How Saudi Arabia’s Technology and Data Laws Are Evolving
Last Updated on November 13, 2023 by Ameer Hamza
With every passing year, the world is getting even more digitalized. Technology is continually evolving at a fast pace, and the global economy reflects this. More jobs are being created in the digital space. Similarly, artificial intelligence and machine learning are poised to play a dominant role as we advance.
Given the trajectory of the world, it is clear that any country that seeks to play a primary role in the future global economy has to pay close attention to technology. The Kingdom of Saudi Arabia (KSA) is doing just this. In keeping with global trends, the kingdom, through its Vision 2030 initiative, seeks to digitalize the economy and improve technological innovation.
However, massive investments and progressive policy alone are sufficient if the kingdom is going to transform dramatically with respect to technology. It is also essential that the legal landscape evolves as well. Thus, this article will consider how Saudi Arabia’s laws are changing to match its digital transformation.
Changes to Saudi Arabia’s Technology & Data Laws
An increase in cyber vulnerability naturally accompanies digitalization. This has also been observed in Saudi Arabia as the kingdom experienced 22 million cyber-attacks in 2020 alone. Therefore, the country must put in place new laws and regulations to address this threat. In doing just this, the kingdom established the National Cybersecurity Authority (NCA) in 2017 to implement relevant laws and regulations.
The NCA released a whitepaper in 2018 that provided minimum standards of cyber security that all organizations in the kingdom must maintain. Similarly, the kingdom’s Communications and Information Technology Commission (CITC) announced the implementation of a cyber-security regulatory framework in 2021. This regulation aims to improve service providers’ security levels across IT, communications, and postal services.
With the rapid digitalization going on in the world, data protection is rightfully a primary subject of discussion. This seems to also be the case in KSA as the government enacted an e-commerce law in 2020 which made provisions for data protection. The law required businesses to protect the personal data of consumers.
More notable is the country’s new Personal Data Protection Law (PDPL), enacted earlier in 2022 to provide more concrete protection of personal data. Amongst other things, the PDPL requires organizations within the country to obtain written permission before collecting or using the personal data of individuals. Similarly, organizations that qualify as data controllers must register with the Saudi Data & Artificial Intelligence Authority (SDAIA).
Internet of Things
In 2020, Saudi’s Communications & Information Technology Commission (CITC) released an Internet of Things (IoT) Regulatory Framework. The regulation required service providers to obtain CITC certification for IoT equipment and comply with data management requirements. Earlier this year, the CITC published an update to the regulatory framework.
The updated framework contains changes to the definition of IoT as well regulatory requirements in relation to devices, connectivity, and connectivity service providers. In addition, the regulation adopts international standards by encouraging the use of IPV6 and promoting interoperability between devices.
Clearly, the Saudi Arabia government is committed to developing its legal and regulatory landscape to provide adequate support to the country’s digitalization initiatives.