PTA has imposed a fine of Rs. 116.7 million on Telenor Pakistan after uncovering an unauthorised sales operation that exposed serious gaps in the operator’s customer relationship management security and oversight of its retail network, with the regulator penalising the company under Section 23 of the Pakistan Telecommunication Re-organization Act, 1996, and giving Telenor 10 days to deposit the fine or face further legal action.
The investigation began with an illegal sales channel operating inside Khyber Teaching Hospital in Peshawar. PTA officials surveyed the site on August 19, 2025, and found Telenor running a sales stall without prior regulatory approval, with the operator at the stall lacking any proof of authorisation or a unique sales identification number. During the inspection, PTA uncovered a significant security risk: Telenor had extended its customer relationship management services to a distribution sales officer through a Virtual Private Network connection, a level of access normally restricted strictly to official franchise outlets. This unauthorised extension allowed the stall operator to perform highly sensitive functions including disowning SIMs, replacing SIMs, and activating new SIMs using Computerized National Identity Cards and Afghan Proof of Registration cards, well beyond what an unverified kiosk should have been able to do.
Following the initial raid, Telenor told the regulator it had taken corrective action, claiming it had terminated the customer relations officer involved, fined the franchisee Rs. 75,000, and reset all access rights. PTA chose to verify these claims rather than accept them at face value, and a follow-up inspection by its Peshawar Zonal Office on September 13, 2025 found the exact same customer relations officer operating openly from the same stall, still using the same franchise credentials and equipment to sell SIMs without PTA approval. The discovery directly contradicted Telenor’s earlier assurances and exposed the company’s claimed remedial action as ineffective or never properly implemented.
In its defence, Telenor argued that the individual involved had acted independently and entirely outside the company’s knowledge or operational systems, maintaining that no actual SIM sales or CRM transactions had gone through its network and that independently owned franchisees were legally separate from the parent company. PTA rejected this argument outright, citing the Subscribers Antecedents Verification Regulations, 2015, under which the telecom operator remains solely responsible for any SIM sold by any means, regardless of whether the sale occurred through a direct company channel or an independent retailer. The regulator expressed clear dissatisfaction with Telenor’s internal enforcement, noting that the company had failed to conduct regular inspections of its retailers, and concluded that the combination of illegal kiosk activity, unauthorised CRM access, and ineffective oversight posed serious risks to the integrity of Pakistan’s national SIM registration regime.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
