Nepal’s draft IT & Cybersecurity Bill, which includes provisions related to Artificial Intelligence (AI), cybersecurity regulation, and data governance, is still under review as of July 2025 and has not yet been passed.
The Ministry of Communication and Information Technology (MoCIT) released the draft for public consultation in March 2024.
The bill covers areas such as:
- Safe, transparent, and accountable use of AI
- Establishment of a Cybersecurity Centre of Excellence
- Regulation of cybersecurity services and digital infrastructure
- Data protection and privacy-related provisions (though some experts argue these are insufficient or vague)
The draft received significant criticism and concerns, especially regarding:
- Potential for government overreach and surveillance
- Ambiguities in AI governance mechanisms
- Overlapping institutional mandates
- Weak protection for personal data compared to global standards
As of now:
- The draft is still with MoCIT for revision.
- No formal presentation to Parliament has occurred.
- The process is considered delayed, given the growing urgency for AI and cybersecurity regulation amid rapid technological adoption in Nepal.
Why This Delay is Concerning:
Nepal is already seeing growing AI adoption in sectors like healthcare, tourism, agriculture, and banking, but lacks clear legal safeguards.
Global and regional partners are advancing AI and cybersecurity legislation, leaving Nepal at risk of regulatory lag.
Delays undermine:
- Investor confidence
- Public trust
- Effective management of cyber threats, including in critical sectors like health tourism and agri-tourism, where AI can play a vital role.
Suggested Next Steps:
- Accelerate finalization of the bill with robust multi-stakeholder consultation.
- Ensure the bill reflects international good practices in AI governance and cybersecurity.
- Avoid overly restrictive or vague provisions that could stifle innovation or harm digital rights.