Digital Transformation Régulations

National Data Governance Interim Regulations

The Data Governance Act (DGA) is a cross-sectoral instrument that advocates makeing more data available by regulating the re-use of publicly/held, protected data, by boosting data sharing. This is done through the regulation of novel data intermediaries and by encouraging the sharing of data for good-will  purposes.

To the government of Saudi Arabia, government data represents a national asset that can enhance performance and productivity and facilitate public services delivery. Fundamental actions are always needed in order to maintain this fact, such as institutionalizing effective data management practices, establishing the highest levels of data accountability and transparency, and leveraging data to extract insights and support strategic decision making. Data is a valuable economic and social resource offering enormous opportunities for citizens, businesses, and governments to make better-informed decisions and develop innovative products and services. Essential facts and goals of government data focus on huge volume of data, in addition to the need to foster the digital economy and social opportunities for business, improve public service delivery, enhance efficiency & innovation. Therefore, to drive full value realization from national data assets, data sharing is a mandatory principle to establish synergies across government entities regarding use of data, contributing to it and using it efficiently and professionally. As such, policies and regulations are needed. 
The National Data Management Office (NDMO), as the national regulator of data in the Kingdom, has developed the framework for national data governance to set the policies and regulations required for data classification, data sharing, data privacy, including freedom of information, open data, and others in anticipation of necessary legislation. This Interim Regulations document (known as National Data Governance Interim Regulations) is to cover such rules and obligations 
The Personal Data Protection Interim Regulations sets the legal basis for protection of the rights of the individuals regarding processing of personal data by all entities in the Kingdom, as well as all entities outside the Kingdom that process personal data related to individuals residing in the Kingdom using any means, including online personal data processing. The Regulation also defines the Data Subject Rights, Data Controller Objectives, Key principles of data protection, and the roles and responsibilities of the Saudi Data and Artificial Intelligence Authority (SDAIA) and its sub-entities, such as the National Data Management Office (NDMO).

IoT Regulatory Framework

Based on its role in enabling ICT technologies and enabling IoT implementations in the Kingdom, the Communications, Space & Technology Commission (CST) is mandated to work on achieving the goal of making the Kingdom a leading country in developing of IoT services. In accordance with this mandate, an Internet of Things (IoT) Regulatory Framework is drafted to regulate all IoT services and use cases.  A draft for such regulation was written, and it is under consideration. 
The framework regulates the IoT services through mobile or fixed networks that are provided by licensed service providers from the CST. The framework emphasizes also the issue of compliance with the data security, privacy and protection requirements, in addition to the technical specifications as set by  numbered (RI114), which is available through CST website. The IoT equipment must comply with the Technical Specifications published by CSTregarding radio, EMC and safety and require that the user and the service provider consider the interoperability between IoT networks and equipment.
The framework suggests IoT identifiers, in addition to IP numbers, such as the Digital Object Architecture (DOA). IoT will be assigned numbers from the machine- to- machine (M2M) numbering range as per the National Numbering Plan. For IP addresses, it is highly recommended to use IPv6.
As for data management, hosting all servers used in providing IoT services, and storing all data should be inside KSA. Providers also should comply with all the existing or future published laws, regulations and requirements issued by CST or other authorities in the Kingdom concerning data management including security, privacy and protection of IoT users’ data.

Digital Economy Policy

In its commitment to the implementation of the very ambitious Vision 2030, the Kingdom has invested a lot to realize such vision, over $1 trillion. Significant achievements were realized already toward achieving its ambition of diversifying its economy while introducing a range of social reforms. The Kingdom’s vision to augment the digital economy is a reality, and an ever increasing one. Coupled with the acceleration of key digital trends in the region, it is clear that Saudi Arabia is uniquely positioned to take bold steps in the pursuit of digital sovereignty to control its own flow of data. In fact, Saudi Arabia’s digital services market has long been the largest in the region, one that is expected to top $38 billion by 2025. 
As digital economy is very crucial to the national digital transformation, the National Digital Transformation Unit of the Ministry of Communications and Information Technology has adopted a policy that is approved for the basis of a digital economy within the digital transformation plans. The aim of this policy is to develop the digital economy of the Kingdom of Saudi Arabia. The policy sets out guiding principles for government agencies to promote the digital economy through their respective specialties and mandates, with the goal of achieving sustainable economic growth and creating and maintaining competitive advantages for the Kingdom. Equally, this policy serves to inform the public and private sectors and the international community of the Kingdom’s approach to growing a robust, modern, and effective digital economy. The policy sets out guiding principles for government agencies to leverage the digital economy through their respective mandates to drive diversification and sustainability across the economy and create a more competitive advantage for the Kingdom.


Essential principles of this policy include: 

  • Access (Digital Infrastructure, Data and Platforms)

Digital Infrastructure makes high quality internet accessible to all sectors and segments of society across the Kingdom, at affordable rates, and in a dependable manner, combined with the highest level of security and privacy. 
Data is a vital pillar of the digital economy that enables innovative solutions to economic and social challenges. 
Digital Platforms are emerging , they are significant and can be adopted by “smart government” for leveraging data, and emerging technologies to create user-centric platforms delivering services to individuals, the public sector and private enterprises, which increase efficiencies and ease of access to all.

  • Technology Adoption and Use

The Kingdom supports the adoption of digital technologies to increase business productivity and competitiveness.

  •  Innovation

The Kingdom supports the adoption of appropriate policies and governance models that leverage
Innovation, as well as scientific research across all fields of technology, to promote digital transformation and contribute to growth of the digital economy.   

  • Human Capital is 

The policy should be geared towards creating valuable and productive jobs through digital economy, while promoting training, expertise and capacity building for these jobs.

  • Social Prosperity and Inclusion

The Kingdom adopts policies that to enhance and develop Saudi cities and enable them with digital technology to achieve social prosperity and raising the quality of life, including education and health for all in rural areas, for the disadvantaged for woken and for social inclusion at large.