Pakistan has developed an array of cybersecurity laws over a course of more than two decades though many of these laws are not proving to be compliant with the technological advancements of the current times. The institutions responsible for a safer cyberspace include FIA (Federal Investigation Agency), PTA (Pakistan Telecommunication Authority) and The State Bank of Pakistan (SBP).   However, whether these laws along with these designated institutions secured the cyberspace of Pakistan is a question under consideration.

The FIA has the mandate to investigate and prosecute cybercrimes while the trial of such cases is conducted by the court of sessions and higher courts where the presiding judge has successfully completed training with regards to computer sciences, cyber forensics, data protection etc. The activities of telecom companies are regulated by PTA while SBP issues guidelines on cybersecurity for the financial sector. The first cybersecurity law, Pakistan Telecommunications (Re-organisation) Act came forward in 1996.This was followed by the Electronic Transactions Ordinance (ETO) 2002. The year 2007 brought forward two cybersecurity laws, Payment Systems and Electric Fund Transfer Act and The Prevention of Electronic Crimes Ordinance (PECO). However, these laws somehow failed to deter offenders of the cyberspace by laying down largely ineffective penalties.

In 2016 the Prevention of Electronic Crimes Act (PECA) was passed. This Act gives both substantive and procedural guidelines against several cybercrimes.

The Federal Investigation Agency in pursuance of PECA has different wings specialising in their areas of interest. Till now the FIA is the sole institution which provides computer forensics, mobile and video forensics. Experts successfully identified criminals and terrorists through such video forensics. Its NR3C unit has state of the art computer forensics facility which has, in the past identified those involved in child pornography. The cyber crimes wing (CCW) of FIA has been involved in the capacity building against cyber threats of different governmental departments of Pakistan.

The Gujranwala Circle of CCW has busted the gang involved in the activation of illegal SIMS by using Silicon thumbs and has also helped catch those involving in hacking the email accounts of Police Officers. Cybercrime Wing is organized into 6 zones and 15 cybercrime reporting centres respectively. With ever-growing users of cyberspace this number needs to be uplifted to CCW units in all the rural areas across the entire country. Although considerable initiative for cybersecurity through the implementation of laws has been taken, there is a lot more that needs to be done.

Under the PECA 2016, the federal government has gained the authority to designate any agency to take cognizance of cybercrime, but only FIA has been empowered to do so, ignoring the police within the province. However, FIA suffers from human resource problems and is confined to specific areas in major cities. Therefore, it is out of reach for the general population. In contrast to this, police stations are available in every nook and corner and easily accessible to all and sundry.

Furthering the cybersecurity interests of the nation National Centre for Cybersecurity (NCCS) was established in 2018.This was to undertake extensive academic research on the topic to initiate discourses on how further laws can be made to suit the needs of the evolving cyberspace. However, till now there is not much intellectual input which emanates from this Centre towards this topic. At the most, the only cybersecurity dialogue that we see derives from prominent news articles.

Federal government issued a policy. Under this, a cyber governance policy committee has been formed. This is to construct strict policies against cyberattacks targeting any state institutions as these are termed as “acts of aggression against national sovereignty.” In addition to the NCSP 2021, there are two recent bills – the E-Safety Bill 2023 and the Personal Data Protection Bill 2023 – which have garnered official praise for safeguarding individuals’ digital rights, e-commerce, and the digital economy. However, they have also faced criticism for ambiguity regarding data storage and the degree of independence of the National Commission for Personal Data Protection. Furthermore, they were formulated in a secretive manner – passed by the Federal Cabinet instead of parliament – which was labelled as “undemocratic”. Both the E-Safety Bill 2023 and the Personal Data Protection Bill 2023 facilitate illegal surveillance and isolate Pakistan from the liberal digital community.

In view of the growing number of offences in all parts of the country, attracting PECO, there is a need to designate police as an investigating agency. In addition, both the police and FIA must be trained on the essentials of cybersecurity to better inform and support officials in helping the public. Pakistan also needs to enhance its existing legislative and institutional framework to enhance the efficacy of its cyberlaws. The 2016 Act needs to be amended to include the procedural requirements required with the powers granted under this Act. Secondly, the demand and supply gap for digital skills needs to be bridged by adding more I.T related courses in the university curriculums. Most importantly Pakistan needs the induction of a cybersecurity industry so that reliance on imported hardware and software services and products is reduced. However, the basic framework of laws enacted to bring about cybersecurity in the country seems efficient. What Pakistan needs now is amendments to these already existent laws and supporting statutes to upgrade the efficacy of cybersecurity of this country.