Islamabad (Web Desk) — Four years after the approval of Pakistan’s first National Cloud Policy, its effective implementation remains incomplete, leaving key objectives related to the protection of sensitive government and citizens’ data yet to be achieved.
According to sources, the policy required government institutions to adopt a national cloud system instead of establishing separate data centers, ensuring that sensitive government and citizen data would be stored on secure servers within the country. However, the policy has not been fully implemented.
An audit report revealed that even after four years, a licensing system for data centers has not been introduced. The report stated that the establishment of unregistered data centers has increased concerns regarding cybersecurity and regulatory oversight.
According to the audit, the policy included measures such as licensing data centers, strengthening data security, developing modern infrastructure, and migrating government data to the cloud. However, the Pakistan Telecommunication Authority (PTA) has yet to develop the required licensing framework.
In its response, the PTA said that a new licensing framework is currently under development, although a conventional licensing system has not yet been implemented.
The audit report further noted that existing laws already require data centers to be licensed, but the failure to enforce these provisions has created risks for data security and regulatory supervision.