ISLAMABAD – The Pakistan Telecommunication Authority (PTA) has rolled out sweeping changes to its Critical Telecom Data and Infrastructure Security Regulations (CTDISR), rebranding the framework as CTDISR-2025 to address new cybersecurity challenges.
First issued in 2020, the rules set a baseline for telecom security. The 2025 version reflects five years of evolving threats and technology shifts, aiming to make compliance more practical and consistent across licensees.
The updated framework introduces expanded requirements for asset management, risk governance, privacy, insider threat detection, and cloud security. Telecom operators will now be required to enforce multi-factor authentication, role-based access control, and integration with the national-level nTSOC to improve coordinated incident response.
PTA also stressed the importance of business continuity planning and HR security measures to guard against insider vulnerabilities and operational disruptions. By formally including these aspects, the framework seeks to improve resilience against modern cyberattacks like ransomware, AI-driven exploits, and supply-chain breaches.
Aligned with ISO/IEC 27001, NIST CSF, and Pakistan’s National Cybersecurity Policy 2021, CTDISR-2025 represents a move towards global best practices. PTA expects the reforms to not only protect critical telecom infrastructure but also strengthen Pakistan’s ranking in the Global Cyber Security Index.