Indo-Nepal Cyber Diplomacy and Regime Formation

Dr Sreemoyee Sarkar* |

* Faculty of History at National University of Study and Research in Law, Ranchi, Jharkhand.


International Relations has endured incredible fluctuations since the explosion of Information and Communication Technology (ICT) (Eriksson et al. 2006: 221).  The “Westphalia State System” has hitherto been redefined as an outcome (Russet et al. 1996: 50). The state-actors approach and the stake-holding managements are manifested through several bilateral and trilateral strategies and other multi-layered diplomatic responses. The world is now a global village, and international politics, institutions, trades, and the wheel of commerce are already being a part of cyberspace; the developing nations would also be compelled to be mainstreamed. The diplomatic liaison and bilateral connection between India and Nepal, which have evolved over the years at different levels, partake both the benevolent and the adverse components, mark this development concerning human to national security, address issues ranging from the regional security to the incorporations of responses towards the international variables. However, the question of cyber diplomacy, in regard to these two-neighbouring state actors, India and Nepal, is centred around the imperatives of the individual and interdependent national security and regional interests. The present work would try to reflect upon the cyber diplomacy between India and Nepal through the bilateral plane in terms of national interest to develop a cybersecurity policy regime.

The Global South provides enormous politico-economic and socio-cultural opportunities to e-commerce and digital marketing. The South Asian Association for Regional Cooperation (SAARC) countries have so far failed to set up a regulatory regime and cyberspace risk management think-tank. The existing socio-economic and technological inequality and assorted security perspectives have led the state-stakeholders of South Asia to prioritise different ICT goals and the regional digital divide. However, India and Nepal, owing to their geopolitical locations and long-existing politico-cultural exchanges, have witnessed growing impetus modifying their cybersecurity goals. Decolonisation and post-Cold War globalised World Order and transnationalism have redefined the idea of sovereignty vis-à-vis gross ‘internet penetration’. However, has such cyberspace commonality promised positive Indo-Nepal bilateralism?Since the last century, ICT has gained immense significance. It is identified as the avant l’heure to the globalisation and the socio-cultural, politico-economic, and commercial developments owing to the existing network of the ‘worldwide web’. Cybercrimes and other virtual offences require national, regional, and international response mechanisms and obvious military initiatives deterring infringement of personal and national data and violation of individual privacy and civil liberty. United Nations, state actors, non-state players and commercial entities have formulated and adapted several treaties, policy recommendations and legal regimes to ensure cyberspace protection and virtual safety (Neupane, 2016: 2).

India’s digital activism resulted in a national cyber policy regime through Information Technology Acts 2000 with its subsequent amendments in 2008, both protecting and empowering netizens’ rights. In February 2014, the ‘Cyber-Crime, Cyber Security and Right to Privacy’ report by the Parliamentary Standing Committee on Information Technology India came out, which elucidated the cybercrimes and the scope and jurisdiction of the functioning Information Technology (IT) Acts. According to the National Crime Record Bureau (NCRB), the Internet Subscriber base has grown at 27% in 2012 and 53% in 2013, and cybercrimes have escalated at more than 50% both in 2012 and 2013. Further, the Indian cyber policy regime entails the establishment of legal and military instruments, administrative and civic enforcement mechanisms, and technical infrastructure viz. education and health care etc. (Rajagopalan, 2015). Hence in July 2013, National Cyber Security Policy explicitly articulated a holistic vision for the involvement of the technically efficient experts through public-private engagements. Furthermore, in 2013, India established the position of the National Cybersecurity Coordinator, promulgating a National Cybersecurity Strategy, committed to publishing a revised version in 2020 and also established the National Cyber Coordination Centre in 2016. However, the gap between legislation and implementation persisted. Proliferating cybercrime and disinformation campaigns during the pandemic highlights “the urgent need to enhance cyber resilience in critical infrastructures and across society” (Ebert et al. 2020). Ministry of Communication and Information Technology has underlined acceptance of public opinion, civil society participation and a pro-stakeholder approach, i.e., every individual is involved both as a victim and as a cybersecurity provider (Anas, 2015). Hence Indian cyber legislation is partially adequate though it sets ambitious goals and tries to offer an inclusive capacity building cyber mechanism.

However, the regime’s legal and policy goals remain vague. The public and private stakeholders often find it difficult to combat cyber issues. Meanwhile, India has made the European Union (EU) its strategic partner. EU Cyber Direct: Supporting EU Cyber Diplomacy observes that India and the EU are engaged in a “… Joint ICT Working Group since 2000 and a Cyber Dialogue since 2011, share a mutual interest in further linking the Digital India initiative and the EU’s Digital Single Market by deepening cooperation on issues such as ICT standardisation, Internet of Things, Internet governance and the exchange of best practices in cybersecurity. Brussels and New Delhi also benefit from promoting an international framework for responsible state behaviour through cybersecurity norms, confidence-building measures and capacity building. To jointly pursue these interests, both sides can build on a web of existing bilateral cybersecurity arrangements between India and EU member states as well as on operational cooperation between their computer emergency response teams (CERTs)” (Ebert et al. 2020).

Due to the pandemic, India-EU Cyber Dialogue was held virtually on December 14, 2020, where prospective areas of cyberspace cooperation; multilateral and regional cooperation on stability in cyberspace at UN platforms in Group of Government Experts (GGE), Open-Ended Working Group (OEWG), or in Regional settings including relevant discussions at Organization for Security and Co-operation in Europe (OSCE), Association of Southeast Asian Nations (ASEAN), and ASEAN Regional Forum (ARF); EU Cyber diplomacy toolbox; Cooperation on Cybercrime and Capacity building therein; Contemporary issue and exchanges on cyber policies; Internet Governance; New Emerging cyber-related technologies, etc. were discussed and reaffirmed (MEA, 2020). Meanwhile, domestic legal articulation is sought through IT Acts, Indian Penal Code (IPC), judicial instruments, public and private sector implementation guidelines, organisational behavioural norms and standards, infrastructural code of conduct, sensitisation on virtual world etiquette through different media platforms.

Nepal’s cyber optimism started relatively late as cyber penetration was comparatively slow and scanty. Since the new millennium, ICT ramifications started gaining political, economic, and socio-cultural prominence, initiating a paradigm shift toward newer crime avenues. Therefore, Nepal’s cyber policy regime was resulted in the E-Transaction Act of Nepal in 2004, enforcing the provisions on rights and duties of the netizens, electronic record keeping, digital signature, etc. Institutions like cyber regulations, appellate tribunals, controller and certifying bodies, etc., were formulated to deter unauthorised cyber access, cyberbullying, cyber exploitation, tampering with soft data, etc. However, such efforts were not adequate to prevent sophisticated cybercrimes viz. financial fraud, Debit and Credit card cloning, phishing, hacking, etc., coupled with insufficient sensitisation and lack of a strong national cybersecurity strategy and specialised regulatory process promoting information confidentiality and cyber-integrity (Upreti, 2014). Hence in 2008, the Electronic Transactions Act, 2063 came. This legislature set forth a national legal framework and effectively spelt out ways to regulate cybercrimes. IT Policy of 2010, formulated as an instrument to social and economic advancement, stresses Intellectual Property Rights (Neupane, 2016: 11). It was followed by Electronic Transaction and Digital Signature Act which has boosted IT industry development in Nepal. Various technical measures are envisaged through National Information Technology Centre (NITC), High-Level Commission for Information Technology (HLCIT), etc., upholding individual data privacy and critical ICT infrastructure. In 2018, The Individual Privacy Act came, which was the first legislation in Nepal to protect the right to privacy of its people, and define personal information (Jain, 2021). Though Intellectual Property Bills are yet to be passed, since 2020, Nepal Police Cyber Crime Bureau has opened an email complaints window to create an inclusive digital ambience for Nepal’s cyber regime (THT, 2020).

Nevertheless, Nepal police records testify that the number of cybercrimes, which was only 19 in 2012, has risen to 39 in 2014, 35 in 2015, 53 in 2016–17. A total of 180 cyber cases were registered in 2018 –19 (IFEX, 2019). Hence Nepal sought to re-formulate a holistic cyber policy regime connected to the changing ICT domain (Upadhyaya et al. 2012: 1074). It can be observed that in the last quinquennial plan, Nepal has addressed the perils to public access to IT, resulting in the promotion of effectively informed civil society, good governance, and better opportunities for the netizens, targeting international standards.

It must be noted that there exists no acknowledged cyber regime and universal cybersecurity framework to be implemented globally, to guide the national agencies, and certify any accreditation to public sector professionals. Moreover, there is a dearth of universally charted recognised cyber research and development programmes or professional cum educational and training schemes to increase overall digital awareness. The existing ICT related policy standards and practise guidelines have been initiated by the technologically advanced countries (Upadhyaya et al. 2012: 1076) and are rigorously being revised at both the regional and international levels. Wherein, both India and Nepal have been lagging much behind in terms of security practices, policy formulation to cater to the legal instruments, digital infrastructures and ICT strategy architectures.

Moreover, weak law implementation mechanism coupled with inadequate cyber sensitisation, both governments require to invest more in generating human resources, increasing general cyber awareness among the police, lawyers, advocates and other facilitators involved in cybercrime prevention measures. Thence, both India and Nepal are looking for a resilient capacity building cybersecurity mechanism, which requires a more comprehensive approach from every stakeholder in the region, inclusive of the states, non-state actors and individual netizens, and the same can be reflected in their foreign policy initiatives; bilateral interactions, diplomatic strategies binding mutual national security (Pandey, 2010: 113).  In the meantime, has the Indo-Nepal cyber policy regime been deterred enough to the cyber misuse and unauthorised access infringing national interests and regional stakes? The issue of ‘cyber’ has not been incorporated adequately in the India-Nepal bilateralism instead of adequate commonality in the ‘cyber threats types’ and their ‘national response mechanism’. Accordingly, the governments of India and Nepal can execute a robust bilateral cybersecurity policy strategy, implementing the national and sector-specific cybersecurity measure, energising cooperative inter-state, intra-state, intra-agency and private-public partnerships-based cyber capacity building (NIICE Commentary: 4061).

Cybersecurity management in the SAARC countries needs to address the cyber asymmetry between the neighbouring nations (Ali, SAARC Responses, 2014: 96). Perhaps the materialisation of Indo-Nepal cyber diplomacy of a positive note can lead to a more comprehensive cooperative policy practice. In the SAARC summit, 2004, India’s former Prime Minister Atal Bihari Vajpayee expressed: “We have to change South Asia’s image and to stand in the world. We must make the bold transition from mistrust to trust, from discord to concord and from tension to peace” (PM Speech, 12th SAARC Summit: January 2004).

South Asia constitutes a predicament since decolonisation, Cold War thaw followed by a rise of international terrorism, characterised by old and the new security complexities, which require the states to cooperate bilaterally or multilaterally. Conventional bilateral security liaison requires confidence-building measures, joint training exercises, exchange of the officials. At the same time, non-conventional security management implies mutual confidence-building measures, exchange of resources etc. Cyberspace diplomacy, the security interest of the SAARC states, lies in the cooperative engagement of the neighbouring state without domestic interference in national affairs. Through such an optimistic interactive plane, India and Nepal would derive mutual benefits, taking into cognisance that the cyber policy of India is comparatively restored and Nepal is still an emerging actor in the cyber world, restoring the democracy in cyberspace (Raju, 2007:135). At this juncture, has Indo-Nepal cyber diplomacy entered into the politico-legal discourses of exercising the fundamental right of freedom of expression?

The scope for synergy in Indo-Nepal cyber diplomacy has been revisited through India-Nepal’s Track I, Track II and Track III types of bilateral transaction facilitating cyber policy option development between India and Nepal. Territorially, Nepal is a small state which possesses a growing human resource and escalating tourism economy (NTA Report: 2013). It is surrounded by bigger neighbours, India and China. China, on the one hand, has entered into the revolutionised landscape of the global ICT-led development, though at the cost of democratic dissent in terms of cybersecurity, digital governance and state surveillance. On the other hand, India and Nepal are still trying to keep up with the global ICT penetration within a democratic framework; thus, to come across similar policy and security challenges, depicting diversified policy and legal regime within the discourse of South Asian jurisdiction (IDSA, 2010). Indian Prime Minister Narendra Modi, in his two days visit to Nepal on 3 and 4 August 2014, attempted fruitful strides resulting in positive policy outcomes. The revision of the Treaty of Peace and Friendship (1950) thereby obliterated the disparity bet Indo-Nepal bilateralism and sworn the capability to exercise the sovereign foreign and security policy, immensely relevant for a regional cyber regime formation. Narendra Modi had advocated his idea of ‘Highways, I-Ways and Trans ways’ (HIT) to improve the existing ‘pathetic condition’ of the IT and communication network between India Nepal bordering area and expressed support of US $1 billion concessional credit to facilitate that (TOI, 3 August 2014).

Such cooperative orientation along bilateral platform might have taken the Indo-Nepal relation to a new height developing a holistic cyber policy regime in the SAARC region with further international ramifications (Shrestha, SAARC Responses, 2014: 143). India’s national cyber regime scenario is sober but proves vulnerable to Chinese cybercrime penetration. Meanwhile, Nepal needs human resources, and which can be channelled through the bilateral exchange of ‘technical training and expertise’. However, over the past years, it has been observed that India possesses legitimate geopolitical security concerns in Nepal, as it is the buffer state between India and China. India has encountered frequent faceoffs with Nepal’s pro-China geostrategic and political-economic stand. If India considers its Himalayan neighbour an entry pot in the cyber world, it should re-build its engagement with Nepal, prioritising economic and cyber-security issues over the political ones (Pandey, 2010: 150); heralding a positive interdependent cyber regime and cyberspace security management.

The India-Nepal interface in terms of technology is nothing new. Indo-Nepal technological relation mainly emphasises the ‘technology transfer’, recognised as ‘third world’s response’ as a part of ‘South-South Cooperation’. Indeed, India Nepal’s bilateral relation has matured from political to economic collaboration and geostrategic to cybersecurity regime, serving mutual interests, and it is highly anticipated that there exists a huge possibility for India and Nepal to interact over ‘cyber’ factor with the security diplomacy implications as well as regime formation. It is obvious that in the post-pandemic future, the status of the cyber factor in the states is going to determine the inter-state relation. Covid diplomacy between India and Nepal has already contextualised the state and civil society interests and bonhomie at health care, hospital service and medical expertise levels. Henceforth, Indo-Nepal cyber diplomacy could further facilitate the cyber regime formation in South Asia (Bhattacharjee, The Hindu: 17 August 2020). Since decolonisation, the geopolitical security strategy of South Asia has been perpetually determined by the extra-regional players. Thus, regional cyberspace policy initiatives in line with a regime formation like the EU would lead to some positive regional statuesque.


Anas O (2015) In Search of India’s Policy Doctrine. Policy Brief. Indian Council of World Affairs. 5 June.

Bhattacharjee K (2020) Indian, Nepalese diplomats discuss bilateral projects after months of acrimony. The Hindu. August 17.

Ebert H and Saslow K et al. (2020) Cyber Resilience and Diplomacy in India. EU Cyber Direct: Supporting EU Cyber Diplomacy. 14 July. (accessed 19 April 2021).

Eriksson J and Giampiero G (2006) The Information Revolution, Security, and International Relations: (IR) Relevant Theory? International Political Science Review 27 (3): 221 – 244.

Gupta A (2010). India Needs A New Paradigm in Its Nepal Policy. IDSA Comment. Manohar Parrikar Institute of Defence Studies and Analyses. 18 August.

IFEX. (2019) Rising cyber crime cases in Nepal. Freedom Forum. 16 June.

Jain V (2020) Cyber crime and laws in Nepal: An overview. 20 January.

MEA (2020) 6th India-EU Cyber Dialogue. Press Release. Media Centre. Ministry of External Affairs. 17 December. (accessed 22 April 2021).

Nepal Telecom Authority Report 2013.

Neupane P (2016) An Overview of Cyber-crimes and Cyber Law in India and Nepal: A Comparative Study on ETA Act 2063 of Nepal and IT Act 200 of India. Seminar Paper. pp. 1 – 45, Munich: GRIN Verlag, (accessed 18 April 2021).

Pandey N N (2010) New Nepal: The Fault Lines. New Delhi: SAGE Publication India Ltd. pp. 104 – 158.

Pokharel M, Shakya S and Upadhyaya P (2012) Information Security Framework for E-Government Implementation in Nepal. Journal of Emerging Trends in Computing and Information Sciences 3 (7): 1074 – 1077.

Prime Minister Atal Bihari Vajpayee’s speech at the 12th SAARC Summit on 3 January 2004.

Pulami M J (2020) Cyber Security and Internet Governance in Nepal. NIICE Commentary 4061. 12 April.

Rajagopalan R P (2015) India’s Cyber and Space Security Policies – Analysis. Eurasia Review. News and Analysis. Observer Research Foundation. 4 January. India’s Cyber And Space Security Policies – Analysis – Eurasia Review. (accessed 19 April 2021).

Raju A S (2007) Reconstructing South Asia: An Agenda. New Delhi: Gyan Publishing House. pp. 135 – 150.

Russet B et al. (1996) World Politics: The Menu for Choice. World politics : the menu for choice: Russett, Bruce M : Free Download, Borrow, and Streaming : Internet Archive p – 50. (accessed 21 April 2021).

SAARC Responses Articles (2014) FPRC Journal. (4): 94 – 134. Foreign Policy Research Centre. New Delhi.

THT (2020) Cyber crime complaint through email. Himalayan News Service. The Himalayan Times. 18 October.

TOI (2014) Modi announces $1 billion concessional line of credit to Nepal. Times of India. 3 August.

Upreti P N (2014) Cybercrime without cyber-rules. Opinion. Kathmandu Post. 25 May.

Relevant Websites

  2. National Information Technology Center | NITC

Previous post Playing with Democracy: Hungary 101
Next post Political Strategies in a Multi-Polar World: Where is European Union in All This Story?

Leave a Reply

Your email address will not be published. Required fields are marked *