The Government of Pakistan is pushing forward its digital transformation agenda by prioritizing personal data protection. The Personal Data Protection Bill is being finalized alongside the Pakistan Cloud First Policy (PCFP) to secure public sector data and services.
Approved by the Federal Cabinet in February 2022, the PCFP mandates that all federal entities adopt cloud solutions for new ICT projects. Provincial governments have aligned their policies to ensure consistent and secure cloud governance nationwide.
To support this transition, the Cloud Office and Cloud Acquisition Office (CAO) have been established. The framework enforces data sovereignty, requiring sensitive, confidential, and secret government data to remain within Pakistan.
The ministry has introduced an accreditation framework for Cloud Service Providers (CSPs). Only firms meeting global standards such as ISO/IEC 27001, 27017, 27018, SOC 2, and CSA STAR can serve public entities. Six providers have already applied for accreditation.
These efforts complement the National Cyber Security Policy (2021), implemented through the National CERT and provincial CERTs. The initiative monitors cyber threats, responds to incidents, and enhances resilience across government sectors.