Tech Desk 
Oct 28, 2025
In view of a spike in cyberattacks on governmental and private entities, the National Cyber Emergency Response Team (National CERT) has made cybersecurity certification mandatory for both public and private organisations under the new Pakistan Security Standards (PSS).
The PSS is a locally developed framework which ensures the security of the nation’s digital infrastructure and reduces dependence on outsourced protocols.
All entities in the country are now required to comply with the PSS by June 1, 2028. After this date, it will be illegal to manufacture, sell, or store any cybersecurity or cryptographic products in Pakistan without certification.
The PSS is based on international standards like the US FIPS 140 and ISO 15408, ensuring confidentiality, integrity, and availability across ICT systems while aligning with global best practices.
The noose is tightened the most on the defence sector, facing a stricter deadline, with compliance required by December 2025 for new procurements. This is deemed essential to solidify supply chain integrity and protect sensitive operations.
The NCERT has urged vendors to start the certification process immediately through authorised labs. The new mandate also prohibits the marketing or sale of any cybersecurity products without meeting PSS standards.
Experts view this policy as a bold move towards digital sovereignty, enhancing investor confidence and securing critical infrastructure in sectors like banking and telecommunications.
