Pakistan has published a draft National Data Governance Policy, proposing to treat government data as a strategic national asset held under the state’s sovereign control while laying out a broad framework governing everything from artificial intelligence and cross-border data transfers to citizen privacy, digital public services and the data economy.
The draft policy, uploaded on the Ministry of Information Technology’s website last week for public consultation, seeks to establish common rules for how federal government agencies collect, store, share and use data while creating new institutions to oversee implementation and setting standards for emerging technologies.
“Government data is a strategic national asset of the Islamic Republic of Pakistan, held in trust for the people,” the document says.
It maintains the policy is intended to ensure government data is governed for “sovereignty, public value, citizen empowerment, and lawful use.”
The framework also seeks to redefine how public bodies manage government information.
“Public bodies are custodians, not proprietors,” the draft says. “Custodianship carries the duty of stewardship: to protect, to maintain quality, to make discoverable, to share lawfully, and to disclose proportionately.”
A key objective of the policy is to strengthen Pakistan’s control over government data, allowing cross-border transfers only where they are lawful, justified and subject to safeguards.
“Government data shall remain under the lawful authority and effective control of Pakistan,” the policy says.
To reduce duplication across government, the framework proposes creating a governed National Data Exchange, called WASL, through which public agencies would securely exchange information instead of maintaining separate copies of the same records. It also proposes designating a single government body as the authoritative source for major national datasets, such as identity records, land and vehicle information.
The policy also lays out rules for the government’s use of artificial intelligence, requiring stricter oversight of high-risk systems that could significantly affect citizens.
“The Government of Pakistan shall harness artificial intelligence, automated decision-making, and emerging data-intensive technologies for public value, while protecting rights, ensuring lawful use, and preserving meaningful human oversight where required,” it says.
The draft expands citizens’ rights over personal data held by the government, including allowing people to know who accessed their information, request corrections to inaccurate records, seek deletion where legally permitted and obtain human review of significant decisions made by automated systems. “The citizen is not a passive subject of data governance but its active beneficiary,” the policy says. “The Government of Pakistan recognizes and shall give effect to the rights, agency, and empowerment of the citizen in the governance of data held about them.”
Among the proposed reforms is a “once-only” principle aimed at reducing bureaucracy.
“The citizen shall not be required to provide the same information to the State more than once, unless such repetition is necessary by law or for verification,” the draft says.
The policy also proposes making public-sector data open by default, subject to legal restrictions.
It says it would be overseen by the Pakistan Digital Authority, which would establish a National Chief Data Officer, require every federal public body to appoint its own Chief Data Officer and create a National Data Governance Council to coordinate data governance across federal institutions and provinces.
Compliance would be monitored through audits and a National Data Maturity Index measuring how effectively public bodies implement the framework.
The draft policy remains under public consultation and would require federal cabinet approval before coming into force.