An Official Website of the PNG Government

Here's how you know



Official websites use .gov
A .gov.pg website belongs to an official government organization in Papua New Guinea.


~

Secure .gov websites use HTTPS
A lock (🔒) or https:// means you’ve safely connected to the .gov.pg website.

DICT Revokes Conditional ICT Compliance Certificates, Orders Immediate Reassessment of ICT Systems Across Public Sector

by | Sep 12, 2025 | Latest News | 0 comments

Friday 12 September 2025

The Department of Information and Communications Technology has issued a circular calling for immediate reassessment of all ICT systems across government agencies, and revokes Conditional ICT Compliance Certificates issued before the 8th of August 2025.

Section 5 of the Digital Government Act 2022 (“the Act”) gives DICT the mandate through the Secretary as Administrator of the Act, to regulate, enforce, and oversee the implementation of digital government across all public bodies.

The DGA 2022 specifically under sections 14 and 15, states that all ICT Project Designs, procurements, and investments must obtain prior DICT approval and be issued with a Certificate of Compliance (CoC) before funding, procurement, or implementation may proceed.

The directive, signed by Secretary Steven Matainaho, retroactively revokes all previously issued Conditional CoCs.  

The decision follows persistent breaches of the Digital Government Act 2022, including unauthorized ICT procurements, siloed systems that violate interoperability protocols, and failure to migrate to sanctioned infrastructure such as the GovPNG Private Network and .gov.pg domains.

Secretary Matainaho noted in the circular that this is an issue of national security, data sovereignty, and affects the whole-of-government digital transformation agenda.

Key Deadlines and Requirements:

  • 30 September 2025: Re-submit Digital Transformation Officer (DTO) designation and ICT system declarations.
  • 15 October 2025: Begin quarterly compliance reporting.
  • 31 October 2025: Apply for new CoCs with detailed integration plans.
  • 28 November 2026: Complete migration to government-sanctioned infrastructure.

DICT warns that non-compliance may result in criminal penalties, including fines up to K1,000,000 for unauthorized ICT operations, suspension of development funding, and public listing on a non-compliance register.

The circular also outlines technical mandates, requiring agencies to adopt the full GovPNG Technology Stack, including SevisPass, SevisDEx, and the Public Service Digital ID for secure authentication, and to connect to the National Cyber Security Centre.

Next steps for Government Agencies?

Public bodies must acknowledge receipt of the circular within seven days, re-submit required forms, and schedule integration assessments with DICT. All previous CoCs are now invalid.

See Circular

Submit a Comment

Your email address will not be published. Required fields are marked *