Now data centers and cloud service providers across the country must be registered with the Department of Information Technology. The government has made such arrangements in the recently released data center management guidelines.

The government has prepared 'Data Center and Cloud Services (Operation and Management) Directory, 2081' to operate the information technology system in a reliable, safe and efficient manner. For the first time in Nepal, a directory on data center and cloud services has been created. The process of listing data centers and cloud service providers is expected to make regulation, transparency and cyber security more effective in this sector. 

According to the Ministry of Communication and Information Technology, guidelines on data centers have been formulated using the authority given by section 79 of the Electronic Transactions Act, 2063. For listing, the concerned companies have to submit the necessary documents to the department. According to section 3 of the

guide, an organization wishing to operate a data center or cloud service must submit an application to the department with more than a dozen documents such as company/firm registration certificate, security and privacy policy, business continuity plan document, data center location map, data center tier details, and IP bridge details. It is mentioned in the guidelines that currently operating data centers and cloud service providers should be registered with the department within 6 months.  Cyber ​​security, data privacy and compliance with international standards will be mandatory while listing

. The directive has made it clear that service providers who want to operate both data center and cloud services should be listed separately. "Listed data centers and cloud service providers have to update the details through the means prescribed by the department by the end of January every year," it is said in section 4. The guidelines state that data centers will be removed from the list if they are found to be misusing the data stored in the data center and Cloudon or if they do not comply with the specified conditions. The

directory categorizes data centers into tiers. Clause 6 mentions that the data center service provider must submit a certificate regarding tier rating to the department. In the schedule of the directory, data centers are classified into four tiers according to international standards.

Small-scale data centers suitable for startups or small businesses are Tier 1, Tier 2 with improved infrastructure, cooling systems, Tier 2, Banks, government agencies and large commercial organizations can use Tier 3 and the highest level Tier 4 data centers based on structures that do not shut down at any time.

Nepal currently has various levels of government and private sector data centers operating. According to the guidelines, the data center service provider where the government data is stored must obtain level three or higher among the levels mentioned in the schedule in the company. The new directive is expected to regulate these data centers by listing them at the appropriate level. This is supposed to improve data security. 

Section 7 contains conditions that service providers must comply with. Such service providers must provide equal access opportunities to all, store only government agency data in government data centers, adopt necessary security standards, and ensure the continuity of the services they provide.

"If unauthorized access is found, it should be reported to the regulatory body and the center in the fastest way," the directive says, "the service provider should arrange a compliance officer to comply with international standards." 

Data center and cloud service providers should arrange server racks in a suitable manner to house servers, network equipment such as firewalls, routers, switches should be available, internet and electricity should be regularly available, and necessary technical manpower should be available. Section 8 of the directive states that the customer should take service only from the service providers listed in the department, and immediately transfer their machinery tools and systems from such providers to the service providers removed from the department's list.

There will be a directorate committee under the chairmanship of the secretary of the Ministry of Communication and Information Technology for the management and coordination of data center and cloud services. The committee will consist of the co-secretaries of the Prime Minister's and Council of Ministers' Offices, Home, Finance, Energy and Water Resources, and Communications. 

The head of the National Cyber ​​Security Center, an expert with at least 10 years of experience in data center and cloud services designated by the department will also be a member, and the Director General of the Information Technology Department will be a member secretary. 

The steering committee will prepare standards for data center and cloud service management and operations and coordinate with relevant ministries, provinces and local levels for data center and cloud service management. According to information technology experts, the number of Tier 3 and Tier 4 level data centers will increase in future due to the expansion of digital infrastructure in Nepal. Experts emphasize the need for the government and the private sector to cooperate and build a high-level data center.