grows, understanding this legislation is essential for businesses, individuals, and organizations engaged in online activities.
This guide covers the key provisions of the Electronic Transactions Act—digital signatures, electronic records, certifying authorities, cybercrimes, and penalties.
Overview of the Act
The Electronic Transactions Act 2063 came into effect on 2nd September 2006 (24th Bhadra 2063 B.S.). It was introduced to:
- Ensure reliability and security of electronic transactions
- Provide legal recognition to electronic records and digital signatures
- Control unauthorized use and alteration of electronic records
- Define cybercrimes and establish punishments
- Promote e-commerce and e-governance in Nepal
The Act aligns with international standards, including the UNCITRAL Model Law on Electronic Commerce, facilitating cross-border digital trade and cooperation in cybercrime investigations.
Key Definitions
| Term | Definition |
|---|---|
| Electronic Record | Data, record, image, or sound transmitted, received, or stored in electronic form by generating through any means |
| Digital Signature | A signature in electronic form using asymmetric cryptosystem that verifies whether the record was created using a private key consistent with the signatory's public key, and whether the record has been altered |
| Certifying Authority | Licensed entity authorized to issue digital signature certificates |
| Controller | Government-appointed authority to regulate electronic transactions and certifying authorities |
Legal Recognition of Electronic Records
The Act provides legal validity to electronic records, making them equivalent to physical paper documents. An electronic record is legally valid if:
- Information, document, or record is maintained in electronic form
- Required by prevailing laws
- Procedures under the Act and its rules are fulfilled
This provision enables:
- Online contracts and agreements
- E-commerce transactions
- Digital banking and payments
- Electronic filing of documents
- E-governance services
Digital Signatures
Every subscriber has the right to authenticate any electronic record using their personal digital signature. A digital signature is legally valid if:
- The document is certified by digital signature as required by prevailing laws
- Procedures under the Act and its rules are fulfilled
- The signature is verified using a secure asymmetric cryptosystem
Benefits of Digital Signatures:
- Authentication: Verifies the identity of the signer
- Integrity: Confirms the document hasn't been altered
- Non-repudiation: Signer cannot deny signing the document
- Legal Validity: Equivalent to handwritten signatures
Certifying Authority
Certifying Authorities are licensed entities responsible for issuing digital signature certificates. They ensure the trustworthiness of electronic records and digital signatures.
Obtaining License as Certifying Authority:
- Submit application with required documents to the Controller
- Controller reviews and issues license
- License must be renewed annually (application filed 2 months before expiry)
Digital Signature Certificate Process:
| Step | Action | Timeline |
|---|---|---|
| 1 | Submit application to Certifying Authority with fees | - |
| 2 | Certifying Authority reviews application | Within 7 days |
| 3 | If approved, certificate issued with CA's signature | Within 7 days |
| 4 | If rejected, applicant notified with reasons | Within 7 days |
Suspension of Certificate:
A digital signature certificate may be suspended if:
- Subscriber or authorized person requests suspension
- Certificate contravenes public interest
- Act provisions were not followed during issuance, causing potential loss
- Controller instructs suspension on specified grounds
Revocation of Certificate:
A certificate may be revoked if:
- Subscriber or authorized person requests revocation
- Certificate contravenes public interest
- Subscriber dies
- Subscriber company becomes insolvent, winds up, or dissolves
- Issuance requirement was not satisfied
- Material fact in certificate is proved false
- Security system or key pair is compromised
Electronic Contracts
The Act enables parties to enter into legally binding contracts via electronic means. Electronic contracts are valid if:
- Offer and acceptance are clearly expressed through digital communication
- Parties have the capacity to contract
- Contract is for lawful purpose
This provision supports online businesses, digital banking, e-commerce platforms, and virtual marketplaces.
Government Use of Electronic Records
The Act authorizes government agencies to:
- Publish documents in electronic form
- Deliver services online
- Issue digital certificates
- Accept electronic filings and payments
- Interact with the public via electronic means
This promotes e-governance and digitization of public services in Nepal.
Cybercrimes and Penalties
The Act defines various cybercrimes and prescribes punishments. These provisions help investigate and prosecute digital offenses.
| Cybercrime | Punishment |
|---|---|
| Piracy, destruction, or alteration of computer source code | Up to 3 years imprisonment or up to NPR 2 lakhs fine or both |
| Unauthorized access to computer material (Hacking) | Up to 3 years imprisonment or up to NPR 2 lakhs fine or both |
| Damage to computer and information system | Up to 3 years imprisonment or up to NPR 2 lakhs fine or both |
| Publication of illegal materials in electronic form (hate speech, materials jeopardizing communal harmony, misbehavior towards women) | Up to 5 years imprisonment or up to NPR 1 lakh fine or both |
| Breach of confidentiality | Up to 2 years imprisonment or up to NPR 1 lakh fine or both |
| Providing false information to obtain license or certificate | Up to 2 years imprisonment or up to NPR 1 lakh fine or both |
| Submission or display of false license/certificate | Up to 2 years imprisonment or up to NPR 1 lakh fine or both |
| Computer fraud (fraudulent digital signatures, illegal financial gain) | Up to 2 years imprisonment or up to NPR 1 lakh fine or both |
Note: Offenders engaged in computer fraud are also liable to return the financial gain to the affected party in addition to criminal penalties.
Information Technology Tribunal
The Act establishes a judicial mechanism to handle disputes and offenses related to electronic transactions:
Information Technology Tribunal:
- Consists of 3 members
- Handles proceedings for offenses under the Act
- Adjudicates issues related to cybercrimes, digital contracts, and electronic records
Information Technology Appellate Tribunal:
- Hears appeals against decisions of Controller, Certifying Authority, and IT Tribunal
- Provides avenue for challenging regulatory decisions
This specialized tribunal system expedites justice for cyber-related disputes and reduces burden on regular courts.
Controller of Certifying Authorities
The Act establishes the Office of the Controller to regulate electronic transactions:
Structure:
- Chief Controller
- Deputy Controller
- Other employees as required
Functions:
- Issue and renew licenses to Certifying Authorities
- Supervise activities of Certifying Authorities
- Specify standards for digital signatures
- Lay down procedures for certifying authorities
- Resolve disputes related to digital signatures
Salient Features of the Act
Key features of the Electronic Transactions Act 2063:
- Legal Recognition: Electronic records and digital signatures have legal validity equivalent to physical documents
- Electronic Contracts: Contracts formed electronically are legally binding
- Certifying Authority Framework: Licensed entities issue and manage digital signature certificates
- Cybercrime Definitions: Clear definitions and penalties for digital offenses
- Specialized Tribunal: Dedicated judicial mechanism for cyber disputes
- E-Governance Promotion: Government authorized to use electronic records and digital signatures
- Data Protection: Emphasis on confidentiality, authenticity, and integrity of digital communications
- International Alignment: Consistent with global cyber law standards
Applicability
The Act applies to:
- Individuals using computer systems personally
- Businesses conducting electronic transactions
- Government agencies providing digital services
- Organizations handling electronic records
- Certifying Authorities issuing digital certificates
Any person or entity engaged in electronic transactions within Nepal is subject to the provisions of this Act.
Need for Updates
While the Electronic Transactions Act 2063 has been foundational for Nepal's digital transformation, there have been calls for amendments to address:
- Evolving cyber threats and new forms of cybercrime
- Data privacy and protection concerns
- Social media regulations
- Cryptocurrency and blockchain technologies
- Enhanced penalties for serious cybercrimes
- Cross-border digital transactions
Need Legal Advice on Cyber Law?
Our legal team advises businesses and individuals on compliance with the Electronic Transactions Act, digital contracts, and cybercrime matters. We also assist with corporate compliance for digital operations. Contact us for a consultation.
Frequently Asked Questions
The Electronic Transactions Act 2063 (2006) is Nepal's primary cyber law that governs electronic communications, digital transactions, and cybercrime. It provides legal recognition to electronic records and digital signatures, defines cybercrimes and penalties, and establishes the framework for certifying authorities. The Act came into effect on 2nd September 2006.
The Electronic Transactions Act 2063 was introduced on 24th Bhadra 2063 B.S., which corresponds to 2nd September 2006 A.D. It was enacted to ensure reliability and security of electronic transactions and to control unauthorized use of electronic records.
The main provisions include:
- Legal recognition of electronic records and digital signatures
- Dispatch, receipt, and acknowledgment of electronic records
- Establishment of Controller and Certifying Authorities
- Government use of electronic records and digital signatures
- Definition of cybercrimes and penalties
- Formation of Information Technology Tribunal
An electronic record is defined as data, record, image, or sound that is transmitted, received, or stored in electronic form by generating through any means. Electronic records have the same legal validity as physical paper documents when maintained according to the Act's requirements.
A digital signature is a signature in electronic form using asymmetric cryptosystem that:
- Verifies whether the electronic record was created using a private key consistent with the signatory's public key
- Confirms whether the original record has been altered after transformation
Digital signatures provide authentication, integrity, and non-repudiation for electronic documents.
Yes, electronic contracts are legally valid under the Electronic Transactions Act 2063. Parties can enter into legally binding contracts via electronic means if:
- Offer and acceptance are clearly expressed through digital communication
- Parties have legal capacity to contract
- Contract is for lawful purpose
This enables online businesses, digital banking, and e-commerce transactions.
A Certifying Authority is a licensed entity authorized to issue digital signature certificates. They verify identities and ensure that signatures and electronic records are secure and authentic. To operate as a Certifying Authority, one must:
- Submit application to the Controller
- Obtain license
- Renew license annually (2 months before expiry)
To obtain a digital signature certificate:
- Submit application to a licensed Certifying Authority with applicable fees
- Certifying Authority reviews application (within 7 days)
- If approved, certificate is issued with CA's signature (within 7 days)
- If rejected, applicant is notified with reasons (within 7 days)
Cybercrimes under the Act include:
- Piracy, destruction, or alteration of computer source code
- Unauthorized access to computer material (hacking)
- Damage to computer and information systems
- Publication of illegal materials in electronic form
- Breach of confidentiality
- Providing false information for license/certificate
- Computer fraud
Unauthorized access to computer material (hacking) is punishable by:
- Up to 3 years imprisonment, OR
- Up to NPR 2 lakhs fine, OR
- Both
The severity of punishment depends on the seriousness of the offense.
Computer fraud is punishable by:
- Up to 2 years imprisonment, OR
- Up to NPR 1 lakh fine, OR
- Both
Additionally, the offender is liable to return the financial gain to the affected party. This covers fraudulent digital signatures, illegal manipulation of accounts, and other deceptive digital practices.
Publication of illegal materials in electronic form is punishable by:
- Up to 5 years imprisonment, OR
- Up to NPR 1 lakh fine, OR
- Both
This includes materials spreading hate, jeopardizing communal harmony among castes/tribes, or misbehavior towards women. This is the highest penalty under the Act.
The Information Technology Tribunal is a specialized judicial body established under the Act to handle disputes and offenses related to electronic transactions. It consists of 3 members and adjudicates issues related to:
- Cybercrimes
- Digital contracts
- Electronic records
- Certifying Authority disputes
Appeals against IT Tribunal decisions go to the Information Technology Appellate Tribunal.
The Controller is a government-appointed authority responsible for regulating electronic transactions and certifying authorities. The Office of Controller includes:
- Chief Controller
- Deputy Controller
- Other employees
Functions include issuing licenses, supervising Certifying Authorities, specifying standards, and resolving disputes related to digital signatures.
Yes, the Act authorizes government agencies to:
- Publish documents in electronic form
- Deliver services online
- Issue digital certificates
- Accept electronic filings and payments
- Use digital signatures for official communications
This promotes e-governance and digitization of public services in Nepal.
