Islamabad, 8 May, 2025: FBR and NADRA have been officially designated as part of Pakistan’s “Critical Information Infrastructure” by the federal government under the Prevention of Electronic Crimes Act (PECA) 2016 and the CERT Rules 2023.
The decision aims to boost the digital security of key institutions including the Federal Board of Revenue (FBR), the National Database and Registration Authority (NADRA), and the IMMPASS platform.
This classification mandates stricter cybersecurity controls and enhanced digital safeguards across these bodies.
IT Minister Shaza Fatima indicated that the new status will oblige FBR and NADRA to adopt advanced security protocols, while also granting authorities the power to take legal steps against cybercrime threats.
READ MORE: FBR Shuts Retail Outlets Over Alleged Tax Evasion
These steps include investigation and prosecution of digital offenses affecting sensitive systems. She noted that the Pakistan Telecommunication Authority (PTA) and the overall telecom industry may soon join this list, pending cabinet review of a submitted proposal.
As part of wider reforms, the minister shared that the CERT Council has suggested the establishment of regional cyber response teams known as CERT sin provinces including Punjab, Sindh, Khyber Pakhtunkhwa, Balochistan, Azad Jammu & Kashmir, and Gilgit-Baltistan.
Sector-specific teams focusing on defense, telecom, and public networks have also been proposed. The summary for cabinet approval of these steps is under consideration.
These national and provincial teams are expected to improve Pakistan’s ability to detect cyber threats, respond to incidents quickly, and build resilience across systems.
READ MORE: NADRA Denies Biometric Verification Problems
The FBR and NADRA, as key government data platforms, are seen as top priorities for protection due to the critical information they handle.
The CERT Council, which is chaired by the Secretary of Information Technology and Telecommunication, includes members from key ministries, academia, industry, and civil society.
This inclusive approach is designed to ensure that cybersecurity strategy benefits from diverse expertise and cooperation across all sectors.
