Saudi Arabia: Implemented Amended User Protection Regulations (Resolution 552/1445) including cybersecurity regulation

On 8 May 2024, the Saudi Communications and Information Technology Commission (CITC) Amended User Protection Regulations (Resolution 552/1445), including cybersecurity regulation, entered into force. The updated regulations follow the "Regulations for the Protection of the Rights of Users of ICT Services and Conditions for Providing Services" as per CITC Resolution No. 423/1441. Service providers are required to implement advanced security measures to ensure robust protection against unauthorised access and breaches. The principle of data minimisation is emphasised, requiring the collection of only essential user information, thereby reducing the risk of data exposure.