Saudi Arabia: Updated Cloud Cybersecurity Controls including data localisation requirements

On 3 February 2021, the National Cybersecurity Authority (NCA) issued the latest update to the Cloud Cybersecurity Controls (CCC) as a continuation of the previously issued Essential Cybersecurity Controls (ECC). The Cloud Cybersecurity Controls (CCC) aim to enhance the reliability of cloud computing services. In particular, government entities and operators of critical national infrastructure are required to provide cloud computing services within the territory of Saudi Arabia, including systems used for storage, processing, and disaster recovery centres.