Saudi Arabia: Updated Cloud Cybersecurity Controls including operational licensing requirement

On 3 February 2021, the National Cybersecurity Authority (NCA) issued the latest update to the Cloud Cybersecurity Controls (CCC) as a continuation of the previously issued Essential Cybersecurity Controls (ECC). The CCC regulates cloud service providers (CSPs) and cloud service tenants (CSTs). CSTs may only contract with licensed cloud service providers. Additionally, any telecommunication infrastructure may only be used from telecommunication operators that are licensed in the Kingdom.