Part 1: The New Regulatory Landscape for Digital Commerce in Nepal
1.1. Legislative Genesis and Objectives
After nearly two and a half decades of operating in a regulatory vacuum, Nepal’s burgeoning e-commerce sector is now governed by its first dedicated legal framework: the Electronic Commerce (E-Commerce) Act, 2081 (2025). The enactment of this legislation marks a pivotal moment for a market that has experienced rapid, and often chaotic, growth. This expansion was significantly accelerated by the COVID-19 pandemic, which pushed consumers and businesses online at an unprecedented rate. However, this growth occurred without formal oversight, leading to a marketplace plagued by unscrupulous practices. Consumers frequently reported instances of fraud, the delivery of damaged or incorrect goods, significant price discrepancies, and a near-total lack of effective recourse for grievances. It was this environment of low consumer trust and rising unethical conduct that created the primary impetus for the legislation.
The journey to regulation was protracted. The Act was passed almost 25 years after the first e-commerce sites appeared in Nepal, reflecting a legislative process that struggled to keep pace with technological and commercial trends.1 An initial draft bill was prepared in 2021 but stalled due to frequent changes in government. The bill was eventually registered in the National Assembly (the upper house) in July 2023 and, after a series of amendments, was passed by both houses of Parliament in March 2025. The Act was certified by the President on March 16, 2025 (corresponding to Chitra 3, 2081 in the Bikram Sambat calendar) and officially came into force 31 days later, on April 15, 2025.
The stated objectives of the Act are to create a structured, systematic, and reliable digital marketplace. Its primary goals include regulating online businesses, providing robust consumer protection, enhancing transparency and accountability, and formally bringing transactions conducted via social media into the national tax system. The preamble of the bill itself underscores the legislative intent to make commercial transactions conducted through information technology “systematic and reliable”.
The 25-year gap between the advent of e-commerce in Nepal and the passage of this law reveals a deeply reactive regulatory posture. The legislation is meticulously designed to address the problems of the past—most notably, fraud and a lack of accountability among informal sellers on social media platforms. While this addresses immediate and pressing concerns, it also means the framework is built on a retrospective understanding of the digital economy. The Act does not appear to proactively contemplate the future of digital commerce, such as the rise of AI-driven platforms, complex cross-border data flows, or the challenges of platform monopolies. This focus on past grievances risks creating a “path dependency,” where Nepal’s e-commerce ecosystem is forced to conform to a rigid legal structure that may hinder its ability to adopt new technologies and innovative business models not foreseen by the drafters. This represents a critical risk for a sector defined by its dynamic nature.
1.2. Scope and Applicability: A Wide and Ambiguous Net
The E-Commerce Act, 2081 casts a remarkably wide net in its scope and jurisdiction. The law applies not only throughout the territory of Nepal but also extends its reach to any person or entity “residing anywhere outside Nepal offering goods and services in Nepal through e-commerce”. This assertion of extraterritorial jurisdiction is a significant feature of the legislation, aiming to regulate the entire digital marketplace accessible to Nepali consumers.
The Act covers a diverse array of market participants, including:
- Domestic e-commerce companies and their proprietary platforms.
- Intermediary platforms and marketplaces (e.g., Daraz, SastoDeal) that connect third-party buyers and sellers.
- Individual entrepreneurs and small-scale sellers who utilize social media platforms such as Facebook, Instagram, TikTok, and WhatsApp for commercial transactions.
- Foreign e-commerce platforms (e.g., Amazon) and international digital service providers (e.g., Adobe, Spotify, Google) that sell goods or services directly to consumers in Nepal.
A key exclusion is explicitly stated: the Act does not apply to platforms whose activities are limited to advertising or promoting goods and services without facilitating the actual transaction.
The ambitious extraterritorial scope of the Act, however, creates a significant enforcement paradox. The law mandates that foreign platforms like Amazon must register with the DoCSCP and establish a local office or appoint an official representative to operate legally in Nepal. By the registration deadline of July 18, 2025, no major international e-commerce platforms had complied, technically rendering all direct purchases from these sites illegal.4 The government’s stated enforcement strategy is passive and complaint-driven; authorities will investigate only if a complaint is filed. Given the high volume of cross-border digital transactions, it is operationally impossible for the government to actively police or investigate every purchase. This means the law, in this respect, will likely remain largely unenforced. This creates a paradox where the legislation is so broad in its ambition that it cannot be effectively implemented, potentially undermining its overall authority. Furthermore, by officially barring consumers from using trusted global platforms, the law may inadvertently drive this activity into a “grey market” where consumers turn to unofficial resellers or use VPNs and foreign payment methods. This would push a significant portion of digital commerce beyond any regulatory oversight, resulting in zero consumer protection—the exact opposite of the Act’s primary objective.
1.3. Key Legal Definitions and Classifications
To navigate the new regulatory environment, a clear understanding of the Act’s legal vocabulary is essential. The legislation defines several key terms that classify the different actors and activities within its purview.
- “Electronic Commerce (e-commerce)”: Defined as the process of buying or selling any goods or services through an electronic platform.
- “Electronic Platform”: Any system created for conducting digital transactions, including websites, applications, software, and other similar electronic systems.
- “Intermediary Business”: A platform, such as an online marketplace, that facilitates the sale of goods and services by connecting third-party sellers with buyers.
- “List-based E-commerce Business”: A business that directly sells its own inventory of goods or services to consumers through its proprietary electronic platform.
- “Seller” and “Business”: The Act distinguishes between a “Seller,” who is a third-party vendor providing goods or services for sale on an intermediary platform, and a “Business,” which refers to the operator of the platform itself (either an intermediary or a list-based business).
Part 2: Core Compliance and Operational Framework
2.1. The Mandate for Registration
The central pillar of the E-Commerce Act is the mandatory registration of all online businesses. Any entity conducting e-commerce is required to register on the official e-commerce portal established and maintained by the Department of Commerce, Supplies and Consumer Protection (DoCSCP). Operating an online business without this registration is now a punishable offense.
The registration process requires businesses to submit an application via the DoCSCP portal, providing a comprehensive set of business details.10 Upon successful review, the Department issues an official platform listing number, which must be displayed on the business’s platform.10 The necessary documentation for registration includes:
- Basic business details (name, address, legal status)
- Business registration certificate number
- Ownership details (proprietor, partners, or directors)
- A clear description of business activities
- Permanent Account Number (PAN) or Value Added Tax (VAT) registration details.10
The Act established clear deadlines for compliance. Existing e-commerce businesses were granted a three-month grace period, ending on July 18, 2025, to complete their registration. All new businesses must register before commencing any online operations.4 Reports from the deadline indicated that only 950 e-commerce businesses had registered, a number far below official expectations, suggesting either widespread non-compliance or a significant underestimation of the market’s size.4
2.2. Platform and Disclosure Requirements
The Act imposes stringent requirements on the establishment and maintenance of electronic platforms. A key provision mandates that every e-commerce business must set up its own electronic platform to conduct trade.11 Recognizing the significant financial and technical burden this would place on small-scale entrepreneurs, a critical amendment was introduced to exempt micro-entrepreneurs and cottage industries from this requirement. These smaller entities are permitted to use existing platforms, such as established marketplaces or social media channels, to sell their goods and services.1
All platforms, whether proprietary or third-party, are subject to rigorous disclosure rules. They must prominently display comprehensive details about the business itself, including its legal name, physical address, registration information, contact details, and the name and contact information of a designated grievance redressal officer.10 Furthermore, for each product or service offered, the platform must provide a detailed list of information, including a full description, the final price inclusive of all taxes, any additional delivery charges, warranty and guarantee terms, country of origin, and manufacturing and expiry dates.8
To ensure this information remains current, the Act mandates that any changes to business or product details must be updated on the platform within 48 hours. This deadline was extended from an initially proposed 24 hours following legislative debate.1 Failure to comply with this upkeep requirement can result in fines.11
The requirement to display dynamic data points like manufacturing and expiry dates at the platform level for every individual item presents a severe operational challenge. For any business with a large, fast-moving inventory, this is operationally impractical, if not impossible.11 A retailer may hold thousands of units of a single product, each arriving in different batches with unique manufacturing and expiry dates. To display this information accurately on a product webpage would necessitate a complex, real-time inventory management system linked directly to physical stock at a granular level—a capability far beyond the reach of most businesses in Nepal. This legislative disconnect from operational reality is likely to result in one of two outcomes: widespread, tacit non-compliance with this specific rule, or businesses posting generic or inaccurate data simply to fulfill the letter of the law. The latter outcome would defeat the purpose of transparency and could actively mislead consumers, creating new liabilities for the business under other provisions of the Act.
The following table provides a practical checklist for businesses to assess their compliance with the Act’s core requirements.
Table 1: Compliance Checklist for E-Commerce Operators
Compliance Area | Specific Requirement | Relevant Act Section | Associated Penalty for Non-Compliance |
Registration | Register business on the DoCSCP e-commerce portal before operation. | Section 5 | NPR 20,000 – 100,000 |
Platform Information | Establish an electronic platform (unless exempt). | Section 4 | NPR 20,000 – 100,000 |
Display business name, address, and registration number. | Section 4(2) | NPR 20,000 – 100,000 | |
Display PAN/VAT number. | Section 4(2)(f) | NPR 20,000 – 100,000 | |
Appoint and display contact details for a grievance officer. | Section 4(2)(h) | NPR 20,000 – 100,000 | |
Update any changes to business information within 48 hours. | Section 4(3) | NPR 20,000 – 100,000 | |
Product Disclosure | Disclose full product/service details (description, price, origin, etc.). | Section 6 | NPR 20,000 – 100,000 |
Disclose manufacturing and expiry dates. | Section 6(n) | NPR 20,000 – 100,000 | |
Consumer Policy | Publish a clear return and refund policy. | Section 10 | NPR 50,000 – 300,000 |
Establish a grievance redressal mechanism with a 15-day resolution timeline. | Section 33 | Failure to fulfill obligations may lead to severe penalties. | |
Data Handling | Maintain confidentiality of consumer personal data. | Section 12 | As per Cybersecurity and Privacy Laws. |
Intermediary Duties | Sign written/digital contracts with all sellers. | Section 14(e) | NPR 50,000 – 500,000 and/or imprisonment for 6 months to 3 years. |
Prohibit fake reviews and misleading advertising. | Sections 15(c), 16(e) | NPR 50,000 – 500,000 and/or imprisonment for 6 months to 3 years. |
2.3. The Legal Status of Electronic Transactions
A progressive and crucial component of the Act is its formal recognition of the legal validity of electronic transactions. The law explicitly states that contracts formed through e-commerce platforms are legally valid and binding under Nepalese law, with the acceptance of an order by a seller legally constituting a contractual agreement.11
Significantly, the Act broadens the legal standing of digital signatures. It moves beyond the narrow definition contained in the Electronic Transactions Act, 2063, which recognized only those digital signatures certified by a specific government-recognized authority. This expansion is a modernizing step that aligns Nepal with international practices and is expected to foster greater trust and efficiency in online contracting.6
The legislation also provides clarity on payment mechanisms. It accommodates various payment models, including pre-payment, post-payment, and cash-on-delivery. Critically, it stipulates that a payment made by a consumer to a third-party transporter or courier is legally considered as payment made directly to the trader.1 All payment processes must comply with existing banking and payment settlement laws, particularly those governing transactions in foreign currency.8
Part 3: Consumer Rights and Business Obligations
3.1. A New Charter for Consumer Protection
The E-Commerce Act establishes a robust new charter of rights for online consumers, with unconditional returns and refunds as its cornerstone. Buyers are now legally entitled to a full refund, inclusive of any taxes paid, if the delivered product or service is defective, delayed, or differs from its online advertisement in key aspects such as design, image, weight, warranty terms, or country of origin.1
To give this right teeth, the Act prohibits sellers from imposing any conditions to deny a valid refund request.15 If a consumer returns a non-conforming product and refuses an offer of exchange, the business is obligated to provide a full monetary refund.13
The Act operates in tandem with the existing Consumer Protection Act (CPA), 2075. It specifies that in areas where the E-Commerce Act is silent—such as product quality standards, labeling requirements, pricing regulations, and broader dispute resolution mechanisms—the provisions of the CPA will apply.8 This creates a dual regulatory structure that businesses must navigate.
3.2. Data Privacy and Confidentiality
The Act introduces foundational principles for data privacy in e-commerce. The core obligation for all businesses is to maintain the strict confidentiality of consumer personal data and personally identifiable information (PII).2
The use and transfer of this data are restricted. It can only be shared or used in accordance with prevailing law. An explicit exception is made for the transfer of transaction-related information between the buyer, seller, and courier as necessary to fulfill a contract.8 The legislation also empowers users by requiring businesses to provide mechanisms for consumers to manage, update, and protect their own data, including the ability to disable the source of their identification.6
While these provisions are a welcome step, they create what can be described as a “privacy façade.” On the surface, the rules appear robust, mandating confidentiality. However, they lack the detailed substance of modern data protection regimes. The Act fails to define key terms like “personal data,” “consent,” or “data breach,” and it does not specify rules for data retention periods or cross-border data transfers. Critics have already noted these inadequacies.1 This vagueness binds businesses to a nebulous standard of acting “in accordance with the law,” forcing them to guess their specific obligations. This creates a significant latent legal risk. If Nepal enacts a more comprehensive, modern data protection or cybersecurity law in the future—a possibility hinted at in policy discussions 23—businesses that are compliant with the E-Commerce Act’s vague requirements could suddenly find themselves non-compliant with a new, stricter law. The current Act, therefore, may offer a false sense of security while exposing businesses to future legal shocks, a critical advisory point for any company collecting consumer data in Nepal.
3.3. Grievance Redressal Architecture
A mandatory grievance redressal mechanism is a central requirement of the Act. Every e-commerce platform must establish and maintain a proper system to receive and resolve customer complaints.4 This system must be accessible, with businesses required to accept complaints through electronic means (e.g., email, portal), in writing, or in person.6
The process is time-bound and structured. Upon receiving a complaint, the business must formally register it and provide prompt acknowledgement to the consumer. The issue must then be investigated and fully resolved within a strict 15-day timeframe.6 To facilitate this, the Act requires the implementation of an online complaint management system to log, track, and document all grievances and their ultimate resolutions.6
3.4. Delineated Responsibilities of Market Participants
The Act clearly delineates the duties and liabilities of different players in the e-commerce ecosystem.
- Intermediary Platforms (Marketplaces): These businesses must enter into formal agreements with their third-party vendors, which must exist in both written and digital forms.1 They are responsible for verifying the credentials of their sellers, implementing measures to prevent fraudulent activity, and are prohibited from giving preferential treatment to certain sellers unless this is transparently disclosed to consumers.8 Crucially, intermediary platforms are held directly liable for complaints related to goods or services sold on their platform, even if they did not directly provide them.8
- Sellers (on Intermediary Platforms): Third-party sellers are obligated to provide the platform with valid business registration and tax details. They are responsible for ensuring the timely delivery and authenticity of their products. The Act specifically prohibits sellers from posing as consumers to write fake reviews or otherwise manipulate ratings and feedback on the platform.8
- List-based Businesses (Direct Sellers): Businesses that sell their own products directly to consumers must avoid any form of misleading advertising. They are also barred from submitting fake reviews and are required to fulfill all stated warranty commitments and process returns and refunds promptly and fairly.8
Part 4: Enforcement, Penalties, and Prohibitions
4.1. Prohibited Activities and Unfair Trade Practices
The Act defines a clear set of offenses. Core prohibitions include operating an e-commerce business without registration, failing to establish an electronic platform (unless exempt), not disclosing the required business and product information, and failing to fulfill the specific obligations laid out for intermediaries and sellers.9
Businesses are also forbidden from selling any goods or services that are banned under other existing laws or through a specific notification published by the Government of Nepal.8 Furthermore, the Act explicitly prohibits engaging in unfair trade practices, with a particular focus on misleading advertising and the creation of fake reviews, which is defined as a serious offense.8
4.2. A Matrix of Offences and Penalties
The Act establishes a tiered penalty structure, distinguishing between minor infractions and more severe offenses that can result in substantial fines and imprisonment. The following table consolidates the penalty framework for clear reference.
Table 2: Schedule of Offences and Penalties under the E-Commerce Act, 2081
Offence | Offence Classification | Monetary Penalty (NPR) | Imprisonment Term | Adjudicating Authority |
Operating without Registration/Listing | Minor Infraction | NPR 20,000 to 100,000 | N/A | Inspection Officer |
Failure to Disclose Required Information | Minor Infraction | NPR 20,000 to 100,000 | N/A | Inspection Officer |
Selling Restricted Goods Online | Severe Offence | NPR 100,000 to 500,000 | Up to 3 years | Consumer Court / District Court |
Failure to Fulfill Obligations (e.g., not honoring refunds, misleading ads, fake reviews) | Severe Offence | NPR 50,000 to 500,000 | 6 months to 3 years | Consumer Court / District Court |
Data Misuse / Breach of Confidentiality | Severe Offence | As per prevailing Cybersecurity and Privacy Laws | As per prevailing Cybersecurity and Privacy Laws | Relevant Court |
Note: Penalty figures are synthesized from multiple sources.1 Severe offenses are prosecuted by the state.
4.3. The Role of Regulatory and Judicial Bodies
The enforcement architecture of the Act is centered around the Department of Commerce, Supplies and Consumer Protection (DoCSCP). The DoCSCP and its designated “Inspection Officers” are tasked with the monitoring, inspection, and investigation of e-commerce activities.1
For severe offenses, cases are prosecuted by government attorneys, with the Government of Nepal acting as the plaintiff.10 Adjudication of these cases is slated to take place in the newly established ‘Consumer Court’. In the absence of a functional Consumer Court, the relevant District Court will have jurisdiction.9 The Act mandates the use of a “summary procedure” for these cases, indicating an intention for an expedited judicial process.13
Part 5: Critical Analysis and Strategic Implications
5.1. Impact on Startups and Small-to-Medium Enterprises (SMEs)
The E-Commerce Act is a double-edged sword for startups and SMEs in Nepal. On one hand, it provides a much-needed legal framework that can help build consumer trust, a critical barrier to growth in the market.3 On the other hand, it imposes significant compliance burdens that could prove prohibitive for nascent businesses. The high costs associated with platform development (for those not exempt), legal consultation, and administrative overhead may stifle growth and deter new market entrants.25
Critics argue that the Act’s rigid, one-size-fits-all approach to regulation restricts the agility and creativity that are the lifeblood of startups.25 The exemption for micro and cottage industries from the requirement to build their own platforms is a positive and necessary concession. However, this creates a potential “compliance cliff.” A business that successfully grows beyond the micro-enterprise threshold (defined under the Industrial Enterprise Act as having fixed capital up to NPR 2 million and fewer than nine workers) will face a sudden and substantial cost burden to become fully compliant, which could impede its scaling journey.18
5.2. Legal Ambiguities and Jurisdictional Challenges
Despite its aim to bring clarity, the Act has introduced several legal ambiguities. A primary criticism is that its core definitions are overly broad. The definition of “services,” for instance, is so expansive that it could be interpreted to include already heavily regulated professions and sectors like law, medicine, banking, and telecommunications.17 This creates the potential for regulatory overlap and jurisdictional conflict, forcing entities like banks, which are licensed by Nepal Rastra Bank, into a confusing dual-compliance regime.17
There is also significant redundancy with the Consumer Protection Act, 2075, which could lead to legal inconsistencies and duplicative compliance efforts for businesses.6 The impractical requirement for platform-level labeling of manufacturing and expiry dates, which is already mandated on physical product labels under the CPA, is a prime example of this redundancy.6 Finally, the challenge of enforcing the Act’s provisions against global platforms with no physical or legal presence in Nepal remains a critical weakness. This provision may be sound in legal theory but is practically unenforceable at scale, risking the creation of a two-tiered system where domestic firms face strict oversight while foreign competitors operate with relative impunity.4
5.3. The Future of E-Commerce in Nepal
The E-Commerce Act has the potential to fundamentally reshape Nepal’s digital economy. By formalizing the market and strengthening consumer rights, it can address the deep-seated issue of consumer trust, which has long been a major impediment to e-commerce adoption.3 A regulated, transparent market is more likely to attract domestic and foreign investment, encouraging the growth of larger, more professional operators and fostering a healthier competitive landscape.18
However, these potential benefits must be weighed against the significant risks of overregulation. The Act’s strong punitive focus, coupled with its high compliance burdens, could slow market growth, push smaller, informal sellers further underground, and ultimately make the ecosystem less dynamic and competitive.25 A notable concern raised by stakeholders is the lack of stakeholder consultation during the drafting process, which may have contributed to some of the Act’s more impractical provisions.25
Ultimately, the long-term success of the Act will depend on an agile and collaborative implementation approach. Regulators will need to be willing to refine the rules and issue clarifying directives based on continuous feedback from the industry, particularly given the rapid pace of technological change that defines the digital marketplace.25
5.4. Strategic Recommendations for Compliance and Advocacy
For Businesses:
- Conduct a comprehensive compliance audit against the checklist provided in this report to identify and rectify any gaps.
- Invest in robust grievance redressal systems. An effective, well-documented internal complaint mechanism is the first line of defense against regulatory action and can mitigate significant legal and reputational risk.
- Meticulously document all transactions and seller agreements to manage liability under the new contract law provisions.
- Review and update all user agreements, terms of service, and privacy policies to align with the Act’s requirements on contract validity, consumer rights, and data confidentiality.
For Startups and SMEs:
- Leverage the micro-enterprise exemption for as long as is feasible to minimize initial compliance costs. However, simultaneously develop a strategic plan for the financial and operational requirements of full compliance upon scaling.
- Utilize compliant third-party marketplace platforms as a low-cost, low-risk market entry strategy. This shifts much of the platform-level compliance burden to the marketplace operator.
For Industry Advocacy:
- Engage in continuous dialogue with the DoCSCP and the Ministry of Industry, Commerce and Supplies. Business associations and stakeholder groups should proactively seek clarification on the Act’s ambiguities.
- Key advocacy points should include requesting clearer guidelines on the scope of “services” to avoid regulatory overlap, defining the legal status and compliance path for social media sellers, and proposing practical, technology-driven solutions for platform-level data disclosure requirements. This collaborative approach is essential for the “continued refinement” that critics and stakeholders agree is necessary for the Act to foster, rather than hinder, the growth of Nepal’s digital economy.6