Afghanistan experienced a nationwide internet blackout on 29 September 2025, confirmed by monitoring platforms NetBlocks and Cloudflare Radar. The disruption unfolded in phases over September, beginning with regional fiber outages and culminating in a countrywide loss of connectivity across fixed and mobile networks. De facto authorities linked to the Taliban said the measure aimed to curb “immorality.”
Timeline and scale of the internet shutdown
Initial restrictions emerged in mid-September when fiber connectivity was cut in northern and eastern provinces, including Balkh, Baghlan, Badakhshan, Kunduz, Nangarhar, and Takhar. A provincial official, Haji Attaullah Zaid, told the Associated Press that the action was intended to prevent “immorality,” while promising an alternative for essential needs.
By 29 September, the shutdown became total. Fixed broadband and mobile data services were unavailable nationwide, with NetBlocks reporting a complete connectivity loss as authorities enforced morality rules. Cloudflare Radar data showed a sharp collapse in traffic, and reports also noted disruptions to mobile voice services.
How nationwide internet shutdowns are executed
BGP withdrawals and route filtering
Large-scale shutdowns often rely on Border Gateway Protocol (BGP) manipulation. When operators withdraw route announcements—known as BGP withdrawals—their network prefixes effectively disappear from the global routing table, making domestic networks unreachable from the internet. Platforms such as NetBlocks and Cloudflare detect these events through synchronized drops in Autonomous System (AS) availability and traffic volume.
Backbone fiber and mobile core controls
At the access layer, operators can disable backbone fiber links or isolate internet exchange points, severing domestic paths to the global internet. In mobile networks, restrictions can be enforced within the core (EPC/5GC) by disabling the signaling or data planes, or by blocking PDP/PDN sessions. This prevents devices from establishing data bearers, producing a total loss of packet data for subscribers even when radio access remains nominal.
Throttling and content filtering versus total outage
Authorities sometimes choose softer controls—throttling (artificial slowdowns), DNS blocking, Server Name Indication (SNI) filtering, or TLS session resets—to suppress specific apps or websites. Indicators in Afghanistan point to full unreachability, not selective filtering, consistent with BGP changes and backbone-level cuts.
Economic, aviation, and public-service impact
The blackout disrupted businesses, financial services, education providers, and government agencies. Digital payments, e-learning platforms, e-government portals, and telemetry for critical infrastructure stalled. Local reports indicated the cancellation of all flights at Kabul’s international airport, consistent with aviation best practices when operational communications and real-time data links are impaired.
Research consistently shows that internet shutdowns carry measurable macroeconomic costs. NetBlocks’ Cost of Shutdown Tool has estimated losses reaching millions of dollars per day in comparable incidents, while World Bank and ITU analyses link reliable connectivity to productivity, trade, and service delivery. Prolonged outages amplify supply-chain friction, cash-flow stress, and cyber risk as organizations operate outside normal monitoring and update cycles.
Humanitarian risks and operational continuity
According to United Nations statements, the shutdown undermined life-saving humanitarian operations supporting remote communities affected by a major earthquake one month earlier. Loss of connectivity hinders logistics coordination, health information exchange, and telemedicine—raising risks for vulnerable populations and slowing time-critical aid.
Global context: centralized control enables rapid restrictions
Afghanistan’s experience mirrors patterns observed during major shutdowns in Iran (2019), Myanmar (2021), and other politically volatile contexts. Where telecom infrastructure is centralized and regulatory leverage is strong, authorities can rapidly implement wide-ranging restrictions. Consistent with findings from NetBlocks, Cloudflare Radar, and Access Now’s KeepItOn reports, such measures widen information inequalities, degrade safety, and impose substantial economic costs.
Resilience measures organizations should consider
Organizations operating in high-risk environments should update continuity plans to include: legally compliant backup connectivity (e.g., multi-homing, diverse fiber paths, microwave links, and satellite terminals where permitted); offline-capable workflows for critical applications; frequent offline backups; local caches for updates and operating procedures; failover mechanisms for payments and logistics; store-and-forward messaging; SMS/USSD fallbacks; and staff training for secure offline operations. Implementing graceful degradation—maintaining core functions under constrained conditions—reduces downtime and data loss.
The 29 September 2025 blackout underscores how quickly a blend of BGP manipulation, backbone fiber cuts, and mobile core controls can sever national connectivity. Organizations should review legal options for redundant access, test failover pathways, and continuously monitor NetBlocks and Cloudflare Radar for situational awareness. Proactive planning today shortens recovery time tomorrow and helps safeguard people, operations, and essential services.
