Under the Cloud Computing Services Provisioning Regulations, government entities are permitted to host their data only with cloud service providers (CSPs) that hold the appropriate licences or registrations issued by the Communications, Space & Technology Commission of Saudi Arabia (CST). Section 3.3.7 mandates that subscribers whose data is classified as data of Saudi government agencies must utilise CSPs registered with the CST.
These Regulations represent the fourth iteration of this legislative framework. Since the introduction of the initial version, the legislation has included progressively stringent provisions. Notably, Section 3.3.9 prohibited the transferring, storing, or processing only of Level 3 data unless the provider was registered with local authorities. Level 3 data encompasses, among other categories, sensitive information managed by public authorities.

The Regulatory Arrangements for the Local Content and Government Procurement Law mandates the Local Content and Government Procurement Authority (LCGPA) to set local content requirements for individual contracts, track the amount of local content used by contractors, and obtain and audit commitments by contractors to increase their reliance on local content in the public procurement. The Law defines local content as “total spending in Saudi Arabia from the participation of Saudi elements in the workforce, goods, services, assets, technology, etc.” The Law requires the bidder in public procurement to include a list of items provided locally in their proposal, and this list of items will vary for each bidding. The bidder should meet a minimum baseline of local content provided by LCGPA in order to participate. LCGPA also manages an online portal through which contractors register their commitments to increase local content. Contractors who fall short of their commitments will be fined and could be blacklisted from procurement for repeated failures to honour commitments over the long term.

Companies have reported prolonged delays and difficulties in receiving payments for procurement contracts with national and regional government entities in Saudi Arabia, with some payment delays reportedly exceeding two years.

According to Sections 2.1-2.5 of the Economic Participation Policy, foreign companies participating in local tenders exceeding SAR 100 million (approx. USD 26.3 million) are required to demonstrate an economic contribution to the Kingdom of at least 35% of the total value of the tender.

It is reported that, as January 2024, all international companies must establish a regional headquarters (RHQ) in Saudi Arabia in order to bid for government contracts, except where the cumulative annual value of contracts is below USD 266,000. RHQ licences are obtained via the Ministry of Investment’s “Invest Saudi” platform, and the RHQ must perform strategic and management functions (such as budgeting, business planning, monitoring regional markets and reporting) and employ at least 15 full-time staff in its first year, including three senior executives. The Saudi government may still award contracts to sole suppliers of specific technology or intellectual property without an RHQ, and to non-RHQ companies where their bid is at least 25% lower than that of an RHQ company.
The main concerns reported by foreign companies regarding the HQ policy include the absence of a clear legislative or regulatory basis, uncertainty over the rights and obligations attached to RHQ status and a lack of clarity and predictability concerning the applicable tax regime.

Saudi Arabia is not a party to the World Trade Organization (WTO) Agreement on Government Procurement (GPA). However, the country has been an observer of the WTO GPA since 2007.

Pursuant to Section 11.03 of the Ministry of Investment Services Manual, foreign ownership in the telecommunications sector is generally permitted, subject to specific restrictions depending on the nature of the activity. For telecommunications services, foreign ownership is limited to a maximum of 60%, whereas for value-added communications services, the cap is set at 70%.

Under Art. 6 of the Rules for Foreign Investment in Securities, Saudi Arabia applies specific maximum foreign equity share limits to listed companies. A non-resident foreign investor (other than a foreign strategic investor) may not own 10% or more of the shares or convertible debt instruments of any listed issuer. In addition, the aggregate holdings of all foreign investors (resident and non-resident, excluding foreign strategic investors) in any single listed issuer may not exceed 49% of its shares or convertible debt instruments, subject also to stricter limits that may be set in the company’s articles of association or other applicable regulations.

According to Section 5.1.2 of the Regulations of Localization Obligations for Telecommunications Service Providers, operators holding licences or permits such as the Unified Facility-Based Telecommunications Services Licence, Facilities-Based Fixed Telecommunications Services Licence, Mobile Virtual Network Operator (MVNO) Licence, Internet of Things Virtual Network Operator (IoT-VNO) Services Licence, and the Licence to Provide Wholesale Services for Infrastructure must comply with specified Saudization (localisation) requirements for leadership and general staff positions.
These providers must ensure that the Chief Executive Officer is a Saudi national, that Senior Management (Level I) positions are localised at a rate of at least 75%, that Senior Management (Level II) positions are localised at a rate of at least 80%, and that an overall localisation rate of no less than 80% is achieved across all employees in the company.

According to Art. 7 of the Investment Law of 2024, the Ministry of Investment is required to establish a national register of investors and to receive investors’ applications for the legal approvals necessary to engage in investment activities, including the issuance of any licences or permits. Under Art. 8, the competent authority must issue and update a list of excluded (negative list) activities, which the Ministry must publish, and any foreign investor wishing to engage in an activity included in this list must first obtain prior approval from the Ministry of Investment. It is reported that the negative list covers, inter alia, audiovisual and media services, electronic mail services, the provision of online information and database retrieval services, as well as several telecommunications services.

Foreign investors must comply with Saudi Arabia’s Saudization policy, implemented through the Nitaqat programme, which aims to increase the proportion of Saudi nationals (including women) employed in the private sector. The programme requires companies to employ a minimum percentage of Saudi citizens, with quotas that vary by sector, company size, and occupation and are periodically revised by the Ministry of Human Resources and Social Development. Under current practice, foreign investors are expected to submit an investment and Saudization plan when applying for registration or an investment licence with the Ministry of Investment (MISA), indicating their projected Saudization levels over time; this plan is taken into account when assessing the investment project.

According to Art. 8(4) of the Implementing Regulations of the Law of Patents, Layout-Designs of Integrated Circuits, Plant Varieties, and Industrial Designs, any patent applicant residing outside the Kingdom must appoint an authorised agent within Saudi Arabia.

Saudi Arabia is a party to the Patent Cooperation Treaty (PCT).

Art. 35 of the Government Tenders and Procurement Law provides that government contracts may include knowledge transfer obligations, encompassing both practical and theoretical skills. Art. 58 of Ministerial Decision No. 3479/1441 (Implementing Regulations) further allows the competent authority to conclude contracts aimed at industry localisation and knowledge transfer, provided this does not result in monopolisation and takes account of technological and industrial developments. The authority must, in coordination with the Center of Spending Efficiency (CSE) and relevant bodies, prepare a feasibility study, obtain ministerial approval, and then develop the tender documents and contract forms. The resulting agreement must also specify, in coordination with the beneficiaries, the quantities or proportions of localised products or knowledge that government entities commit to purchase.