Pakistan’s newly amended Prevention of Electronic Crimes Act (PECA) has sparked debate over its potential impact on digital rights and online security. While the amendments aim to strengthen the country’s cybercrime framework, critics argue that the law’s vague language and lack of enforcement capacity could turn it into an instrument of censorship rather than justice.
Pakistan’s legal landscape has long struggled with laws that remain dormant due to political sensitivities or are misapplied because of their broad scope. This disconnect between legislative intent and enforcement capability undermines public trust in the legal system, leading to coercive rather than consensus-driven governance. The latest changes to PECA, enacted in 2025, follow this pattern, expanding regulations on digital speech and misinformation without addressing law enforcement’s limited ability to implement them effectively.
The sheer scale of cybercrime in Pakistan is alarming. In 2024 alone, over 160,000 cybercrime complaints were registered, yet more than 60 percent remain unresolved due to enforcement inefficiencies. Despite the rising tide of digital crimes, only 350 investigators are available to handle the growing backlog, creating a system that is overwhelmed and ineffective. Instead of addressing these structural shortcomings, the 2025 PECA amendments have introduced stricter regulations on online speech, ‘fake news,’ and criticism of state institutions, raising concerns about press freedom and the suppression of dissent.
This approach is not unique to Pakistan. In several countries, digital laws initially introduced to combat cyber threats have evolved into tools for restricting online discourse. Egypt’s Anti-Cybercrime Law of 2021 resulted in the arrests of over 500 journalists and activists under accusations of spreading false information. Bangladesh’s Digital Security Act of 2018 led to thousands of cases against online critics, including students and minors. Even in the United States, the Computer Fraud and Abuse Act (CFAA) of 1986, originally aimed at preventing hacking, has been controversially expanded to target whistleblowers and activists. India’s Information Technology Act of 2000, designed to regulate e-commerce and cybercrime, has similarly been used to suppress political opposition.
Misinformation is a legitimate global concern, with studies showing that false news spreads six times faster than factual reporting. However, regulation must strike a balance between preventing digital harm and safeguarding fundamental freedoms. Overly broad legal provisions can stifle free expression, creating an environment where individuals and media outlets are forced to self-censor to avoid potential legal consequences.
To ensure the success of cybersecurity regulations, Pakistan must prioritize strengthening law enforcement capacity rather than expanding vague legal provisions. This includes better training for investigators, enhancing forensic capabilities, and implementing independent oversight to prevent abuse of power. Germany’s NetzDG law, enacted in 2017 to regulate online hate speech, is an example of a more balanced approach, incorporating media literacy programs, ethical guidelines, and clear enforcement mechanisms to ensure accountability.
Pakistan now faces a critical decision: whether to create a legal system that fosters trust and ethical conduct or one that relies on restrictive laws to dictate morality. The effectiveness of the PECA amendments will ultimately depend on whether they serve as genuine safeguards against cyber threats or become tools for suppressing free speech in the digital age.
