Intelligence

AI Governance Intelligence

Regulatory analysis, enforcement decisions, and governance frameworks — mapped to Saudi law.

Analysis & Commentary

Regulatory Clarity

PDPL Article 29: What 'Adequate Protection' Actually Requires

The Implementing Regulations clarify the conditions under which personal data may be transferred outside Saudi Arabia. Most organizations are not meeting the threshold.

28 April 2026

Regulatory Clarity

NCA ECC-2:2024: The 108 Controls Your AI Vendor Must Meet

Saudi organizations are responsible for their vendors' compliance with NCA ECC-2:2024. We break down the 108 controls and what they mean for AI procurement.

14 April 2026

Data Governance

Shadow AI Is a PDPL Violation Before It's an IT Problem

Employees using unauthorized AI tools are creating undocumented personal data processing activities. PDPL treats the organization — not the employee — as the controller.

7 April 2026

Enforcement

48 Enforcement Decisions: What SDAIA Has Actually Penalised

A forensic review of every confirmed SDAIA enforcement decision since November 2024 reveals patterns that most compliance assessments miss.

1 April 2026

Operational Reality

The Gap Between Self-Assessment and Actual Readiness

Organizations that score themselves highly on AI governance questionnaires consistently underperform in clause-level audits. The gap is structural, not operational.

22 March 2026

Data Governance

Cross-Border Transfer Under PDPL: The Adequacy List That Doesn't Exist Yet

Saudi Arabia has not published a formal adequacy list. Until it does, every cross-border data transfer requires a documented legal basis — and most don't have one.

15 March 2026

Stay Current

Enforcement moves fast.

Take the free scorecard to understand your current exposure across all six regulatory frameworks.

Take the Free Scorecard