Nepal Must Revise Its Cybersecurity Policy to Avoid Further Internet Fragmentation

Michael Caster is the Asia Digital Program Manager at ARTICLE 19, where he covers internet freedom and digital rights in Asia-Pacific. Pokhara, Nepal, May 15, 2023. Entrance to Nepal Telecom. Shutterstock Earlier this month, Nepal’s cabinet approved a new National Cyber Security Policy, which is so far only available in Nepali. While an earlier draft version in 2021 had been shared for limited public consultation, the recently approved Policy introduces new provisions that raise serious concern for internet freedom. Digital Rights Nepal, a Kathmandu-based nonprofit focused on promoting the freedom of expression and good internet governance, has pointed out that despite earlier recommendations, the new policy remains vague in critical areas and fails to acknowledge the protection of human rights and fundamental freedoms. Among its particularly concerning provisions, the one denoted “Strategy 11.25” proposes a government owned intranet and the establishment of a national internet gateway. While the current policy offers no further definitions, if Nepal’s national internet gateway is modeled on others in the region it would mean centralizing control of all internet traffic in and out of the country through a government appointed operator, potentially supercharging surveillance and censorship capabilities while leaving open very serious questions about data privacy and protection, and the risk of criminal penalties for telecommunication companies.  Gateways of Repression  While the details of the National Cyber Strategy Policy are far from hashed out, what we have seen in other countries in South Asia that have or have attempted to impose similar measures is worrisome. …Nepal Must Revise Its Cybersecurity Policy to Avoid Further Internet Fragmentation