Saudi Arabia: Non-CNI Private Sector Entities Cybersecurity Controls (NCNICC - 1:2025)

Progress

Current status

adopted

28 Dec 2025 adopted

Scope

Implementers

Saudi Arabia

Policy Area

Data governance

Policy Instrument

Cybersecurity regulation

Regulated Economic Activity

cross-cutting

Government Branch

executive

Government Body

other regulatory body

Implementation Level

national

Timeline of events

28 Dec 2025

adopted

National Cybersecurity Authority adopted Non-CNI Private Sector Entities Cybersecurity Controls (NCNICC – 1:2025)

On 28 December 2025, the National Cybersecurity Authority (NCA) adopted the Non-CNI Private Sector Entities Cybersecurity Controls (NCNICC – 1:2025). The controls apply to private sector entities that are not operators of critical national infrastru…

Source

Event type order

Action type adoption

Government branch executive

Government body other regulatory body

Progress

Scope

Timeline of events

National Cybersecurity Authority adopted Non-CNI Private Sector Entities Cybersecurity Controls (NCNICC – 1:2025)

Related changes