This page describes the applicable laws and regulations in the areas of Cloud Computing in the Kingdom of Saudi Arabia.
Saudi Arabia’s Communications & Information Technology Commission (CITC) has issued a Cloud Computing Regulatory Framework (CCRF) based on international best practices and public consultation analysis. The CCRF provides the rights and obligation for cloud service providers and individual Cloud Customers, Government entities and Enterprises operating in KSA.
As per CCRF, Cloud customers need to choose their appropriate security level based on the level of required information security by the customer. These levels are classified by CITC, and are as follows: