Bruno Tertrais has published a new paper, Pakistan’s nuclear and WMD Programmes: Status, evolution and risks (PDF), at the EU Non-Proliferation Consortium. Its mostly a synthesis of existing information, but sums things up nicely.
On the evolving nature of Pakistan’s requirements for nuclear sufficiency:
Guaranteed unacceptable damage implies survivability even after a first strike by the adversary. Pakistan is likely to use an Indian pre-emptive strike as a planning assumption (coupled, in the future, with the deployment of missile defence by India) … a former SPD officer wrote that for a set of 10 possible targets, a country might need 68–70 warheads (without taking into account the risk of a pre-emptive strike).
On Pakistan’s need for creativity in counter-value targeting:
A diversification of targets could make Pakistani deterrence more credible, given that a strike on Indian cities would produce massive casualties among its Muslim population—something that might be hard to consider for a country whose very creation was justified by the need to provide a sanctuary and a natural homeland for South Asian Muslims. 
For the reverse (and slightly weird) idea, that India would “spare Karachi because Indian Muslims’ relatives live in the city”, see here.
On Pakistan’s nuclear readiness:
It is widely assumed that Pakistan’s nuclear systems are kept on low alert. In peacetime, missiles may not be mated with warheads, and in 2003 President Musharraf referred to a ‘geographical separation’ between them. It is also possible that warheads are kept in a disassembled form. However, the SPD insists that it has never confirmed such arrangements; Kidwai states that forces are not on ‘hair trigger alert’ but that ‘separation is more linked to time rather than space’. A former SPD official has also denied that the warheads were kept in disassembled form. The time required to convert weapons into a state of launch readiness is uncertain. Some accounts suggest that assembly would only take minutes, while other refer to hours. Kidwai said in 2002 that it could happen ‘very quickly’.
On Pakistan’s weapons potential:
Pakistan began producing HEU in the mid-1980s … It may be producing 120–180 kg per year, enough for 10–15 warheads … Pakistan has [also] begun developing an important plutonium production capability … Khushab-1 can produce 5.7–11.5 kg of plutonium per year depending on its duration of operation, enough for 1–3 warheads … The [total] potential production of warheads today is 7–18 per year.
In late 2010 Pakistan had enough fissile material for at least 160 warheads, and perhaps as many as 240. The coming online of the third and fourth Khushab reactors could bring the total Pakistani buildup capacity to 19–27 weapons per year.
If you assume Pakistan has a 100 warheads today, and take the lower bound for the potential production rate (19 weapons per year), it would take Pakistan under seven years to surpass the UK’s total stockpile (225 weapons), just over seven years to reach China’s level (240) and just over a decade to reach that of France (290) – with these latter figures taken from the Federation of American Scientists. For a useful chart that displays these comparisons, see here. See also the Bulletin of Atomic Scientists’ useful review, Pakistan’s nuclear forces, 2011.
Anyway, back to Tertrais. On Pakistan’s command and control
The foreign minister is deputy chairman of the Employment Control Committee (ECC), which defines nuclear strategy and would decide on nuclear use. It includes the main ministers and the military chiefs … The planned deliberative process for nuclear use is compared by the SPD to that of a ‘board of directors’. The principle of unanimity was affirmed by the NCA in 2003. A decision to use nuclear weapons would need ‘consensus within the NCA, with the chairman casting the final vote’. If consensus were impossible, however, a majority vote would suffice. Given that the ECC comprises five civilians and four military ex officio members (not including the SPD head), it is not unreasonable to conclude that the military would be the de facto decision maker. However, it would probably ensure that the civilians shared the responsibility of the decision to use nuclear weapons.
On nuclear safety:
As stated above, weapons are probably kept in a disassembled form, but there is considerable uncertainty about the location of Pakistan’s nuclear weapons. Some suggest that even the director of the Inter-Services Intelligence (ISI) does not know where the weapons are. It would make sense for most of them to be located in the northern and central parts of Pakistan, in the safest and most secure area of Punjab. After the terrorist attacks on the USA of 11 September 2001, Pakistan ordered a redeployment of its arsenal (to at least six new secret locations according to one account), for fear of an Indian attack. A similar redeployment occurred after the Abbottabad raid by the USA in May 2011, this time for fear of a US raid. Pakistan plays some kind of shell game with its nuclear weapons and dummy locations reportedly exist. If the country has about 100 warheads, it would be surprising if more than 10 sites host weapons at any given time. Some of these sites are subterranean and Pakistan has certainly gone to great lengths to physically protect them.
See also Christopher Clary’s useful 2010 paper for IDSA, Thinking about Pakistan’s Nuclear Security in Peacetime, Crisis and War.
On the nuclear codes:
The last line of defence is coding. Coding is now carried out during the manufacturing process: the launch officer receives the code a few moments before use and inserts it via a computer. For aircraft, pilots receive the code during flight. It has been surmised that 12-digit alphanumerical codes, generated by the Military Intelligence agency, are used. Codes are physically present on bases, split between two officers according to a two-man rule. There are both enabling and authenticating codes. These arrangements are supplemented by ‘a tightly controlled ID system’ and there is no involvement of intelligence services in the chain of command. Atsome points in the chain of command, a three-man rule operates ‘for technical reasons’, according to the SPD One informed source claims that the arming code is divided between three persons.
Gauging the possibility of unauthorized use depends on the exact nature of the codes used by Pakistan. Are the arming mechanisms buried deep in the warhead design, or can coding be bypassed? Do they include disabling features? Is there a code for each warhead or set of warheads, or just a general nuclear release enabling mechanism? Does physically arming a warhead depend on a code transmitted down the chain of command at the last minute, or would the code(s) already present at the base be enough?
Finally, on the EU’s concerns:
EU members might have military facilities within reach of Pakistani longer-range missiles (e.g. France and the United Kingdom in the Gulf) or temporary bases and personnel (during an operation in the region). In the case of a deterioration in Pakistan’s relations with the West, this could be a subject of concern.
On a sort of related note, I was amused by A.Q. Khan’s recent interventions in the case of Pakistan’s magical car-that-runs-on-water. The father of Pakistan’s nuclear bomb appears to be quite taken with the invention:
Former science minister Dr Atta ur Rahman has bravely tried to stem the tide of nonsense by pointing out that the laws of thermodynamics rule out perpetual motion machines, but Dr Qadeer Khan (father of the Islamic bomb and national hero) steps forward to defend the inventor … he says that Readers Digest wrote many years ago that apparently ridiculous inventions may turn out to be true and one can easily see that there is no gas tank in this great man’s car, so the proof is already here … I am NOT kidding.