The Pakistan Telecommunication Authority (PTA) has announced draft Critical Telecom Data and Infrastructure Security Regulations 2025 (CTDISR-2025). The regulations aim to strengthen cybersecurity and protect Pakistan’s critical telecom infrastructure. Stakeholders are invited to submit feedback before the rules are finalized.
Under the proposed regulations, all telecom operators, including mobile and internet service providers, must localize data and implement disaster recovery and business continuity plans. The measures are designed to protect Pakistan’s Critical Information Infrastructure (CII) from cyber threats and system failures.
Each company must establish an Information Security Steering Committee (ISSC) chaired by the CEO and appoint a Chief Information Security Officer (CISO) to ensure compliance with cybersecurity standards. The framework follows a Zero Trust Security Model, meaning no user or device is automatically trusted, and access must always be verified. International best practices such as ISO 27001, NIST, and ITU guidelines have been incorporated.
Telecom operators are required to conduct annual risk assessments, vulnerability testing, and third-party cybersecurity audits. Any critical or high-severity incidents, including data breaches or cyberattacks, must be reported to PTA’s National Telecom Computer Emergency Response Team (nTCERT) within 24 hours. Detailed reports must follow within five working days.
The PTA will also have authority to inspect, restrict, or ban foreign software, hardware, or services that may pose national security risks. Companies must maintain secure information repositories, enforce vendor and supply chain security, and implement continuous monitoring and incident management. A Zero Trust and Access Control Policy will be mandatory to prevent unauthorized access.
The draft regulations are available on the PTA website, with comments open until November 7, 2025. Once finalized, CTDISR-2025 will replace the 2020 framework and set a new benchmark for cybersecurity and data protection in Pakistan’s telecom sector.
In other related news also read PTA Warns Citizens Against Fake Online Job Scams
These regulations are expected to enhance safety, build public trust, and align the telecom industry with global cybersecurity standards.
