Pakistan Telecommunication Authority has issued a comprehensive update to its Critical Telecom Data and Infrastructure Security Regulations, unveiling the revised CTDISR-2025 framework. The development, announced through PTA’s Annual Cyber Security Report 2024-25, represents a significant change in Pakistan’s approach to safeguarding telecom infrastructure. Originally introduced in 2020, the CTDISR framework established baseline security controls across licensees, and this new revision reflects the shifting threat landscape and technological advancements witnessed over the past five years.
According to the report, nearly all provisions from CTDISR-2020 have been reviewed, refined, or merged to remove overlaps and ensure greater clarity for telecom operators. The revision is intended to strengthen operational applicability and create uniformity across the sector, moving the industry away from reactive security practices towards a proactive and risk-based cybersecurity framework. The updated model is informed by regulatory audits, stakeholder consultations, and industry feedback, with the aim of closing gaps in governance and enhancing resilience against emerging risks.
CTDISR-2025 introduces new categories that broaden the compliance obligations of telecom operators. These include formalized requirements for Asset Management, Risk Management, Data Privacy, Cloud Security, Insider Threat Detection, Business Continuity Planning, Human Resource Controls, and clearly defined roles and responsibilities for information security teams. The revised framework also tightens access control requirements by mandating role-based mechanisms and multi-factor authentication across critical systems. By embedding these measures, PTA intends to reduce vulnerabilities that arise from internal actors, third-party vendors, and evolving cloud infrastructure models.
A central aspect of CTDISR-2025 is the mandatory integration of telecom operators with the National Telecom Security Operations Center (nTSOC). This requirement ensures that real-time threat intelligence is shared across the sector and that incident response efforts can be coordinated at a national scale. Furthermore, by formally integrating HR policies, business continuity planning, and insider threat detection into regulatory obligations, PTA is emphasizing a holistic security strategy that extends beyond technical controls. This shift recognizes that cybersecurity risks stem not only from external attacks but also from misconfigurations, supply chain dependencies, and insider vulnerabilities.
The updated framework aligns closely with global standards such as ISO/IEC 27001 and the NIST Cybersecurity Framework, while reinforcing Pakistan’s National Cybersecurity Policy 2021. By embedding best practices and addressing threats like ransomware, AI-driven attacks, and supply-chain compromises, CTDISR-2025 positions the telecom sector for stronger resilience. PTA has highlighted that full implementation of the revised regulations will not only strengthen critical telecom infrastructure but also enhance Pakistan’s overall standing in international cybersecurity benchmarks such as the Global Cyber Security Index.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
