The writer is an economist, anchor, geo-political analyst
and the President of All Pakistan Private Schools’ Federation
president@Pakistanprivateschools.com
The rapid digitalization of Pakistan, like many other nations, has transformed the way the state, institutions, businesses, and individuals function. The global nature of cyberspace requires international cooperation to control transnational cybercrime and develop common standards of AI ethics and governance. Pakistan’s cybersecurity strategy must incorporate international cooperation and capacity-building initiatives to participate effectively in global cybersecurity forums. This shift towards a digitally enabled environment, encompassing digital banking, e-governance, and online communication, brings numerous socio-economic opportunities. The rapid digital transformation in Pakistan, driven by the proliferation of information and communication technologies (ICTs) and artificial intelligence (AI), has ushered in unprecedented opportunities for economic growth, governance efficiency, and societal connectivity. However, this digital evolution has also exposed Pakistan to sophisticated cyber threats, particularly those amplified by AI technologies such as deepfakes, autonomous malware, and algorithmic manipulation. The Prevention of Electronic Crimes Act (PECA) of 2016 and the National Cyber Security Policy (NCSP) of 2021 represent Pakistan’s initial efforts to address cybercrime and enhance cybersecurity. Yet, these frameworks lack specific provisions to tackle AI-driven threats, rendering them inadequate in the face of evolving technological challenges. This article critically evaluates the strengths and limitations of PECA and NCSP in addressing AI-related cybersecurity risks, compares Pakistan’s legislative approach with global best practices, and proposes actionable reforms to create a robust, adaptive, and visionary legal framework. By integrating AI-specific regulations, fostering international cooperation, and strengthening institutional capacity, Pakistan can safeguard its digital sovereignty and national security in an increasingly interconnected world. However, it also introduces new security threats, particularly in the cyberspace arena. Artificial Intelligence (AI) is a significant advancement of the 21st century, transforming national defense systems, service delivery, and the private sector. Nonetheless, AI’s application also involves complex cybersecurity threats that traditional legal frameworks struggle to manage fully. AI is being increasingly used in various industries without proper regulatory oversight, raising concerns about privacy, data security, and national security. Cybercriminals are leveraging AI tools to conduct sophisticated attacks that are difficult to detect and prevent. These threats not only target individuals and companies but also pose significant risks to national infrastructure systems, including defense, financial, and communication systems. To address these challenges, the Government of Pakistan introduced the Prevention of Electronic Crimes Act (PECA) in 2016, followed by the National Cyber Security Policy in 2021. While these legislative initiatives aim to provide a legal basis for addressing cybercrimes and ensuring cybersecurity, they require significant reform and modernization to tackle the evolving threats of AI. The existing legal framework lacks specific rules to address AI-generated crimes or control the ethical application of AI technologies in the cyber world. PECA and the National Cyber Security Policy do not provide adequate frameworks for governing AI technologies, casting doubt on their ability to combat future cybersecurity threats. Given the increasing complexity of cyber threats, it is essential to update current policies by incorporating AI-related risk evaluation, compliance, and international collaboration procedures. Pakistan’s cybersecurity strategy must also include diplomatic engagement and capacity-building initiatives to participate effectively in global cybersecurity forums. National security in the digital age is no longer limited to military defense but also encompasses protection against cyber threats that can compromise the digital sovereignty of the state. AI-based cyberattacks, including automated phishing, deepfake manipulation, and intelligent malware, pose significant risks to national security, critical infrastructure, and governmental digital systems. The 21st century has witnessed a global digital revolution, with Pakistan emerging as a participant in this transformative wave. The adoption of digital platforms, mobile broadband, and cloud computing has reshaped sectors such as banking, healthcare, education, governance, and national defense. According to the Pakistan Telecommunication Authority (PTA), over 124 million Pakistanis had access to mobile broadband services by 2022, catalyzing the growth of a digital economy and enabling innovations like e-governance and fintech. However, this digital interconnectedness has also introduced unprecedented cybersecurity challenges, particularly with the rise of artificial intelligence (AI). AI, with its applications in machine learning, facial recognition, predictive analytics, and autonomous systems, is redefining the digital landscape. While AI offers transformative potential for national security, public service delivery, and private sector innovation, it also amplifies cyber threats. AI-powered cyberattacks, including deepfake-based identity theft, automated phishing, and intelligent malware, evade traditional security measures and exploit vulnerabilities in digital infrastructure. These threats not only target individuals and businesses but also endanger critical national systems such as defense, finance, and telecommunications. Pakistan’s legal response to cyber threats includes the Prevention of Electronic Crimes Act (PECA) of 2016 and the National Cyber Security Policy (NCSP) of 2021. These frameworks aim to combat cybercrime and establish a secure digital environment. However, their lack of AI-specific provisions and limited adaptability to emerging technologies highlight significant gaps. This article examines the adequacy of Pakistan’s cybersecurity laws in addressing AI-driven threats, identifies shortcomings in PECA and NCSP, and proposes a comprehensive reform agenda. By drawing on global best practices and emphasizing international cooperation, ethical AI governance, and institutional capacity-building, this study seeks to guide Pakistan toward a resilient cybersecurity framework that aligns with the demands of the digital age. Pakistan’s digital transformation has accelerated over the past two decades, driven by widespread internet access, mobile technology, and cloud computing. The PTA reports that mobile broadband penetration has grown exponentially, enabling innovations in e-commerce, digital banking, and e-governance. AI technologies are increasingly integrated into sectors such as predictive policing, financial analytics, and national defense. For instance, AI-powered surveillance systems and data analytics are enhancing law enforcement capabilities, while autonomous systems are being explored for defense applications. However, the rapid adoption of AI introduces complex cybersecurity challenges. AI’s autonomy and adaptability enable cybercriminals to orchestrate sophisticated attacks that traditional defenses struggle to counter. Automated phishing campaigns, powered by machine learning, can tailor attacks to specific targets with unprecedented precision. Deepfakes, enabled by generative AI, facilitate identity theft and disinformation campaigns, undermining trust in digital systems. Moreover, AI-driven malware can adapt to evade detection, posing risks to critical infrastructure such as power grids, financial systems, and communication networks. As Brundage et al. (2018) note, the adaptability of AI systems makes cyber threats more dynamic and harder to trace, amplifying risks to national security.
The global nature of cyberspace requires international cooperation to control transnational cybercrime and develop common standards of AI ethics and governance. Pakistan’s cybersecurity strategy must incorporate international cooperation and capacity-building initiatives to participate effectively in global cybersecurity forums, by strengthening legal frameworks for National Security!
In the digital age, national security extends beyond traditional military defense to encompass the protection of digital infrastructure and sovereignty. AI-driven cyberattacks, including cyber espionage, infrastructure sabotage, and disinformation campaigns, represent modern forms of hybrid warfare. These threats can destabilize states without conventional conflict, targeting critical systems and public trust. For Pakistan, a geopolitically sensitive nation, securing cyberspace is not merely a technical necessity but a strategic imperative. Weak cyber governance increases vulnerability to asymmetric attacks, as highlighted by international relations theorist Joseph Nye (2017), who argues that cyber power is a critical component of modern statecraft. Enacted in 2016, PECA was a landmark legislative effort to address cybercrime in Pakistan. The act criminalizes offenses such as unauthorized access, data breaches, cyberterrorism, and identity theft, empowering the Federal Investigation Agency (FIA) to investigate and prosecute cybercrimes. PECA establishes a legal framework for digital evidence collection and prosecution, marking a significant step toward cybersecurity governance. However, PECA’s limitations are evident in its inability to address AI-driven threats. The act lacks provisions for emerging technologies like deepfakes, algorithmic manipulation, or autonomous malware. Legal scholars, such as Ahmed (2020), argue that PECA’s broad definitions of cybercrime fail to account for the nuances of AI-based attacks, limiting its effectiveness. Additionally, privacy advocates have raised concerns about PECA’s vague provisions on digital surveillance, which risk infringing on civil liberties without clear guidelines for ethical AI use. The absence of accountability mechanisms for AI systems further undermines PECA’s applicability in the modern digital landscape. The NCSP, introduced in 2021, complements PECA by providing a strategic vision for cybersecurity. The policy emphasizes protecting critical information infrastructure, fostering public-private partnerships, and enhancing institutional capacity through National Computer Emergency Response Teams (CERTs). It also prioritizes cyber awareness and law enforcement training to address evolving threats. Despite its forward-looking approach, the NCSP falls short in addressing AI-specific risks. The policy lacks frameworks for regulating AI technologies or assessing their cybersecurity implications. For instance, it does not outline protocols for managing AI-driven disinformation or ensuring transparency in algorithmic decision-making. The Ministry of IT & Telecommunication (2021) acknowledges the need for institutional capacity-building but does not provide clear mechanisms for integrating AI governance into the cybersecurity strategy. As a result, the NCSP’s effectiveness in combating AI-driven threats remains limited. Pakistan’s cybersecurity frameworks lag behind global leaders such as the European Union (EU) and the United States. The EU’s General Data Protection Regulation (GDPR) and proposed AI Act set stringent standards for data protection, algorithmic transparency, and ethical AI use. The GDPR mandates accountability for automated decision-making, while the AI Act classifies AI systems by risk levels, imposing stricter regulations on high-risk applications like surveillance. Similarly, the U.S. National Institute of Standards and Technology (NIST) Cybersecurity Framework provides guidelines for managing AI-related risks, emphasizing adaptability and resilience. In contrast, Pakistan’s PECA and NCSP lack specificity in regulating AI technologies. The absence of AI-specific clauses and accountability mechanisms leaves gaps in addressing emerging threats. Furthermore, Pakistan’s limited participation in international cybersecurity forums hinders its ability to adopt global best practices. Mueller (2020) emphasizes that international cooperation is critical for addressing transnational cyber threats, yet Pakistan’s lack of multilateral agreements limits its capacity to combat cross-border AI-driven attacks. PECA and NCSP were designed for a pre-AI era, focusing on traditional cybercrimes like hacking and data breaches. The rapid evolution of AI technologies, including generative AI and autonomous systems, has outpaced these frameworks. For example, deepfakes and algorithmic disinformation require specialized legal definitions and enforcement mechanisms, which PECA lacks. Similarly, the NCSP’s strategic vision does not address the ethical implications of AI in cybersecurity, such as transparency in predictive policing or accountability for autonomous systems. Pakistan’s cybersecurity governance suffers from fragmented institutional mandates. The PTA, FIA, and Ministry of IT & Telecom operate with overlapping responsibilities, leading to inefficiencies and coordination challenges. This fragmentation hampers real-time threat response and policy implementation. A unified command structure, supported by a dedicated AI and cybersecurity authority, is essential to streamline efforts and enhance resilience. The enforcement of cybersecurity laws is undermined by a lack of technical expertise among law enforcement and judicial officers. Investigators and prosecutors often lack the skills to handle AI-generated evidence or complex cybercrimes. For instance, cases involving deepfakes or algorithmic manipulation require specialized knowledge of digital forensics, which is currently limited within the FIA. This capacity gap reduces the practical effectiveness of PECA and NCSP. AI-driven cyber threats are inherently global, often originating beyond national borders. Pakistan’s limited engagement in international cybersecurity treaties and forums restricts its ability to address transnational threats. Aligning with global standards, such as the EU’s AI Act or the Budapest Convention on Cybercrime, would enhance Pakistan’s capacity to combat cross-border attacks and adopt best practices. Recommendations for Strengthening Pakistan’s Cybersecurity Framework are included: Introduce AI-Specific Clauses in PECA and Related Regulations; PECA should be amended to include provisions addressing AI-driven crimes, such as deepfakes, algorithmic disinformation, and autonomous malware. These provisions should define AI-generated content, outline penalties for misuse, and establish protocols for collecting and analyzing AI-based digital evidence. By incorporating AI-specific regulations, Pakistan can enhance legal clarity and align with global standards like the EU’s AI Act. Establish an Independent Cybersecurity and AI Regulatory Authority. Pakistan should create a dedicated regulatory body to oversee AI and cybersecurity governance. This authority would develop compliance standards, monitor AI usage, and coordinate threat intelligence and incident response. Comprising legal experts, ethicists, and technologists, the body would ensure a unified national approach, free from political interference, and serve as a hub for policy enforcement and innovation. Enhance Technical Capacity Building for Law Enforcement and Judiciary and training programs should be institutionalized to equip law enforcement and judicial officers with expertise in AI systems, digital forensics, and AI-generated evidence. Establishing cybercrime courts with trained judges would streamline adjudication of complex cases. Investments in digital forensic tools and continuous education will bridge the gap between policy and enforcement. Develop Frameworks for Ethical AI Use in Cybersecurity. A national ethical AI framework should be established to ensure transparency, accountability, and fairness in AI applications, particularly in government-led cybersecurity initiatives. Regular audits of AI systems used in surveillance or predictive policing will safeguard civil liberties and build public trust. This framework should align with global principles of ethical AI governance. Strengthen Public-Private Partnerships for Cyber Resilience. Pakistan should foster public-private partnerships (PPPs) to leverage private sector expertise in AI and cybersecurity. Collaborative initiatives, such as threat intelligence sharing and joint tool development, will enhance resilience. Incentives like tax breaks or grants can encourage private sector investment in cybersecurity infrastructure, as seen in models like the U.S. and U.K. Foster International Cooperation on AI and Cybersecurity Standards. Pakistan should increase its participation in global cybersecurity forums and pursue bilateral and multilateral agreements on AI regulation and cybercrime extradition. Aligning with international frameworks like GDPR and the NIST Cybersecurity Framework will strengthen Pakistan’s digital credibility and resilience against transnational threats. The Path Forward: A Vision for Digital Sovereignty. Pakistan stands at a critical juncture in its digital governance journey. The integration of AI into digital systems offers immense potential but also presents unprecedented risks. The current legal frameworks, PECA 2016 and NCSP 2021, provide a foundation but are ill-equipped to address the complexities of AI-driven cyber threats. By implementing the proposed reforms—AI-specific legislation, institutional centralization, capacity building, ethical AI governance, public-private collaboration, and international cooperation—Pakistan can build a robust cybersecurity ecosystem. These reforms are not merely technical but strategic imperatives for national security. A secure digital environment will foster public trust, drive economic innovation, and enhance Pakistan’s global standing. As AI continues to reshape the digital landscape, Pakistan must act decisively to protect its digital sovereignty and ensure resilience in the face of evolving threats. Amend PECA to include provisions defining AI-generated content, its misuse, and penalties for AI-related crimes. Create a regulatory body to oversee AI and cybersecurity governance, centralizing efforts and removing redundancies in mandates. Provide specialized training to investigators, prosecutors, and judges on AI systems, AI-generated evidence, and legal frameworks. Create a national strategy for ethical AI, outlining principles of transparency, accountability, fairness, non-discrimination, and human control in AI applications. Establish effective public-private partnerships through legislative tools and policies, facilitating threat intelligence sharing, collaborative development of cybersecurity tools, and training programs. Increase international engagement, embracing global best practices in AI governance and cybersecurity, and aligning cyber laws with international standards. By adopting these recommendations, Pakistan can strengthen its cybersecurity posture, protect national interests in the digital era, and enhance its role in the international system of cybersecurity governance. Pakistan stands at a critical juncture in its digital governance journey. The threats posed by AI-enhanced cyberattacks are real and present, necessitating urgent legal reforms. By modernizing its legal framework, reorganizing institutions, regulating ethical AI use, and fostering international cooperation, Pakistan can build a robust cybersecurity system capable of withstanding the challenges of the AI age. This comprehensive approach will not only protect Pakistan’s digital sovereignty but also contribute to its emergence as a significant player in global cybersecurity governance. The convergence of AI and cybersecurity presents both challenges and opportunities for Pakistan. While PECA 2016 and NCSP 2021 mark significant steps toward addressing cybercrime, their limitations in tackling AI-driven threats underscore the need for urgent reform. By adopting a forward-looking, multi-stakeholder approach that integrates AI-specific regulations, institutional coherence, and global cooperation, Pakistan can strengthen its cybersecurity framework and safeguard its national interests. Ensuring that Pakistan remains resilient, secure, and competitive in an increasingly interco.
