Cybercrime Laws of Pakistan

Key Takeaways

  • Cybercrime is achieving illegal ends through the use of computers and the internet.
  • Although French Telegraph System incident was the first-ever cybercrime perpetrated in 1834, the creation of a worm on the internet by Robert Morris in 1988 was the first-ever “computer-facilitated” cybercrime.
  • In Pakistan, the Prevention of Electronic Crimes Act (PECA) 2016 is the recently enacted law for countering almost all forms of cybercrimes. 
  • Sections 10, 11, 14, 16, 20, 21, 24 of the Prevention of Electronic Crimes Act (PECA) 2016 are the key elements to deal with the rifest types of cybercrimes in Pakistan.


“If you think you know-it-all about cybersecurity, this discipline was probably ill-explained to you” -Stephane Nappo

In the very first episode of The Thin Blue Line, a famous British sitcom, one of the main characters Grim, who is depicted as CID Inspector, says, in the shadowy electronic alleyways of the internet a new type of villain lurks. He says this to make Inspector Fowler understand that the entire concept of thieving has changed after the arrival of computer and the internet. This episode made me craft this write-up and research some of the cybercrime laws in Pakistan.

What is Meant by Cybercrime?

According to Encyclopedia Britannica, the use of a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities, or violating privacy.

In his book Criminology Theories, Patterns, and Practice, Larry J. Siegel maintains, the technological revolution has provided new tools to misappropriate funds, damage property, and sell illicit material. It has created cybercrime, a new breed of offenses that can be singular or ongoing but typically involve the theft and/or destruction of information, resources, funds utilizing computers, computer networks, and the internet.

History of Cyber Crime

Before illuminating my audience regarding the history of cybercrime, it would be pertinent to let them know that I would be mentioning only those crimes which were perpetrated through computers and the internet. The reason is that when we talk of cybercrimes today, we think of it in terms of wireless networking. That is to say, the perpetrator is not in any kind of physical contact with the victim’s computer. He/she might be miles or countries away. If we include other means of cybercrime too, then the history of cybercrime goes back to 1834 when French Telegraph System was hacked by a pair of thieves. They stole information about the financial market. Thus, this incident marked the dawn of cybercrime. Nevertheless, the first internet-facilitated cybercrime took place in 1988.

In 1988, Robert Morris created the very first worm on the internet. In information and technology, a worm is a computer programme that replicates on its own, spreads throughout the computer, and causes it to malfunction. This was released from the Massachusetts Institute of Technology and caused massive disruption in the network.

The most recent incident of cybercrime incident transpired in 2021 in Accenture, a global consulting firm, that was hit by the LockBit ransomware gang.

Cybercrime Laws in Pakistan

In Pakistan, the Prevention of Electronic Crimes Act (PECA) 2016 is the recently enacted law for countering almost all forms of cybercrimes.

Common Cyber Crimes and their Penalties

Following are the most common types of cybercrimes and their penalties in Pakistan:

Electronic Financial Fraud

Electronic financial fraud incorporates all fraudulent activities committed through online means for gaining illegal financial benefits. This crime is punishable under Section 14 of PECA with imprisonment up to three years or a fine, or both.

Cyber Stalking

Cyber stalking is marked by the use of internet-based facilities with the intent to coerce, intimidate or harass someone. This crime is punishable under Section 24 of PECA with imprisonment up to three years and a fine up to one million or with both.

Defamation through Digital Means

Defamation, whether verbal or written, is an offense under Section 499 of Pakistan Penal Code 1860. In terms of cybercrime, publication of false information through online means (including websites, blogs, Facebook, email, or WhatsApp) with intent to harm the reputation of a living person is made an offense under Section 20 of PECA. The punishment includes imprisonment up to three to five years or a fine of one million rupees, or both.

Cyber Blackmailing or Publication of Private Information

Cyber blackmailing refers to intentional exhibition or display of sexually explicit pictures/videos of a natural person via any cyber-related means or threatening someone to exhibit or display the same is declared offense under Section 21 of PECA. Such activities will be dealt with imprisonment up to five years and a fine of rupee five million or with both.

Hate Speech

Hate speech refers to a public speech demonstrated through an information system (social media platforms like Facebook, WhatsApp, Twitter, Instagram, etc.) that expresses hate or encourages violence towards a person or group of persons based on something such as religion or racial hatred is a declared offense under Section 11 of PECA. This crime can be punished with imprisonment up to seven years or a fine of ten million rupees, or with both.

Cyber Terrorism

Cyber terrorism subsumes the following activities when conducted to coerce, intimidate or create a sense of fear or panic in the government or public at large:

  • Unauthorized access to critical infrastructure or data.
  • Unauthorized copying or transmission of critical infrastructure system or data.
  • Interference with critical infrastructure system or data.
  • Glorification of any offense.

Cyber terrorism is punishable under Section 10 of PECA with 14 years imprisonment or fine up to 50 million rupees, or both.

Identity Theft:

Identity theft refers to a crime in which someone obtains a person’s identity through unfair means and uses it to carry out some deceptive or fraudulent activity. This is a criminal offense under Section 16 of PECA and must be dealt with three-year-long punishment or fine of up to five million rupees, or with both.

“Rather than fearing or ignoring cyber attacks, do ensure your cyber resilience to them” -Stephane Nappo


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s