The Electronic Transactions Act 2063 (ETA 2063) is a law of Nepal enacted in 2063 B.S. (2006 A.D.) to regulate electronic transactions, digital records, electronic commerce, and cyber crimes. It provides legal recognition to electronic documents and digital signatures and sets rules for controlling the misuse of computer and internet systems.
Objectives of the Act
The main objectives of the Electronic Transactions Act 2063 are:
- To provide legal recognition to electronic records and digital signatures.
- To facilitate and promote electronic commerce (e-commerce).
- To regulate the certification of digital signatures.
- To control and punish cyber crimes and misuse of computer systems.
- To make electronic communication and online transactions secure and reliable.
Major provisions from the exam points of view
Chapter 6: Function, Duties, and Rights of Subscriber (ग्राहक को कम कर्तव्य र अधिकार)
Section 35 – Generation of Key Pair
This section states that the subscriber (person using a digital signature) must generate a key pair (public key and private key) using a secure asymmetric cryptographic system. The person who uses a digital signature is responsible for creating secure keys.
Section 36 – Acceptance of Certificate
This section explains when a digital certificate is considered accepted by the subscriber. A certificate is considered accepted when:
- The subscriber publishes the certificate, or
- The subscriber authorises others to publish it, or
- There is evidence showing the subscriber has accepted it.
After accepting the certificate, the subscriber guarantees that:
- They possess the private key related to the public key.
- All information given to the Certifying Authority is correct.
- The information in the certificate is true to the best of their knowledge.
By accepting the certificate, the subscriber takes responsibility for the accuracy and ownership of the digital signature.
Section 37 – Retaining the Private Key Securely
This section requires the subscriber to keep the private key safe and confidential.
Key duties:
- The subscriber must take reasonable care to protect the private key.
- The private key must not be disclosed to unauthorized persons.
- If the private key is lost or compromised, the subscriber must immediately inform the Certifying Authority.
- The authority will then suspend the certificate.
The subscriber must secure the private key because it is used to create digital signatures.
Section 38 – Deposit of Private Key to the Controller
This section allows the Controller (government authority regulating digital signatures) to order a subscriber to deposit the private key in special situations.
This may happen when it is necessary for:
- Protecting the sovereignty and integrity of Nepal
- Maintaining law and order
- Maintaining friendly relations with other countries
- Preventing crime or offences
In certain national security or legal situations, the government may require access to the private key.
Chapter 9: Offence Relating to Computers
| Offence | Imprisonment | Fine |
|---|---|---|
| To pirate, destroy or alter computer source code | Up to 3 years | Rs.2 Lakhs or both |
| Unauthorized access in computer materials | '' | '' |
| Damage to computer & Information system | '' | ' |
| Publication of illegal material in electronic form | Up to 5 years | Rs. 1 lakhs or both |
| If repeated 1.5 time of previous punishment | ||
| Confidentiality to divulge | Up to 2 years | Rs. 1 lakhs or both |
| To inform false statement | '' | '' |
| Submission or display or false license or certificate | '' | '' |
| To commit computer fraud | '' | '' |
| Non submission of prescribed statement or documents | Rs. 50000 | |
| Abetment to commit computer related offence | Up to 6 months | Rs. 50000 |
| Punishment to accomplice | Half of main convicted | |
| Punishment in an offence committed outside Nepal | If involved devices are in Nepal then punish accordingly | |
| Confiscation | Confiscate the involved devices | |
| Offences committed by the corporate body | Chief of the organization will be responsible |
Other punishment: If any violation of this Act or Rules framed hereunder has been committed, for which no specific punishment provisioned, such violator will be liable to the punishment with a fine up to Rs. 50000 and imprisonment for up to 6 months, or both.
Other Act and Summary