3
Disclaimer: In the event of any discrepancy between the Arabic and the English versions, the Arabic version shall prevail in determining of this Law.
In the Name of Allah, the Most Gracious, the Most Merciful
Council of Ministers Resolution No. (592), dated 01/11/1443 AH
The Council of Ministers,
Having reviewed the Case received from the Royal Court No. (32021), dated 22/05/1443 AH, which includes
the Telegram of H.H the Minister of Communications and Information Technology No. (01/40/5118), dated
18/09/1440 AH, regarding the Draft Telecommunication and Information Technology Act;
Having reviewed the Draft Act referred to above; and
Telecommunications Act, enacted by virtue of Royal Decree (M/12), dated 12/03/1422 AH;
Notes No. (1157), dated 11/07/1442 AH, No. (1955), dated 11/11/1442 AH, No. (2273). dated 18/12/1442 AH, No.
(359), dated 12/02/1443 AH, No. (2192), dated 24/09/1443 AH, prepared by the Bureau of Experts at the
Council of Ministers;
Having reviewed recommendation issued by the Council of Economic and Development Affairs No. (12-
46/43/d), dated 11/10/1443 AH;
Having considered the Shura Council Resolution No. (85/16), dated 16/05/1443 AH; and
Recommendation of the General Committee of the Council of Ministers No. (9465), dated 29/10/1443 AH,
Decided the Following:
First: Approving the Telecommunications and Information Technology Act, in the enclosed form.
Second: Provisions of the Act, referred to in Clause “First” herein, shall not invalidate licenses issued prior
to enforcement thereof. Further, any entity providing telecommunication or information technology
services, since the Act enforcement date, must correct its situation in accordance with its provisions
within twelve months from its enforcement date.
Third: Enforcement of the Act, referred to in Clause “First” herein, and its Bylaws shall not prejudice
competencies and duties of the National Cybersecurity Authority.
Fourth: Communications and Information Technology Commission shall follow up on service providers’
exercise of due diligence to ensure the protection of cybersecurity and critical infrastructure, in
accordance with NCA controls and guidelines. In this context, National Cybersecurity Authority has the
right to:
1. Require service providers to conclude mutual agreements to realize the aforementioned
objectives, in accordance with National Cybersecurity Authority controls and guidelines.
2. Follow up and verify adequacy of cybersecurity level of service providers, in accordance with NCA
controls and guidelines.
3. Charge service providers cost of such follow-up process if found negligent.
4. Impose penalties stipulated in Article (Twenty-seventh) of the Act, referred to in Clause “First”
herein, on service providers breaching this Clause.
The National Cybersecurity Authority Board of Directors may decide to revoke this Clause after
coordinating with Communications and Information Technology Commission.
A Draft Royal Decree has been produced to that effect, in the enclosed form.
Fifth: Fees, referred to in Articles (Fourth) and (Thirty-ninth) of the Act, referred to in Clause “First” herein,
shall be determined in agreement with Ministry of Finance and Non-Oil Revenue Development Center,
until issuance of (Regulations for the Practice of Public Bodies, Institutions and the Like Imposing Fees
against their Services and Works) and application thereof.