Saudi Arabia: Saudi Data and Artificial Intelligence Authority closes consultation on draft Responsible Artificial Intelligence Policy including cybersecurity regulation

On 3 May 2026, the Saudi Data and Artificial Intelligence Authority (SDAIA) closes the consultation on the draft Responsible Artificial Intelligence Policy including cybersecurity regulation. The draft Policy applies to all government bodies, the private sector, the non-profit sector, and individuals who develop, use, or publish applications or solutions based on AI technologies in Saudi Arabia. The draft Policy would require entities to apply security controls and protect data across all stages of collection, processing, storage, sharing, and archiving. Entities would be required to implement incident reporting mechanisms and apply continuous stress testing and safety guardrails to ensure the resilience of AI systems against cyberattacks and operational failures. Government entities would be required to notify the Authority immediately of serious incidents or operational disasters and to shut down systems to the extent necessary to limit further harm.