top of page

Data Protection & Cybersecurity Related Laws In The GCC

While cybersecurity or even espionage-related laws have received much attention around the globe in the past years, it is quite recent that GCC states have paid much attention to this matter. This has been reflected by the fact that cybersecurity strategies in the region are barely a decade old, and cybersecurity bodies are still gradually being established. Nonetheless, cybersecurity bears major geopolitical implications for GCC states. It has been stated by cybersecurity experts that due to the geopolitical tensions’ dominant in certain relations, GCC states will be the target of state-sponsored cyberattacks more than other types of attacks. In addition, many of those attacks will be directed to state-dependent supplies such as oil and gas, electro-grids, and due to geopolitical position.

The current laws and policies in place are not sufficient to tackle and criminalize the general conduct of cyber crime due to the absence of comprehensive laws and the massive influence that culture, internal social considerations, and political considerations have on the drafting of regulations. Due to the lack of such comprehensive laws in the GCC, judges will be led to bestowing their individual discretion on related cases. Comprehensive frameworks, as well the inclusion of cooperation provisions in laws are vital in combating and criminalizing the conduct of cyber attacks and cyber espionage, and this will only be accomplished via a consensus between all states.

 

*This is not an extensive list of data protection and cybersecurity related laws as most GCC States do not have comprehensive data protection and cybersecurity laws. 

*There are also sector specific provisions in laws that are not specified.

Technical%20Lines%20Oman%20Flag_edited.j

Sultanate of Oman 

  • The Electronic Transactions Law (Royal Decree No. 69 of 2008)

  • The Cyber Crime Law (Royal Decree No. 12 of 2011)

  • The Personal Data Protection Law (Royal Decree N. 6 of 2022)

Technical Lines UAE Flag.jpg

United Arab Emirates

  • Penal Code (Federal Law No. 3 of 1987 (Article 379) as amended)

  • Cyber Crime Law (Federal Law No. 5 of 2012 as amended by Federal Law No. 12 of 2016 and Federal Law No. 2 of 2018)

  • The Data Protection Law (Federal Law No. 45 of 2021)

Technical Lines KSA Flag.jpg

Saudi Arabia 

  • The Anti-Cyber Crime Law (Royal Decree No. M/17, dated 8/3/1428H)

  • Shari’a Principles

Technical Lines Bahrein Flag.jpg

Kingdom of Bahrain 

  • Law No. 60 of 2014 on IT Crimes

  • Law No. 30 of 2018 on Personal Data Protection

Technical Lines Qatar Flag.jpg

State of Qatar 

  • Law No. 14 of 2014 on Cyber Crime Prevention 

  • Law No. 13 of 2016 on Data Protection

Technical Lines Kuwait Flag.jpg

State of Kuwait 

  • Law No. 20 of 2014 on Electronic Commerce 

  • Law No. 63 of 2015 on Combating Information Technology Crimes

bottom of page