Saudi Arabia: Adopted Amended User Protection Regulations (Resolution 552/1445) including cybersecurity regulation

On 8 February 2024, the Saudi Communications and Information Technology Commission (CITC) adopted the Amended User Protection Regulations (Resolution 552/1445), including cybersecurity regulation. The updated regulations follow the "Regulations for the Protection of the Rights of Users of ICT Services and Conditions for Providing Services" as per CITC Resolution No. 423/1441. Service providers are required to implement advanced security measures to ensure robust protection against unauthorised access and breaches. The principle of data minimisation is emphasised, requiring the collection of only essential user information, thereby reducing the risk of data exposure. The regulations will enter into force 90 days following their publication.