Nepal
AI behavior law: bot and agent disclosure, crawler and training-data rules, automated-agent transactions, and algorithmic decision-making.
Summary
Nepal's cyber and data-protection framework spans three primary instruments. The Electronic Transactions Act 2063 (ETA, 2008) is the foundational cyber law; §47 criminalises computer fraud and unauthorised access with penalties up to NPR 300,000 and 4 years imprisonment. The Individual Privacy Act 2075 (2018) regulates personal-data collection and processing, requiring informed consent; it covers automated data collection. The Data Act 2079 (2022) strengthens data-governance provisions and public-sector data obligations. No TDM copyright exception exists; the Copyright Act 2059 (2002) fair-dealing catalogue is closed-list covering research, criticism, review, and news reporting. No database right. No relevant case law on web scraping. The framework is relatively stable; no major cyber-law revision is imminent as of the as_of_date.
Automated-access legality
Carried forward from the crawler-law index. Governs whether automated clients may access public websites in this jurisdiction.
| Dimension | Value |
|---|---|
| Authorization test | without permission |
| Public-page carve-out | unsettled |
| Terms-of-service browsewrap enforceable | unsettled |
| Terms-of-service clickwrap enforceable | yes |
| Copyright exception model | fair dealing narrow |
| Text and data mining — commercial status | prohibited |
| Text and data mining — opt-out mechanism | none |
| robots.txt legal weight | non binding notice |
| AI training-specific law | none |
| Privacy regime | Individual Privacy Act 2018; Data Act 2022 |
| Trespass to chattels | not recognized |
Last reviewed: 2026-05-23. Confidence: medium. Not legal advice.