Pakistan Unveils Its Biggest Cybersecurity Overhaul

ISLAMABAD: Pakistan has launched a major overhaul of its national cybersecurity framework under the World Bank-supported Digital Economy Enhancement Project (DEEP), a $77.73 million initiative aimed at modernizing and securing the country’s growing digital ecosystem.

According to the Request for Expression of Interest issued by the Ministry of Information Technology and Telecommunication (MoITT), the government is looking for a qualified international consulting firm to carry out a full assessment of Pakistan’s cybersecurity infrastructure and sectoral readiness.

The selected firm will conduct a detailed gap analysis of existing cybersecurity systems across government organizations, critical information infrastructures, and private-sector entities. The assessment will review weaknesses in legal frameworks, institutional structures, human resources, and technical capabilities. Key sectors that will be evaluated include finance, energy, healthcare, IT, and telecommunications.

A major part of the assignment includes revising Pakistan’s National Cyber Security Policy/Strategy (2021). The updated framework will introduce new strategic priorities such as zero-trust architecture, improved incident response mechanisms, public-private partnerships, and cybersecurity planning for the post-generative AI era. The consulting firm will also create an implementation roadmap with clear performance indicators and defined roles for federal and provincial departments.

Along with policy reforms, the government plans to introduce a new Cybersecurity Act. This law will set regulatory requirements for critical infrastructure operators, breach reporting procedures, cybersecurity audits, and penalties for non-compliance.

Read more: Unregistered VPNs Declared Major Threat to National Security

It will follow global standards such as ITU, NIST, and ISO, and propose forming a National Cyber Security Authority to oversee enforcement. The Act will also include guidelines for areas such as cloud security, AI-driven attacks, and post-quantum cryptography.

The overhaul also focuses on capacity building across government, industry, academia, civil society, and vulnerable communities. The consultancy will identify current skill gaps and suggest certification-based training, cyber drills, academic programs, and research initiatives to strengthen the national cybersecurity workforce. It will also propose ways to support Pakistan’s cybersecurity industry, including incentives for startups and export-oriented service providers.

To ensure a coordinated national response, the project requires wide stakeholder engagement through consultation forums, roundtables, and inter-agency coordination mechanisms. The consulting firm will record outcomes and prepare draft agreements for international cooperation, including templates for MoUs and Mutual Legal Assistance Treaties.