Digital Security And Accountability

Due diligence, a crucial legal and ethical standard, demands proactive measures to prevent harm across digital, financial, and social domains. It ensures accountability by setting expectations for governance, compliance, and corporate responsibility. In Nepal, due diligence applies across key areas like cybersecurity, anti-money laundering (AML), and human rights. However, systemic gaps in enforcement reveal challenges in aligning domestic frameworks with global standards such as the General Data Protection Regulation (GDPR), the Financial Action Task Force (FATF), and the United Nations Guiding Principles on Business and Human Rights (UNGPs). Understanding these gaps and addressing them is essential for enhancing Nepal’s governance and accountability mechanisms while preparing the country for modern global challenges.

Nepal’s digital transformation began in 1971 with the introduction of computers and progressed with the internet in 1998. Article 51(g) of Nepal’s Constitution highlights the role of IT development in supporting national growth and improving accessibility for citizens. Despite this progress, several high-profile cybersecurity incidents have exposed vulnerabilities in Nepal’s digital infrastructure.

System disruptions 

A significant incident involved a computer virus that disrupted Nepal’s passport application system, affecting over 3,000 daily applicants both within the country and abroad. Concerns about data security were raised, although officials assured that the data remained secure. In another case in September 2022, hackers breached Nepal Police servers, leaking 234 GB of sensitive data onto the dark web. A January 2023 cyberattack further highlighted vulnerabilities by disabling 1,500 government websites, disrupting public services and even international flights.

These incidents are governed by Nepal’s Electronic Transactions Act, 2006, the country’s primary cybersecurity legislation. The Act addresses electronic records' integrity and aims to criminalise cyber offenses. Notable provisions include Section 44, which penalises theft and destruction of computer resources, and Section 47, which bans the dissemination of harmful or defamatory content. However, the effectiveness of these provisions is undermined by weak enforcement, inadequate investigative resources, and insufficient prosecutorial capacity.

Globally, principles of cyber due diligence require nations to prevent harm originating from their digital infrastructure. For Nepal, aligning its laws with global standards like the GDPR and adopting international practices such as enhanced enforcement mechanisms can help protect its digital infrastructure. Cases like British Airways’ £183 million fine for data negligence or Marriott Hotels’ penalties highlight the importance of robust cybersecurity measures. By drawing lessons from these and improving its frameworks, Nepal can enhance protections against modern cyber threats.

Nepal’s economy, where remittances contribute around 25 per cent of Gross Domestic Product (GDP), faces risks from illicit financial flows and money laundering. Informal systems such as hawala and unregulated property transactions provide avenues for funds to bypass formal channels, often enabling corruption. For example, high-value real estate purchases in Kathmandu and Pokhara among others frequently may bypass ownership registries, allowing anonymity and creating opportunities for laundering illicit proceeds. The Anti-Money Laundering Act incorporates some aspects of FATF recommendations, including Customer Due Diligence (CDD), beneficial ownership verification, and the reporting of suspicious transactions. However, compliance remains limited. Globally, only 12 per cent of countries fully meet FATF’s 40 recommendations, and non-financial sectors like real estate and luxury goods show particularly low compliance. 

Challenges in Nepal mirror these global trends. For instance, shell companies are often used to obscure beneficial ownership, facilitating tax evasion and corruption. Globally, luxury goods such as art, jewelry, and precious metals are used for laundering money due to their anonymity and portability. While FATF standards mandate oversight for transactions exceeding $15,000, informal channels frequently evade these controls. To combat these challenges, Nepal should establish a centralised registry of beneficial ownership, strengthen enforcement of CDD protocols, and introduce automated systems for reporting suspicious transactions. By adopting technological solutions and learning from international best practices, Nepal can enhance its transparency and reduce the risks of money laundering and illicit financial flows.

Social exploitation, including trafficking, remains a pressing challenge in Nepal, exacerbated by digital misuse and harmful cultural practices. Traffickers have increasingly used platforms like TikTok and Instagram to target vulnerable individuals with false job offers. For instance, a 2021 case revealed how traffickers used TikTok to lure Bangladeshi women who were transported to India. In Nepal, rural women and marginalised groups are particularly vulnerable.

Harmful cultural practices further compound these issues. Traditions like dowry violence and Chhaupadi, which isolates women during menstruation, contribute to systemic inequalities, increasing susceptibility to trafficking and forced labour. Although the government has introduced measures like the 2023 Directives for Managing Social Networks, enforcement gaps allow traffickers to exploit regulatory loopholes and target vulnerable populations.

Risk mitigation 

International frameworks such as the UNGPs and France’s Duty of Vigilance law emphasise corporate accountability in addressing exploitation risks. These frameworks require businesses to assess and mitigate risks across their supply chains. Nepal could adopt similar measures to address trafficking comprehensively, enhance protections for vulnerable populations, and strengthen efforts to combat systemic exploitation.

Nepal’s challenges in cybersecurity, financial transparency, and social justice are deeply interconnected, requiring integrated reforms rooted in global due diligence standards. Strengthening digital laws to align with GDPR principles, implementing centralised registries for beneficial ownership, and addressing exploitation through education and legal reforms are critical steps toward achieving accountability. Major incidents, such as disruptions in Nepal’s passport application system, unchecked property transactions, and weak protections for vulnerable populations, highlight the urgency of reform. Investing in institutional capacity building, and fostering proactive governance will enable Nepal to pave the way for a secure, transparent, and equitable future.

(The author is an advocate and development practitioner.)