AKISTAN`S Cybersecurity Act has been presented as a milestone. The proposed legislation marks a long-awaited attempt to strengthen national defences in an age where the first strike is often digital. Yet ambition alone will not suffice when dealing with the weaknesses that have repeatedly left the country exposed. As outlined by the IT minister on Friday, the law aims to establish a National Cybersecurity Authority, a beefed-up incidentresponse system, and a secure digital infrastructure built under the Digital Economy Enhancement Project. These are welcome steps. But a cybersecurity framework cannot be judged by announcements alone. It must also be assessed against Pakistan`s recent record.

Over the past few years, Pal
Compounding these vulnerabilities is the reliance on blanket shutdowns. Internet outages such as those most recently imposed in Balochistan often without transparency or due process, have become a default response to security concerns. Such measures not only undermine public trust and damage economic activity, they also reveal the absence of resilient, rights-respecting mechanisms to manage crises. This contradiction is particularly striking given the government`s repeated celebration of Pakistan`s Tier-1 ranking in the ITU Global Cybersecurity Index. Rankings offer little comfort when the public experiences insecurity firsthand.

The Cybersecurity Act will only succeed if implemented with openness, independent oversight and a commitment to protecting fundamental rights. Without this, the law risks amounting to little more than an expanded surveillance tool, adding to concerns raised by civil society in the wake of recent amendments to cybercrime regulations, threats to block VPNs and Pakistan`s latest `Not Free` score in the Freedom House internet freedom report. Pakistan has no shortage of talent. Universities like FASTNU, where the IT minister spoke, and initiatives such as Ignite`s IC design training programme demonstrate technical capacity. Nor is there a dearth of urgency, especially after Marka-i-Haq, which officials have described as a defining moment. What Pakistan does lack is a coherent, civilian-led cybersecurity architecture that prioritises technical excellence over political control. The Cybersecurity Act could be the beginning of such a shift but only if the state confronts the hard truth that national security in the digital era depends as much on rights, transparency and institutional competence as it does on firewalls.