Legislation · 2025
Digital Nation Pakistan Act, 2025
Entry updated 28 May 2026
Creates the National Digital Commission and the Pakistan Digital Authority to drive a national digital masterplan covering digital identity, digital economy and digital government.
What it is
The Digital Nation Pakistan Act was enacted in January 2025. It is a framework statute. It establishes the National Digital Commission, chaired by the Prime Minister and including provincial chief ministers and senior federal officeholders, to set national direction on digital transformation. Below the Commission sits the Pakistan Digital Authority, the executing body charged with preparing and implementing a National Digital Masterplan. A strategic oversight committee supervises the Authority's performance. The Act's stated pillars are digital society, digital economy and digital government: a digital identity for citizens, digitisation of public services, and interoperability of data held across government bodies.
The Act imposes few direct obligations on private parties on its face. Its substance will arrive through the Masterplan, subordinate rules, and directions of the Authority. It sits alongside — and does not replace — the existing mandates of NADRA on identity, the PTA on telecommunications, and the State Bank on payments, so questions of overlap will be worked out in implementation [the coordination and precedence provisions TO BE VERIFIED BY REVIEWING LAWYER].
What changed
The Act is new law, and as of mid-2026 the working question is implementation. The constitution of the Pakistan Digital Authority, the appointment of its chairperson and members, and the publication of the first National Digital Masterplan should be confirmed against official notifications [status TO BE VERIFIED BY REVIEWING LAWYER]. Two adjacent developments matter for planning. First, Pakistan still had no general personal data protection statute in force as of early 2026 — the Personal Data Protection Bill had been in draft for years [current status TO BE VERIFIED BY REVIEWING LAWYER] — so the Act's data-centralisation agenda runs ahead of a privacy framework. Second, provincial digital initiatives continue in parallel, and the federal-provincial boundary on data and service delivery remains to be tested.
Who is affected
Government ministries, departments and state-owned entities are the primary addressees — they will carry the digitisation and interoperability obligations. In the private sector, the Act matters most to businesses whose products touch digital identity and government data: banks and fintechs relying on NADRA verification, telecom operators, health and education technology providers, and vendors selling technology to the public sector. Citizens are affected as the subjects of a consolidated digital identity.
What to do
Track the Authority's notifications and the Masterplan when published; obligations and procurement opportunities will be in the subordinate instruments, not the Act itself. If your product depends on identity verification or government data access, map how a centralised digital-ID layer would change your integration and your compliance exposure. Vendors to government should watch for the Authority's standards and procurement frameworks. Given the absence of a general data protection law, adopt contractual and internal data-handling standards now — waiting for the statute is not a compliance position.
The text of the instrument, where publicly available, may be obtained from official sources; a PDF will be linked here when the firm’s annotated copy is released. [PDF FORTHCOMING]
