AI Policies & Regulations

Comprehensive database of Saudi AI policies

40
Total Policies
3
Royal Decrees
7
Authorities
11
Policy Types
Showing 40 of 40 policies

Compare Policies with AI

New Feature

Select 2-5 policies using the checkboxes below to get a comprehensive AI-powered comparison. Our analysis covers scope, implementation approaches, governance requirements, technology focus, and provides role-specific recommendations tailored to your position.

Selected: 0 / 5 policies
FrameworkActive
AI Adoption Framework
The AI adoption framework is a guiding reference that provides a comprehensive approach for AI adoption across all sectors. It aims to establish directions, guidelines, and identify key steps in accordance with best practices to ensure achievement of desired goals through the optimal and responsible use of AI.
SDAIA
January 1, 2024

Key Objectives:

  • AI
  • Strategy

Target Sectors:

All Sectors
GuidelineActive
Generative AI Guideline for Government
This guideline provides guidelines for government employees regarding adoption and use of generative artificial intelligence systems. It highlights the challenges and considerations associated with the use of generative AI, proposes principles for responsible use, and presents recommended practices.
SDAIA
January 1, 2024

Key Objectives:

  • AI
  • Governance

Target Sectors:

Government
StandardActive
Essential Cybersecurity Controls (ECC)
The Essential Cybersecurity Controls (ECC 2-2024) have been updated to strengthen cybersecurity at the national level and to safeguard the vital interests of the Kingdom. The ECC sets minimum cybersecurity requirements with 5 main domains, 29 subdomains, and 114 controls.
NCA
January 1, 2024

Key Objectives:

  • Security
  • Compliance

Target Sectors:

All Sectors
GuidelineActive
Generative AI Guideline for Public
This guideline provides guidelines for the public regarding adoption and use of generative artificial intelligence systems. It highlights the challenges and considerations associated with the use of generative AI and presents recommended practices for responsible use.
SDAIA
January 1, 2024

Key Objectives:

  • AI

Target Sectors:

All Sectors
Implementation FrameworkActive
Digital Government Authority AI Framework
Practical framework for government entities to adopt AI technologies in public services. Provides step-by-step guidance on AI project lifecycle, from assessment and planning to deployment and monitoring. Includes templates, checklists, and best practices specific to government context.
DGA
March 20, 2023

Key Objectives:

  • Standardize AI adoption across government
  • Reduce time-to-deployment for AI projects
  • Ensure interoperability between AI systems
  • Build internal AI capabilities
  • Measure and demonstrate AI ROI

Target Sectors:

Government ServicesPublic Administration
Implementation FrameworkActive
Digital Government Authority AI Framework
Practical framework for government entities to adopt AI technologies in public services. Provides step-by-step guidance on AI project lifecycle, from assessment and planning to deployment and monitoring. Includes templates, checklists, and best practices specific to government context.
DGA
March 20, 2023

Key Objectives:

  • Standardize AI adoption across government
  • Reduce time-to-deployment for AI projects
  • Ensure interoperability between AI systems
  • Build internal AI capabilities
  • Measure and demonstrate AI ROI

Target Sectors:

Government ServicesPublic Administration
RegulationActive
PDPL Implementing Regulation
The implementing Regulation sets out the bases for the protection of personal data, the rights of data subjects, and the obligations of controllers.
SDAIA
January 1, 2023

Key Objectives:

  • Privacy
  • Data

Target Sectors:

All Sectors
StandardActive
Organizations' Social Media Accounts Cybersecurity Controls (OSMACC)
Cybersecurity controls specifically designed to protect organizations' social media accounts from cyber threats and ensure secure management of official social media presence.
NCA
January 1, 2023

Key Objectives:

  • Security
  • Social Media

Target Sectors:

All Sectors
StandardActive
National Cryptographic Standards (NCS)
National standards for cryptographic algorithms, protocols, and key management to ensure secure encryption and data protection across the Kingdom.
NCA
January 1, 2023

Key Objectives:

  • Security
  • Encryption

Target Sectors:

All Sectors
StandardActive
Critical Systems Cybersecurity Controls (CSCC)
Specialized cybersecurity controls for protecting critical systems that are essential to national infrastructure and government operations.
NCA
January 1, 2023

Key Objectives:

  • Security
  • Critical Infrastructure

Target Sectors:

GovernmentCritical Infrastructure
StandardActive
Data Management and Personal Data Protection Standards
The National Data Management Office (NDMO), as the national regulator of data in the Kingdom, developed the Data Management and Personal Data Protection Standards based on the National Data Governance Framework to ensure data security and privacy compliance.
NDMO
January 1, 2023

Key Objectives:

  • Data
  • Privacy
  • Governance

Target Sectors:

All Sectors
GuidelineActive
Cybersecurity Guidelines for eCommerce
Guidelines for implementing cybersecurity best practices in eCommerce platforms and online retail operations to protect customer data and transaction security.
NCA
January 1, 2023

Key Objectives:

  • Security
  • eCommerce

Target Sectors:

Finance & BankingTourism
FrameworkActive
Saudi Cybersecurity Workforce Framework (SCyWF)
A comprehensive framework defining cybersecurity workforce roles, competencies, and career pathways to build and develop national cybersecurity capabilities in Saudi Arabia.
NCA
January 1, 2023

Key Objectives:

  • Workforce
  • Capacity Building

Target Sectors:

All Sectors
GuidelineActive
Guideline for Cloud Computing Adoption by Government Agencies
This guideline aims to accelerate cloud adoption by providing guidance on service providers, supporting migration, and ensuring secure and compliant cloud computing adoption by government agencies.
DGA
January 1, 2023

Key Objectives:

  • Cloud
  • Security

Target Sectors:

Government
RegulationActive
Rules for Appointing Personal Data Protection Officer
These rules clarify the cases in which a personal data protection officer must be appointed at controller to the application of the provisions of the personal data protection law and its implementing regulations, and the minimum requirements for appointment.
SDAIA
January 1, 2023

Key Objectives:

  • Privacy
  • Governance

Target Sectors:

All Sectors
RegulationActive
Rules of Procedure on Committees for Reviewing Violations of PDPL
The Rules of Procedure aim to regulate and govern the committees' procedures in accordance with the PDP Law and its Implementing Regulations for reviewing violations.
SDAIA
January 1, 2023

Key Objectives:

  • Privacy
  • Compliance

Target Sectors:

All Sectors
FrameworkActive
Saudi Cybersecurity Higher Education Framework (SCyber-Edu)
A framework for cybersecurity education in higher education institutions, defining curriculum standards, learning outcomes, and program requirements for cybersecurity degrees.
NCA
January 1, 2023

Key Objectives:

  • Education
  • Capacity Building

Target Sectors:

Education
StandardActive
Operational Technology Cybersecurity Controls (OTCC)
Cybersecurity controls specifically designed for operational technology environments, including industrial control systems and SCADA systems.
NCA
January 1, 2023

Key Objectives:

  • Security
  • OT

Target Sectors:

EnergyCritical Infrastructure
RegulationActive
The Rules Governing the National Register of Controllers
These rules aim to determine and understand the extent to which Controllers are obligated to register in the National Data Governance Platform.
SDAIA - NDMO
January 1, 2023

Key Objectives:

  • Privacy
  • Governance

Target Sectors:

All Sectors
GuidelineActive
Risk Assessment Guideline for Transferring Personal Data Outside the Kingdom
This guideline aims to clarify the main stages and practical steps to assess the risks of transferring personal data outside the Kingdom or disclosing it to entities outside the kingdom.
SDAIA
January 1, 2023

Key Objectives:

  • Privacy
  • Data

Target Sectors:

All Sectors
Ethical FrameworkActive
AI Ethics Principles
Comprehensive ethical guidelines for AI development and deployment in Saudi Arabia, ensuring responsible AI that aligns with Islamic values and Saudi culture. The framework emphasizes transparency, fairness, accountability, privacy protection, and human-centric design.
SDAIA
September 15, 2022

Key Objectives:

  • Ensure AI systems are transparent and explainable
  • Protect individual privacy and data rights
  • Prevent bias and discrimination in AI
  • Maintain human oversight of critical decisions
  • Align AI with Islamic values and Saudi culture

Target Sectors:

All Sectors
Ethical FrameworkActive
AI Ethics Principles
Comprehensive ethical guidelines for AI development and deployment in Saudi Arabia, ensuring responsible AI that aligns with Islamic values and Saudi culture. The framework emphasizes transparency, fairness, accountability, privacy protection, and human-centric design.
SDAIA
September 15, 2022

Key Objectives:

  • Ensure AI systems are transparent and explainable
  • Protect individual privacy and data rights
  • Prevent bias and discrimination in AI
  • Maintain human oversight of critical decisions
  • Align AI with Islamic values and Saudi culture

Target Sectors:

All Sectors
Regulatory LawActive
Personal Data Protection Law (PDPL)
Saudi Arabia's comprehensive data protection law regulating the collection, processing, and storage of personal data. Establishes individual rights, organizational obligations, and penalties for non-compliance. Essential compliance requirement for all AI systems handling personal information.
SDAIA
March 24, 2022

Key Objectives:

  • Protect individual privacy rights
  • Regulate personal data processing
  • Establish penalties for violations
  • Align with international standards (GDPR-inspired)
  • Build public trust in digital services

Target Sectors:

All Sectors Handling Personal Data
Regulatory LawActive
Personal Data Protection Law (PDPL)
Saudi Arabia's comprehensive data protection law regulating the collection, processing, and storage of personal data. Establishes individual rights, organizational obligations, and penalties for non-compliance. Essential compliance requirement for all AI systems handling personal information.
SDAIA
March 24, 2022

Key Objectives:

  • Protect individual privacy rights
  • Regulate personal data processing
  • Establish penalties for violations
  • Align with international standards (GDPR-inspired)
  • Build public trust in digital services

Target Sectors:

All Sectors Handling Personal Data
StandardActive
Telework Cybersecurity Controls (TCC)
Cybersecurity controls designed to ensure secure remote work environments, protecting organizational data and systems accessed by employees working from remote locations.
NCA
January 1, 2022

Key Objectives:

  • Security
  • Remote Work

Target Sectors:

All Sectors
PolicyActive
Digital Government Policy
The Digital Government Policy sets the overall direction to achieve sustainable long-term government digital transformation in Saudi Arabia. It provides strategic guidance for all government entities in their digital transformation journey.
DGA
January 1, 2022

Key Objectives:

  • Digital Transformation
  • Governance

Target Sectors:

Government
FrameworkActive
Principles and Controls of AI Ethics
The principles and controls of AI ethics contribute to the application of ethics during the stages of the development lifecycle of AI systems. These principles help support initiatives of research, development and innovation in the Kingdom.
SDAIA
January 1, 2022

Key Objectives:

  • AI
  • Ethics

Target Sectors:

All Sectors
FrameworkActive
Digital Government Regulatory Framework
The Digital Government Regulatory Framework is a best practice policy instrument which identifies key determinants for effective design and development of regulatory documents strategically governed and implemented in accordance with eight main principles.
DGA
January 1, 2022

Key Objectives:

  • Digital Transformation
  • Governance

Target Sectors:

Government
Data GovernanceActive
National Data Management Office (NDMO) Data Governance Policy
Establishes standards for data collection, storage, sharing, and usage across government entities. Critical foundation for AI initiatives as it ensures data quality, accessibility, and security. Mandates data classification, metadata standards, and cross-entity data sharing protocols.
NDMO
November 10, 2021

Key Objectives:

  • Establish unified data standards
  • Enable secure data sharing between entities
  • Improve data quality and accuracy
  • Protect sensitive and personal data
  • Create national data catalog

Target Sectors:

All Government Entities
Data GovernanceActive
National Data Management Office (NDMO) Data Governance Policy
Establishes standards for data collection, storage, sharing, and usage across government entities. Critical foundation for AI initiatives as it ensures data quality, accessibility, and security. Mandates data classification, metadata standards, and cross-entity data sharing protocols.
NDMO
November 10, 2021

Key Objectives:

  • Establish unified data standards
  • Enable secure data sharing between entities
  • Improve data quality and accuracy
  • Protect sensitive and personal data
  • Create national data catalog

Target Sectors:

All Government Entities
PolicyActive
Cloud First Policy
The KSA Cloud First Policy directs government entities to consider cloud solutions for new IT investments, prioritizing SaaS, then PaaS, then IaaS. It guides Saudi Arabia's governmental entities in accelerating the adoption of cloud computing services.
DGA
January 1, 2021

Key Objectives:

  • Cloud
  • Digital Transformation

Target Sectors:

Government
PolicyActive
Data Classification Policy and Regulations
The Policy & Regulations set the framework for classifying the data received, produced, or dealt with by public entities, regardless of their source, form, or nature.
SDAIA - NDMO
January 1, 2021

Key Objectives:

  • Data
  • Governance

Target Sectors:

GovernmentAll Sectors
PolicyActive
Open Data Policy and Regulations
The policy and regulations set out the regulatory frameworks for open data, which is a subset of public information.
SDAIA - NDMO
January 1, 2021

Key Objectives:

  • Data
  • Transparency

Target Sectors:

GovernmentAll Sectors
PolicyActive
Freedom of Information Policy and Regulations
The policy and the regulations outlines the fundamentals and guiding principles of data freedom and applies to requests made by individuals to access or obtain unprotected public data generated by public entities.
SDAIA - NDMO
January 1, 2021

Key Objectives:

  • Data
  • Transparency

Target Sectors:

Government
PolicyActive
Data Sharing Policy and Regulations
The policy and regulations regulate the sharing of data produced by government entities with other government entities, private entities, and individuals.
SDAIA - NDMO
January 1, 2021

Key Objectives:

  • Data
  • Governance

Target Sectors:

GovernmentAll Sectors
National StrategyActive
National Strategy for Data and AI (NSDAI)
Saudi Arabia's comprehensive framework for becoming a global leader in data and AI by 2030. The strategy outlines ambitious goals for AI adoption across government and private sectors, with focus on building local capabilities, attracting global talent, and creating an AI-ready regulatory environment.
SDAIA
October 28, 2020

Key Objectives:

  • Position Saudi Arabia among top 15 countries in AI by 2030
  • Create 20,000 AI specialist jobs
  • Attract $20 billion in AI investments
  • Establish world-class AI research centers
  • Deploy AI across all government services

Target Sectors:

All Government SectorsHealthcareEducationTransportationEnergyFinance
National StrategyActive
National Strategy for Data and AI (NSDAI)
Saudi Arabia's comprehensive framework for becoming a global leader in data and AI by 2030. The strategy outlines ambitious goals for AI adoption across government and private sectors, with focus on building local capabilities, attracting global talent, and creating an AI-ready regulatory environment.
SDAIA
October 28, 2020

Key Objectives:

  • Position Saudi Arabia among top 15 countries in AI by 2030
  • Create 20,000 AI specialist jobs
  • Attract $20 billion in AI investments
  • Establish world-class AI research centers
  • Deploy AI across all government services

Target Sectors:

All Government SectorsHealthcareEducationTransportationEnergyFinance
Digital Infrastructure PolicyActive
Cloud First Policy (CFP)
Comprehensive policy mandating government entities to prioritize cloud solutions for new IT investments. Establishes preference order (SaaS → PaaS → IaaS) and positions National Information Center (NIC) as primary Cloud Service Provider for government data. Aims to enhance efficiency, reduce costs by ~30%, strengthen cybersecurity through Kingdom-hosted platforms, and improve interoperability across entities.
MCIT
October 1, 2020

Key Objectives:

  • Enhance efficiency through resource pooling and shared services
  • Reduce total cost of ownership by ~30%
  • Strengthen cybersecurity via Kingdom-hosted platforms
  • Improve interoperability and data exchange
  • Position NIC as primary government CSP
  • Accelerate digital transformation
  • Establish advanced digital infrastructure

Target Sectors:

All Government EntitiesDigital InfrastructureCloud ServicesIT Operations
FrameworkActive
Cloud Computing Regulatory Framework (CCRF)
Regulatory framework governing cloud computing services in Saudi Arabia, defining requirements for cloud service providers, data residency, and compliance obligations.
CST (formerly CITC)
January 1, 2020

Key Objectives:

  • Cloud
  • Compliance

Target Sectors:

All Sectors
RegulationActive
SDAIA Regulatory Arrangements
The regulatory arrangements of the Saudi Data & AI Authority issued by Council of Ministers Resolution No. (292) dated 27/4/1441 AH, and amended by Resolution No. (195) dated 15/3/1444 AH.
SDAIA
January 1, 2020

Key Objectives:

  • Governance
  • Data
  • AI

Target Sectors:

Government

Need Help Implementing These Policies?

Business IQ provides expert consultation and implementation support for all Saudi AI policies and frameworks