The federal government has issued guidance to all IT and financial institutions, along with regulators, advising them to avoid collaborating with, installing, or utilizing artificial intelligence (AI) and information and communication technology (ICT) products of Indian origin.
The reason cited is that these products may pose a continuous, covert, and force-enhancing threat to Pakistan’s critical information infrastructure (CII).
This advisory was communicated to relevant authorities through a cyber security advisory, and it was shared with federal and provincial ministries, including sectoral regulators.
The advisory acknowledged that globally, AI products and services are being employed by various industries, including the financial and banking sectors, to accelerate their growth. However, it raised concerns that some entities in Pakistan’s fintech sector, including certain banks, are engaging with Indian-origin companies that offer IT products, cybersecurity, and AI solutions.
The use of Indian security products and solutions is considered a constant and concealed threat to Pakistan’s CII, including the banking sector, for two primary reasons:
1. The possibility of “backdoor or malware” in the products, potentially collecting logs, data traffic analysis, and personally identifiable information (PII).
2. Direct Indian intrusion into Pakistan’s CII through technical means and access control, with passive monitoring capability.
In light of these concerns, the advisory urged all federal and provincial ministries, as well as sectoral regulators, to raise awareness among their affiliated organizations and licensees about the risks associated with Indian-origin products and solutions.
Furthermore, while discouraging the use of Indian products, the government encouraged authorities to consult with the Pakistan Software House Association (P@SHA) to identify suitable and cost-effective alternatives from Pakistani technical companies.