Saudi Arabia: Implemented Third Version of Cloud Computing Regulatory Framework (CCRF) including data localisation requirements

Implemented Third Version of Cloud Computing Regulatory Framework (CCRF) including data localisation requirements

On 3 December 2020, the Communication and Information Technology Commission (CITC) of Saudi Arabia implemented the third version of its Cloud Computing Regulatory Framework (CCRF). The updated Framework requires cloud service providers registered with the CITC and customers to ensure that Saudi Government Data is not transferred outside of KSA, for any purpose and in any form whatsoever, whether permanently or temporarily, unless such transfer is expressly permitted by other local laws or regulations.

Original source

Scope

Policy Area

Data governance

Policy Instrument

Data localisation requirement

Regulated Economic Activity

infrastructure provider: cloud computing, storage and databases

Implementation Level

national

Government Branch

executive

Government Body

other regulatory body

Complete timeline of this policy change

Hide details

2020-12-03

in force

On 3 December 2020, the Communication and Information Technology Commission (CITC) of Saudi Arabia …

Description

Implemented Third Version of Cloud Computing Regulatory Framework (CCRF) including data localisation requirements

Scope

Complete timeline of this policy change