Update 2025: In the evolving landscape of Pakistan’s digital regulation, the Prevention of Electronic Crimes Act (PECA) of 2016 has been a focal point of significant debate. Initially enacted to address cybercrimes, PECA has undergone several amendments, each eliciting concerns regarding its implications for civil liberties.
In February 2022, the government introduced an ordinance amending PECA to criminalize online defamation of authorities, including the military and judiciary, with penalties of up to five years’ imprisonment. This move was met with criticism from human rights organizations, which argued that the amendment violated constitutional rights and endangered journalists and political opponents.
More recently, in January 2025, the National Assembly passed further amendments to PECA, establishing the Social Media Protection and Regulatory Authority. This body is empowered to block and remove content deemed “false or fake,” with offenders facing up to three years in prison and fines of two million rupees. Critics argue that the vague criteria for content removal could lead to violations of freedom of expression and fail to meet international human rights standards.
These developments have prompted widespread protests from journalists and civil society groups, who view the amendments as attempts to suppress dissent and control the digital landscape. The Pakistan Federal Union of Journalists has been at the forefront of these demonstrations, demanding the withdrawal of the bill and expressing concerns over its potential to stifle press freedom.
In light of these changes, it is imperative to critically assess the balance between combating cybercrime and upholding fundamental rights. While the intent to address misinformation is valid, the implementation of such laws must ensure that they do not become tools for censorship or political repression. A nuanced approach, incorporating input from diverse stakeholders, is essential to create a regulatory framework that protects both national security and individual freedoms.
The long-term implications of Pakistan’s amendments to the Prevention of Electronic Crimes Act (PECA) and the introduction of the Social Media Protection and Regulatory Authority (SMPRA) extend beyond immediate concerns of censorship and legal overreach. These developments signal a profound shift in digital governance, freedom of expression, political control, and cybersecurity enforcement. While governments worldwide are grappling with similar challenges, Pakistan’s approach raises critical questions about constitutional rights, media independence, and democratic accountability.
1. Institutionalizing Digital Censorship
The establishment of SMPRA with broad discretionary powers to regulate social media and criminalize “fake news” is a clear indicator that the state intends to consolidate control over online discourse. In the long run, such regulations may lead to a chilling effect where journalists, activists, and even ordinary citizens self-censor out of fear of criminal prosecution. The lack of clear definitions for “false or fake” content creates room for arbitrary enforcement, which historically has been used to silence political dissent rather than protect national interests.
2. Diminishing Press Freedom and Media Independence
Pakistan has long been criticized for crackdowns on independent media, and these new amendments further restrict journalistic freedom. By criminalizing defamation against state institutions such as the military and judiciary, the amendments effectively prevent investigative reporting on corruption, governance failures, and abuses of power. In the long run, this will erode the role of independent journalism, leaving the public with a heavily curated and state-controlled narrative.
A lack of media diversity and critical analysis in digital spaces will also impact Pakistan’s global reputation. International watchdogs such as Reporters Without Borders and Human Rights Watch have already raised alarms about these regulations, and continued restrictions on press freedom could lead to sanctions or reduced international cooperation in cybersecurity and digital economy partnerships.
3. Impact on Digital Economy and Investment Climate
A strict regulatory framework that includes harsh penalties for online speech creates an unstable digital business environment, discouraging both foreign and local tech investment. Platforms such as Facebook, Google, and Twitter have previously opposed similar regulations in other countries, warning that such policies undermine digital rights and economic growth. If global tech companies perceive Pakistan’s digital space as overregulated or hostile, they may reduce investment or withdraw certain services, harming the country’s ambitions of expanding e-commerce, fintech, and digital entrepreneurship.
Furthermore, restrictive internet policies may hinder innovation and creativity in Pakistan’s tech sector, limiting opportunities for startups, freelancers, and digital content creators. The gig economy, which has provided employment to thousands in Pakistan, could also suffer if social media platforms become subject to unpredictable bans or content removals.
4. Strengthening of Cyber Surveillance and Citizen Profiling
The expansion of cybercrime laws under PECA and the new SMPRA regulations effectively enhance state surveillance capabilities. By criminalizing online content and expanding state authority over digital platforms, law enforcement agencies will likely intensify their monitoring of social media, digital communications, and online financial transactions.
In the long run, this normalization of digital surveillance could lead to further erosion of privacy rights. If the law remains vague and unaccountable, ordinary citizens may be subjected to increased online monitoring without due process, leading to potential misuse of data, politically motivated cases, and selective enforcement. This would create an environment where people no longer feel safe expressing their opinions online, even on non-political matters.
5. Weakening of Legal Safeguards and Due Process
One of the most troubling aspects of the recent amendments to PECA is the apparent weakening of due process protections. Vague definitions of cyber offenses allow authorities to apply laws selectively, often targeting journalists, opposition figures, and activists while ignoring pro-government misinformation and propaganda.
Additionally, Pakistan’s judiciary has played a complex role in interpreting and upholding digital rights, with past rulings both supporting and challenging state overreach in internet regulation. However, given the state’s growing control over the judicial and law enforcement apparatus, it is likely that legal safeguards for those accused under PECA will continue to erode. This could lead to politically motivated arrests, lengthy legal battles, and further distrust in the judicial system.
6. Long-Term Consequences for Political Dissent
If these laws remain in place without proper safeguards, they could become permanent tools for digital authoritarianism, ensuring that future governments—regardless of political ideology—inherit a legal framework that allows suppression of dissent without accountability.
History has shown that once a government establishes digital control mechanisms, future administrations are unlikely to relinquish them. In Pakistan’s case, this means any political opposition, human rights movements, or independent thought could be stifled systematically, affecting not just media and activists but also ordinary citizens engaging in political discussions online.
The way ahead: A Digital Crossroads for Pakistan
Pakistan stands at a critical crossroads where it must decide whether it will embrace a truly democratic digital framework or continue down the path of digital authoritarianism. While cybersecurity and responsible online behavior are legitimate concerns, the way these laws are structured suggests an ulterior motive of control rather than protection.
The real test will be whether these laws are applied impartially and with due process, or whether they will be used as a weapon against political opponents and dissenting voices. Without proper checks and balances, transparency, and judicial oversight, Pakistan risks further alienating its citizens, stifling its digital economy, and damaging its international standing.
For now, the challenge remains in striking the right balance—one that protects national security while also ensuring digital rights, economic prosperity, and democratic governance in the long run. If reforms are not introduced, Pakistan’s digital landscape could become increasingly restrictive, making it harder for citizens to express themselves without fear of state intervention.
At Josh and Mak International, we approach the law with the gravitas it deserves, understanding that every legal matter carries profound personal and ethical weight. Guided by principles of justice, fairness, and unwavering integrity, we see our role as more than advocates—we are stewards of our clients’ rights and aspirations. Our work is shaped by a commitment to excellence, meticulous attention to detail, and a deep respect for the dignity inherent in every legal challenge. With a steadfast focus on achieving equitable outcomes, we bring clarity to complexity and champion your cause with the insight and care it merits. Let us stand as your devoted partners in the pursuit of justice and peace.
Contact us at [email protected] for Legal Consultation.
https://joshandmakinternational.com/
____________________________________________________________________________
Original Article follows below:
Criticism and controversy immediately erupted when the details of the Prevention of Electronic Crimes Bill 2015 went public. Is this bill really as flawed as everyone makes out? And if it is, what direction should we be heading in?
There is nobody on this planet with a greater capacity for surveillance than the NSA, but they argue furiously that they aren’t doing anything nefarious. Snowden’s revelation took the form of terabyte upon terabyte of data relating to the surveillance capabilities and activities of the National Security Agency in both a foreign and domestic capacity. Many saw this as a scary affirmation of something that we’ve always known but were praying wasn’t true. Chats, emails, videos, social media activities, music, credit card activity, online browsing and transactions; you name it and the NSA has access to every iota of Internet traffic which goes in and out of the USA. Because of the uniqueness of the Internet, major companies such as Facebook and Google shuffle around their data between different servers which are located across the globe. By doing this all the emails sitting in our in boxes, irrespective of whether they are in Quetta or Islamabad, become the US governments property; yes really! To be honest, this doesn’t bother any of us too much as if you enjoy looking at pictures of pretty girls on your Spotify account or post more pictures of your dog on Facebook than is normal, the US government isn’t interested; but Pakistan’s government is. Well, we say government, but it’s actually the PTA; Pakistan Telecommunication Authority, the MoIT; Ministry of Information Technology and a handful of murky government departments and committees which currently have the power to decide what you can and can’t access over the Internet. They also possess the power to intercept every kind of online communication, be it a text to wish your crush a happy birthday or a photo of your parrot to a friend. Nothing will ever again be sacred, privileged or private……..
If everything you have read so far sounds like the most recent Dystopian thriller you had by the side of your bed then sorry but that’s exactly what it probably is. Thanks to the ever raging war against terrorism, our country has been forced to take some very radical measures, one of the major ones being NAP. The National Action Plan, aimed at countering extremism and terrorism. The PECB, Prevention of Electronic Crimes Bill 2015, plays a pivotal role in NAP and a recent report which the interior ministry prepared noted that the bill was actually one of the governments cornerstones in their plan to fight the every growing online activities of militants and terrorists. In a recent televised interview Anusha Rehman, the State Minister for Information Technology, was questioned about such terminology as spamming and cyber stalking. Rehman said that the Prevention of Electronic Crimes Bill 2015 drew on masses of existing material including the 2003 Australian Spam Act and the Budapest Convention. She insisted that the government had no intention of reinventing the wheel in terms of the legal terminology which is used within the PECB 2015. This is a cogent argument that actually makes sense. The other countries who have had way more experience dealing with online crime and associated safety mechanisms have, invariably, had much longer to evolve. An example of this is the Australian law that contains a whole host of exceptions to its anti-spamming rules that take almost as long to read as the actual text of the law. Within the Budapest Convention are a range of definitions which are internationally recognised including interception, illegal access, misuse of devices, data and system interference, computer related fraud and forgery and offences which related to copyright, intellectual property rights and child pornography. It defines the universal laws for such procedural issues as data preservation, seizure, disclosure of traffic, searches, data interception and real time collection.
However, such explanations and footnotes are missing from the current bill which the standing committee has cleared. According to Ali Raza Abidi from MQM, the committee seemed to be in a mighty hurry to get the bill sent to the house floor. According to insiders, this was due to the MoIT being under pressure to provide the government with some ammunition with which to pursue the NAP objectives within the online realm. However, whether their need to both pursue and then prosecute terrorists actually outweighs their needs to ensure that the fundamental rights of their citizens are safeguarded is the $64m question that almost every government in the world has lost sleep over at some time. Another thing that is troubling is the very real possibility that the government isn’t just drawing inspiration from the Internet governance models within liberal democracies. During the now infamous YouTube hearing in the Lahore High Court, a government counsel told the court that the Saudi Arabian and Chinese models were the ones they were looking to replicate in terms of censorship which would enable the government to sanction the return of the world famous video sharing site minus the blasphemous content. This flies in the face of every established principle of freedom of expression but lines up alongside those models where basic civil liberties have been sacrificed in the name of ‘national security’ or classed as being for ‘the greater good’.
Questionable Competence
The need for a framework of technical concepts within the boundaries of the law in order to govern online lifestyles ans which can be used to either prevent or punish wrongdoings online can’t be argued against by anyone with an iota of common sense. We are all too quick to forget that, despite the memories we have of the cyber crime ordinance which was introduced into our country during the Musharraf years, Pakistan currently has no laws that specifically deal with electronic or cyber crime. For that respect alone, the PECB 2015 needs to be passed, and sooner rather than later. You can, of course, contest the competency of the current law enforcement when it comes to dealing with the new and previously unseen threats which cyber crime brings to a very overcrowded table. This bill stipulates the power the federal government has in that they can establish or designate any law enforcement agency as their investigation agency for the purpose of investigating offences under the banner of the act. The smart money seems to be on the Federal Investigation Agency to take up its former role thus revitalising the cyber crime trail, the most popular alternative is the utilisation of their existing NR3C; National Response Centre for Cyber Crime to open up investigations into the criminal activities occurring within the electronic realm. There will, of course, be an element of sharing responsibility within the Pakistan intelligence community. Both the Fair Trial Act and the Protection of Pakistan Act describe the possible use of data capture and electronic surveillance as evidence in cases involving terrorism. There is also much speculation that one agency will be handed the responsibility of data analyses whilst real time monitoring could be another agency’s domain. Whoever gets these jobs, or job should the powers that be decide to combine the surveillance, the general consensus is that these law guardians will have to be way smarter than the cyber criminals they are in pursuit off as well as being bang up to date on the laws that they’re enforcing. In terms of questionable capability, the Digital Rights Foundation pulled no punches when she spoke of her fight against the government’s attempts at policing the Internet. She said that we have seen clear evidence in the past of the government using Finfisher in order to spy on users, and as they have both the capacity and the resources to employ and use such tools, but never offer accountability or transparency, these tools are potentially both invasive and dangerous. Ms Dad went onto say that there are no reassurances within this bill regarding controlling access to any information which had been acquired or preserved under S28 which covers the acquisition and expedited preservation of data which effectively provides power without control, thus meaning that this bill is a serious threat to every Pakistan citizens right to privacy. This is a criticism that was also raised by Edward Snowden against the NSA. The fact that a sole behemoth will be responsible for storing all the communications between private individuals, and that the employees of that company have access to these private communications is a pretty frightening thought.
Safeguards, or rather the lack of them
As expected, there are huge question marks hanging over this aspect of the bill. A key government figure who was involved with the bills preparation has said that, in relation to the anonymity condition, safety valves should be in place to ensure that the fundamental rights of citizens were upheld and their privacy be protected within the prevailing laws. He also voiced his scepticism about the ability of the FIA and other agencies to handle the crimes that came to light under PECB 2015 and stressed that officers and judges needed extensive training. The concerns are shared by Awais Khan Leghari, the former MNA and IT minister, who’s been insisting that special courts be created as he believes that the current judicial system simply can’t handle cases of cyber crime and any which are brought to court will cause havoc. He voiced these concerns during the National Assembly Standing Committee on IT’s deliberations. Another in agreement with this way of thinking is Sana Saleem from Bolo Bhi who said that none of the government installed systems are in any way sophisticated and there isn’t one of them which can both analyse data effectively or maintain its integrity while being used for mass surveillance due to the involvement of human bias’ and it doesn’t help either that there are no data protection laws in place. Another problem that keeps coming up is that of definition. An example of this is the definition within the bill of a service provider. We both know that this is the term used to describe a company which provides access to the Internet, but in the bill the net far exceeds the boundaries of this explanation. The NGO, Bytes For All in the infamous YouTube case, said that under the bills definition every restaurant, cafe or hotel is classed as a service provider which is going to become ever more problematic as they could be called upon to collect the data on who is using the Internet within their premises.
One thing is for certain, whilst the Prevention of Electronic Crimes Bill 2015 may not be perfect, and may have many problems that need ironing out, we need some kind of bill in place to protect the people of Pakistan and can only hope that common sense prevails in terms of the issues above before it becomes law.
Update as of August 11 , 2016
Quite a few disturbing things have come up as the Cyber Crime Bill Has become law as of this week (11 August, 2016).It has been pointed out that the following clauses/provisions (As mentioned by a news item in Dawn News) should have had the legislature put more thought in them:
‘Recruitment, funding and planning of terrorism’ is punishable with up to seven years in prison and/or a fine, or both. Section 10B criminalises the preparation or dissemination of information that invites or motivates funding, or recruits people “for terrorism or plans for terrorism”.
“ Parody or satire-based websites and social media accounts can be proceeded against under section 23 on ‘Spoofing’, which makes it an offence to run a website or send information with a “counterfeit source”. This is punishable with up to three years in prison, a fine of up to Rs500,000, or both”
“ Internet service providers (such as PTCL or Nayatel) are required to retain usage data for a minimum of one year. This includes the physical address (in case of fixed broadband connections) or the mobile number (for 3G/4G customers); the customer’s name and date and time of Internet usage”
“The law does not specify which law enforcement agency will enforce it, but that responsibility currently lies with the FIA’s National Response Centre for Cyber Crime (NR3C)”
“Authorised officers’ of the agency can require anyone to unlock any computer, mobile phone or other device that may be required for the purpose of investigating a crime or offence”
“Courts can order real-time collection or recording of information for a period of not more than seven days, unless an extension is granted by the court.”
“ Defamation, under sections 18 and 19 of this law, is treated as a criminal offence in the online realm and has harsher punishments than prescribed under the Defamation Ordinance 2002, treats it as a civil matter”
