According to Art. 7 of the Investment Law of 2024, the Ministry of Investment is required to establish a national register of investors and to receive investors’ applications for the legal approvals necessary to engage in investment activities, including the issuance of any licences or permits. Under Art. 8, the competent authority must issue and update a list of excluded (negative list) activities, which the Ministry must publish, and any foreign investor wishing to engage in an activity included in this list must first obtain prior approval from the Ministry of Investment. It is reported that the negative list covers, inter alia, audiovisual and media services, electronic mail services, the provision of online information and database retrieval services, as well as several telecommunications services.

Foreign investors must comply with Saudi Arabia’s Saudization policy, implemented through the Nitaqat programme, which aims to increase the proportion of Saudi nationals (including women) employed in the private sector. The programme requires companies to employ a minimum percentage of Saudi citizens, with quotas that vary by sector, company size, and occupation and are periodically revised by the Ministry of Human Resources and Social Development. Under current practice, foreign investors are expected to submit an investment and Saudization plan when applying for registration or an investment licence with the Ministry of Investment (MISA), indicating their projected Saudization levels over time; this plan is taken into account when assessing the investment project.

According to Art. 8(4) of the Implementing Regulations of the Law of Patents, Layout-Designs of Integrated Circuits, Plant Varieties, and Industrial Designs, any patent applicant residing outside the Kingdom must appoint an authorised agent within Saudi Arabia.

Saudi Arabia is a party to the Patent Cooperation Treaty (PCT).

Saudi Arabia has a copyright regime under the Royal Decree No. M/41 on Copyright Law. However, the exceptions do not follow the fair use or fair dealing model, therefore limiting the lawful use of copyrighted work by others. Art. 15 lists the exceptions, which include copying the work for personal use, quoting passages from the work in another work, and using the work by way of clarification for educational purposes, among others.

According to Art. 9 of the Government Tenders and Procurement Law, priority in public procurement must be given to local small and medium-sized enterprises (SMEs), local content and companies listed on the Capital Market. Art. 30 further provides that local SMEs should be prioritised where the value of government purchases does not exceed SAR 500,000 (approx. USD 130,000).
In addition, the Regulation on Preference for Local Content, Local SMEs, and Publicly Listed Companies establishes price preferences in government tenders. Under Art. 4 of the Regulation, government entities must grant a 10% bidding price advantage to local SMEs in which Saudi nationals hold more than 50% ownership, and a 5% price advantage to publicly listed companies.

According to Art. 10 of the Regulations on Preference for Local Content and Local SMEs and Companies Listed on the Capital Market in Business and Procurement Transactions, government agencies must apply the National Product Price Preference Mechanism to all contracts in respect of national products that are not included in the mandatory list. Under this mechanism, a national product is granted a price preference by deeming, for evaluation purposes, that the price of the foreign competing product is 10% higher than the price indicated in its bid.

Under the Cloud Computing Services Provisioning Regulations, government entities are permitted to host their data only with cloud service providers (CSPs) that hold the appropriate licences or registrations issued by the Communications, Space & Technology Commission of Saudi Arabia (CST). Section 3.3.7 mandates that subscribers whose data is classified as data of Saudi government agencies must utilise CSPs registered with the CST.
These Regulations represent the fourth iteration of this legislative framework. Since the introduction of the initial version, the legislation has included progressively stringent provisions. Notably, Section 3.3.9 prohibited the transferring, storing, or processing only of Level 3 data unless the provider was registered with local authorities. Level 3 data encompasses, among other categories, sensitive information managed by public authorities.

Saudi Arabia is a signatory of the World Trade Organization (WTO) Information Technology Agreement (ITA) of 1996 but is not a signatory of its 2015 expansion (ITA II).

In August 2024, following publication in the GCC Technical Secretariat’s Official Gazette (Vol. 47, 20 August 2024), the GCC Member States, included Saudi Arabia, imposed definitive anti-dumping duties for five years on imports of electrical connectors, switches, sockets and plugs for a voltage not exceeding 1,000 volts (HS 853669, 853650, 85444291, 85444221) originating in or exported from the People’s Republic of China; the duty rates range from 11.3% to 42% by exporter.

Art. 3 of the Government Tenders and Procurement Law stipulates that foreign suppliers can only participate in the public procurement only if the following conditions apply:
- the relevant scope of work shall be posted on the procurement portal to ensure that there is no more than one local person qualified to carry out the work; and
- the Ministry of Investment (the key regulator of foreign investment) approves the arrangement.

Saudi Arabia applies a “Mandatory List” of national products in government procurement. Under the Regulations on Preference for Local Content and Local SMEs and Companies Listed on the Capital Market, the Mandatory List is defined as a list of national products issued and regularly updated by the Local Content and Government Procurement Authority (LCGPA) (Art. 1) and made available on the LCGPA website. Government entities shall require bidders to source the products in the Mandatory List locally (Arts. 4(1) and 7(1)). In practice, foreign suppliers cannot offer imported products in categories covered by the Mandatory List and must either source listed items from Saudi manufacturers or localise production (e.g. through joint ventures or local manufacturing), otherwise their bids may be rejected or their supplies refused for non-compliance.

Art. 11.9 of the Regulations for Importation and Licensing of Telecommunications and Information Technology Equipment provides a general requirement to disclose details of encryption systems contained in ICT equipment being imported, including equipment imported for government public procurement.

Art. 35 of the Government Tenders and Procurement Law provides that government contracts may include knowledge transfer obligations, encompassing both practical and theoretical skills. Art. 58 of Ministerial Decision No. 3479/1441 (Implementing Regulations) further allows the competent authority to conclude contracts aimed at industry localisation and knowledge transfer, provided this does not result in monopolisation and takes account of technological and industrial developments. The authority must, in coordination with the Center of Spending Efficiency (CSE) and relevant bodies, prepare a feasibility study, obtain ministerial approval, and then develop the tender documents and contract forms. The resulting agreement must also specify, in coordination with the beneficiaries, the quantities or proportions of localised products or knowledge that government entities commit to purchase.