Pakistan’s 2026 Cybersecurity Mandate: Registration Guide for IT, Cloud & OT Experts

The National Computer Emergency Response Team (NCERT) has officially launched the mandatory registration framework for cybersecurity professionals under the Pakistan Information Security Framework (PISF). This isn’t just a recommendation—it is a legal requirement for anyone auditing or providing consultancy to Pakistan’s critical infrastructure. The 4-Tier Expert ClassificationTo work with government and high-risk entities (CAT-I and CAT-II), you must be registered in one of the following tiers:

Why You Need to Act Now

1. ​Mandatory Compliance for High-Risk Entities: If your client is a bank, telco, or power utility, they are now prohibited from hiring consultants not listed on the NCERT registry.


2. ​Audit Legitimacy: All gap assessments and implementation roadmaps must be signed off by a certified tier-level expert to be recognized by the Pakistan Digital Authority.


3. ​Local Data Sovereignty: The new rules emphasize that Cloud Experts must ensure 100% compliance with local residency laws, preventing sensitive metadata from leaving the country.

​How to Register with National CERT (2026 Process)

• ​Step 1: Document Verification. Prepare your HEC-verified degrees and valid global certification transcripts.


• ​Step 2: Experience Validation. Provide a documented history of risk assessments or compliance audits.


• ​Step 3: Submit Portal Application. Access the official PISF portal (launched April 2026) to upload your portfolio.


• ​Step 4: Tier Assignment. NCERT will review and assign your tier, listing you on the national database for public and private sector verification.






​Industry Note: The deadline for existing IT firms to align their staff with these tiers is December 2026. Failure to register will result in the suspension of service provider licenses for public sector projects