Saudi Arabia: Closed consultation on Regulatory Framework for Licensing Managed Security Operations Center Services

On 25 January 2023, the public consultation on the "Regulatory Framework for Licenses for Managed Cybersecurity Operations Center Services" issued by the Saudi National Cybersecurity Authority (NCA) closed. The Framework outlines a phased approach by introducing a licence requirement for security operations centres (SOC). The SOC would be divided into two levels, depending on the type of service provided and their respective beneficiaries. In particular, the NCA would differentiate between SOCs that support critical state infrastructure and private entities. The order outlines the obligations that SOC have to comply with to obtain the license, including financial considerations, certification procedures for analysts and renewal rules.