ISLAMABAD – The Pakistan Telecommunication Authority (PTA) has introduced a major upgrade to its cybersecurity regulations, unveiling the Critical Telecom Data and Infrastructure Security Regulations 2025 (CTDISR-2025).
The revised framework, detailed in PTA’s Annual Cyber Security Report 2024-25, strengthens Pakistan’s telecom security regime by shifting from reactive practices to proactive, risk-based governance. Originally launched in 2020, CTDISR has now been overhauled to keep pace with emerging digital threats.
Nearly all provisions from the CTDISR-2020 were reviewed, refined, or consolidated. The updated regulations introduce new sections covering asset management, risk management, data privacy, cloud security, insider threat detection, business continuity planning, and HR security policies.
Key measures include role-based access controls, mandatory multi-factor authentication, and integration with the National Telecom Security Operations Center (nTSOC) for real-time threat intelligence sharing. PTA says these changes will reduce risks linked to insider threats, third-party vendors, and cloud vulnerabilities.
The regulator emphasized that CTDISR-2025 aligns with global standards like ISO/IEC 27001 and NIST CSF, while complementing Pakistan’s National Cybersecurity Policy 2021. By adopting international best practices and addressing risks such as ransomware, AI-powered attacks, and supply chain compromises, the framework aims to enhance resilience and elevate Pakistan’s standing in the Global Cyber Security Index.
