Detailed overview
Saudi Arabia does not currently have one comprehensive horizontal AI Act equivalent to the EU AI Act. Its AI framework is based on national AI strategy, official AI ethics principles, data and AI governance, sectoral regulation and existing laws.
SDAIA AI Ethics Principles
The Saudi Data and Artificial Intelligence Authority, SDAIA, has issued official AI Ethics Principles. These principles are intended to support responsible AI development and use in line with national strategies and to reduce negative impacts and risks associated with AI systems. They are relevant for organisations that design, develop, deploy, implement or use AI systems in Saudi Arabia.
The AI Ethics Principles are aimed at building trustworthy AI. They address governance, accountability, transparency, fairness, human oversight, safety, privacy, security and responsible use. They are not the same as a single statutory AI licensing regime, but they are an important official benchmark for AI projects in Saudi Arabia.
Ethics self-assessment and other tools
Saudi Arabia also operates an AI ethics self-assessment service through the National Data Governance Platform. The service allows controllers to compare their current AI practices with ethical criteria and assess their level of ethical commitment in the development and application of AI technologies.
Saudi Arabia has official tools and initiatives connected with AI service provider accreditation, regulatory sandboxes and generative AI guidance for government entities. These materials reflect a governance-first approach focused on responsible adoption, data protection, public-sector use and AI capability development.
Existing-law overlays
AI systems in Saudi Arabia may also be regulated under existing laws. AI involving personal data may trigger personal-data protection obligations. AI used in finance, healthcare, telecoms, education, government, cybersecurity, employment or consumer services may be subject to sector-specific rules. AI misuse may also trigger civil, administrative or criminal liability depending on the conduct.
Penalties
Saudi Arabia does not currently have one general AI-specific penalty table equivalent to the EU AI Act. Penalties depend on the underlying law breached, such as data protection, cybersecurity, criminal law, sectoral regulation or licensing rules.
Practical requirements & details
Sourced from SDAIA AI Ethics Principles, SDAIA Generative AI Guidelines for Government, Personal Data Protection Law (PDPL) and its implementing regulation, the Anti-Cybercrime Law, and sectoral rules (SAMA, MoH, MCIT).
SDAIA AI Ethics Principles
- Fairness; privacy and security; humanity; social and environmental benefits; reliability and safety; transparency and explainability; accountability and responsibility.
- Apply to design, development, deployment, implementation and use of AI in Saudi Arabia.
Generative AI Guidelines for Government
- Set principles, use cases, risk categories and governance steps for government entities using generative AI.
AI ethics self-assessment service
- Run via the National Data Governance Platform.
- Lets controllers compare current AI practices with ethical criteria and assess level of ethical commitment.
PDPL overlay
- Lawful basis (consent or legitimate interests where applicable), purpose limitation, data subject rights.
- Automated decisions producing legal effects: rights to human review and explanation.
- Cross-border transfers permitted only with safeguards.
- PDPL fines: up to SAR 5 million per violation, doubled for repeat; criminal sanctions for sensitive-data breaches.
Sector overlays
- SAMA on AI use by banks, insurers and fintechs.
- MoH on AI as a medical device.
- MCIT general digital and licensing rules.
- Anti-Cybercrime Law: AI-generated impersonation, fraud, defamation, extremist content.