If 2024 was the year Nepal’s digital debates went mainstream, 2025 is the year they get real. Laws that once lived only in draft form on dusty shelves or in closed committees are now poised to determine how every person in Nepal uses the Internet, speaks online, and interacts with technology.

To make sure these decisions protect people rather than silence them, the Internet Society Nepal Chapter (Open Internet Nepal) released a landmark document: the ICT Policy Brief 2025.

More than just a summary of legal texts, the brief is a roadmap for rights‑based digital governance. It dissects three major proposals the Social Media Bill, the IT and Cybersecurity Bill, and the AI Policy and offers concrete recommendations rooted in global best practices, human rights standards, and Nepal’s own constitutional guarantees.

Why an ICT Policy Brief Now?

Nepal stands at a crossroads. Connectivity is expanding, AI is entering public services, and platforms mediate everything from political discourse to banking. At the same time, new laws are emerging that could:

• Expand state surveillance
• Criminalize online expression
• Centralize power over digital infrastructure
• Allow opaque decision‑making on content, data, and algorithms

The ICT Policy Brief 2025 was developed to help policymakers, journalists, civil society, and the public understand what’s at stake—and how to fix what’s broken before it becomes law.

1. Social Media Bill: Between Regulation and Repression

The proposed Social Media Bill aims to manage harmful content and platform accountability. But as drafted, it risks doing far more harm than good.

What the Brief Found

• Over‑broad definition of “platforms”
  The bill sweeps in almost any online service, from messaging apps to blogs, without nuance. This creates legal uncertainty and could chill innovation and community‑run platforms.
• Mandatory licensing and registration
  Platforms would need licenses to operate, giving authorities a de facto “on/off switch” over online spaces. This can easily become a tool to pressure or silence critical voices.
• Sweeping takedown powers without judicial oversight
  Authorities could order removal of content on vague grounds, without clear timelines, appeal mechanisms, or court review. This undermines freedom of expression and encourages over‑compliance by platforms.
• Privacy threats through identity verification
  Obligations for strict real‑name or identity verification can expose vulnerable users—whistleblowers, human rights defenders, women, LGBTQ+ persons—to harassment and retaliation.

What We Recommended

The brief argues that regulation is needed, but not at the expense of rights. Key proposals include:

• Embedding due process safeguards: clear definitions of unlawful content, written takedown orders, notice to users, and the right to appeal.
• Establishing independent oversight for takedown decisions, separate from executive control.
• Conducting genuine multi‑stakeholder consultations with civil society, journalists, technical experts, and affected communities.
• Protecting pseudonymity and privacy, limiting identity verification to narrow, necessity‑based scenarios.

2. IT and Cybersecurity Bill: Security Without a Police‑State Internet

Cybersecurity is often framed as a purely technical issue—but in law, it can quickly become a question of power. Who gets to monitor networks? Who can demand your data? Who decides what is “cybercrime”?

Core Concerns Raised in the Brief

• Over‑centralization of authority
  The draft bill places broad investigative, regulatory, and enforcement powers in a single arm of the executive. This concentration increases the risk of abuse and politically motivated decisions.
• Weak data protection and privacy standards
  Vague obligations on data handling, combined with expansive powers to access data, fall short of international data protection norms and constitutional privacy safeguards.
• Open‑ended enforcement powers
  The bill authorizes blocking, seizures, and surveillance with limited transparency and oversight, threatening both freedom of expression and business certainty.

Our Advocacy Priorities

The ICT Policy Brief calls for a security model that protects people, not just systems:

• Creation of an independent regulatory body to oversee cybersecurity functions, insulated from day‑to‑day political pressure.
• Integration of strong privacy provisions, including necessity and proportionality tests, data minimization, and clear retention limits.
• Transparent drafting and review processes, with public consultations and expert input before the bill moves forward.
• Regular transparency reporting on blocking orders, interceptions, and other intrusive measures.

3. AI Policy: From Buzzword to Rights‑Based Governance

Artificial Intelligence is no longer a distant trend—it is entering healthcare, finance, media, and public services in Nepal. An AI policy can unlock innovation, but only if it is built on ethics, accountability, and openness.

Gaps Identified

The policy text, while ambitious, risks becoming a technical roadmap without a human face if it does not:

• Explicitly safeguard human rights and non‑discrimination
• Prevent opaque and unaccountable decision‑making by algorithms
• Address bias and exclusion in training data and deployments
• Provide remedies when AI harms individuals or communities

Principles the Brief Puts Forward

The ICT Policy Brief 2025 urges policymakers to anchor AI governance in:

• Ethical principles and human dignity – ensuring AI systems respect privacy, equality, and autonomy.
• Clear accountability frameworks – identifying who is responsible at each stage of an AI system’s lifecycle.
• Impact assessments and redress – requiring human rights and risk assessments before deployment and establishing channels for complaints and remedy.
• Open data and transparency standards – encouraging open, high‑quality public datasets, while protecting sensitive personal information.
• Inclusive innovation – ensuring marginalized communities can shape AI priorities and benefit from its outcomes.

Why This Brief Matters for Nepal

The ICT Policy Brief 2025 is more than a critique; it is an invitation to build better laws together.

By putting forward practical, rights‑based alternatives, the Internet Society Nepal Chapter aims to:

• Support lawmakers with evidence‑based recommendations
• Equip journalists and advocates with clear analysis in plain language
• Encourage multi‑stakeholder dialogue—where government, industry, civil society, and the technical community are partners, not adversaries
• Align Nepal’s digital governance with global best practices while respecting local realities and constitutional commitments

In a moment when digital policy decisions will shape the next decade of Nepal’s democracy and development, the brief helps answer a critical question:

Can we build a digital Nepal that is innovative and secure—without sacrificing freedom, privacy, and inclusion?

Our answer is yes—if we choose transparency over secrecy, accountability over unchecked power, and people’s rights over short‑term control.

What Comes Next?

Publishing the ICT Policy Brief 2025 is only the beginning. Over the coming months, Open Internet Nepal will:

• Engage with parliamentary committees and ministries to discuss proposed safeguards
• Convene public dialogues and workshops to unpack the implications of these bills
• Collaborate with regional and global partners to benchmark Nepal’s reforms against emerging international standards

If you care about how your speech is regulated, how your data is secured, and how AI will shape your future, now is the time to get involved.

Want to dive deeper or partner with us on this work?
Keep an eye on our website and channels for the full ICT Policy Brief 2025, public events, and opportunities to contribute to a truly rights‑respecting digital Nepal.