Cybersecurity Regulations In Saudi Arabia

by | Apr 4, 2022 | Cybersecurity

April 4, 2022

Computing and fast communication are the main elements of technological advancements in the modern world. As nations embrace technology in communication and information collection, it poses a threat to the information and people altogether. Governments across the world, including Saudi Arabia, are putting in place measures to ensure maximum advantages of technology while minimizing risks. For several years, cybersecurity has been the center of discussions. Cybersecurity affects the quality, authenticity, and availability of information which could deter progress. With the aim of achieving vision 2030, the Saudi Arabia government has set up measures to secure information and minimize cases of cybercrimes.

Cybersecurity Regulations

The promulgation and publishing of the Personal Data Protection (PDP) Law are among the measures set by the Saudi Arabia government. This law seeks to regulate how information is collected, processed, and used. It targets data controllers and processors with huge volumes of personal data on residents of the kingdom. The law restricts the movement of data outside the kingdom, ensuring the government and data owners have control over how their data is used. The PDP Law is expected to take effect in March, with all affected parties being expected to be fully compliant within a year from when the law is affected.

Sanctions For Breach Of The PDP Law

Disclosing sensitive personal data attracts imprisonment of up to two years and a fine of US$800,000. Transfer of personal data contrary to the PDP Law attracts a fine of US$266,600 and imprisonment of up to one year. Breach of other provisions of the PDP Law attracts a warning notice and fines of up to US$ 1,333,000. The sanctions could double up in case of repeated offenses.

Besides the PDP Law, the Saudi Arabia government has a set of cyber security regulations being implemented. These regulations are enforced by the Saudi Arabia Data and AI Authority (SDAIA) and apply to all data controlling entities. We see many international law firms in Riyadh that are preparing legal advice on the matter. The National Cybersecurity Strategy is one of the government’s means of achieving a secure, trustworthy, and growing cyberspace. Concepts contained in the National Cybersecurity Strategy include; integration, regulation, assurance, defense, cooperation, and construction.

The Saudi Arabia government has also set up a series of Sensitive Systems Controls. These controls provide the minimum requirements for individuals and organizations to provide secure and reliable cyberspace for sensitive systems. The controls are based on best practices and standards set by relevant authorities. The cybersecurity controls for sensitive systems are classified into 32 main controls and 73 subsidiary controls.

Sensitive information, such as case files can open a door for legal issues. Therefore, it is better to consult Saudi lawyers. For this reason, many law firms in Riyadh and other parts of Saudi Arabia are shifting to cloud storage. The convenience of cloud storage facilities has led to increasing popularity and demand for such facilities. The Saudi government has set cloud computing controls to create safe cyberspace for Saudi data controllers and data owners. These controls guide how service providers and subscribers use cloud computing. Perspectives from all parties involved in cloud computing are considered to create a safe and accommodating cyberspace. Cloud computing controls include 37 main controls and 96 subsidiary controls for service providers. Subscribers are governed by 18 main controls and 26 subsidiary controls.

The emphasis on creating secure and reliable cyberspace is essential for the country’s growth. Cybersecurity increases the people’s trust in the integrity and effectiveness of ICT infrastructure and postal services. The Communications and Information Technology Commission (CITC) seeks to raise the level of reliance on digital services and to protect users all over the kingdom.


Communications & Information Technology Commission: CITC Statutes- Cybersecurity Regulations in Information and Communications Technology and Postal Sector [ONLINE] Accessed from:  

Kingdom of Saudi Arabia: Open Data- Cybersecurity [ONLINE] Accessed from:


Related Posts

No Results Found

The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.