The Prevention of Electronic Crimes Act (PECA) 2016 is the legislation that was much required in a society where information technology penetrated and became the most integral aspect of lifestyle. The growth and influence of the Internet and other mediums of telecommunication indicate the rapidly growing proclivity towards IT, but, at the same time, it entails both peril and opportunities as John Carlin in his famous article “A Farwell to arms” expounds that the perceived convenience of digital connectivity comes at the cost of potential insecurity. PECA is a vital step in the right direction for a developing country like Pakistan. Electronic or cyber crimes are committed against society, a group of people, corporate entities, institutions, establishments and individuals with a mens rea i.e. criminal intention to effect reputation, cause mental agony and financial loss, defraud to gain monetary or other benefits, or to destabilise or undermine the state institutions or other organisations through the medium of telecommunication networks. The labelling of PECA as a draconian and unconstitutional law is nothing more than verbosity and hyperbole. It would not be out of place to say that it is a very moderate piece of legislation in its present form. All the offences other than cyber terrorism [S.10], child pornography [S.19] and offence against the modesty of a natural person [S.19-B] are non-cognizable and bailable, which means that an investigating agency would not be able to arrest the accused without the permission of court, and even after permission of court a cyber criminal cannot be kept in custody for more than 24 hours. Indian law’s Information Technology Act 2008 is stricter than PECA as all the offences in which punishment is three years or more are cognizable and non-bailable. The same is true of the Malaysian law’s Computer Crime Act 1997, which makes all offences under that act cognizable. Under PECA, all offences other than cyber terrorism, child pornography and offences against the modesty of a natural person are compoundable, which means that at any stage an aggrieved person can enter into a compromise with the accused. Investigation in cyber crimes is an expensive process, and after setting the state machinery into motion, entering to compromise at any stage would result in wastage of state resources. A provision to receive cost for that from both the parties seems feasible and in interest of justice. The quantum of punishment also reveals that PECA does not have the most stringent of punishments. The maximum punishment for cyber terrorism is 14 years, which is much lenient if we compare it with the Indian law i.e. S. 66-F of Information Technology Act 2008, whereby cyber terrorism is punishable with life imprisonment, and with laws in Iran where under the Computer Crime Law 2010, a cyber crime against public morality and chastity is punishable with death. We need to understand the distinction between law and its implementation, subsequently. PECA in its present form with a few inherent defects is not amenable to be challenged on the ground that it is in conflict with fundamental rights. In Pakistan, the real issue is not bad laws but the use of good laws in bad ways with mala fide and ulterior motives. In that context S.10-A, which makes hate speech punishable, could be misused, and be challenged being in conflict with the fundamental right of freedom of expression. S. 32 PECA, which provides powers to an investigating officer, could also be misused; therefore, it seems unconstitutional in its present form, which might be interpreted by the apex courts by applying principle of reading down to make this section workable. The most important issue is that PECA is not capable of implementation promptly as it requires training of judges (S.41) and investigating officers (S.26 and 48), as their job requires special skills in computer sciences, cyber forensics, electronic transaction and data protection. This would take at least six months before they start doing their job aptly. More than 100 million people use mobile phones and 30 million people use the Internet, and thus a massive number of complaints are expected. Presently, there is no infrastructure of investigation and prosecution for the existing complaints. Enhancement of forensic and scientific infrastructure for an investigating agency and capacity building to deal with a massive number of applications is a requisite, but it is not available at the moment. PECA is a much-needed piece of legislation to deal with the problems and issues that arise with the permeation of information and electronic technology in our society, and in many other countries such legislation has been introduced much earlier. It is an evenly poised piece of legislation, and with time all its glitches can be removed by courts in their position of being the custodian of fundamental rights. The writer is a criminal lawyer, and can be reached at Law.bajwa@gmail.com