SDAIA logo
Saudi Data and Artificial Intelligence Authority

​​​​​​​​​​​​​Laws and Regulations

SDAIA Regulatory Arrangements

The regulatory arrangements of the Saudi Data & AI Authority were issued by Council of Ministers Resolution No. (292) dated 27/4/1441 AH, and were amended by Council of Ministers Resolution No. (195) dated 15/3/1444 AH.

For more:
Download View​ ​
Policies & Regulations

The data produced, received, or dealt with by government and private entities is one of the most important national assets that contribute to improving performance and productivity and facilitating the provision of public services. As a result, Saudi Arabia aims to implement the best global practices for national data management and governance policies and controls, protect personal data, and increase the value learned from it in order to make strategic decisions, anticipate the future, and uphold the highest standards of accountability and transparency. The value of data as an economic resource that fosters innovation, supports economic transformations, and heightens national competitiveness is being sought after by nations all over the world. Governmental organizations on a national scale gather and process enormous amounts of data that can be used to support economic growth and elevate the Kingdom to pioneership in data-driven economies. In light of Vision 2030, the Kingdom seeks a new era that improves the efficiency of governmental entities, raises their standards of accountability and transparency, and promotes economic diversification and the use of data-driven services. This will play a significant part in the trust- and international partnership-based global economy.

In light of this, the Saudi Data & AI Authority and its legislative arm, the National Data Management Office, the national regulator and reference body for data management and governance, have created a data governance framework at the national level that outlines the laws and regulations for national data management and governance as well as the protection of personal data. This framework has been approved by the SDAIA Board of Directors.

Data classification Policy and Regulations

The Policy & Regulations set the framework for classifying the data received, produced, or dealt with by public entities, regardless of their source, form, or nature.

Personal Data Protection Law and The implementing Regulation

The law and The implementing Regulation set out the bases for the protection of personal data, the rights of data subjects, and the obligations of controllers

Data Sharing Policy and Regulations

The policy and regulations regulate the sharing of data produced by government entities with other government entities, private entities, and individuals.

Freedom of Information Policy and Regulations

The policy and the regulations outlines the fundamentals and guiding principles of data freedom and applies to requests made by individuals to access or obtain unprotected public data generated by public entities.

Open Data Policy and Regulations

The policy and regulations set out the regulatory frameworks for open data, which is a subset of public information.