The National Cyber Emergency Response Team has formally launched a stakeholder consultation process on the revised Pakistan Information Security Framework 2025, marking a significant step in strengthening national cybersecurity governance. The updated framework, referred to as PISF 2025, has been released for final review, with NCERT inviting feedback from a wide range of public and private sector participants before its submission for government approval.
According to NCERT, the revised version of PISF 2025 reflects extensive engagement carried out during earlier review stages. A total of 273 detailed comments were received from federal ministries, attached departments, private sector organizations, universities, and independent cybersecurity experts. These submissions covered technical, regulatory, and operational aspects of information security, highlighting both sector specific challenges and broader national requirements. Officials involved in the review process said each comment was examined carefully, and relevant suggestions were incorporated into the updated framework to ensure it remains practical, adaptable, and aligned with international best practices while addressing local needs.
The current consultation phase is intended to gather further observations from stakeholders on the revised draft, allowing for additional refinement before finalization. NCERT has encouraged continued engagement from industry experts, academia, and government entities, emphasizing that collective input is essential to achieving a balanced and effective national framework. Stakeholders have been invited to submit their comments by February 6, 2026. Officials noted that this phase of consultation is critical for validating the framework’s applicability across diverse sectors, including government operations, critical infrastructure, financial services, telecommunications, and emerging digital platforms. The goal is to ensure the framework is not only comprehensive in scope but also implementable across organizations of varying sizes and capacities.
NCERT stated that the revised Pakistan Information Security Framework 2025 is designed to provide a stronger and more coherent foundation for protecting digital infrastructure and managing cyber risks across the country. The framework outlines structured guidance on governance, risk assessment, incident response, capacity building, and compliance alignment, aiming to support organizations in improving their overall security posture. By incorporating feedback from earlier consultations, NCERT believes the revised framework better reflects operational realities and evolving threat landscapes, while also promoting consistency in information security practices nationwide. Officials added that fostering a shared understanding of cybersecurity responsibilities among public and private stakeholders remains a key priority.
Following the completion of the consultation process, the final version of PISF 2025 is scheduled to be submitted to the Government of Pakistan for approval by February 13, 2026. NCERT officials indicated that timely approval would allow relevant entities to begin aligning their internal policies and controls with the framework, supporting coordinated national efforts to safeguard digital systems. The framework is expected to serve as a reference point for future cybersecurity initiatives, capacity development programs, and policy coordination, reinforcing Pakistan’s approach to managing cyber risks in an increasingly interconnected digital environment.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
