SDAIA logo icons
Saudi Authority for Data and Artificial Intelligence

​​​​​​​​​Laws and​ ​ Regulations

SDAIA Regulatory Arrangements

The regulatory arrangements of the Saudi Data & AI Authority were issued by Council of Ministers Resolution No. (292) dated 27/4/1441 AH, and were amended by Council of Ministers Resolution No. (195) dated 15/3/1444 AH.

For more:
Download Preview
Policies & Regulations

The data produced, received, or dealt with by government and private entities is one of the most important national assets that contribute to improving performance and productivity and facilitating the provision of public services. As a result, Saudi Arabia aims to implement the best global practices for national data management and governance policies and controls, protect personal data, and increase the value learned from it in order to make strategic decisions, anticipate the future, and uphold the highest standards of accountability and transparency. The value of data as an economic resource that fosters innovation, supports economic transformations, and heightens national competitiveness is being sought after by nations all over the world. Governmental organizations on a national scale gather and process enormous amounts of data that can be used to support economic growth and elevate the Kingdom to pioneership in data-driven economies. In light of Vision 2030, the Kingdom seeks a new era that improves the efficiency of governmental entities, raises their standards of accountability and transparency, and promotes economic diversification and the use of data-driven services. This will play a significant part in the trust- and international partnership-based global economy.

In light of this, the Saudi Data & AI Authority and its legislative arm, the National Data Management Office, the national regulator and reference body for data management and governance, have created a data governance framework at the national level that outlines the laws and regulations for national data management and governance as well as the protection of personal data. This framework has been approved by the SDAIA Board of Directors.

Data classification Policy and Regulations

The Policy & Regulations set the framework for classifying the data received, produced, or dealt with by public entities, regardless of their source, form, or nature.

Personal Data Protection Law and Regulations

The law and regulations set out the bases for the protection of personal data, the rights of data subjects, and the obligations of controllers

General Rules Policy and Regulations for Transfer of Personal Data Outside The Kingdom

2- Establish the general rules and regulations governing transfers of personal data outside the geographical boundaries of Saudi Arabia.

Children and Incompetents’ Privacy Protection Policy and Regulations

The policy includes the rights, general standards, and regulations that the organizations covered by the policy's scope of application must follow in order to prevent violations involving the processing of children's personal and Incompetents’ data, to ensure that they are protected from adverse consequences and potential risks, and to protect their privacy and rights.

Data Sharing Policy and Regulations

The policy and regulations regulate the sharing of data produced by government entities with other government entities, private entities, and individuals.

Freedom of Information Policy and Regulations

The policy and the regulations outlines the fundamentals and guiding principles of data freedom and applies to requests made by individuals to access or obtain unprotected public data generated by public entities.

Open Data Policy and Regulations

The policy and regulations set out the regulatory frameworks for open data, which is a subset of public information.