Digital Policy Alert logo

Saudi Arabia: Issued Cloud Computing Services Provisioning Regulations including data localisation requirements

Policy overview

Description

Issued Cloud Computing Services Provisioning Regulations including data localisation requirements

On 10 October 2023, the Communication, Space, and Technology Commission (CST) issued the fourth version of the Cloud Computing Services Provisioning Regulations (CCSPR) as a continuation of the previously issued Cloud Cybersecurity Controls (CCC). The CCSPR aims to enhance the reliability of cloud computing services. In particular, cloud computing service providers registered with the CST and cloud computing subscribers are prohibited from transferring data from Saudi government agencies outside the Kingdom in any form. However, exceptions may be made if a law or regulation specifically states otherwise.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Data localisation requirement
Regulated Economic Activity
infrastructure provider: cloud computing, storage and databases
Implementation Level
national
Government Branch
executive
Government Body
other regulatory body

Complete timeline of this policy change

Hide details
2021-02-03
adopted

On 3 February 2021, the National Cybersecurity Authority (NCA) issued the latest update to the Clou…

2023-10-10
adopted

On 10 October 2023, the Communication, Space, and Technology Commission (CST) issued the fourth ver…

We use cookies and other technologies to perform analytics on our website. By opting in, you consent to the use by us and our third-party partners of cookies and data gathered from your use of our platform. See our Privacy Policy to learn more about the use of data and your rights.