Web Content Viewer

Registration of Private Entities

Registration of Private Entities

The Saudi Data & AI Authority (SDAIA) is responsible for overseeing the implementation of the Personal Data Protection Law (PDPL), issued by Royal Decree No. (M/19) dated 09/02/1443 AH, and its amendments. SDAIA also ensures controllers' compliance by building a unified national register for controllers who process personal data within the Kingdom of Saudi Arabia.

Requirements

  • Ensuring the commercial registration is active and undeleted.
  • Delegating a representative for the entity through the "Delegation Management" at the Saudi Business Center.
For any inquiries or technical issues encountered during the registration process on the platform, please submit a request via the "Contact Us" option.

Step One: Appointment of a Private Entity Representative via Saudi Business Center:

  • Log in to the Business Platform: The authorized person shall log in to the Saudi Business Center Platform (https://business.sa) and subsequently select the "Business Platform" option.
  • Navigate to Electronic Services: Within "Electronic Services", proceed to "Inquiries and General Services" and select "Saudi Business Center".
  • Select "Delegation Management": From the displayed list of e-services, select "Delegation Management".
  • Complete Delegation Form and Upload Supporting Documents: The authorized person is required to create a new delegation and complete all requisite steps. First, select the Commercial Registration for the entity. Next, select (Saudi Data & AI Authority) as a service provider. Finally, select service name (Representing and Registering on the National Data Governance Platform and Completing Procedures).


Step Two: Registering on the National Data Governance Platform
To effect registration on the National Data Governance Platform, the designated representative must complete the entity registration by following these steps:

  • Select "Register Private Entities": The representative shall select the "Private Entities" option available on the platform.
  • Initiate the Service: The representative shall click "Start Service" to begin the registration process.
  • Sign in: The representative shall sign in via the National Single Sign-On (Nafath).
  • Eligibility Assessment for Registration: The representative shall confirm the entity's fulfillment of the prescribed eligibility criteria for the platform registration, in accordance with the cases stipulated in Article (2) of the Rules Governing the National Register of Controllers within the Kingdom.
  • Complete the Profile Information: The representative is required to complete all mandatory information within both the entity's and the representative's profiles.
  • Eligibility Assessment for Data Protection Officer (DPO) Appointment: The representative must determine the mandatory requirement for appointing a DPO, in accordance with the conditions stipulated in Article (32) of the PDPL Implementing Regulation.
  • Eligibility Assessment for Registration in Artificial Intelligence Ethics.
  • Certificate Issuance: Upon the successful completion of all preceding steps, the National Personal Data Protection Register Certificate will be duly issued to the entity.


The establishment owner may directly access the platform and complete the registration process steps, or appoint a representative using "Delegation Management" under the Saudi Business Center.

The Rules Governing the National Register of Controllers Within the Kingdom

Download File View Details

The registration aims to building a national register of controllers, including public entities, private entities, and individuals that process personal data related to individuals residing in the Kingdom, and support them by providing services related to the protection of personal data and ensuring their compliance with the law and its implementing regulations.

Any controller that collects and processes the personal data of individuals who are citizens or residents of Kingdom of Saudi Arabia.

Any public entity, natural person or private legal person that specifies the purposes and manner of processing personal data, whether the data is processed by that controller or by the Processor.

Registration is mandatory in the following situations:
1.If Controller processes sensitive data.
2.If the Controller’s main activity is based on processing personal data.

As stipulated in Article (2) of Rules Governing the National Register of Controllers within Kingdom, which can be viewed here.


1.The authorized person should log in to the Saudi Business Center Platform (https://business.sa/).
2.Select “Business Platform”.
3.Sign in using the National Single Sign-On (Nafath).
4.Under Electronic Services navigate to “Inquiries and general services” and choose “Saudi Business Center”.
5.Click on Delegations Services.
6.Create a new Delegation and complete the necessary steps.
7.Select the Commercial Register for the entity.
8.Select (Saudi Data and Artificial Intelligence Authority “SDAIA”) as a service provider.
9.Select the name of service (representing and registering on National Data Governance Platform and completing procedures).

An entity delegate who was appointed in Authorization System of the Saudi Business Center

1.Sign in through the National Single Sign-On (Nafath)
2.Evaluate the eligibility for registration
3.Complete entity profile information
4.Assess the necessity of appointing a DPO
5.Evaluate the eligibility for registration in Artificial Intelligence Ethics
6.Issuing a certificate for the national register for personal data protection

To easily view the steps, click on Registration of Private Entities

Any natural person appointed by government or private controller, non-profit to complete entity registration procedures on the Platform. when using Platform, the representative must comply with the following:
•Complete entity registration procedures.
•Fill out the details of DPO as stipulated in Article (7) of Rules Governing the National Register of Controllers Within Kingdom.
•Fill out the details of AI System Owner (if any).
•View the assessment results and services provided on Platform.
•Update the controller’s data on regular basis to ensure it is up-to-date.

Any natural or legal person that applies or uses AI systems to achieve certain goals.

The Saudi Data & Al Authority (SDAIA) does not require any criteria regarding the entity’s representative, and it is subject to the discretion of the controller.

  • Entity's official e-mail
  • Entity's official contact number
  • Primary address
  • Headquarters
  • Entity logo

DPO is one or more natural persons appointed by Controller to be responsible for monitoring the implementation of the provisions of the Law and its Implementing Regulations, overseeing Procedures applicable by Controller, and receiving requests relate to Personal Data in accordance with provisions of the Law and its Implementing Regulations.
Required Data to be registered:

•ID number.
•Date of birth.
•Official contact information (mobile number and official e-mail).

Click here for an assessment to determine whether the appointment of a personal data protection officer is mandatory.

The services are used by the personal data protection officer (DPO) or the entity’s representative if the Controller entity is not obligated to appoint a personal data protection officer, according to the cases stipulated in Article (32) of the Implementing Regulations of PDPL.

Currently there is no registration fee.

Controller shall be notified thirty (30) days prior to the expiration date of the registration certificate. The certificate may be renewed after that.

Another certificate with the previous registration number is issued with a new issue date

The public can use the search service in the National Registry for Personal Data Protection by entering the entity’s name or registration number

Registration certificate is available to the public and it includes the following information:
•Registration serial number.
•Entity name.
•Entity logo.
•Entity official e-mail.
•Entity official contact number.
•Primary address.
•Issue and expiration date.
•QR code.

Platform provides a service for updating previously entered official information

The Saudi data & Al Authority(SDAIA) provides several services to the Controllers

Click here to view the available e-services


If you have any suggestions or technical issues, please submit a request via contact us option

Level 1: Aware.
Level 2: Adoptive.
Level 3: Confirmative.
Level 4: Assured.
Level 5: Visionary.

Any entity or individual involved in developing AI systems.

Yes, the validity period is 1 year.

AI ethics digital badges are optional badges awarded to an AI product after it advances and registers on the platform. These badges aim to encourage entities to enhance their adoption of AI ethics in their products.

Any entity or individual involved in developing AI systems.

AI Ethics Assessment is a tool designed to enable entities to conduct a comprehensive and systematic analysis of the extent of their compliance with ethical standards in the development and application of artificial intelligence technologies. The process begins by identifying and evaluating all potential risks and the severity of their impact. The tool also includes questions in each principle of ethics to assess the level of ethical commitment of the artificial intelligence model.

Back Start Service