The promise of digitisation and artificial intelligence (AI) for Pakistan is unmistakable: a path to modernised governance, efficient services, and new economic frontiers. Yet as the country accelerates its digital transformation, 2026 is shaping up to be a decisive year in which policy visions must confront hard operational realities.
A dual pressure — an epidemic of financial scams and a new wave of mandatory cybersecurity regulations — is forcing a hard turn from aspiration to implementation.
The scale of digital risk is no longer theoretical. According to the Global State of Scams Report 2025, Pakistan loses an estimated $9 billion annually to financial and digital scams, a figure equivalent to roughly 2.5 per cent of GDP and larger than the value of the recent $7 billion IMF loan programme. This “silent economic haemorrhage” stems from increasingly sophisticated fraud that exploits digital payment systems, social media, and telecom networks.
Fraudsters are using AI-polished phishing, fake investment platforms and scams impersonating banks, couriers and service providers, exacting a heavy toll on citizens and businesses alike. Some reports of mega frauds find space in the main daily newspapers, but details of many other incidents keep circulating on social media.
Given the rise in AI adoption and resulting misuse, the country has begun laying a strategic foundation for its digital future that involves setting up training centres and starting a national fund
Authorities have responded, launching major crackdowns such as Operation Grey, which led to hundreds of arrests, including foreign nationals. The National Cyber Crime Investigation Agency (NCCIA) led this operation, with support from the Federal Investigation Authority and the Pakistan Telecommunication Authority.
But these efforts also underscore a critical vulnerability: rapid digital adoption has far outpaced the development of robust cyber governance and public awareness.
In direct response to the accelerating pace of digitisation and AI adoption, Pakistan’s regulatory landscape is undergoing its most significant transformation to date. The year 2026 marks a clear shift away from voluntary or advisory frameworks toward mandatory, legally enforceable requirements. For businesses operating across sectors, regulatory compliance is no longer a matter of best practice or reputational comfort; it is rapidly becoming a basic condition for continued operation and market access.
A central pillar of this shift is the introduction of the Pakistan Security Standards (PSS), which mandate compulsory adoption across all public and private sector information technology and cryptographic systems. Full compliance is required by June 1, 2028 (for defence-sector entities, the deadline was December 31, 2025). The implications for industry are substantial: future hardware and software procurement must explicitly specify PSS-compliant products and systems, and non-compliance risks operational disruption, regulatory sanctions and exclusion from government contracts.
Alongside the PSS, regulators are rolling out increasingly stringent sector-specific requirements. The State Bank of Pakistan’s Technology Risk Management frameworks now demand demonstrable technical and governance controls, formal board-level oversight of cyber risk, and integration of cyber resilience into overall operational resilience planning. These measures reflect a clear expectation that cyber risk be treated as a core enterprise risk, not a purely technical concern.
The telecommunications sector is also facing far-reaching change under the Pakistan Telecommunication Authority’s CTDISR-2025 framework, which mandates data localisation, 24-hour reporting of cybersecurity incidents, clear accountability through designated chief information security officers, and a move toward Zero Trust architectures.
Meanwhile, the anticipated Personal Data Protection Bill — once enacted — is expected to introduce strict data localisation rules and a 72-hour breach notification mandate, further raising the compliance bar for organisations that collect, process or store personal data within Pakistan.
As is evident from the above discussion, Pakistan has begun laying a strategic foundation for its digital future. The cabinet-approved National Artificial Intelligence Policy 2025 sets ambitious targets, including training one million people in AI-related skills, establishing national Centres of Excellence, and creating a dedicated National AI Fund. The policy signals intent, but its success will depend on execution and alignment with ground realities.
Early pilot projects already demonstrate how AI can address longstanding development gaps. In taxation, machine-learning models using satellite imagery are being deployed in Khyber Pakhtunkhwa and Punjab to identify previously unassessed properties and expand the tax base.
In environmental governance, AI-driven dashboards enable real-time smog monitoring and enforcement actions in Punjab. Urban planners in Lahore are using telecom data and AI analytics to map informal economic activity and migration patterns, offering insights that were previously invisible to policymakers.
Policymakers must accelerate institutional readiness. The establishment of a National Cybersecurity Authority should be fast-tracked to serve as a central coordinating body, while the National AI Council must prioritise “AI for development,” linking initiatives directly to measurable outcomes such as improved tax compliance, environmental enforcement and climate adaptation.
The public and media also have a critical role to play. Awareness campaigns must evolve from general warnings to practical education, helping citizens recognise AI-generated scams, phishing attempts and the importance of basic safeguards such as multi-factor authentication. Pakistan’s digital ambition cannot be separated from its digital security. The promise of AI and digitisation is real, but it rests on systems that are trusted, resilient and enforceable. As the National AI Conference approaches in early 2026, the national conversation must focus on this integration — harnessing innovation not just for growth but for secure and sustainable growth.
Published in Dawn, The Business and Finance Weekly, January 5th, 2026
