Techpana Explainer: What is the billing system procurement dispute that is putting Nepal Telecom in danger?
कात्तिक २७, २०८२ १६:२८
Kathmandu: Nepal Telecom had awarded a contract worth about five billion rupees on March 18, 2025, for the procurement of a new billing system. Five months later, on August 31, 2025, the telecom issued a notice stating that Huawei was the only one among the two companies that participated in the contract for its new billing system that qualified for the technical evaluation.
During the technical evaluation, the telecom had formed a tender evaluation committee of experts, which evaluated the matter for about three months.
It was decided to open Huawei's financial proposal (Price Bid) by declaring the proposal submitted by Whale Cloud as technically ineligible as demanded by the telecom. Accordingly, the telecom made the notice of opening Huawei's financial proposal on September 15, 2025 public on August 31 itself.
However, Huawei's financial proposal, which was earlier scheduled to be opened on September 15, was postponed to September 24, citing the unfavorable situation in the country due to the Gen-Z movement.
Meanwhile, the Gen-Z movement changed the government of Nepal.
Telecom issued another notice on September 24, stating that due to special circumstances, the date of opening the financial proposal for the purchase of the telecom billing system has been postponed until further notice.
Two days before that, on September 22, Jagadish Kharel was appointed as the Minister of Communications and Information Technology.
He too, after receiving a tip that there was a dispute in the telecom billing contract, put the process on hold and formed a seven-member study committee under the coordination of former Secretary Maniram Gelal through a ministerial decision. The committee has been given a mandate to submit a report within 21 days.
The tender for the billing purchase has become controversial since the tender was called. There is criticism that fair competition has been eliminated by awarding the contract to a single company. Questions are being raised that the process was moved forward in violation of the Supreme Court's directive order in the contract process.
The court has already said that awarding the billing system contract to a company that is already working on the core network of the telecom will create a conflict of interest and from an information security perspective, it is not appropriate to have the core network and billing system from the same supplier.
Similarly, since Huawei was selected in the technical evaluation of the telecom billing system contract in the name of qualification, questions have been raised that it will prohibit other vendors (vendor lock-in). Telecom has been using the billing system of the Chinese company Asia Info since 2011.
After the contract agreement for three years expired, the same company has been repeatedly extended in the name of maintaining the billing system, despite having to invite new bids. The Commission for the Investigation of Abuse of Authority has filed a corruption case in the special court against the then Managing Director of Telecom, Sangita Pahadi Aryal, alleging irregularities in the process of assigning the work to Asia Info by repeatedly extending the deadline. The case is pending in the court. Since Asia Info's billing system is old, Telecom's services have been disrupted repeatedly. For which Telecom has been criticized.
What is the Core Network and Billing System?
Core networks and billing systems have their own importance in the network of telecom companies. Core network is the main system of the telecommunication network. It controls all voice calls and data package routing, switching, mobility, roaming, etc. It handles all voice calls of the telecom network and sends charging requests to the billing system. The detailed details of the call (Call Detail Record CDR) are in the core network.
Similarly, billing is considered to be the system responsible for charging any telecom operators and preparing invoices (billing) for the use of the telecommunication network. The billing system can be in real time (real time) like Online Charging System (OCS) or in non-real time like automated offline billing system. With the help of the billing system, service providers prepare packages.
What is in the directive order of the Supreme Court?
The Supreme Court had delivered its verdict on September 10, 2024, in a writ petition filed by Advocate Rita Karki, including Telecom, as defendants. Although the writ petition was dismissed, Justices Dr. Nahakul Subedi and Mahesh Sharma Poudel had issued directive orders on two points.
In the full text of the judgment, which was made public a few months after the verdict, the Supreme Court had issued directive orders to ensure that the personal information and data of the person on the network is not accessed and that there is no conflict of interest in the billing system procurement process.
Contents of the directive order
(a) Since it is necessary to ensure the protection of fundamental rights in the procurement and installation of the billing system, it is necessary to ensure that the personal information and data of the person who is under the main communication system (Network) of the manufacturer or seller of the billing system is not accessed and that there is no conflict of interest in the related procurement process.
(b) The procurement process of any public body should be fair, transparent, competitive and economical. In the context of resuming the procurement process that has been stalled for a long time, the company's board of directors has decided to proceed with the procurement process by taking maximum care of the company's interests and the Commission for the Investigation of Abuse of Authority has also directed the company to complete the procurement process without incurring additional financial burdens. In the context of interpreting the terms of the bid in the present procurement process, the agreement should be interpreted and implemented in a manner that does not impose additional financial burdens on the respondent company by taking into account the maximum interests of the company.
Is it appropriate or inappropriate to have a single vendor in the core network and billing system?
While Nepal Telecom's core network is currently managed by Huawei, Asia Info is in the billing system. However, only Huawei has been selected in the technical evaluation of the latest contract.
If the contract is advanced and Huawei is selected in the financial evaluation as well, there will be a single supplier (vendor) in the core network and billing system. However, there is criticism that this would be against the order of the Supreme Court. It is claimed that this would put the customer's information security at risk.
The regulatory Nepal Telecommunication Authority and consultants have also given their opinions on this issue. Dr. Ganesh Gautam, Associate Professor of the Department of Electronics and Computer Engineering under the Pulchowk Campus of Tribhuvan University, has expressed his opinion on whether it is appropriate to implement the core network and billing system from a single supplier from an information security perspective. Gautam expressed his opinion on 27 June 2025.
Gautam concluded that although there are some minor benefits to having a single supplier for the core network and billing system, it would be better for Nepal Telecom to have separate suppliers for the core network and billing system from the perspective of data security, maintenance, transparency, identification of problems in the systems, and monopoly over the systems.
Gautam mentioned that having a single supplier access both the billing system and the core network would be risky from a data security perspective. He suggested that the following considerations be taken into account since both systems must comply with the standards and protocols of the same system and the systems must be interoperable.
1. If one system is accessed in some way, the other system can be compromised using the same method. However, when the two systems are developed by different suppliers, the likelihood of both having the same security vulnerability is very low.
2. When both systems are from the same supplier and one of the systems goes down due to technical/special reasons, the other system may also go down for the same reason. This problem is less likely to occur when there are multiple suppliers.
3. When both systems are provided by the same supplier, the operation and maintenance of the system may be affected simultaneously. Diversification of suppliers plays an important role in mitigating such risks.
However, Gautam has mentioned that there are some benefits to having the same vendor for both systems.
1. It will be easier to technically procure and implement the entire system from a single supplier.
2. It is easier to work with one supplier instead of many.
Gautam's opinion points out that if a single vendor's core network and billing system is used in Nepal, there is a risk of conflict of interest and monopoly challenges, which can lead to a lack of transparency, biased decisions and limited competition. This may increase the risk of vendor lock-in.
Although international organizations such as the Third Generation Partnership Project (3GPP), the International Telecommunication Union (ITU) or the European Telecommunications Standards Institute (ETSI) do not say that using the same vendor for the core network and billing system can be risky from a data security perspective, Gautam has written in his opinion.
International standards regulate the core network and business support system architecture. For that, various frameworks are in use to regulate through third parties. One of them is 3GPP. It defines network functions and security mechanisms for the secure rollout of the system.
Another is the TM Forum ODA. It helps provide various guidelines for the architecture of Business Support Systems/Operations Support Systems. It helps in increasing operational reliability by making the API governance of the system used by the operators secure.
The third is ISO/IEC 27001 and NIST SP 800 series. It certifies that the system is robust in terms of secure recovery, secure infrastructure, etc. These regulatory measures are adopted when there is a single vendor.
What did the regulatory Telecommunications Authority say to the telecom?
On May 19, 2021, the then Managing Director of Nepal Telecom, Dilliram Adhikari, sent a letter to the then Chairman of the regulatory Nepal Telecommunication Authority. The Adhikari had written to the authority for necessary consultation on the matter, as the company producing the telecom's core network (Huawei) also had its own billing solution.
The telecom had sought the authority's opinion on six issues, including customer security and the possibility of conflict of interest. The authority sent a reply to the letter on May 31, 2021.
The authority had also studied the personal data security arrangements in neighboring countries and suggested that the billing solution should not be placed outside the country, outside the legal scope of Nepal.
However, considering the benefits of cloud computing, the cloud computing service provider had advised the telecom to keep the data related to personal information within the borders of Nepal and to make an agreement with the service provider to manage data security by completing due process and having access to Nepal's law enforcement agencies.
In the second point, the Authority advised Telecom to consider whether or not unauthorized manipulation of billing data can occur if the core network and billing system manufacturer are the same and to include relevant terms in the contract to ensure that there is no conflict of interest.
Similarly, Telecom had also sought opinion from Global Telco Consult (GTC) regarding the tender for the purchase of a new billing system. On May 19, 2021, Telecom sought opinion from GTC. GTC sent a reply to Telecom on May 25, 2021.
GTC has clearly stated that there could be a direct conflict of interest if the core network equipment and billing system are from the same manufacturer. GTC has suggested that it would be appropriate for these two systems to be different for upcoming technologies such as IoT, 5G. GTC argues that it would be easier to audit if the core network and billing system are from different manufacturers.
GTC has also advised Telecom on the issue of data security. If the cloud service is located abroad, it has been suggested to Telecom that the laws related to data security and privacy should be effectively implemented in that country. If it is in Nepal, it seems that it has been advised to build a disaster recovery site as well.
Services provided by Huawei in the core network of telecom
1. 2G Core: 7CH MSC (Mobile Switching Center), HLR (Home Location Register), VLR (Visitor Location Register), SGSN (Serving GPRS Support Node)
2. 3G Core: M 7CM MSC (Mobile Switching Center), GMSC (Gateway Mobile Switching Center)
3. POI (Point of Interconnection): This is the core service that connects with other telecom operators.
4. FTTH Core: Using IMS (IP Multimedia Subsystem) as the voice core of landline calls.
Regulators and consultants have given their opinion that if Huawei gets the billing system work due to these core network services provided by telecom, it could lead to a conflict of interest.
ZTE is providing services in Telecom's core network
4G Core: IMS (IP Multimedia Subsystem) for EPC (Evolved Packet Core)
Phase-out processor specifications
Telecom has published billing specifications including processors that have already been notified of being phased out. Due to this, there is suspicion of manipulation in the specifications of the tender issued to purchase the billing system.
It is alleged that the specifications related to servers, OS and network equipment have been approved.
The specifications of servers, OS and network equipment have been specified in 12.14 of the bid document for the purchase of the new billing system issued by Telecom on March 18, 2025. Under which the condition is that the processor should be Intel Xeon Platinum 8000 series or later.
However, on January 14, 2025, two months before the contract was awarded, American multinational technology company Intel released information about product changes. In which the ‘End of Date’ of Intel Xeon Platinum 8000 series processors has been specified.
There is a suspicion as to why processors that are in the phase-out stage were included in the bid document. However, since the telecom has the word Intel Xeon Platinum 8000 series ‘Or Latest’, it seems necessary to evaluate whether those processors can be used or not.
Processors that will be affected
What is the practice in other countries?
Telecom operators in neighboring countries, including India, are working by appointing different vendors for billing systems and core networks. When Ncell Axiata was established, both the company’s billing and core systems were Huawei. But by 2018, Huawei’s billing system was replaced by ZTE through a Request for Proposal (RFP).
Some countries appear to be operating both systems through the same vendor, but in those instances, there appears to be vested interests with the vendors. Three years ago, Sri Lanka was plunged into its deepest economic crisis in history. China is still providing financial assistance to rescue Sri Lanka, which is saddled with a huge debt burden.
Not only this, Mobitel has been supported by China and Huawei for a long time. In 2008, Mobitel also received a loan facility of US$ 450 million from the Chinese Export Credit Agency (ECA). The amount was provided to be spent on expanding Mobitel's services under the initiative of Huawei Technologies.
In this situation, the core network and billing system of Chinese telecommunications equipment manufacturer Huawei is being operated by the mobile operator Mobitel. Along with this, Axiata Bangladesh Limited, which is running a telecom company in Bangladesh under the Robi brand, had signed an agreement with China Development Bank and Huawei Technologies (Bangladesh) Limited in 2010 to expand its telecom network. The value of which was US$ 100 million.
Robi had received a concessional loan from Huawei to purchase equipment. Due to which, here too, a single vendor is working on the core network and billing system.
What are the problems of having a single vendor?
Technicians have warned that the risk is high when the core network and billing system have the same vendor and that the possibility of data manipulation increases when both systems are accessed. Since there is no accountability when both systems are managed by the same company, it is very difficult for the telecom operator to detect any fraud. A former managing director of the telecom said that the risk of losing impartiality in the work is high when the same vendor works.
“He does not have to be accountable to anyone. Billing and core networks are mechanisms that can keep each other in check and balance. If only one gets it, then anything can happen tomorrow. Telecom may not even be aware of it. There is always the risk of tampering with Call Detail Report (CDR) data. Therefore, it is beneficial for the telecom to appoint as many different vendors as possible,” the former managing director told Tekpana.
When the core network and billing system have the same vendor, the operator can be manipulated through various means. Since there is direct access to the database, the risk of data or CDR being manipulated increases. If both systems are implemented by the same vendor, no record of data manipulation may be preserved.
The risk of manipulation of network APIs (application programming interfaces) may also increase. In addition, the most important thing is that the possibility of vendor lock-in increases. If the core network and billing system are implemented by the same vendor, third parties cannot be involved.
The main challenge is that the third-party system cannot be integrated into the operator's network. If it has to be done, the operator may face a huge financial burden. Due to which the telecom operator cannot work openly. In addition, the vendor controls the origin, transmission and destination of data. The vendor can manipulate all systems to suit its own needs. Only a third-party system audit or other regulatory measures can bring transparency.
Nepal Telecom is currently using the Integrated Multi-Protocol Monitoring System (IMMS) for 'Call Loss Monitoring'. Its use can detect the quality of service (QoS), traffic conditions and performance of the telecom. IMMS can monitor more than one network protocol (SS7, SIGTRAN, SIP, Diameter, GTP).
However, it cannot monitor the accuracy of billing. If the telecom has to depend on a single vendor, the IMMS must also depend on the data provided by the same vendor. The vendor must be satisfied with whatever access is provided. If the vendor manipulates and provides data, the operator cannot get accurate data. With a single vendor, the operator cannot determine whether the service provided by the operator is billed correctly or not.
For example, a voice call appears in the operator's system, but the operator cannot confirm whether it was billed at the correct rate. This can affect the operator's revenue. Since these problems can arise, it may be appropriate to move the core network and billing system through different vendors.
पछिल्लो अध्यावधिक: कात्तिक २७, २०८२ १६:३३
