On the morning of January 23, 2026, human rights lawyer Imaan Zainab Mazari-Hazir and her husband Hadi Ali Chattha were travelling to the Islamabad High Court in a vehicle provided by the Islamabad High Court Bar Association to attend a scheduled hearing when police intercepted their car in Islamabad and placed them under arrest.

The detention came despite the couple having secured temporary relief from arrest earlier from the high court in connection with a case related to their social media activity. Authorities invoked previously registered first information reports (FIRs) and took them into custody before they could reach the court.

Within a day, a sessions court sentenced the two lawyers to a combined 17 years in prison under multiple provisions of the Prevention of Electronic Crimes Act 2016 (Peca) linked to posts on the social media platform X. Court proceedings were conducted through video link, while the couple remained in custody, and the verdict was announced shortly afterward.

Reacting to the case, Imaan Mazari’s mother and former federal minister Shireen Mazari tells Eos that the experience has raised serious concerns about how cybercrime laws are being enforced.

“It has certainly alerted me more to the dangers of abuse inherent in the present digital justice system, not only in the actual clauses of the law but also the proclivity to misinterpretation of the law itself,” she says. “The whole exposé of the Blasphemy Business Group [BBG], which has been operating in connivance with some National Cyber Crime Investigation Agency officers, has revealed the abuse of this law most starkly.”

While authorities claim that the newly created National Cyber Crime Investigation Agency (NCCIA) is ‘modernising digital law enforcement’, critics argue the system is increasingly being used to police online speech rather than combat cybercrime. Official data and recent cases raise questions about the system’s steep procedural drop-offs, institutional turmoil and how Pakistan’s cybercrime laws are enforced

While authorities claim that the newly created National Cyber Crime Investigation Agency (NCCIA) is ‘modernising digital law enforcement’, critics argue the system is increasingly being used to police online speech rather than combat cybercrime. Official data and recent cases raise questions about the system’s steep procedural drop-offs, institutional turmoil and how Pakistan’s cybercrime laws are enforced

In May 2024, the federal government created the National Cyber Crime Investigation Agency (NCCIA), replacing the Cybercrime Wing of the Federal Investigation Agency (FIA). The new agency was established under Section 51 of Peca, with nationwide jurisdiction to investigate digital offences. All ongoing cases and staff from the FIA’s Cybercrime Wing were transferred to the new body.

The move was presented as a major structural reform aimed at modernising Pakistan’s response to rapidly growing online crimes, including financial fraud, digital harassment, identity theft, child exploitation, hacking and cyber-enabled scams. Authorities had argued that a dedicated agency would improve investigative focus, enhance digital forensic capacity, speed up case processing and strengthen prosecution under cybercrime laws.

LOOKING AT THE NUMBERS

According to official data obtained through a right to information (RTI) request, the NCCIA received 94,552 complaints nationwide during the nine-month period (April-December 2025) under review in the research conducted for this article.

Of these, 21,260 complaints were converted into formal inquiries, meaning only 22.49 percent moved beyond the initial screening stage, while nearly 77.5 percent did not proceed to inquiry.

From the inquiries initiated, 1,440 FIRs were registered across the country. This represents 1.52 percent of total complaints and 6.77 percent of the inquiries conducted, indicating a significant filtering process between the initial complaint stage and the formal registration of criminal cases.

Further along the prosecution chain, 651 challans were submitted in courts. While this accounts for 45.2 percent of the FIRs registered, it amounts to only 0.69 percent of the total complaints received.

The final stage convictions present an even sharper drop. Only 20 convictions were secured nationwide during the period under review. This translates to 0.021 percent of total complaints, 1.39 percent of FIRs and 3.07 percent of challans submitted in courts. The steep decline at each stage from complaint to inquiry, inquiry to FIR, FIR to challan and ultimately conviction highlights the challenges involved in converting cybercrime complaints into successful prosecutions.

Provincial data also reveals stark disparities in reporting and enforcement. Punjab accounted for 63,831 complaints, representing 67.54 percent of the national total. Sindh followed with 18,067 complaints (19.11 percent), while Khyber Pakhtunkhwa (KP) recorded 10,520 complaints (11.13 percent) and Balochistan 2,134 complaints (2.26 percent).

Punjab also recorded the highest number of FIR registrations, with 1,125 FIRs, 78.1 percent of all FIRs registered nationwide. Sindh recorded 162 FIRs (11.25 percent), KP 121 (8.4 percent), and Balochistan 32 (2.22 percent).

In terms of convictions, Punjab secured 12 of the 20 convictions nationwide (60 percent). Sindh and KP recorded three convictions each, while Balochistan secured two. District-level figures show that complaints are heavily concentrated in major urban centres. Lahore reported the highest number with 19,854 complaints, followed by Karachi with 10,020 complaints. Rawalpindi recorded 9,068 complaints, while Faisalabad (5,571), Multan (4,910) and Gujranwala (4,706) also featured prominently.

In Sindh, Hyderabad recorded 2,091 complaints, while Sukkur, Karachi East and Karachi Central reported comparatively smaller numbers. In KP, Peshawar topped the........

© Dawn (Magazines)