Electronic Transaction Act 2063 in Nepal: Provisions, Cyber Crime & Digital Signatures (2026)

Most Nepali businesses, journalists, and social-media users only learn about the Electronic Transaction Act 2063 the moment a Cyber Bureau complaint, a digital-signature rejection at IRD, or a Sec. 47 case reaches their inbox — and by then the choices are narrower and more expensive.

Enacted in 2063 BS (2008 AD), the Act is the spine of Nepal's digital law: it gives legal force to e-records and digital signatures, creates the Office of the Controller of Certification, and defines every cyber offence currently prosecuted under Sec. 47 of ETA 2063 in Nepal.

Below is the working brief our team gives clients on the Act — what it covers, how Sec. 47 actually runs, who the Controller of Certification is, and where the pending Information Technology and Cyber Security Bill sits as of April 2026.

Alpine Law Associates — trusted by 1,000+ clients across family, corporate, civil, and criminal cases in Nepal.

Speak with our lawyers today →

Our team handles ETA 2063 work on both sides — defending Sec. 47 cyber-crime cases at the Cyber Bureau and District Court, and advising businesses on digital-signature compliance, e-record evidence, and OCC licensing. As a full-service law firm in Nepal, we see the same friction repeatedly: a defamation post treated as a Sec. 47 offence, a contract signed digitally and then challenged for want of a licensed certificate, or a startup using an unlicensed e-signature provider and discovering its records carry no statutory weight.

What Is the Electronic Transaction Act 2063?

The Electronic Transaction Act 2063 (Bidyutiya Karobar Ain, 2063) is Nepal's first and still principal statute on electronic records, digital signatures, certifying authorities, and cyber offences. The Act was authenticated on 18 Mangsir 2063 BS (4 December 2006 AD) and is commonly cited in English as the Electronic Transactions Act 2008 because the operational regime came in once the Electronic Transaction Regulation 2064 (2007 AD) was framed.

The Act spans twelve chapters and over eighty sections, but its scheme is simple: legal recognition for electronic records and signatures (Chapters 2 and 3), licensing and oversight of certifying authorities through the Office of the Controller of Certification (Chapters 4 and 5), an electronic-governance framework (Chapter 6), the Computer-related Information Technology Tribunal (Chapter 9), and a body of cyber-crime offences (Chapters 8 and 9). The full Nepali text is published by the Nepal Law Commission; an English translation is hosted by the Trade and Export Promotion Centre at tepc.gov.np.

For the criminal-law angle on the same fact pattern — online defamation, harassment, hacking — see our companion guide on cyber crime laws in Nepal. The Cyber Bureau, which receives most ETA complaints in practice, is covered separately in cyber bureau Nepal.

Legal Basis and 2026 Status of the Act

The Act draws constitutional authority from Article 17 of the Constitution of Nepal 2072, which protects freedom of expression but allows reasonable restrictions on grounds of defamation, contempt, hate speech, and incitement — the same grounds the Sec. 47 jurisprudence is built on. The Act sits alongside the Civil Code 2074 (for digital contracts and consent), the Criminal Code 2074 (for documentary forgery and identity offences), and the Privacy Act 2075 (for personal-data handling).

As of April 2026, the Electronic Transaction Act 2063 remains in force in Nepal. The Information Technology and Cyber Security Bill — first tabled in 2018 and redrafted multiple times since — has not been enacted. The proposed Bill aims to split Sec. 47 into narrower offences, set up a dedicated Cyber Security Agency, introduce breach-notification rules, and modernise the certifying-authority framework, but until Parliament passes it, ETA 2063 is the controlling law.

Key takeaway: The Electronic Transaction Act 2063 is still the operative statute in 2026. Treat any case, contract, or compliance question under the Act 2063 framework — not the draft IT and Cyber Security Bill, which is not yet law.

Key Provisions of the Electronic Transaction Act

The chapter scheme of the Act maps onto four functional pillars: validity, authentication, governance, and enforcement. Almost every commercial or criminal question under the Act traces back to one of these four pillars.

A startup negotiating an electronic contract sits inside Chapter 2; a certifying authority applying for licensing sits inside Chapter 5; a journalist defending a viral Facebook post sits inside Chapter 8 and Sec. 47 in particular. Knowing which chapter applies is the first step in every ETA matter.

Electronic Records and Digital Signatures Under the Act

Sections 3 to 6 are the commercial heart of the Act. Sec. 3 gives any electronic record the same legal status as a paper document, provided it can be retrieved for subsequent reference. Sec. 4 then attaches the same legal effect to a digital signature as to a handwritten signature, on two conditions — the signature must be created using an asymmetric cryptosystem, and it must be authenticated through a Digital Signature Certificate issued by a certifying authority licensed by the Office of the Controller of Certification.

Sections 5 and 6 introduce the concepts of secure electronic record and secure digital signature — both attract a stronger evidentiary presumption in court than ordinary records. In practice this is why a contract signed using an OCC-licensed certificate is treated very differently from one signed through a typed-name image or a scanned signature pasted into a PDF.

• Sec. 3 — electronic records have the legal status of a written document
• Sec. 4 — digital signature equals handwritten signature, subject to PKI + licensed CA
• Sec. 5 — definition and presumption for "secure" electronic records
• Sec. 6 — definition and presumption for "secure" digital signatures
• Sec. 7-13 — rules on dispatch, receipt, attribution, and place of contract
• Sec. 25-26 — issuance, suspension and revocation of Digital Signature Certificates; subscriber duties

For businesses moving from physical to digital contracts — especially e-commerce and SaaS startups — this framework is the legal baseline. The companion regime for online sellers is captured in e-commerce business registration in Nepal and the newer E-commerce Act 2081, both of which assume ETA 2063 as their underlying e-record law.

Key takeaway: A digital signature carries the legal weight of a wet-ink signature in Nepal only if it is generated through asymmetric cryptography and authenticated by a Digital Signature Certificate from an OCC-licensed certifying authority. Anything else is, at best, evidence of intention — not a statutory signature.

Section 47 — Cyber Crime Provisions in Nepal

Sec. 47 of the Electronic Transaction Act is the single most-cited provision in Nepal's cyber-crime practice. It punishes the publication of illegal materials in electronic form — content that is "contrary to public morality or decent behaviour", that "spreads hatred against any caste, community, religion, or nationality", or that is otherwise prohibited under prevailing law — with a fine of up to NPR 100,000, imprisonment of up to five years, or both. A repeat offender faces enhanced punishment.

In day-to-day enforcement, Sec. 47 is the section under which the Nepal Police Cyber Bureau registers complaints about online defamation, sexually explicit material, hate speech, doctored images, fake-news posts, and abusive social-media content. Civil-society groups and journalists have repeatedly criticised the breadth of the provision, and the Supreme Court has issued directions narrowing its application — but the section itself remains on the books.

For a deeper walk-through of the social-media side of Sec. 47, see our guide on social media crime laws in Nepal; for the broader cyber-crime regime, see cyber crime laws in Nepal. Defamation specifically is covered in Nepal defamation law.

Need urgent help with a Cyber Bureau notice or a Sec. 47 complaint? Speak with our criminal litigation team today →

Office of the Controller of Certification (OCC) and Digital Signature Issuance

The Office of the Controller of Certification — frequently abbreviated OCC or OCCA — is the regulator established under Sections 14 to 23 of the Act. It sits under the Ministry of Communication and Information Technology and operates as the Root Certifying Authority of Nepal. The OCC's official portal at occ.gov.np publishes the list of licensed certifying authorities, the Certificate Practice Statement, and technical standards.

The OCC does not issue digital signature certificates directly to end-users. Instead, it licenses Certifying Authorities (CAs) such as Radiant InfoTech Nepal and Nepal Certifying Company (NCC), which in turn issue Class 1, 2, and 3 Digital Signature Certificates to subscribers — banks, businesses, government agencies, and individuals. The technical baseline is set out in the Root Certifying Authority of Nepal Certificate Practice Statement (CPS).

For a startup or law firm, the practical question is which class of certificate matches the use case. Class 2 is typical for e-tax filing with the Inland Revenue Department; Class 3 is required for high-value commercial transactions, tendering, and bank-grade authentication. We discuss the upstream business framework in online media registration and the e-commerce business registration guides.

Computer-related Information Technology Tribunal — Jurisdiction and Appeals

The Computer-related Information Technology Tribunal — commonly called the IT Tribunal — is established under Sec. 60 of the Act. It is a three-member quasi-judicial body with a chairperson holding the qualifications of a District Court judge and members drawn from law and IT backgrounds. The Tribunal exercises original jurisdiction over civil disputes arising under the Act, including subscriber-CA disputes and adjudication of compensation in cyber-offence cases.

An appeal from the IT Tribunal lies to the Computer-related Information Technology Appellate Tribunal under Sections 66 to 70, and from there to the High Court under the Constitution. Criminal cases under Sections 44 to 58, however, follow the ordinary criminal track — investigation by the Cyber Bureau, charge sheet by the Government Attorney, and trial at the District Court — with the Tribunal handling only the civil compensation strand in parallel.

For the wider court structure that anchors these appeals, see our guide on the hierarchy of court in Nepal and on the general legal procedure in Nepal.

Key takeaway: Cyber-crime cases under the Act run on a split track — the criminal limb at the District Court via the Cyber Bureau, and the civil-compensation limb at the IT Tribunal. Knowing which limb you are on dictates the strategy and the timeline.

Penalties and Enforcement Under the Act

Chapter 8 of the Act runs from Sec. 43 through Sec. 58 and houses the body of cyber offences, each with its own penalty cap. The headline figure is the Sec. 47 ceiling of NPR 100,000 fine plus five years imprisonment, but several other sections carry comparable or higher exposure.

Investigation of these offences is led by the Nepal Police Cyber Bureau under Sec. 56 of the Act read with general criminal procedure. The Bureau's complaint, evidence-handling, and digital-forensics workflow is the operational front line for ETA enforcement — a fuller treatment is in our cyber bureau Nepal guide and our criminal case litigation service.

2026 Status — Is the Electronic Transaction Act Still in Force?

The short answer is yes. As of April 2026 (2083 BS), the Electronic Transaction Act 2063 remains the controlling cyber and digital-transactions law in Nepal. The Act has not been formally repealed and its Regulation 2064 continues to apply.

The Information Technology and Cyber Security Bill — first tabled by the Government of Nepal in 2018 to replace ETA 2063 with a stricter regime — has been redrafted and reintroduced multiple times. The Bill has been politically contested, particularly around speech-restriction provisions that would tighten Sec. 47 rather than narrow it. Until Parliament authenticates a successor statute, ETA 2063 holds the field. The Act text remains officially published at the Nepal Law Commission portal.

What this means in practice:

• Every new contract, e-record, and digital signature must comply with ETA 2063 and the Regulation 2064
• Cyber-Bureau complaints continue to be registered under Sections 44 to 58, with Sec. 47 as the most-used charge
• The IT Tribunal continues to hear civil-compensation matters under Sec. 60
• Future legislative change is expected but should not be relied on in current advice or compliance design

Key takeaway: Treat ETA 2063 as live law in 2026 — for both compliance design and litigation strategy. The replacement Bill is real but unenacted; building today's contracts and policies on it would be premature.

Common Mistakes Businesses Make With Digital Signatures and E-Records

Across the ETA 2063 work our team handles for startups, banks, and law firms in Kathmandu, a small set of recurring mistakes accounts for most disputes. They are easy to fix in advance and very expensive to fix in court.

• Using an unlicensed e-signature provider — international e-signature SaaS tools that are not OCC-licensed do not produce a "digital signature" in the Sec. 4 sense. The output may be evidence of intention, but it does not enjoy the Sec. 6 secure-signature presumption.
• Treating a scanned image of a signature as a digital signature — a scanned ink signature pasted into a PDF is not within Sections 4 to 6 at all. It is, at best, a form of typed acceptance.
• Skipping subscriber duties under Sections 32-33 — the holder of a Digital Signature Certificate must safeguard the private key; loss or compromise must be reported to the Certifying Authority. Failure can shift liability for forged transactions to the subscriber.
• Confusing the IT Tribunal with the District Court — civil compensation under the Act goes to the IT Tribunal; criminal prosecution under Sections 44-58 goes to the District Court via the Cyber Bureau. Filing in the wrong forum costs months.
• Posting screenshots of identity documents online — Sections 47 and 48 plus the Privacy Act 2075 expose individuals and businesses to liability for handling other people's data carelessly on social channels.
• Assuming Sec. 47 is only for journalists — most Sec. 47 complaints registered at the Cyber Bureau in Kathmandu now come from inter-personal disputes — break-ups, neighbour fights, business disagreements — not press cases.
• Drafting cross-border contracts without choosing law and forum — Sections 7 to 13 set default rules for place of contract and dispatch, but well-drafted contracts override them. Relying on the defaults invites a Tribunal-vs-District-Court fight.

For document-side risk that often runs alongside ETA 2063 issues — forged citizenship, forged contracts, fake notarisations — see our guide on document fraud and forgery law in Nepal. For data-protection risk that sits next door, see privacy laws in Nepal. For drafting work itself, our legal drafting service handles ETA-compliant contracts day to day.

Key takeaway: The single most expensive ETA mistake is signing in a way that is not Sec. 4-compliant. If a digital signature is not generated through asymmetric cryptography and an OCC-licensed certificate, do not rely on it for any contract you would not also sign on paper.

Related Questions About the Electronic Transaction Act in Nepal

These are the questions our team is asked most often during ETA 2063 consultations — short answers below, with links to deeper guides.

Is Email Admissible as Evidence in Nepal?

Yes. Sec. 3 of the Electronic Transaction Act 2063 gives electronic records the same legal status as paper documents, and the Evidence Act 2031 read with the Civil and Criminal Procedure Codes 2074 admits them in court. The weight given to a particular email depends on authentication, integrity of the chain, and whether headers and metadata are preserved. For the broader rules, see evidence law in Nepal.

Can a Contract Be Signed Digitally in Nepal?

Yes. Sec. 4 attaches the legal effect of a handwritten signature to a digital signature created with asymmetric cryptography and a Digital Signature Certificate from an OCC-licensed certifying authority. Most international e-signature platforms do not meet this bar; their output is treated as evidence of intention rather than a statutory signature, and is challengeable.

Where Do I Report Cyber Crime in Nepal?

The first port of call is the Nepal Police Cyber Bureau in Bhotahity, Kathmandu, and its provincial branches. Most Sec. 47 and other ETA complaints are registered there, investigated, and forwarded through the Government Attorney for charge-sheeting at the District Court. Online complaint forms exist alongside in-person filing.

What Is the Difference Between OCC and the Cyber Bureau?

The Office of the Controller of Certification regulates digital signatures, certifying authorities, and the PKI infrastructure. The Cyber Bureau, a unit of Nepal Police, investigates cyber offences. OCC is civil and regulatory; the Cyber Bureau is criminal and enforcement. Both exist under the Electronic Transaction Act 2063 but their roles do not overlap.

Has the Electronic Transaction Act Been Amended Recently?

The Act has had limited textual amendment since enactment in 2063 BS. The substantive update sought through the proposed Information Technology and Cyber Security Bill remains pending in Parliament as of April 2026. Until that Bill is authenticated, ETA 2063 read with its Regulation 2064 governs the field.

Conclusion

The Electronic Transaction Act 2063 is the foundational statute for every digital activity in Nepal — from the e-record validity that makes an online purchase enforceable, through the digital signature regime that allows IRD filings and bank onboarding, to the Sec. 47 prosecutions that dominate the country's cyber-crime caseload. Read with the Regulation 2064 and applied through the Office of the Controller of Certification, the Cyber Bureau, and the IT Tribunal, the Act is still the controlling law in 2026 — even as the replacement Information Technology and Cyber Security Bill waits in Parliament.

The two failure modes we see most often are equally avoidable. On the commercial side, businesses sign with unlicensed e-signature tools and discover too late that their records carry no Sec. 6 presumption. On the personal side, individuals post in haste and find themselves inside a Sec. 47 complaint at the Cyber Bureau weeks later. Both are fixable with structured ETA-aware drafting, OCC-licensed signature workflows, and early legal advice the moment a complaint or notice arrives.

For end-to-end help with ETA 2063 compliance, OCC-aligned digital-signature design, Sec. 47 defence, IT Tribunal compensation claims, and cross-border e-commerce contracting, speak with our lawyers today → — Alpine Law Associates is a full-service law firm in Kathmandu whose corporate, criminal, and intellectual-property teams handle ETA matters daily for individuals, startups, banks, and government bodies across all seven provinces.

Last reviewed: April 2026