We are pleased to share that ABS & Co’s team led by Samar Masood, Natalia Najm and Manahil Gilani advised the Electronic Certification Accreditation Council (ECAC) and the Ministry of Information Technology and Communication on the launch of the Public Key Infrastructure (PKI) for the National Root Certification Authority (CA). The team advised ECAC on bringing changes to the Electronic Transaction Ordinance 2002 and drafted regulations relating to crypto apparatus, accreditation service providers, security auditors that will facilitate the Public Key Infrastructure (PKI) in Pakistan.
The inauguration of the Public Key Infrastructure (PKI) for National Root Certification Authority (NRCA) was done by IT and Telecommunication Minister Syed Amin Ul Haque. The minister said the establishment of NRCA is a step towards the achievement of “accelerated digitisation”.
He highlighted that the Electronic Certification Accreditation Council (ECAC) has established PKI for NRCA for the government, public and private sector entities.
NRCA will be the first to establish trust and security in electronic transactions/communications in the country. It will be globally recognised through WebTrust audit and highly secured PKI setup for accreditation of Certification Service Providers (CSPs).
The minister said that Pakistan had witnessed a dynamic revolution in the sphere of e-commerce and e-governance. “The use of digital signatures is unpredictable as it was unregulated due to the non-existence of NRCA, monopolistic existence of certification authority in the private sector and lack of enforceability and implementation in the public sector by the appropriate authorities,” he observed. However, there is enormous use of digital signatures in public and private sectors in digital contract signing, web hosting, emails, e-voting of intermediaries, e-filing and e-office services etc.
“PKI and overall information security is a multi-billion-dollar global industry. Pakistan has the potential in the form of its youth to participate in this market and prove its mettle, “ he added.
Currently, all the certificates used to secure these services within Pakistan are imported certificates either from Foreign Certification Service Providers like VeriSign, DigiCert, Entrust or Go Daddy, etc or through their partners/resellers in Pakistan.