Saudi Arabia: Opened consultation on Regulatory Framework for Licensing Managed Security Operations Center Services

On 18 December 2022, the Saudi National Cybersecurity Authority (NCA) opened a public consultation on its "Regulatory Framework for Licenses for Managed Cybersecurity Operations Center Services" until 25 January 2023. The Framework outlines a phased approach by introducing a licence requirement for security operations centres (SOC). The SOC would be divided into two levels, depending on the type of service provided and their respective beneficiaries. In particular, the NCA would differentiate between SOCs that support critical state infrastructure and private entities. The order outlines the obligations that SOC have to comply with to obtain the license, including financial considerations, certification procedures for analysts and renewal rules.