Pakistan has introduced stricter controls on the cross-border transfer of government data under its National Data Governance Policy, aiming to prevent unauthorized foreign access to sensitive public sector information.
The policy sets out a framework for where government data may be stored, processed and transferred, with a focus on protecting national sovereignty, security and control over official information.
Under the new rules, public sector institutions will have to classify government data according to its sensitivity before deciding whether it can be hosted or transferred outside Pakistan. Sensitive and critical data will be subject to data residency requirements and may only be transferred abroad under prescribed conditions and after the necessary approvals.
The policy also introduces a Sovereignty, Residency and Cross-Border Controls Profile, which will define data residency tiers, hosting requirements, jurisdictional safeguards and approval mechanisms for cross-border transfers.
Government bodies will be required to ensure that any overseas processing of official data complies with Pakistan’s laws and does not undermine national control over public sector information.
The Pakistan Digital Authority will also work with international counterparts, multilateral organisations and standards bodies to promote responsible cross-border data governance while protecting Pakistan’s national interests. The policy seeks to support lawful international cooperation without weakening safeguards for government-held data.





