Cyber Law - The Electronic Transaction Act 2063 (2006)

Internet has opened up many opportunities for the world. It has given tremendous market access that any one from any corner of the world can offer their products and services to any part of the world. Farmer with Internet access in Mustang can sell their apples to the dealer in Manhattan. Job opportunity available in Malaysia can be applied from Bhojpur. Business and Individual can submit their income tax to Inland Revenue department(IRD) from their home computer. A young entrepreneur can register himself/herself a new company through Small and Cottage Industries Department without any harassment by unwanted brokers. A software freelancer in Pokhara can work for a buyer in Australia. And uncountable other possibilities can anybody get through Internet. But Nepal is still far behind all these opportunities. A lot of initiatives in the area been done but still many things to be implemented. A lot of measures are still to be taken for authenticity and confidence on the online transactions.

Nepal has moved a step further in the information and communication technology (ICT) as the government has promulgated Electronic Transaction Act-2063 and Regulations, legalizing all electronic transactions and digital signatures. Please Click Here to see my presentation on understanding Digital Signatures. I had made a technical presentation on the sensitization workshop about Cyber Law organized by National Information Technology Center and Ministry of Environment, Science and Technology on March 15, 2007. For more other issues, you can visit my site www.rajeshshakya.com

The House of Representatives (HoR) of the Government of Nepal approved the Electronic Transaction Act-2063 on December 4, 2006 and the Ministry of environment, science and technology (MoEST) formulated the Regulations. The new legislation has not only legalized all forms of electronic transactions and digital signatures but has also clearly spelled out ways to regulate various computer-based activities and punish cyber crimes.The new legislation has set forth legal framework, administrative and application mechanism for electronic transaction and digital signature. Besides legal validity of electronic records and digital signature, the new Act has made a provision of Comptroller of Certification authority (CCA). The Act is divided into 12 sections and 80 clauses with detailed information on role and rights of regulator, certification authority, customer, government and all the concerned stakeholders. It has also envisaged a separate judicial body -IT Tribunal and Appellate Tribunal, to look into all cases related to computer and cyber crimes. The 3-member tribunal will be headed by the district court judge or legal officer of equivalent status. The tribunal will be responsible for preliminary cases, while the appellate tribunal will look into major cases.

The computer and cyber crimes such as hacking, piracy, copyright violation, fraudulent and all other deceitful activities have been clearly defined and punishments are set accordingly. The action against such crimes and punishment will be in the range of a minimum Rs 50,000 to a maximum Rs 3,00,000 in cash and six months to three years imprisonment.

The electronic transaction and digital signature is valid not only for the private sector but also for the government agencies. It allows the government offices to use electronic medium for tender notice, vacancy announcement and others. It also validates public procurement and acceptance of electronic applications. This legislation would be beneficial to business community but there is a need of better infrastructure like telephone, Internet connectivity, and electricity and so on for better yield from the application of ICT tools.

The new law would facilitate business process and transactions would be made simpler, easier, swift and cost effective. The bottom line is the business facilitation. I would like to ask the concerned authority to bring into application of the provisions set by the legislation at the earliest possible in order to get benefit.

The Electronic Transaction Act was drafted about 6 years back and it was endorsed as Ordinance in 2005 as well. There is no literally change in the current Act. In many forums, I have raised my thought that such Acts should not be technology dependent, specially the Acts, which are brought out for regulating the technology. The current Electronic Transaction Act is limited in Asymmetric Cryptography with Key pairs for digital authentication, whereas there are already several other promising authentication technology and algorithms popular and established in the world. Key pair concept is not wrong but the Act should have opened up scope for possible future developments as well. I hope the concerned authorities will take consideration on this and widen the scope in the use of authentication technology through amendment in regulations or in the Act itself. It will help using different authentication and security measures as required by different applications and situations.

Office of Comptroller of Certification Authority is already established but Comptroller is still to be recruited and PKI infrastructure is to be setup. Authentication is the essential requirement for any kind of online transaction. In absence of such authority, citizens don't get confidence doing online transactions - document or financial transactions.

On the very first day of an online business launch, one may encounter a big cyber attack on data and another may face the non-repudiation problems on product or service delivery. I can only expect the timely seriousness of concerned authority to establish IT Tribunal and Appellate Tribunal to look into all cases related to computer and cyber crimes.

Many Acts remained without action. Government agencies, government employees, business community and private employees, non-government professional organization and all citizens should be aware about the Law so that they can explore the opportunity out of that and also behave as guided in the regulations. We have no such trend of making the stakeholders aware about scope of law, its benefits, its limitations and future enhancements. Who is really responsible for this?

Online Payment method is another BIG issue. We don't have any Act, Law or regulations or government directives which allow to conduct legal online financial transaction. I can not imagine ripping off the full benefit of Internet technology without online payment possibilities. The Electronic Transaction Act without a single word on online payment is only half done. Is any government agency working on formulating online financial transaction in Nepal? Again, which agency is responsible doing this? Ministry of Finance? Nepal Rastra Bank? Coalition of Private banks? Ministry of Environment, Science and Technology? High Level Commission for Information Technology (HLCIT)? or National Information Technology Center (NITC)?

“Sooner the implementation — with proper manpower, proper understanding — better the results will be".