Pakistan is moving forward with plans to establish a dedicated Cybersecurity Authority, with the initial draft of the National Cyber Security Act completed and shared with key stakeholders. The authority is expected to serve as the central body responsible for coordinating and enforcing cybersecurity measures across all Critical Information Infrastructure sectors and operators. The federal government sees the proposed authority as a cornerstone of the National Cyber Security Policy (NCSP-2021), which provides a framework to protect digital assets and secure citizens’ online data.
According to a written reply submitted by Federal Minister for IT and Telecom in the National Assembly, the Cybersecurity Authority will play a critical role in strengthening national cyber resilience. The policy is being implemented under the Digital Economy Enhancement Program, which includes projects such as the Secure Data Exchange Layer, Digital Identity, and e-Citizen enablement. These initiatives aim to establish trust-based digital governance while ensuring that vital public and private sector systems are safeguarded against evolving cyber threats.
The government has already designated the information systems and data of NADRA, FBR, and the telecom sector as Critical Information Infrastructure under PECA-2016. National guidelines for identifying and protecting CIIs have been issued, while processes to designate systems of Immigration & Passports as CII are ongoing. These steps are intended to provide a structured approach to protecting sensitive infrastructure and ensuring continuity of critical services in the event of cyber incidents.
Until the formal establishment of the Cybersecurity Authority, a CERT Council is operational under CERT Rules 2023. The council includes 14 members representing IT Ministry, Defence, Interior, Foreign Affairs, telecom operators, academia, civil society, and governmental CERTs. Its responsibilities include improving cyber incident response, facilitating coordination between public and private entities, and supporting broader implementation of cybersecurity measures. The council’s ongoing work provides a foundational structure for the upcoming Cybersecurity Authority, helping Pakistan strengthen its capacity to manage cyber risks across multiple sectors.
By establishing the Cybersecurity Authority, Pakistan aims to enhance oversight and governance of digital infrastructure, provide clarity on regulatory responsibilities, and align national cybersecurity efforts with international standards. The move is part of broader efforts to modernize the country’s digital framework while securing critical assets, supporting digital transformation, and protecting citizens from emerging cyber vulnerabilities.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
