Decision to Make Data Hosting in Pakistan Mandatory for Telecom Companies
PTA Finalizes “Critical Telecom Data and Infrastructure Security Regulations 2025”
ISLAMABAD ( Web News )
The Pakistan Telecommunication Authority (PTA) has decided to make data hosting within Pakistan mandatory for telecom companies. The PTA has finalized the “Critical Telecom Data and Infrastructure Security Regulations 2025” (CTDISR 2025).
According to this news agency, the PTA has sought feedback from stakeholders on the new security regulations. All licensed companies will be required to have disaster recovery and business continuity plans. These regulations have been prepared to strengthen cybersecurity in the telecom sector.
As per the document, PTA has directed telecom companies to adopt a “Zero Trust Security Model.” Every telecom operator will be required to appoint a Chief Information Security Officer (CISO). Telecom companies must also conduct annual risk assessments and cybersecurity audits.
Any major cyber incident must be reported to the PTA within 24 hours. The PTA will also have the authority to ban the use of foreign software or equipment. Under the regulations, it will be mandatory for companies to establish Information Security Steering Committees.
Companies have also been instructed to ensure the security of their supply chains and vendors. Through these new regulations, consumer data protection measures will be further strengthened.
The PTA has set November 7 as the deadline for submitting public feedback on the CTDISR 2025, which will replace the existing 2020 framework.