stc
Sign in
Sign up

Saudi Regulations

This page describes the applicable laws and regulations in the areas of Cloud Computing in the Kingdom of Saudi Arabia.

Saudi Regulations
CITC CCRF

Saudi Arabia’s Communications & Information Technology Commission (CITC) has issued a Cloud Computing Regulatory Framework (CCRF) based on international best practices and public consultation analysis. The CCRF provides the rights and obligation for cloud service providers and individual Cloud Customers, Government entities and Enterprises operating in KSA.

As per CCRF, Cloud customers need to choose their appropriate security level based on the level of required information security by the customer. These levels are classified by CITC, and are as follows:

CITC Customer Content Classification
Level 1
Level 1
  • Non-sensitive Customer Content of individuals or private sector companies, not subject to any sector-specific restrictions on the outsourcing of data.
  • Customer Content qualifying for Level 2 or Level 3 treatment, for which the Cloud Customer agrees with Level 1 treatment.
Level 2
Level 2
  • Sensitive Customer Content of individuals, not subject to any sector-specific restrictions on the outsourcing of data.
  • Sensitive Customer Content of private sector companies or organizations, not subject to any sector-specific restrictions on the outsourcing of data.
  • Non-sensitive Customer Content from public authorities.
  • Customer Content qualifying for Level 1 or Level 3 treatment, for which the Cloud Customer requests Level 2 treatment.
Level 3
Level 3
  • Any Customer Content from private sector-regulated industries subject to a level categorization by virtue of sector-specific rules or a decision by a regulatory authority.
  • Sensitive Customer Content from public authorities.
  • Customer Content qualifying for Level 1 or Level 2 treatment, for which the Cloud Customer requests Level 3 treatment
Level 4
Level 4
  • Highly sensitive or secret Customer Content belonging to relevant governmental agencies or institutions.
Information classified 3 and above, is subject to transfer restrictions outside the Kingdom.stc Cloud has no difference of service, privacy or security for any level of classification.
For more information visit Saudi CITC’s websiteEnglish websiteArabic website
Copyright © 2024 stc cloud. All rights reserved
and