-large.webp)
The Electronic Transactions Act, 2063 (2008) — commonly referred to as ETA 2063 — is the foundation of Nepal's digital economy law. It gives legal recognition to electronic records and digital signatures, sets up the Office of the Controller of Certifying Authorities (OCCA), establishes the Information Technology Tribunal, and defines cyber offences with imprisonment and fines. In 2026 (FY 2082/83) the Act remains the controlling statute for every online transaction, PKI certificate, and cybercrime prosecution in Nepal — while the proposed Information Technology and Cyber Security Bill continues to be debated in the Federal Parliament as a possible replacement. This guide explains every core provision of ETA 2063, cites the sections that practitioners reach for most often, and summarises the 2022–2025 rulings and amendments that have reshaped how the Act is applied.
Quick Answer — ETA 2063 Nepal: Nepal's Electronic Transactions Act was enacted on 29 Bhadra 2063 BS (14 September 2006) and received Presidential assent on 4 Mangsir 2063 BS (20 November 2006); the year "2008" appears because the English commencement gazette is dated 8 March 2008. It has 12 chapters, 80 sections and 1 schedule. It recognises electronic records and digital signatures (Ch. 2), establishes the Controller of Certifying Authorities (Ch. 5), creates the Information Technology Tribunal and Appellate Tribunal (Ch. 9), and prescribes cyber offences in Ch. 9 (Sections 44–58) with penalties up to 5 years imprisonment and NPR 3 lakh fine.
What Is ETA 2063 and Why Was It Enacted?
Before ETA 2063, Nepal had no statute recognising electronic records. A contract signed over email, a PDF tendering submission, or a digitally-certified audit report had no evidentiary weight. The Act was drafted to close that gap and to give Nepal the legal architecture required by the WTO and UNCITRAL Model Law on Electronic Commerce 1996, which Nepal used as its template. It replaced the earlier Electronic Transactions Ordinance, 2061 (2004) and is published in the official gazette by the Nepal Law Commission at lawcommission.gov.np.
The preamble states three objectives: (i) to provide legal recognition of electronic records and digital signatures; (ii) to make the use of information technology reliable and secure; and (iii) to prevent unauthorised use of electronic records.
Structure of the Electronic Transactions Act 2063
| Chapter | Title | Sections |
|---|---|---|
| 1 | Preliminary (title, commencement, definitions) | 1 – 2 |
| 2 | Legal Recognition of Electronic Records & Digital Signatures | 3 – 8 |
| 3 | Dispatch, Receipt & Time/Place of E-Records | 9 – 12 |
| 4 | Provisions Relating to Subscribers | 13 |
| 5 | Controller & Certifying Authorities | 14 – 29 |
| 6 | Digital Signature Certificates | 30 – 35 |
| 7 | Duties of the Subscriber | 36 – 42 |
| 8 | Electronic Record & Government Use | 43 |
| 9 | Offences Relating to Computer & Penalties | 44 – 58 |
| 10 | Information Technology Tribunal | 59 – 69 |
| 11 | Information Technology Appellate Tribunal | 70 – 78 |
| 12 | Miscellaneous (rule-making, repeal, savings) | 79 – 80 |
Chapter 2 — Legal Recognition of Electronic Records and Digital Signatures
This chapter is the commercial heart of the Act. Its four operative rules are:
Section 3 — Legal recognition: Where any law requires information or any other matter to be in writing, that requirement is deemed satisfied if the information is in an electronic form and is accessible for subsequent reference.
Section 4 — Digital signature: Where any law requires a signature, a digital signature affixed in a manner prescribed by the Controller and authenticated using an asymmetric cryptosystem is deemed to satisfy that requirement.
Section 5 — Original record: A retained electronic record is treated as an original if its integrity from the time of generation is preserved and it is accessible.
Sections 6–8 — Retention and evidence: Electronic records may be retained in electronic form in lieu of physical originals, and an electronic record is admissible in evidence in any civil, criminal, or administrative proceeding.
In practice, this is what lets Nepali banks, e-KYC platforms, eSewa/Khalti wallets, IRD e-filings, and the Office of the Company Registrar's online submissions operate on electronic documents.
Chapter 5 & 6 — Digital Signatures, CCA and Certifying Authorities
The Act establishes a PKI (public key infrastructure) hierarchy:
Controller of Certifying Authorities (CCA / OCCA) — appointed by the Government of Nepal; supervises and licenses Certifying Authorities. Website: nepalcca.gov.np.
Certifying Authorities (CAs) — licensed entities that issue Digital Signature Certificates (DSCs) to subscribers. As of 2026, the OCCA has licensed Radiant Infotech Nepal Pvt. Ltd. and a small number of subsequent CAs.
Digital Signature Certificates (DSCs) — Class-2 and Class-3 DSCs are issued on USB cryptographic tokens and used for IRD e-filing (VAT, income tax), OCR filings, bank transactions, and government procurement under the PPMO e-GP portal.
Sections 14–29 prescribe the licensing, suspension and revocation of CAs; Sections 30–35 govern issuance, suspension and revocation of DSCs; Sections 36–42 set the duties of subscribers (protect the private key, notify compromise, pay fees).
Chapter 9 — Cyber Offences under ETA 2063 (Sections 44–58)
Chapter 9 is the most-cited portion of ETA 2063 because it is the basis for almost every cybercrime prosecution by Nepal Police's Cyber Bureau. A summary of the offences and penalties:
| Section | Offence | Imprisonment | Fine |
|---|---|---|---|
| 44 | Pirating, destruction or alteration of computer source code | Up to 3 years | Up to NPR 2,00,000 |
| 45 | Unauthorised access (hacking) to a computer or data | Up to 3 years | Up to NPR 2,00,000 |
| 46 | Damage to computer and information systems | Up to 3 years | Up to NPR 2,00,000 |
| 47 | Publication of illegal materials in electronic form | Up to 5 years | Up to NPR 1,00,000 |
| 48 | Confidentiality to divulge (breach of confidence) | Up to 2 years | Up to NPR 10,000 |
| 49 | False statement for obtaining a Digital Signature Certificate | Up to 2 years | Up to NPR 1,00,000 |
| 50 | Submission or display of false statement / false licence | Up to 2 years | Up to NPR 1,00,000 |
| 51 | Submission of false signature | Up to 2 years | Up to NPR 1,00,000 |
| 52 | Commission of a computer-fraud or offence | Up to 2 years | Up to NPR 1,00,000 |
| 53 | Abetment of commission of offence | Half of the main offence | Half of the main offence |
| 54 | Offence by a corporate body | — | Fine on the entity + personal liability of officers |
| 55 | Offence committed outside Nepal (extraterritorial reach) | Same as in-country | Same |
| 56 | Confiscation of device used for offence | — | — |
| 57 | No waiver of other liabilities | — | — |
| 58 | Fine for offence not separately specified | Up to 6 months | Up to NPR 50,000 |
These are the same penalty anchors discussed in detail in our companion piece — see Punishment for Cyber Crime in Nepal.
Section 47 — The Most Controversial Provision
Section 47 punishes "publication of illegal materials in electronic form" — anything the Act terms "contrary to public morality or decent behaviour" or which "spreads hatred against any caste, community, religion, or nationality." In practice this section has been used extensively against journalists and social-media commentators, leading to sustained civil-society criticism. In 2022 the Supreme Court issued a directive instructing the Government to tighten the Cyber Bureau's use of Section 47 to prevent abuse, and the draft Information Technology and Cyber Security Bill proposes to split this offence into narrower categories — defamation, hate speech, and obscenity — each with clearer thresholds. Until Parliament enacts the replacement, Section 47 remains in force and continues to be charged.
Chapters 10 & 11 — Information Technology Tribunal and Appellate Tribunal
The Act establishes two specialised adjudicatory bodies:
Information Technology Tribunal (Sections 59–69) — a three-member tribunal consisting of a District Court judge (chair), an IT expert and a legal expert. It hears all ETA offences except Section 47 prosecutions, which are tried in the ordinary District Court under the criminal process.
Information Technology Appellate Tribunal (Sections 70–78) — three-member appellate body (High Court judge, IT expert, commercial law expert). Appeals from the IT Tribunal lie here, and from the Appellate Tribunal further appeal lies to the Supreme Court on a question of law.
The IT Tribunal has jurisdiction over civil disputes arising from Certifying Authorities (DSC disputes, non-repudiation claims) and over compoundable cyber offences. In practice, however, most prosecutions under Sections 44–58 are filed in the District Court by Nepal Police because the Tribunal did not have continuous benches for several years after enactment — a gap the draft IT Bill addresses.
Section 55 — Extraterritorial Jurisdiction
Section 55 gives ETA 2063 extraterritorial reach: an offence committed outside Nepal using a computer system located in Nepal, or targeting a victim in Nepal, is triable in Nepal as if it had been committed inside Nepal. This is the basis on which the Nepal Police Cyber Bureau pursues international financial-fraud cases, Telegram/WhatsApp extortion rings, and cross-border deepfake / revenge-porn offenders with the assistance of Interpol and mutual legal assistance treaties.
How ETA 2063 Applies in Everyday Digital Transactions
| Use Case | ETA Section Relied On |
|---|---|
| E-signed contract between two Nepali companies | §3 (writing), §4 (signature), §5 (original), §6 (retention) |
| IRD e-TDS / VAT return filing with DSC | §4 + §30–35 (digital signature certificates) |
| OCR online company registration with DSC | §4 + §43 (government use) |
| Email or PDF as evidence in civil dispute | §8 (admissibility in evidence) |
| Prosecution of website defacement / hacking | §45, §46 |
| Social media defamation / obscenity case | §47 |
| Stolen identity / fake profile | §47, §52 |
| Unauthorised access to company servers by ex-employee | §45, §48 (breach of confidence) |
Recent Amendments and Supreme Court Rulings (2022–2026)
2022 Supreme Court directive on Section 47 — restraining misuse against journalists; mandating a written Cyber Bureau SOP before prosecution.
Individual Privacy Act, 2075 (2018) — supplements ETA by criminalising unauthorised collection or publication of personal data, especially biometric and medical records.
Banking Offence and Punishment Act, 2064 — applied in combination with ETA §45/§46 for card fraud, phishing, e-wallet theft.
Children's Act, 2075 + online safety notifications — criminalise online child sexual abuse material alongside ETA §47.
Information Technology and Cyber Security Bill (draft) — long-pending replacement for ETA 2063, proposes to create a dedicated Cyber Security Agency, split Section 47 into narrower offences, and introduce data-localisation requirements. Not enacted as of 2026.
TikTok ban November 2023 → lifted August 2024 — invoked under ETA §47 read with MoCIT regulatory powers; the reversal followed undertakings by the platform on Nepali-language content moderation.
Getting a Digital Signature Certificate (DSC) in Nepal
Apply to a licensed Certifying Authority (e.g. Radiant Infotech Nepal) with citizenship or company documents.
Complete in-person verification (video KYC or physical) per OCCA guidelines.
Pay the CA's published fee (typically NPR 2,500–6,000 for a 1–2 year Class-2 individual token).
Receive the USB cryptographic token containing your private key and DSC.
Register the DSC with the relevant government portal (IRD, OCR, PPMO e-GP).
How to File a Complaint under ETA 2063
Preserve evidence: screenshots, URLs, timestamps, transaction IDs. Do not delete messages, block the accused, or format devices.
File a complaint with the Nepal Police Cyber Bureau at Bhotahiti, Kathmandu (phone 01-4219044, 9851286770) or via the online portal on cyberbureau.nepalpolice.gov.np.
The Bureau files the case before the District Court (for §47 offences) or the Information Technology Tribunal (for §44–46, §48–58 offences).
Appeals from the Tribunal go to the IT Appellate Tribunal and, on questions of law, to the Supreme Court.
Where to Read the Full Text of ETA 2063
Official English text: Nepal Law Commission → Acts → "Electronic Transactions Act, 2063".
Official Nepali text (Devanagari): same portal → विद्युतीय कारोबार ऐन, २०६३.
Implementing rules: Electronic Transactions Rules, 2064 (also on lawcommission.gov.np).
Related Reading
Disclaimer
This guide is a summary for general information only and is not legal advice. For cases involving Section 47, cross-border cyber offences, or DSC disputes, consult an advocate registered with the Nepal Bar Council.
Frequently Asked Questions
This article is for informational purposes only and does not constitute legal advice, advertisement, or solicitation. Notary Nepal and its team are not liable for any consequences arising from reliance on this information. For legal advice, please contact us directly.