Key Takeaways
- New policy restricts foreign access to sensitive government data.
- Data must be classified based on its level of sensitivity.
- Sovereignty, Residency and Cross-Border Controls Profile defined.
Pakistan has introduced a new National Data Governance Policy aimed at enhancing the security and control over government information. The policy imposes stricter controls on the cross-border transfer of sensitive data, ensuring that it remains within national boundaries unless specific conditions are met.
Under the new framework, public sector institutions must classify their data based on its level of sensitivity before deciding whether it can be hosted or transferred outside Pakistan. Sensitive and critical government information will be subject to data residency requirements, meaning it must remain in Pakistan unless approved for transfer under prescribed conditions.
The policy also introduces a Sovereignty, Residency and Cross-Border Controls Profile (SRC Profile), which defines different tiers of data residency, hosting requirements, jurisdictional safeguards, and approval mechanisms for cross-border data transfers. This ensures that any overseas processing of official data complies with Pakistan’s laws and does not compromise national control over public sector information.
The Pakistan Digital Authority will collaborate with international counterparts, multilateral organizations, and standards bodies to promote responsible cross-border data governance while safeguarding the country's national interests. The policy aims to support lawful international cooperation without weakening protections for government-held data.
According to the National Data Governance Policy, public sector institutions are required to ensure that any overseas processing of official data complies with Pakistan’s laws and does not compromise national control over public sector information. This includes ensuring that data transfers comply with the SRC Profile and obtaining necessary approvals before proceeding with such transfers.
The policy emphasizes the importance of protecting national sovereignty, security, and control over official information. It aims to strike a balance between supporting lawful international cooperation and maintaining robust data protection measures. By implementing these stringent controls, Pakistan seeks to safeguard its critical government data from unauthorized foreign access.




