According to Art. 9 of the Government Tenders and Procurement Law, priority in public procurement must be given to local small and medium-sized enterprises (SMEs), local content and companies listed on the Capital Market. Art. 30 further provides that local SMEs should be prioritised where the value of government purchases does not exceed SAR 500,000 (approx. USD 130,000).
In addition, the Regulation on Preference for Local Content, Local SMEs, and Publicly Listed Companies establishes price preferences in government tenders. Under Art. 4 of the Regulation, government entities must grant a 10% bidding price advantage to local SMEs in which Saudi nationals hold more than 50% ownership, and a 5% price advantage to publicly listed companies.

According to Art. 10 of the Regulations on Preference for Local Content and Local SMEs and Companies Listed on the Capital Market in Business and Procurement Transactions, government agencies must apply the National Product Price Preference Mechanism to all contracts in respect of national products that are not included in the mandatory list. Under this mechanism, a national product is granted a price preference by deeming, for evaluation purposes, that the price of the foreign competing product is 10% higher than the price indicated in its bid.

Under the Cloud Computing Services Provisioning Regulations, government entities are permitted to host their data only with cloud service providers (CSPs) that hold the appropriate licences or registrations issued by the Communications, Space & Technology Commission of Saudi Arabia (CST). Section 3.3.7 mandates that subscribers whose data is classified as data of Saudi government agencies must utilise CSPs registered with the CST.
These Regulations represent the fourth iteration of this legislative framework. Since the introduction of the initial version, the legislation has included progressively stringent provisions. Notably, Section 3.3.9 prohibited the transferring, storing, or processing only of Level 3 data unless the provider was registered with local authorities. Level 3 data encompasses, among other categories, sensitive information managed by public authorities.

The Regulatory Arrangements for the Local Content and Government Procurement Law mandates the Local Content and Government Procurement Authority (LCGPA) to set local content requirements for individual contracts, track the amount of local content used by contractors, and obtain and audit commitments by contractors to increase their reliance on local content in the public procurement. The Law defines local content as “total spending in Saudi Arabia from the participation of Saudi elements in the workforce, goods, services, assets, technology, etc.” The Law requires the bidder in public procurement to include a list of items provided locally in their proposal, and this list of items will vary for each bidding. The bidder should meet a minimum baseline of local content provided by LCGPA in order to participate. LCGPA also manages an online portal through which contractors register their commitments to increase local content. Contractors who fall short of their commitments will be fined and could be blacklisted from procurement for repeated failures to honour commitments over the long term.

Companies have reported prolonged delays and difficulties in receiving payments for procurement contracts with national and regional government entities in Saudi Arabia, with some payment delays reportedly exceeding two years.

According to Sections 2.1-2.5 of the Economic Participation Policy, foreign companies participating in local tenders exceeding SAR 100 million (approx. USD 26.3 million) are required to demonstrate an economic contribution to the Kingdom of at least 35% of the total value of the tender.

It is reported that, as January 2024, all international companies must establish a regional headquarters (RHQ) in Saudi Arabia in order to bid for government contracts, except where the cumulative annual value of contracts is below USD 266,000. RHQ licences are obtained via the Ministry of Investment’s “Invest Saudi” platform, and the RHQ must perform strategic and management functions (such as budgeting, business planning, monitoring regional markets and reporting) and employ at least 15 full-time staff in its first year, including three senior executives. The Saudi government may still award contracts to sole suppliers of specific technology or intellectual property without an RHQ, and to non-RHQ companies where their bid is at least 25% lower than that of an RHQ company.
The main concerns reported by foreign companies regarding the HQ policy include the absence of a clear legislative or regulatory basis, uncertainty over the rights and obligations attached to RHQ status and a lack of clarity and predictability concerning the applicable tax regime.

Saudi Arabia is not a party to the World Trade Organization (WTO) Agreement on Government Procurement (GPA). However, the country has been an observer of the WTO GPA since 2007.

Pursuant to Section 11.03 of the Ministry of Investment Services Manual, foreign ownership in the telecommunications sector is generally permitted, subject to specific restrictions depending on the nature of the activity. For telecommunications services, foreign ownership is limited to a maximum of 60%, whereas for value-added communications services, the cap is set at 70%.

Under Art. 6 of the Rules for Foreign Investment in Securities, Saudi Arabia applies specific maximum foreign equity share limits to listed companies. A non-resident foreign investor (other than a foreign strategic investor) may not own 10% or more of the shares or convertible debt instruments of any listed issuer. In addition, the aggregate holdings of all foreign investors (resident and non-resident, excluding foreign strategic investors) in any single listed issuer may not exceed 49% of its shares or convertible debt instruments, subject also to stricter limits that may be set in the company’s articles of association or other applicable regulations.

According to Section 5.1.2 of the Regulations of Localization Obligations for Telecommunications Service Providers, operators holding licences or permits such as the Unified Facility-Based Telecommunications Services Licence, Facilities-Based Fixed Telecommunications Services Licence, Mobile Virtual Network Operator (MVNO) Licence, Internet of Things Virtual Network Operator (IoT-VNO) Services Licence, and the Licence to Provide Wholesale Services for Infrastructure must comply with specified Saudization (localisation) requirements for leadership and general staff positions.
These providers must ensure that the Chief Executive Officer is a Saudi national, that Senior Management (Level I) positions are localised at a rate of at least 75%, that Senior Management (Level II) positions are localised at a rate of at least 80%, and that an overall localisation rate of no less than 80% is achieved across all employees in the company.

In August 2024, following publication in the GCC Technical Secretariat’s Official Gazette (Vol. 47, 20 August 2024), the GCC Member States, included Saudi Arabia, imposed definitive anti-dumping duties for five years on imports of electrical connectors, switches, sockets and plugs for a voltage not exceeding 1,000 volts (HS 853669, 853650, 85444291, 85444221) originating in or exported from the People’s Republic of China; the duty rates range from 11.3% to 42% by exporter.

Art. 3 of the Government Tenders and Procurement Law stipulates that foreign suppliers can only participate in the public procurement only if the following conditions apply:
- the relevant scope of work shall be posted on the procurement portal to ensure that there is no more than one local person qualified to carry out the work; and
- the Ministry of Investment (the key regulator of foreign investment) approves the arrangement.

Saudi Arabia applies a “Mandatory List” of national products in government procurement. Under the Regulations on Preference for Local Content and Local SMEs and Companies Listed on the Capital Market, the Mandatory List is defined as a list of national products issued and regularly updated by the Local Content and Government Procurement Authority (LCGPA) (Art. 1) and made available on the LCGPA website. Government entities shall require bidders to source the products in the Mandatory List locally (Arts. 4(1) and 7(1)). In practice, foreign suppliers cannot offer imported products in categories covered by the Mandatory List and must either source listed items from Saudi manufacturers or localise production (e.g. through joint ventures or local manufacturing), otherwise their bids may be rejected or their supplies refused for non-compliance.

Art. 11.9 of the Regulations for Importation and Licensing of Telecommunications and Information Technology Equipment provides a general requirement to disclose details of encryption systems contained in ICT equipment being imported, including equipment imported for government public procurement.