The Pakistan Telecommunication Authority has introduced tougher regulations for smart devices and Internet of Things networks. The move aims to protect national data and strengthen security oversight. The updated rules are part of the revised Regulatory Framework for Short Range Devices and Terrestrial IoT Services version 1.4. These changes directly impact Low Power Wide Area Network operators and other IoT stakeholders across the country.
The authority says the framework ensures better control of data flows. It also limits external exposure of sensitive information. PTA believes the new rules will support secure digital growth while addressing national security concerns.
Mandatory Registration and Local Data Storage Rules
Under the revised framework, all LPWAN license holders must register every IoT gateway with PTA. This registration is now compulsory. Operators cannot deploy gateways without prior disclosure to the regulator. PTA will maintain updated records of all operational gateways nationwide.
The framework strictly prohibits storing IoT data outside Pakistan. Any offshore data storage requires formal approval from PTA. This condition applies to all IoT services, regardless of scale or sector. The authority has also been empowered to suspend IoT services immediately if national security risks are identified.
These steps are designed to ensure that sensitive machine-generated data remains under local jurisdiction. PTA officials say local storage improves monitoring and reduces cyber threats.
Stricter Compliance for LPWAN Operators
The revised rules increase compliance requirements for long-range IoT deployments. LPWAN licensees must submit updated gateway lists twice a year. These submissions must reflect all active and planned deployments.
Backend traffic generated through LPWAN networks must now be routed through PTA-licensed Local Access Providers. This ensures lawful interception and monitoring capabilities. The framework also clarifies spectrum usage. IoT networks using shared spectrum will operate on a secondary basis only. They will have no protection from interference and must avoid disrupting primary users.
Licenses for LPWAN services will be issued under the Class Value-Added Services regime. Each license will be valid for five years. Renewal will depend on federal government policy at the time.
Licensing Timelines, Exemptions, and Innovation Support
License holders must launch services within one year of receiving approval. Failure to meet this deadline will result in automatic license cancellation. Existing LPWAN operators must also obtain commencement certificates within one year of the updated framework.
PTA has provided relief to Cellular Mobile Operators and Local Loop licensees. These entities will not need separate LPWAN licenses to offer IoT services in designated bands. However, prior approval from PTA will still be required.
Mission-critical IoT services will face tighter controls. Services linked to public safety, utilities, and transport will operate only on assigned or licensed frequency bands.
The framework also supports research and innovation. Universities, government departments, companies, and law enforcement agencies can conduct non-commercial IoT trials for up to six months. These trials are limited to ten devices per model. PTA and the Frequency Allocation Board will retain inspection authority during testing periods.
