The Pakistan Telecommunication Authority (PTA) has rolled out Critical Telecom Data and Infrastructure Security Regulations 2025 (CTDISR-2025), a revised cybersecurity framework aimed at fortifying the country’s telecom sector against evolving digital threats.
Read More: Telenor Pakistan Provides Seamless Connectivity, Free Minutes in Flood-Hit Areas
First introduced in 2020, CTDISR established baseline security controls for telecom licensees. The new 2025 version—outlined in PTA’s Annual Cyber Security Report 2024-25—updates nearly all existing controls, removing redundancies, refining requirements, and shifting the sector towards proactive, risk-based governance.
PTA said the overhaul was driven by insights from regulatory audits, industry consultations, and global threat trends. The framework now incorporates expanded compliance domains, including Asset Management, Risk Management, Data Privacy, Cloud Security, Insider Threat Detection, Business Continuity Planning, HR Controls, and defined Roles and Responsibilities for security teams.
Among the most notable additions are mandatory multi-factor authentication, role-based access controls, and direct integration with the National Telecom Security Operations Center (nTSOC) for real-time threat intelligence sharing and coordinated national incident response.
PTA emphasized that CTDISR-2025 aligns with leading global cybersecurity standards, including ISO/IEC 27001 and NIST CSF, and complements Pakistan’s National Cybersecurity Policy 2021. The revised rules specifically address emerging risks such as ransomware, AI-driven cyberattacks, and supply chain compromises.
By embedding international best practices and strengthening compliance obligations, PTA expects the new framework to not only secure critical telecom infrastructure but also enhance Pakistan’s ranking in the Global Cyber Security Index and boost industry-wide resilience.
