PTA Unveils New Telecom Data Security Framework
The Pakistan Telecommunication Authority has introduced the CTDISR 2025 draft to enhance data localization and strengthen cybersecurity across Pakistan’s telecom sector.
PTA has also invited public feedback from telecom operators, IT firms, and cybersecurity experts before the formal implementation of the framework later this year.
According to PTA, the proposed regulations aim to safeguard sensitive telecom data, enhance operational resilience, and establish a more secure digital ecosystem across Pakistan.
The new framework requires all licensed telecom operators, including mobile and internet service providers, to host critical data within Pakistan’s territorial boundaries.
Under CTDISR 2025, companies must also prepare business continuity and disaster recovery plans while complying with global cybersecurity standards like ISO 27001, NIST, and ITU.
These regulations are designed to align the telecom data protection practices in Pakistan with internationally accepted cybersecurity and data governance benchmarks.
Every licensed operator will form an Information Security Steering Committee chaired by the CEO and appoint a Chief Information Security Officer to ensure compliance.
The framework also adopts a Zero Trust Security Model, which means that no user, device, or application will be trusted without continuous verification.
Telecom operators will conduct annual risk assessments, vulnerability testing, and third-party cybersecurity audits to detect, evaluate, and mitigate potential threats effectively.
Read More: Quetta Internet Blocked Amid Rising Security Concerns
Any significant cyber incident, such as a data breach, must be reported to the National Telecom Computer Emergency Response Team of PTA within 24 hours.
A detailed report explaining the nature, cause, and impact of the incident must also be submitted to the authority within five working days.
PTA will retain the authority to inspect, restrict, or block foreign hardware or software that may create risks to Pakistan’s national security.
Operators must enforce strong vendor security protocols, secure their supply chains, and maintain continuous monitoring with rapid incident response systems.
According to PTA, these steps will foster a culture of cybersecurity, enhance national data protection, and reduce reliance on foreign digital infrastructure.
Public feedback on the CTDISR 2025 draft is open until November 7, 2025, after which it will replace the existing 2020 regulations.
