The Pakistan Telecommunication Authority (PTA) has announced major changes to its Critical Telecom Data and Infrastructure Security Regulations (CTDISR), introducing a revised framework known as CTDISR-2025.
The updated regulations, highlighted in PTA’s Annual Cyber Security Report 2024-25, mark a significant shift in the country’s telecom cybersecurity regime. First introduced in 2020, CTDISR had set the baseline for security controls across telecom licensees. The 2025 revision reflects the rapid evolution of digital threats and technological advancements over the last five years.
According to the report, nearly all existing controls under CTDISR-2020 were reviewed, refined, or consolidated to eliminate redundancies and ensure clarity. The revision aims to improve operational applicability and enable consistent implementation across the telecom sector. PTA notes that the updated framework moves away from reactive practices towards proactive, risk-based cybersecurity governance, addressing gaps identified during regulatory audits, consultations, and feedback from industry stakeholders.
A key highlight of CTDISR-2025 is the introduction of new sections that expand the scope of telecom cybersecurity compliance. These include Asset Management, Risk Management, Data Privacy, Cloud Security, Insider Threat Detection, Business Continuity Planning, HR Controls, and defined Roles and Responsibilities for Information Security personnel. Strengthened access control requirements, such as role-based access mechanisms and mandatory multi-factor authentication, have also been made part of the new provisions.
The framework further mandates integration with the National Telecom Security Operations Center (nTSOC) to ensure real-time threat intelligence sharing and coordinated national-level incident response. By formally incorporating HR policies, business continuity mechanisms, and insider threat detection into the regulations, PTA seeks to enhance operational resilience and reduce risks associated with internal vulnerabilities, third-party vendors, and cloud misconfigurations.
PTA’s report emphasizes that CTDISR-2025 aligns with international cybersecurity standards such as ISO/IEC 27001 and NIST CSF, while also complementing Pakistan’s National Cybersecurity Policy 2021.
By adopting global best practices and addressing emerging risks like ransomware, AI-driven attacks, and supply-chain compromises, the revised framework positions Pakistan’s telecom sector for stronger resilience. The regulator expects that the implementation of CTDISR-2025 will not only secure critical telecom infrastructure but also improve the country’s standing in the Global Cyber Security Index.