The Pakistan Telecommunication Authority (PTA) has successfully registered 20,437 Virtual Private Networks (VPNs) as part of its ongoing whitelisting operation, which includes 1,422 companies.
This initiative aims to regulate VPN usage across the country and address challenges related to accessing restricted online content.
Of the registered VPNs, 19,840 belong to 1,286 VPN companies, while 180 are associated with 136 freelancer companies. Additionally, the PTA has registered 417 VPNs linked to the Pakistan Software Houses Association (PASHA).
The registration effort is part of a broader strategy to manage VPN usage, which can bypass state-imposed restrictions by encrypting traffic and routing it through foreign servers. This capability poses a challenge for the PTA, as it allows users to evade national policies on banned content.
According to the IT Ministry, Clause 37 (1) of the Prevention of Electronic Crimes Act (PECA) 2016 mandates the PTA to block unlawful online content. Despite geo-blocking measures at the gateway level, VPNs enable users to access restricted content, complicating enforcement efforts.
The PTA has been registering VPNs since December 2010, following a directive issued under the Monitoring and Reconciliation of Telephonic Traffic (MRTT) Regulation 2010. Courts have also instructed the PTA to take necessary measures to block unlawful content effectively.
While VPNs are widely used by legitimate businesses such as software houses, call centers, and foreign missions for secure network management, the PTA aims to balance these needs with preventing misuse. Public notices have been issued to encourage VPN registration.
The Ministry of Information Technology has noted that the PTA has delegated IP whitelisting controls to the Pakistan Software Export Board (PSEB) to manage “One Window Operations” for call centers and freelancers.
The PTA continues to facilitate VPN registration in collaboration with stakeholders, including the Ministry of IT, PSEB, and P@SHA. However, the authority faces significant challenges in fulfilling its obligations under PECA without controlling VPN misuse.
