Organizations and governments in the Middle East are no longer aiming to lead on a regional level only – they are looking to go global. The Kingdom of Saudi Arabia is a key example. The Communications and Information Technology Commission (CITC) recently released a study outlining the legislative and regulatory status of cloud computing at a global level. This study, which benchmarks Saudi Arabia against ten other countries and regions, has come at a crucial time, given the current global trend towards digitalization and data caused by the COVID-19 pandemic and the recent announcement that Google and Alibaba will work with Saudi entities to create cloud networks in the kingdom.
Moreover, CITC and the Kingdom’s Ministry of Communications and Information Technology (MCIT) have taken timely measures to bring cloud services under the ambit of regulations. In fact, CITC’s Cloud Computing Regulatory Framework, published in 2018, was updated and republished last December 2020 to better enable cloud service providers by rearranging the cloud service provider’s registration levels, aligning with data and cybersecurity requirements and creating a special track for providers classified as SMEs.
With these developments, the government’s cloud procurement ambitions and cybersecurity concerns remain high on the national agenda and there is growing interest in further strengthening the internal processes and capabilities required to harness technology and innovate effectively in the face of exponential growth. However, from a regulatory perspective, the KSA seems to be en route to achieve its Vision 2030 objectives, albeit facing one key policy challenge: the National Cybersecurity Authority’s Essential Cybersecurity Controls currently restricts cloud for public sector and critical national infrastructure to remain in-country due to data residency requirements.
Read the paper here.