MoITT Unveils Plan to Upgrade Cybersecurity and Draft First Comprehensive Cyber Security Act

Pakistan is embarking on a comprehensive national cybersecurity overhaul aimed at strengthening its digital defenses amid rising global cyber threats. The Ministry of Information Technology and Telecommunication (MoITT) has announced an international tender to hire a consulting firm to assess and modernize the country’s cybersecurity infrastructure, update national policies, and establish Pakistan’s first comprehensive Cyber Security Act. The initiative is part of the USD 77.73 million Digital Economy Enhancement Project (DEEP), funded by the World Bank.

The consultancy, titled “Assessment of Pakistan’s cybersecurity infrastructure, sectoral readiness, and recommendations for improvement” (Reference No. PK-MOITT-519715-CS-QCBS), invites qualified global and local firms to compete under the World Bank’s strict Quality and Cost Based Selection (QCBS) rules. The deadline for submissions is December 15, 2025.

A System Under Strain

Officials acknowledge that Pakistan’s rapidly digitizing ecosystem, spanning public institutions, critical infrastructures, and private enterprises, remains vulnerable to increasingly sophisticated cyberattacks. As government services, digital identities, and financial platforms migrate online, gaps in legislation, infrastructure, threat response, and institutional coordination have become increasingly evident.

Cybersecurity experts note that Pakistan has historically lagged behind regional peers in the ITU Global Cybersecurity Index (GCI), making this initiative critical for improving national cyber resilience.

Comprehensive Mandate of the Consultancy

The selected consulting firm will conduct a sweeping gap analysis across federal agencies, provincial bodies, critical information infrastructures (CIIs), and private sectors, including telecom, energy, finance, health, and industrial networks. Based on this analysis, the firm will provide actionable recommendations to strengthen Pakistan’s cyber posture.

A major task involves overhauling the National Cyber Security Policy (2021) and drafting a forward-looking national cybersecurity strategy grounded in zero-trust architecture principles. This strategy will set the foundation for more secure, resilient, and future-ready digital infrastructure.

The consultancy will also draft Pakistan’s first Cyber Security Act, defining breach notification rules, CII protection mandates, audit requirements, penalties, and establishing a National Cyber Security Authority. In addition, the firm will design regulations and guidelines covering emerging areas such as post-quantum cryptography, digital identity standards, and industrial control system security.

To protect critical sectors, the firm will create a CII identification and grading framework, a cornerstone for safeguarding telecom networks, power grids, oil and gas facilities, financial systems, and transportation infrastructure. It will also design templates for cyber diplomacy and international cooperation, including memoranda of understanding, mutual legal assistance treaties (MLATs), and information-sharing protocols.

Recognizing that technology alone cannot secure a nation’s digital ecosystem, the consultancy will propose a national capacity-building plan. This includes public awareness campaigns, advanced certifications, cyber drills, and academic programs aimed at creating a skilled cybersecurity workforce capable of meeting current and future threats.

Timeline and Team

The consultancy is expected to be completed within 12 months. The winning firm must deploy a multidisciplinary team of cyber experts, legal specialists, technical assessors, and training professionals. Deliverables will include a national strategy, draft laws, regulatory frameworks, CII standards, cyber diplomacy mechanisms, and a nationwide capacity-building blueprint.

By establishing a modern, law-backed, and well-governed cybersecurity ecosystem, Pakistan aims to protect its citizens, businesses, and critical national infrastructure while creating a safer digital environment for economic growth and innovation.

ALSO READ: MoITT Seeks International Firms to Build Pakistan’s First Fiberization Policy Roadmap and RoW Portal