Telecom

PTA Advances Data Localization: Unveils New Strict Cybersecurity Regulations For Telcos

The Pakistan Telecommunication Authority has taken a major step toward data localization by finalizing the Critical Telecom Data and Infrastructure Security Regulations (CTDISR) 2025 and inviting stakeholder feedback before implementation. The new framework aims to secure Pakistan’s telecom ecosystem and safeguard critical data.

The CTDISR 2025 requires telecom operators to host sensitive information within Pakistan, establish disaster recovery and business continuity plans, and adopt strong measures to protect the country’s Critical Information Infrastructure. The regulations introduce a comprehensive security structure for all telecom licensees, including mobile operators and internet service providers.

Under the enhanced framework, each company must form an Information Security Steering Committee chaired by the CEO and appoint a Chief Information Security Officer to ensure compliance. The regulations follow a Zero Trust Security Model, meaning that no user or device will be assumed trustworthy without verification. The framework aligns with global cybersecurity standards such as ISO 27001, NIST and ITU recommendations, strengthening the role of data localization within international security benchmarks.

Telecom Operators Face Strict Cyber Audit and Reporting Rules

  • Telecom operators will be required to carry out annual risk assessments, vulnerability scans and third-party cybersecurity audits to identify and fix weaknesses.
  • Any critical or high-severity cyber incidents, including data breaches, must be reported to PTA’s National Telecom Computer Emergency Response Team within 24 hours, followed by a detailed report within five working days.
  • PTA will hold the authority to inspect, restrict or block any foreign software, hardware or services that may pose national security concerns.
  • Operators must also maintain secure information repositories, enforce vendor and supply chain security protocols, and ensure constant monitoring and incident management.
  • A Zero Trust and strict Access Control Policy will be mandatory to prevent unauthorized access and enhance user data protection.

The draft regulations have been published on PTA’s official website, with public comments invited until November 7, 2025. Feedback from telecom operators, IT companies and cybersecurity professionals will help finalize the CTDISR 2025 framework, which will replace the older 2020 rules and establish a new standard for telecom data security in Pakistan.

Published by
Manik Aftab
Tags: nCERTpakistan telecomPTA
1 month ago

Recent Posts

Rs10.48 Trillion Injected into Pakistan’s Financial System by SBP

50 mins ago

ZTE’s New Tablet Brings Reliable Features at a Budget Price

7 mins ago

OnePlus 15R to Launch With the Most Powerful Selfie Camera in the R Lineup

26 mins ago

Currency Exchange Rates in Pakistan-December 13, 2025

1 hour ago

5 Pakistani Esports Moments That Shook the Gaming World in 2025

2 hours ago

Pakistan Takes Major Step Toward Blockchain-Based Finance

2 hours ago