Mst. Uzma Mukhtar v. State: Cyber Law Scope in Pakistan 

by

Faisal Irfan

CyJurII Scholar

on 9 December 2025

Citation Number: (2024 SCMR 1520).

Facts

The Supreme Court’s judgment in Mst. Uzma Mukhtar v. State offers important clarification on the scope and limits of Pakistan’s cyber laws, particularly in cases where alleged digital abuse occurred before the enactment of PECA. The petitioner accused the respondent of obtaining her personal photographs without consent and using them to threaten and blackmail her over WhatsApp. Although the allegations clearly involved digital communication, the Court was asked to determine whether the conduct could fall within the offences created under the Prevention of Electronic Crimes Act, 2016, or the earlier provisions of the Electronic Transactions Ordinance, 2002.

Issues

The first issue concerned the temporal reach of PECA. The complaint was filed on 3 August 2016, whereas PECA came into force on 18 August 2016. The Court firmly held that PECA could not be applied retrospectively, relying on Article 12 of the Constitution, which prohibits punishment for acts that were not criminal at the time of their commission. This was a straightforward reaffirmation of a settled constitutional protection. Even though the harm was inflicted through modern digital channels, the Court declined to extend a penal statute backward in time. This reflects a consistent approach within Pakistan’s developing cyber jurisprudence: criminal liability in digital matters must arise strictly from the law in force at the relevant time, and technological novelty cannot justify dilution of fundamental rights.

The second issue concerned the applicability of sections 36 and 37 of the ETO. These provisions criminalise unauthorised access to an information system and interference with digital data. After reviewing the record, the Court concluded that the accused had not engaged in any conduct amounting to accessing, altering, or impairing an information system. The allegations centred on the use of images already in his possession; they did not involve hacking, breaching a device, modifying data, or obstructing a system. The distinction is important. The mere fact that misconduct is carried out through a digital medium does not automatically bring it within the ambit of cyber-specific offences. The Court’s analysis underscores the need to identify a genuine technological intrusion or manipulation before invoking ETO provisions.

Analysis

Viewed together, the judgment draws a clear boundary line in cybercrime adjudication. Harassment conducted through digital platforms is harmful and often devastating, but unless the accused interferes with an information system or the conduct falls within the offences defined under PECA, courts cannot stretch the cyber law framework to cover it. The case also exposes a gap that existed before PECA—while the Penal Code could address elements of intimidation and insult, it lacked provisions specifically designed to deal with digital exploitation and non-consensual image-based abuse. PECA now fills that space, but its protections cannot be retroactively applied.

Implications

Although the petitioner did not obtain the relief she sought, the judgment reinforces several essential principles: cyber laws must be applied with technical precision; penal statutes cannot operate retrospectively; and courts must distinguish between digital communication and genuine cyber intrusions. These doctrines are central to maintaining coherence in Pakistan’s cyber jurisprudence as technology continues to reshape how harm is inflicted and experienced.