Nepal’s digital dependency
Ayusha Chalise
Digital sovereignty has become one of those phrases that sounds powerful precisely because it is vague. It is invoked in policy documents, conferences, political speeches as if it was a destination waiting to be reached, something a country can simply decide to have.
For Nepal, however, digital sovereignty is less a goal than a tension we must learn to live with. It is the ability of a nation to control its present and future in the digital space. This includes the hardware we rely on, the software we use, and the data we generate, together forming what is called the digital public infrastructure.
But the uncomfortable question emerges: how much control is actually possible for a landlocked country squeezed between two giants, embedded in global supply chain and dependent on external connectivity?
Nepal’s digital dependency is not accidental: it is geographical, structural and is a choice just like any other between India and China. Until 2018, the country’s entire internet flowed through India. The addition of fibre links to China freed us from this monopoly, but it did not give us independence.
Building infrastructure across the Himalaya will never be as efficient as routing cables south. Digital sovereignty, argues Sixit Bhatta of Tootle and Vriddhi, is a political speech rather than a conversation. Modern digital systems are deeply interlinked, with data constantly moving across borders, he adds.
Hardware is manufactured in one country, software developed in another, and data stored somewhere else entirely. Expecting all three to align neatly within national borders is not how the internet works. It is impossible for us to use technology without Chinese hardware and US software.
“It is our current reality that all our data is currently somewhere in the Silicon Valley,” Bhatta told me. “Trying to have all this data within our own territory is an unimaginable feat, but even though sovereignty is not possible, there is data that is unique to Nepal that we can digitise to our advantage, with out own technologies.”
While we may not control where our servers are manufactured or where global platforms store metadata, we can still decide how our public systems are designed, governed, and integrated.
The government’s digital push over the past decade reflects this partial control. Systems like National ID and platforms such as the Nagarik App show slow, flawed progress in digitising service delivery. Citizens can access documents, register complaints, and interact with the state without standing in line.
NOT SMART
But digitisation is not the same as intelligence. As Niraj Bhusal from the Ministry of Finance points out, Nepal’s digital systems are “smart but dumb”. They exist online, but they often do not talk to each other. The fact that an expired passport can still be used to generate a police report is not a minor glitch, it is a reminder that automation without integration merely digitises inefficiency.
Ownership of data is where sovereignty is most often claimed, and most easily misunderstood. Bhusal says data generated through National ID, passports, and Lok Sewa remain fully owned by the state, even when systems are funded by external agencies like the World Bank or ADB or outsourced to foreign private companies.
Yet global examples suggest that ownership is not always the same as control. In several African countries, outsourced digital ID systems have locked governments into opaque contracts with foreign vendors, or have plunged states in surveillance instead of the promised democratic delivery.
In Mali, a dispute with the French company IDEMIA over payments led to election delays when access to biometric voter data was withheld. Data, in that moment, became leverage.
The same company, notably, was also involved in Nepal’s e-passport and National ID systems, but we recently ended the 16 year ties with the company in mid 2025. Outsourcing is not inherently harmful, but long-term dependence without domestic capacity-building creates quiet vulnerabilities and cycles of dependencies.
Bhusal also highlights that limitations of our systems through lack of education and political instability that leads even notable digitisation efforts not being owned by successive governments, as the credit goes to predecessors.
India’s Aadhaar system is often cited as a counterexample. Built on open-source technologies and managed domestically, it ensured that biometric data remained under state control. But Aadhaar also illustrates the other side of sovereignty: when the state controls vast amounts of citizen data, questions of surveillance, exclusion, and misuse inevitably follow. Sovereignty does not automatically translate into protection.
Nepal now stands somewhere in between. The draft Information Technology and Cyber Security Bill proposes data localisation requirements for sensitive sectors like finance and health. If enacted, it would formalise what officials already claim, that critical data stays within Nepal’s jurisdiction.
Ayusha Chalise is a communication and development scholar specialising in how politics is experienced in the digital space.