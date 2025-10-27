The National Cyber Emergency Response Team (National CERT) has made cybersecurity certification mandatory for all public and private entities under the new Pakistan Security Standards (PSS) — a locally developed framework designed to secure the country’s digital infrastructure and reduce reliance on foreign protocols.

The decision, formalized through Statutory Notification S.R.O. 762(I)/2023, requires full compliance with PSS by June 1, 2028. After that date, it will be unlawful to manufacture, sell, or store any cybersecurity or cryptographic product in Pakistan without certification under these national standards.

The PSS, modeled on international benchmarks such as the U.S. FIPS 140 and ISO 15408 (Common Criteria), aims to ensure confidentiality, integrity, and availability across ICT systems, while aligning Pakistan’s cybersecurity ecosystem with global best practices.

However, the defense sector faces an accelerated deadline, as the National Technical Information Security Board (NTISB) has directed full compliance by December 2025 for all new procurements — a move officials describe as vital for strengthening supply chain integrity and protecting sensitive defense operations.

“Proactive compliance today will safeguard defense operations, streamline procurement, and strengthen Pakistan’s national cybersecurity posture,” the National CERT advisory stated, urging vendors to begin the certification process immediately through accredited IT and cryptographic evaluation labs.

The new mandate also prohibits the marketing or sale of any product claiming cybersecurity or encryption capabilities without meeting PSS standards. Industry partners and vendors have been instructed to communicate certification requirements across their supply chains and to integrate compliance into all procurement policies.

Cybersecurity experts see the policy as a strategic step toward digital sovereignty, signaling Pakistan’s intent to develop its own trust framework instead of relying on foreign certifications. They believe the move will enhance investor confidence, secure e-governance platforms, and protect critical infrastructure in sectors such as banking, energy, and telecommunications.

National CERT has also called for public–private collaboration to ensure smooth adoption and awareness campaigns to educate stakeholders on certification procedures. Officials emphasized that the initiative is “not merely regulatory” but represents the foundation of Pakistan’s long-term cyber resilience strategy.

