On August 8, the government approved the National Cyber Security Policy 2080 BS (2023) in response to the growing number of cybercrimes and related grievances. Although the initiative was generally well-received, critics argue that the policy mirrors those of neighboring countries and lacks a collaborative spirit.
- Limited Consultation: The government's engagement with stakeholders was minimal, and the feedback received was largely ignored. Observers note the policy's resemblance to cybersecurity measures in India and China.
- Surveillance Concerns: The policy introduces a centralized internet gateway, raising fears of increased surveillance. Such systems are typically associated with authoritarian regimes, as highlighted by Digital Rights Nepal.
- Previous Legislation: Cybercrimes were previously addressed under the Electronic Transactions Act, 2063 (2008), which was deemed insufficient for tackling specific cyber threats.
- Control vs. Trust: Experts believe the policy leans more towards controlling user data rather than fostering trust in digital systems.
- Implementation Challenges: While the policy's introduction is a positive step, its success hinges on the development of robust infrastructure and supporting laws.
- Historical Context: The country has witnessed numerous security breaches, with hackers targeting government websites.
- Cybercrime Statistics: The cyber bureau received over 16,000 complaints in the past four years, with a recent surge in daily complaints.
- Legislative Hurdles: The translation of the cybersecurity policy into law may face challenges in Parliament, especially given its complexity.
- Policy Provisions: The strategy discusses creating a cyber-resilient space, promoting ethical hacking, digital literacy programs, and measures to combat online harassment.
- Stakeholder Feedback: Digital Rights Nepal expressed concerns about certain provisions, emphasizing the need for clarity on the National Internet Gateway's objectives.
The government's new cybersecurity policy, while a step in the right direction, has raised several concerns among stakeholders. The centralization of internet traffic and the potential for increased surveillance are particularly contentious points. Successful implementation will require a comprehensive approach, including infrastructure development and supportive legislation.