Menu
Data Center Cloud Services

Data Center and Cloud Services Directive 2081: Mandatory Registration in Nepal

0

Share It On:

6th March 2025, Kathmandu

The Department of Information Technology (DoIT) has called on all data centers and cloud service providers in Nepal to register with the government.

Data Center Cloud Services Directive

This is part of the new “Data Center and Cloud Services (Operation and Management) Directive, 2081”, which was introduced on Magh 15, 2081 (January 28, 2025). The directive aims to improve data security and ensure proper management of IT services.

Mandatory Registration for Service Providers

All existing data centers and cloud service providers must register with the DoIT before offering their services. Providers must submit their applications within the next six months. If they fail to do so, they will not be allowed to continue operations.

Purpose of the Directive

The directive encourages the secure storage of data created by both the public and private sectors within Nepal. It ensures that sensitive data is protected and stored in a safe manner. The goal is to make IT systems in data centers and cloud services reliable, secure, and efficient.

Required Documents for Registration

To register, data centers and cloud service providers must submit several key documents:

Company registration certificate

Fire safety and building completion certificates

Security and privacy policies

Business continuity plan

Location map and tier classification

Technical staff details

Security procedures

IP pool and electrical design details

If the provider does not own the building, they must submit a lease agreement. For cloud services, affiliation documents with ISPs and NSPs are also required.

Regulation for Financial Institutions

In line with these changes, Nepal Rastra Bank (NRB) has set a rule for payment service providers. They can only store their data in registered data centers. This ensures that financial institutions comply with the new standards for data security.

Separate Registration for Cloud and Data Centers

If a service provider offers both cloud services and data centers, they must register separately for each service.

Government Data Centers and IDMC Integration

The directive affects government-run data centers as well. All non-security government agencies must use the Integrated Data Management Center (IDMC) for data storage. Existing government data centers are required to move their data to the IDMC within a specified timeframe. However, government agencies can request approval to operate additional sites if necessary.

Strict Security and Compliance Measures

Providers must follow strict security protocols. These include:

Ensuring no unauthorized access to data.

Reporting security breaches to authorities.

Appointing a compliance officer to maintain standards.

Conducting annual security audits of the infrastructure.

Client Responsibilities

Clients must only use services from registered data centers and cloud providers.

Building a Secure IT Infrastructure

The government’s directive aims to create a secure and efficient IT environment in Nepal. By requiring all service providers to register, the government seeks to improve data protection and security in the country. Data centers and cloud service providers must apply for registration within six months to comply.

For more: Data Center Cloud Services Directive


Share It On:

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *