Saudi Arabia: National Cybersecurity Authority released cybersecurity risk management framework

On 23 July 2025, the National Cybersecurity Authority (NCA) released the National Cybersecurity Risk Management Framework. The framework applies to government bodies, government-affiliated entities, private sector organisations in critical infrastructure, and all other entities designated by the competent authority. It includes methods for identifying, assessing, and mitigating cyber risks while delineating responsibilities and procedures. The framework includes structured phases for risk identification, assessment, and treatment, supported by a risk assessment matrix. The framework obliges such entities to identify and classify risks based on the national methodology, which outlines definitions for risk levels based on severity, scale of impact, and likelihood level. All organisations must report high and critical level risks to the NCA.