The Pakistan Telecommunication Authority has introduced stricter regulatory controls on smart devices and Internet of Things infrastructure, aiming to ensure that sensitive data generated within the country remains stored and processed domestically. The new measures are part of the updated Regulatory Framework for Short Range Devices and Terrestrial Internet of Things Services version 1.4.
Under the revised framework, the PTA has made the registration of all IoT gateways mandatory. Every Low Power Wide Area Network licensee is now required to register each operational gateway with the Authority. This move is intended to strengthen oversight of IoT deployments and improve visibility into the country’s rapidly expanding smart device ecosystem.
A key element of the updated regulations is the introduction of strict data localisation requirements. The framework explicitly prohibits the storage of IoT-generated data outside Pakistan without prior approval from the PTA. This provision is designed to address growing concerns around data sovereignty, cybersecurity risks, and unauthorized access to sensitive information.
The PTA has also been granted enhanced enforcement powers under the new rules. In situations involving national security concerns, the regulator can now order the immediate suspension of IoT services. This authority reflects the increasing strategic importance of connected devices, particularly those used in critical infrastructure, industrial operations, and public services.
To further tighten compliance, LPWAN operators are required to submit updated lists of all operational IoT gateways on a bi-annual basis. This requirement allows the regulator to maintain an accurate and up-to-date record of long-range IoT deployments across the country and ensures continued regulatory supervision.
The framework also mandates that backend traffic generated through LPWAN networks must be routed via PTA-licensed Local Access Providers. This requirement ensures that data traffic remains within the country’s regulated telecommunications infrastructure, reducing exposure to unmonitored international routing and potential security vulnerabilities.
In addition, the revised rules clarify the operating conditions for IoT networks using shared spectrum. Such networks are required to function strictly on a secondary basis, without causing interference to primary users and without claiming protection from interference themselves. This provision aims to promote efficient spectrum use while safeguarding existing licensed services.
Industry observers note that the updated framework reflects a broader global trend toward tighter regulation of connected devices and data flows. As IoT adoption increases across sectors such as energy, transportation, healthcare, and smart cities, regulators worldwide are seeking greater control over how data is handled and where it is stored.
For operators, the new requirements introduce higher compliance obligations but also bring regulatory clarity. Clear rules on registration, data routing, and spectrum use can help create a more stable environment for long-term investment in IoT infrastructure. However, companies will need to adapt their technical and operational setups to meet the localisation and reporting requirements.
The PTA’s revised framework signals a stronger emphasis on national data control and security in Pakistan’s digital landscape. As smart devices become more deeply integrated into daily life and critical systems, ensuring regulatory oversight and data protection is expected to remain a central policy priority.
