Top of page

Article Saudi Arabia: National Cybersecurity Authority Issues New Regulations, Instructions, and Procedures to Enhance Cybersecurity Readiness

On December 6, 2023, the Saudi National Cybersecurity Authority announced that it had issued a new group of regulations, instructions, and procedures as a “Cybersecurity Toolkit” to enhance cybersecurity in the kingdom. The main purpose for issuing the toolkit is to assist entities of the public and private sectors in strengthening their cybersecurity measures.

According to the official website of National Cybersecurity Authority, the new group of regulatory tools governs the following fields: cybersecurity responsibilities, strategy formulation, malware protection, email and network security, web application protection, user device security, workstations, mobile devices and security vulnerability assessments, data security, operational technology/industrial control systems (OT/ICS), social media security, and virtualization security.

The Cybersecurity Legal Framework in Saudi Arabia

There are two legal instruments regulating cybersecurity in the Kingdom of Saudi Arabia: the Anti-Cybercrimes Law and the Royal Decree establishing the National Cybersecurity Authority.

Royal Decree Establishing the National Cybersecurity Authority

The National Cybersecurity Authority was established by Royal Decree No. 6801 of October 31, 2017, as amended by Royal Decree No. 7053 of September 9, 2021. The main objective of the National Cybersecurity Authority is to protect the cybersecurity infrastructure of the kingdom by issuing cybersecurity guides and frameworks. It also has the power to draft a national cybersecurity strategy to face current and future cybersecurity threats.

Anti-Cybercrimes Law

The purpose of the Anti-Cybercrimes Law is to stop acts that the law classifies as cybercrimes. The law also imposes a number of criminal penalties on perpetrators violating its provisions.

The law punishes any person with up to one year of imprisonment and a fine not exceeding 500,000 Saudi riyals (approximately US$133,210), or either penalty for committing the following acts:

  • Hacking, intercepting, or illegally receiving data transmitted through an information network or a computer without authorization.
  • Accessing private data without authorization with the intention to blackmail another person.
  • Accessing a website without authorization, or hacking a website to change its design, destroy or modify it, or occupy its URL.
  • Invading privacy through the misuse of camera-equipped mobile phones.
  • Defaming and inflicting damage on other individuals through the use of various information technology devices. (Anti-Cybercrimes Law art. 3.)

Additionally, the law imposes up to three years’ imprisonment and a fine of 2 million Saudi riyals (approximately US$532,835), or either penalty for gaining illegal access to the bank or credit information of another person, or data pertaining to the ownership of securities. (Art. 5.)

Finally, the law punishes with a term of imprisonment not exceeding three years and a fine of 3 million Saudi riyals (approximately US$799,250), or either penalty for committing any of the following acts:

  • Accessing an information network without authorization for the purpose of canceling, deleting, destroying, leaking, damaging, altering, or redistributing private information.
  • Causing an information network to freeze or break down.
  • Destroying, deleting, leaking, damaging, or altering existing or used programs or data.
  • Impeding access to an information network.
  • Altering data without authorization.
  • Causing an information network to break down in order stop public services. (Art. 6.)

George Sadek, Law Library of Congress
February 5, 2024

Read more Global Legal Monitor articles.

About this Item

Title

  • Saudi Arabia: National Cybersecurity Authority Issues New Regulations, Instructions, and Procedures to Enhance Cybersecurity Readiness

Online Format

  • web page

Rights & Access

Publications of the Library of Congress are works of the United States Government as defined in the United States Code 17 U.S.C. §105 and therefore are not subject to copyright and are free to use and reuse.  The Library of Congress has no objection to the international use and reuse of Library U.S. Government works on loc.gov. These works are also available for worldwide use and reuse under CC0 1.0 Universal. 

More about Copyright and other Restrictions.

For guidance about compiling full citations consult Citing Primary Sources.

Credit Line: Law Library of Congress

Cite This Item

Citations are generated automatically from bibliographic data as a convenience, and may not be complete or accurate.

Chicago citation style:

Sadek, George. Saudi Arabia: National Cybersecurity Authority Issues New Regulations, Instructions, and Procedures to Enhance Cybersecurity Readiness. 2024. Web Page. https://www.loc.gov/item/global-legal-monitor/2024-02-04/saudi-arabia-national-cybersecurity-authority-issues-new-regulations-instructions-and-procedures-to-enhance-cybersecurity-readiness/.

APA citation style:

Sadek, G. (2024) Saudi Arabia: National Cybersecurity Authority Issues New Regulations, Instructions, and Procedures to Enhance Cybersecurity Readiness. [Web Page] Retrieved from the Library of Congress, https://www.loc.gov/item/global-legal-monitor/2024-02-04/saudi-arabia-national-cybersecurity-authority-issues-new-regulations-instructions-and-procedures-to-enhance-cybersecurity-readiness/.

MLA citation style:

Sadek, George. Saudi Arabia: National Cybersecurity Authority Issues New Regulations, Instructions, and Procedures to Enhance Cybersecurity Readiness. 2024. Web Page. Retrieved from the Library of Congress, <www.loc.gov/item/global-legal-monitor/2024-02-04/saudi-arabia-national-cybersecurity-authority-issues-new-regulations-instructions-and-procedures-to-enhance-cybersecurity-readiness/>.