Registration of Private Entities

Any controller that collects and processes the personal data of individuals who are citizens or residents of Kingdom of Saudi Arabia.

Any public entity, natural person or private legal person that specifies the purposes and manner of processing personal data, whether the data is processed by that controller or by the Processor.

Registration is mandatory in the following situations:
1.If Controller processes sensitive data.
2.If the Controller’s main activity is based on processing personal data.

As stipulated in Article (2) of Rules Governing the National Register of Controllers within Kingdom, which can be viewed here.

1.The authorized person should log in to the Saudi Business Center Platform (https://business.sa/).
2.Select “Business Platform”.
3.Sign in using the National Single Sign-On (Nafath).
4.Under Electronic Services navigate to “Inquiries and general services” and choose “Saudi Business Center”.
5.Click on Delegations Services.
6.Create a new Delegation and complete the necessary steps.
7.Select the Commercial Register for the entity.
8.Select (Saudi Data and Artificial Intelligence Authority “SDAIA”) as a service provider.
9.Select the name of service (representing and registering on National Data Governance Platform and completing procedures).

An entity delegate who was appointed in Authorization System of the Saudi Business Center

1.Sign in through the National Single Sign-On (Nafath)
2.Evaluate the eligibility for registration
3.Complete entity profile information
4.Assess the necessity of appointing a DPO
5.Evaluate the eligibility for registration in Artificial Intelligence Ethics
6.Issuing a certificate for the national register for personal data protection

To easily view the steps, click on Registration of Private Entities

Any natural person appointed by government or private controller, non-profit to complete entity registration procedures on the Platform. when using Platform, the representative must comply with the following:
•Complete entity registration procedures.
•Fill out the details of DPO as stipulated in Article (7) of Rules Governing the National Register of Controllers Within Kingdom.
•Fill out the details of AI System Owner (if any).
•View the assessment results and services provided on Platform.
•Update the controller’s data on regular basis to ensure it is up-to-date.

Any natural or legal person that applies or uses AI systems to achieve certain goals.

The Saudi Data & Al Authority (SDAIA) does not require any criteria regarding the entity’s representative, and it is subject to the discretion of the controller.

• Entity's official e-mail
• Entity's official contact number
• Primary address
• Headquarters
• Entity logo
  

DPO is one or more natural persons appointed by Controller to be responsible for monitoring the implementation of the provisions of the Law and its Implementing Regulations, overseeing Procedures applicable by Controller, and receiving requests relate to Personal Data in accordance with provisions of the Law and its Implementing Regulations.
Required Data to be registered:

•ID number.
•Date of birth.
•Official contact information (mobile number and official e-mail).

Click here for an assessment to determine whether the appointment of a personal data protection officer is mandatory.

The services are used by the personal data protection officer (DPO) or the entity’s representative if the Controller entity is not obligated to appoint a personal data protection officer, according to the cases stipulated in Article (32) of the Implementing Regulations of PDPL.

Currently there is no registration fee.

Controller shall be notified thirty (30) days prior to the expiration date of the registration certificate. The certificate may be renewed after that.

Another certificate with the previous registration number is issued with a new issue date

The public can use the search service in the National Registry for Personal Data Protection by entering the entity’s name or registration number

Registration certificate is available to the public and it includes the following information:
•Registration serial number.
•Entity name.
•Entity logo.
•Entity official e-mail.
•Entity official contact number.
•Primary address.
•Issue and expiration date.
•QR code.

Platform provides a service for updating previously entered official information

The Saudi data & Al Authority(SDAIA) provides several services to the Controllers

Click here to view the available e-services

If you have any suggestions or technical issues, please submit a request via contact us option

Level 1: Aware.
Level 2: Adoptive.
Level 3: Confirmative.
Level 4: Assured.
Level 5: Visionary.

Any entity or individual involved in developing AI systems.

Yes, the validity period is 1 year.

AI ethics digital badges are optional badges awarded to an AI product after it advances and registers on the platform. These badges aim to encourage entities to enhance their adoption of AI ethics in their products.

Any entity or individual involved in developing AI systems.

AI Ethics Assessment is a tool designed to enable entities to conduct a comprehensive and systematic analysis of the extent of their compliance with ethical standards in the development and application of artificial intelligence technologies. The process begins by identifying and evaluating all potential risks and the severity of their impact. The tool also includes questions in each principle of ethics to assess the level of ethical commitment of the artificial intelligence model.