Cloud Adoption in Pakistan From Fragmentation to Sovereignty
Pakistan has the policy. It has the institutions. What it does not yet have is coherence, or the infrastructure to match its ambition. The Cloud First Policy set the right direction, but a cloud market now conservatively valued at approximately $800 million remains over 90% controlled by foreign hyperscalers, with an estimated $720 million or more leaving the country annually. Adoption is fragmented, awareness at the leadership level remains low, and the national digital vision has yet to translate into a unified execution posture. The cost is not abstract: it is measured in forex outflow, siloed government data, constrained IT export growth, and a widening gap to regional peers already building toward Sovereign Cloud and Sovereign AI. This paper maps that gap and points a clear direction forward.
The Global Cloud Imperative
Cloud computing has crossed the threshold from enterprise IT tool to national infrastructure. The global public cloud market, encompassing SaaS, PaaS, IaaS, and disaster recovery services, reached $934 billion in 2025 and is forecast to exceed $1.8 trillion by 2029, growing at a 21% CAGR. Governments worldwide now treat cloud with the same strategic gravity as energy grids and telecommunications networks. The shift is no longer about efficiency alone. It is about competitive positioning in a data-driven world, and about the structural capacity to participate in the AI economy that is emerging from it.
A Look Across Markets
The case for treating cloud as national infrastructure is not theoretical. Peer nations have demonstrated measurable, documented returns across cost, service delivery, and economic competitiveness. The examples below are not aspirational. They are already on the record.
India – MeghRaj (GI Cloud): The GI Cloud platform hosts applications for 2,170 ministries and departments as of 2025, enabling scalable e-governance services delivered through empaneled cloud service providers across India. (PIB)
Saudi Arabia – DEEM Government Cloud: Saudi Arabia’s Cloud First Policy, launched in 2019, delivered over SAR 5 billion (approximately $1.33 billion) in cumulative cost savings up to 2023 through IT consolidation across 237 government entities under the DEEM Government Cloud programme. (Middleeastainews)
UAE – Public Cloud Adoption and Dubai Unified Digital Platform: Public cloud adoption contributed 2.26 percent to UAE GDP, equivalent to $9.5 billion in economic value, in 2021. This is projected to add $181 billion in cumulative value by 2033 through efficiency gains and infrastructure development. (Zawya)
The Sovereignty Dimension
Even as hyperscaler adoption grows, a parallel and increasingly urgent global movement has emerged: nations asserting sovereign control over their digital infrastructure. The US CLOUD Act grants US authorities the right to compel US cloud providers to produce data regardless of where it physically resides. This is a structural legal exposure, not a hypothetical one. BCG’s 2025 analysis of global data centre dynamics identifies data security and sovereignty as a primary driver of nonUS data centre buildout, citing the EU’s GDPR and Indonesia’s Government Regulation mandating data localisation as leading examples. Multiple countries in Asia have enacted or are planning data localisation laws that will directly shape where cloud infrastructure is built and who controls it.
Pakistan’s Cloud Landscape: Direction
Set, Execution Fragmented
Pakistan has the right policies and the right institutions. What it lacks is the connective tissue between them. The momentum is already visible on the ground. PDA is actively designing an AI-native Government Operating System and a National Digital Masterplan, while MoITT under DEEP is building a National Unified Digital Government Platform to integrate citizen services. The question is not whether Pakistan is moving. It is whether what is being built is anchored to a cloud foundation coherent and sovereign enough to sustain it.
The policy framework exists but operates in silos
The Cloud First Policy, SBP Cloud Outsourcing Framework (2023), Digital Pakistan Vision, and emerging Pakistan Digital Authority mandate all point in the same direction. However, each has evolved separately under different institutional mandates, without a shared execution standard. While the Cloud First Policy has been implemented largely at the federal level, adoption still varies significantly across provinces and ministries, with no unified accountability mechanism.
Procurement fragmentation as operational consequence
Institutions including MoITT, NITB, PITB, PTA, PPRA, SBP, and their provincial counterparts each apply their own vendor qualification criteria and compliance standards. A vendor approved by one body is not recognised by another. This prevents Pakistan from aggregating its purchasing power, building a credible domestic cloud tier, or reducing the hyperscaler dependency that currently channels the majority of cloud spend outside the country.
The awareness gap is behavioural, not informational.
Decision-makers across government and the private sector default to on-premise hardware because it is familiar, auditable, and fits existing procurement frameworks.
The fragmentation is a symptom, not the root cause.
Each institution is performing within its mandate. The problem is that there is no shared cloud vocabulary, no common risk classification for government data, and no aggregated institutional learning. Until the awareness and coordination conditions are addressed, the fragmentation will persist regardless of how many individual policies are issued.
Cost of Inaction:
The debate on digital transformation is often framed around future gains, but the cost of delay is equally significant. Inaction is not neutral. When cloud infrastructure, governance reform, and digital modernization are deferred, economic losses deepen, public systems remain inefficient, and national competitiveness weakens over time. For Pakistan, these costs are now visible across three connected dimensions: financial, operational, and strategic.
The Strategic Direction
The starting point is not a new institution or a new policy. It is alignment, and the decision to treat cloud as a national asset. Everything else follows from that.
Close the awareness gap first, at the leadership level, in government ministries and corporate boardrooms. Cloud's strategic value elasticity, AI-readiness, long-horizon returns, is not yet visible to the decision-makers who control the budgets and mandates. Nothing else in this sequence works until that changes.
Execute the policy that already exists. The Cloud First Policy provides the mandate. What is missing is the coordination, shared standards, and accountability to operationalise it coherently across institutions, provinces, and procurement processes.
Reframe cloud from IT procurement to national infrastructure. This conceptual shift changes time horizons, investment logic, and the quality of decisions made around it. A power grid or road network does not compete for budget against immediate priorities, it is the platform on which all other priorities run. Cloud deserves the same framing.
Move deliberately toward Sovereign Cloud: data residency within Pakistani jurisdiction, legal control over critical government workloads, reduced structural dependency on foreign hyperscaler infrastructure for what matters most. This is not isolation from global providers. It is the minimum condition for strategic autonomy.
From Sovereign Cloud to Sovereign AI
AI sovereignty is only accessible from a sovereign cloud foundation. The window to build toward it is open, but not indefinitely.
Nations defining the AI era are doing so on sovereign compute. UAE's Falcon, Saudi Arabia's Humain ($100B+), India's IndiaAI Mission, France's Mistral, all are anchored in sovereign infrastructure. These are not technology projects. They are national positioning decisions, made at the highest level of government, with long time horizons.
Pakistan has real inputs. A 240 million population, a growing talent base, a strong diaspora in global AI, and a $3.2 billion IT export base. But without sovereign data infrastructure, Pakistan cannot train on national data, cannot retain AI intellectual property within its jurisdiction, and cannot attract the category of sovereign-infrastructure-grade investment that the AI era requires.
The risk is structural. Without deliberate action, Pakistan defaults to being an AI consumer and an AI labour market for foreign systems rather than a sovereign AI producer. And as global AI governance frameworks mature — the EU AI Act, UAE's National AI Strategy, India's Responsible AI principles — Pakistan will need its own framework not as a constraint, but as the condition under which sovereign AI becomes credible and investable.
About Us
With over three decades of management consulting experience across telecom, cloud, and digital infrastructure, VTT Global advises governments, investors, and large enterprises on data-centre strategy and transformation. Drawing on hands-on delivery across end-to-end market strategy, commercial feasibility, and infrastructure planning in South Asia, the Middle East, and the United States, we bring a practical, executionaware perspective to data-centre development and investment decisions.