Pakistan has published a draft National Data Governance Policy, proposing to treat government data as a strategic national asset held under the state’s sovereign control. The policy, uploaded on the Ministry of Information Technology’s website for public consultation, lays out a broad framework governing artificial intelligence, cross-border data transfers, citizen privacy, digital public services, and the data economy.
Policy Objectives and Key Principles
The draft policy states: “Government data is a strategic national asset of the Islamic Republic of Pakistan, held in trust for the people.” It aims to ensure government data is governed for “sovereignty, public value, citizen empowerment, and lawful use.” The framework redefines how public bodies manage government information, asserting that “public bodies are custodians, not proprietors,” with a duty to protect, maintain quality, make discoverable, share lawfully, and disclose proportionately.
Data Sovereignty and Cross-Border Transfers
A key objective is to strengthen Pakistan’s control over government data. Cross-border data transfers are allowed only where lawful, justified, and subject to safeguards. The policy declares: “Government data shall remain under the lawful authority and effective control of Pakistan.”
National Data Exchange and Authoritative Sources
To reduce duplication, the policy proposes a governed National Data Exchange called WASL, enabling secure information sharing among public agencies instead of maintaining separate copies. It also designates a single government body as the authoritative source for major national datasets, such as identity records, land, and vehicle information.
Artificial Intelligence and Automated Decision-Making
The policy outlines rules for government use of AI, requiring stricter oversight of high-risk systems that could significantly affect citizens. It states: “The Government of Pakistan shall harness artificial intelligence, automated decision-making, and emerging data-intensive technologies for public value, while protecting rights, ensuring lawful use, and preserving meaningful human oversight where required.”
Citizen Rights and Data Empowerment
The draft expands citizens’ rights over personal data held by the government. Individuals can know who accessed their information, request corrections to inaccurate records, seek deletion where legally permitted, and obtain human review of significant automated decisions. The policy declares: “The citizen is not a passive subject of data governance but its active beneficiary.”
Once-Only Principle and Open Data
Proposed reforms include a “once-only” principle: “The citizen shall not be required to provide the same information to the State more than once, unless such repetition is necessary by law or for verification.” Public-sector data will be open by default, subject to legal restrictions.
Oversight and Implementation
The policy will be overseen by the Pakistan Digital Authority, which will establish a National Chief Data Officer. Every federal public body must appoint its own Chief Data Officer, and a National Data Governance Council will coordinate across federal institutions and provinces. Compliance will be monitored through audits and a National Data Maturity Index measuring implementation effectiveness. The draft policy remains under public consultation and requires federal cabinet approval before coming into force.
