Saudi Arabia: Saudi Data and AI Authority adopted General Rules for Secondary Use of Data including data protection regulation

On 25 December 2025, the Saudi Data and AI Authority (SDAIA) adopted the General Rules for Secondary Use of Data. They establish data protection regulations governing the secondary use of data for purposes other than those initially specified at the time of data collection. The general rules require compliance with the Personal Data Protection Law and its Implementing Regulations. They apply to data-sharing requests between government entities, from government entities to private entities for public interest purposes, and from private entities to government entities for research, development, and innovation. The general rules set out principles on privacy and personal data protection, responsible secondary use of data, data quality, ethical data use, data security, and public interest. They require that data use be limited to the minimum necessary and exclude profit-oriented purposes.