Access Alert: SDAIA launches consultation on its draft Data Sovereignty Public Policy

Access Alert: SDAIA launches consultation on its draft Data Sovereignty Public Policy

On 10 March 2024, the Saudi Data and Artificial Intelligence Authority (SDAIA) launched a public consultation for its draft Data Sovereignty Public Policy.

Driven by the rapid pace of technological advancements, the transition towards a data-driven economy, and the risks associated with personal data handling, this Policy seeks to establish the fundamental principles and general orientations of Saudi Arabia regarding data sovereignty. It aims to ensure the preservation of the Kingdom’s sovereignty over its data while developing, enabling, and harnessing it.

The draft Data Sovereignty Public Policy outlines four key principles:

Data as a National Asset

Data is considered a national asset to be enriched, utilised, and governed. The policy aims to ensure Saudi Arabia’s sovereignty over its data through laws, regulations, and policies.

Data Protection

There is a strong emphasis on data protection, including regulating the hosting, storage, and transfer of non-personal data from government entities and critical national infrastructure operators within Saudi Arabia. There is also an emphasis on regulating personal data collection, processing, and retention by public and private entities, with a focus on preserving individual privacy and protecting against data breaches.

Data Availability

The policy aims to ensure that competent authorities have timely access to data when needed to perform their functions, as well as the appropriate regulation of processing requests from foreign entities to obtain data for law enforcement, security, or judicial purposes.

Encouragement of Local and Foreign Investment

The policy encourages local digital companies and innovation, while also seeking to attract foreign digital investments and prevent monopolistic practices.

Designed to balance digital growth and investment with national sovereignty over data, this policy is a testament to SDAIA’s progressive approach to regulating data. With that said, affected companies operating in Saudi Arabia need to carefully evaluate the policy’s implications and ensure compliance with data protection and data localisation requirements, as the policy may pose operational and regulatory alignment challenges.

The deadline to respond to the consultation is 9 April 2024.

For help interpreting this policy for your business, or for support with responding to the consultation, please contact Dana Ramadan at [email protected].

Related Articles

Access Alert: Pioneering Pakistan’s Space Future: PSARB and Access Partnership Host High-Level Week of Engagements in Islamabad

Access Alert: Pioneering Pakistan’s Space Future: PSARB and Access Partnership Host High-Level Week of Engagements in Islamabad

Last week, the Pakistan Space Activities Regulatory Board (PSARB), together with Access Partnership in its role as appointed consultant, organised...

30 Jun 2025 Opinion
Access Alert: CEPT advances innovative spectrum use for IoT satellite connectivity

Access Alert: CEPT advances innovative spectrum use for IoT satellite connectivity

This week, the CEPT has adopted a new decision (ECC/DEC(25)02) that allows for an innovative use of spectrum in Europe,...

27 Jun 2025 Opinion
Access Alert: European Commission Releases Proposal for the EU Space Act

Access Alert: European Commission Releases Proposal for the EU Space Act

On 25 June 2025, the European Commission published its proposal for a new Space Act. The wide-ranging piece of legislation...

26 Jun 2025 Opinion
Access Alert: ANATEL is revising rules around numbering resources and call identification

Access Alert: ANATEL is revising rules around numbering resources and call identification

The National Telecommunications Agency of Brazil (ANATEL) is moving forward with the implementation of Resolution No. 768/2024, which will redefine...

25 Jun 2025 General