Category Archives: Articles

Saudi Arabia’s secured transactions framework rests on a principle that is both precise and unforgiving against third parties, priority follows perfection, and where perfection is achieved through registration, the date of registration, not the date on which the underlying agreement was signed, determines rank.

 

This is not a uniquely Saudi position. Many mature credit markets operate on the same logic, treating the act of filing or registration as the moment at which a security interest becomes enforceable against the world, regardless of when the parties first committed to paper. What distinguishes a well-functioning secured lending regime is not the existence of this rule, but the rigour with which it is applied and the extent to which practitioners internalise its consequences.

Article 19 of the Moveable Property Security Law gives this principle statutory expression. It permits multiple security interests to be created over the same collateral and establishes a transparent hierarchy for resolving conflicts between them. The hierarchy is straightforward in design but demanding in practice. A perfected interest prevails over an unperfected one. Where multiple interests have been perfected by registration, rank is determined by the order in which registration occurred. Where multiple interests have been perfected by possession, the order of possession controls. Only where all competing interests remain unperfected does the law fall back on the order of execution.

The practical implication is one that lenders and their counsel cannot afford to treat as theoretical. A creditor who signs first but registers second may find itself subordinated to a party who moved more quickly through the administrative process. In facilities where the same asset base supports multiple tranches of debt, the stakes of this sequencing are material.

Registration as a Transactional Condition

Framing registration as a post-closing administrative step is a misconception that carries real risk. A security package may be carefully negotiated, comprehensively documented, and commercially sound in every respect and yet, until the relevant interest is registered, the lender’s priority position is not secured. It is contingent. The security exists between the parties but does not bind third parties or establish rank.

These reframing matters: registration should be treated as a condition, whether precedent or subsequent. The transaction is not complete, from a priority perspective, until perfection has been achieved.

Who Bears the Burden, and Why It Matters

Responsibility for effecting registration typically falls on the borrower. As the party granting the security and the one with direct access to the relevant assets and records, the borrower is generally best placed to carry out the required filings. This allocation is standard and, in straightforward transactions, functions well.

In practice, however, many lenders choose not to rely on it. Where the timing and accuracy of registration directly determine the lender’s rank, and where a filing made a day late or with a technical deficiency could cost the lender its priority, delegating the process entirely to the borrower introduces a risk that is difficult to justify on commercial grounds. Prudent lenders frequently elect to oversee registration themselves, or to take direct control of the process, precisely because the consequences of error are not recoverable through subsequent negotiation.

The principle underlying this approach is simple. Priority, once lost to a faster-moving creditor, cannot be restored by agreement between the original parties. It requires the consent of the intervening creditor, which is rarely forthcoming on favourable terms. Prevention is the only reliable remedy.

For those structuring secured transactions in Saudi Arabia, execute carefully, register immediately, and treat registration with the same discipline you bring to the documentation itself.

For boards and senior decision-makers operating in complex or high-risk environments, the Lafarge case offers a clear and uncomfortable message, governance failures do not remain commercial problems for long. This article examines the principal liability lessons through a Saudi legal and regulatory lens.

 

In recent years, Lafarge, one of the world’s largest cement manufacturers, became the subject of significant criminal proceedings in multiple jurisdictions following the operation of a cement facility in northern Syria during the Syrian conflict. The company completed construction of a plant in Jalabiya in 2010, at a reported cost of approximately USD 680 million. When the conflict intensified in 2011, and armed groups gained control of surrounding territories, most multinational companies withdrew from the region. Lafarge did not.

Investigations later established that the company had authorized payments of approximately EUR 5.6 million to armed factions, including ISIS and Jabhat al-Nusra, through intermediaries. These payments were framed internally as necessary to maintain operational continuity. They were later characterized by prosecutors as material financial support to designated terrorist organizations

The legal consequences were substantial. In the United States, Lafarge entered a guilty plea and agreed to pay approximately USD 778 million in criminal penalties and forfeiture. In France, the company and several former senior executives faced criminal prosecution. The former Chief Executive Officer was sentenced to six years’ imprisonment; other senior figures received custodial sentences ranging from approximately 18 months to seven years. Critically, courts focused not only on the payments themselves, but on the internal decision-making structures that allowed operations to continue as risk escalated.

For boards and senior executives operating in or through complex markets, the Lafarge case is not a foreign cautionary tale. Its lessons are directly applicable under Saudi law.

MANAGEMENT LIABILITY UNDER SAUDI COMPANIES LAW

Under the Saudi Companies Law, directors and managers may be held personally liable for damages arising from violations of law, breaches of company bylaws, misuse of authority, or negligent management. This liability is not limited to deliberate misconduct. Failure to exercise reasonable care, properly assess emerging risks, or implement appropriate safeguards may itself give rise to personal exposure.

The key governance question that courts in the Lafarge proceedings kept returning to was not whether risk existed. It was whether leadership responded appropriately when warning signs began to emerge. That framing maps directly onto the standards applicable to directors and managers under Saudi law.

Joint Liability and the Record of Dissent

Where multiple directors participate in decisions that result in violations of law or mismanagement, Saudi law recognizes that liability may attach jointly to all members who approved or failed to object to those decisions. This principle applies with particular force where risk escalates gradually. In such circumstances, responsibility rarely rests with a single individual. It arises from a series of collective decisions that allow an organization to continue operating under increasingly uncertain conditions. One of the most critical protections available to a director under Saudi law is the formal recording of dissent. A director who disagrees with a proposed course of action must ensure that the objection is clearly documented in the board minutes. Failure to do so risks liability being attributed collectively, regardless of any private reservations expressed outside formal proceedings.

The Lafarge judgments reflect precisely this dynamic. Courts did not focus solely on the individuals who authorized individual payments. They examined the broader leadership structures that allowed continued engagement in a high-risk environment without sufficient escalation, challenge, or intervention.

Liability After Leaving Office

One of the most underestimated exposures under Saudi corporate law is the continuation of liability after an individual leaves office. Under Articles 29 and 30 of the Saudi Companies Law, directors and managers remain accountable for decisions made during their tenure, even after their resignation or replacement. Liability claims may generally be brought within 5 years from the end of the financial year in which the wrongful act occurred, or from the date of termination of the appointment, whichever is later. In cases involving fraud or forgery, limitation periods may extend further.

Resignation does not extinguish responsibility for past conduct. Decisions made during periods of elevated operational risk, particularly those involving reliance on third-party intermediaries or regulatory exposure, may remain legally reviewable long after roles and responsibilities have changed.

TERRORISM FINANCING EXPOSURE UNDER SAUDI LAW

The Lafarge case raises a dimension of risk that goes beyond the governance and corporate liability framework. It sits squarely within the scope of terrorism financing law, and the Saudi legal framework in this area is both broad and robust.

Under Saudi anti-terrorism legislation, terrorism financing is not limited to deliberate or knowing support for unlawful groups. It encompasses a wide range of conduct involving the provision of funds, assets, or other economic resources, whether directly or indirectly, to designated or prohibited entities. Transactions that appear operational in nature, payments for transportation, security, local logistics, or supply chain continuity, may later be interpreted as unlawful financing if the recipient is linked to prohibited entities or if appropriate due diligence was not conducted.

Direct and Indirect Financing Risk

Saudi anti-terrorism legislation adopts a broad definition of terrorism financing that includes provision through intermediaries, contractors, or agents. Indirect financing is not treated as a lesser category of exposure. Where funds ultimately benefit prohibited actors, responsibility may extend to the original decision-makers who authorized the transactions, regardless of the layers of commercial relationship through which those funds passed.

This creates a heightened compliance obligation for companies operating in complex or high-risk environments. The question is not simply who received payment, but how funds were ultimately used, and whether the organization conducted meaningful due diligence before authorizing the transaction and continued to monitor its counterparty relationships thereafter.

Corporate Criminal Liability

Saudi law expressly recognizes corporate criminal liability in terrorism financing matters. Under Article 49 of the Law on Combating Terrorism Crimes and Financing (Royal Decree No. M/21 dated 12/02/1439H), a legal entity may be held liable where a terrorism financing offence is committed by its owners, directors, managers, representatives, or agents in its name or for its benefit.

Sanctions available against corporate entities include financial penalties, suspension of activities, closure of relevant premises, liquidation of the entity, appointment of a judicial custodian, and publication of the judgment. Corporate structure does not provide a shield. Where leadership decisions permit unlawful financial flows or where oversight of third-party relationships is inadequate, the organization itself is exposed.

GOVERNANCE AS A LEGAL OBLIGATION, NOT A BEST PRACTICE

One of the most important lessons from the Lafarge proceedings is that legal exposure rarely begins with a single unlawful act. It develops gradually through governance failures that allow risk to accumulate without decisive intervention. In Lafarge’s case, the escalation from commercial pressure to criminal liability unfolded over an extended period during which warning signs were present, discussions occurred, and decisions to continue operating were repeatedly taken.

Saudi corporate governance expectations have developed considerably in recent years. Boards and senior management are expected not only to review performance metrics but to identify emerging legal risks and respond with appropriate caution. The standard is proactive oversight, not reactive response.

Board minutes, internal memoranda, and escalation records frequently determine how leadership decisions are interpreted under legal scrutiny. In the absence of documented deliberation, decision-making may appear careless even where genuine concerns were discussed informally. The governance record matters, both as a protective mechanism for directors who exercised appropriate judgment and as evidence in proceedings where they did not.

PRACTICAL TAKEAWAYS FOR BOARDS AND SENIOR MANAGEMENT

The Lafarge case demonstrates that exposure does not necessarily arise from deliberate support for unlawful actors. It arises from operational decisions taken under commercial pressure that gradually evolve into legally significant risk. Companies operating in complex or cross-border environments should consider the following governance priorities:

• Establish formal risk escalation thresholds, supported by legal review, that require reassessment when operational, regulatory, or geopolitical conditions change materially.
• Strengthen compliance oversight of contractors, intermediaries, and third-party relationships through periodic legal due diligence and risk-based monitoring, including monitoring of how funds are ultimately deployed.
• Document board deliberations and dissent. Legal advisors should be engaged in reviewing decisions with regulatory or reputational implications, not consulted only after operational decisions have been made.
• Reassess ongoing operations when risk indicators evolve, particularly where external developments may affect regulatory compliance or expose the company to sanctions or prohibited dealings.
• Integrate legal and compliance functions into strategic decision-making from the outset, rather than treating them as a sign-off mechanism at the end of the process.
• Operate on the assumption that major operational decisions may be reviewed retrospectively. Legal advice and risk analysis should be documented as a matter of course, not assembled after the fact.

These measures do not eliminate risk entirely. However, organizations that engage legal advisors proactively, rather than reactively, are significantly better positioned to withstand regulatory scrutiny, manage emerging exposure, and respond effectively if enforcement action arises.

From Clause to Business-Critical Risk

For decades, force majeure provisions in Gulf construction and energy contracts were treated as standard boilerplate, a precautionary formality that nobody expected to invoke. The assumption underpinning this complacency was straightforward: the Gulf was a stable operating environment, its energy infrastructure was a global anchor, and its megaproject pipeline from NEOM in Saudi Arabia to Dubai’s urban expansion was built on the bedrock of reliable hydrocarbon revenues and investor confidence.

That assumption has been abruptly tested given the current regional climate. Force majeure has moved from the footnotes of legal briefings to the front pages of financial news. It is now, unambiguously, a live operational risk.

A Region Under Pressure: The Cascade of Declarations

The trigger for the current crisis was significant. On 4 March 2026, QatarEnergy, responsible for approximately 20% of global liquefied natural gas supply, declared force majeure on all LNG shipments. Within days, Kuwait followed, declaring force majeure on oil sales after cutting output at its fields and refineries. Bahrain’s state energy company, Bapco, subsequently invoked the clause.

The scale of disruption has been extraordinary. Maritime war-risk insurance premiums surged by more than 1,000%, with coverage costs for vessels rising from roughly 0.25% to approximately 3% of a vessel’s value. Asian LNG benchmark prices jumped nearly 70% to over $25 per million British thermal units. Brent crude surged above $114 per barrel, some 60% higher than at the outset of hostilities. Major shipping lines suspended all transits through the Strait of Hormuz, leaving container ships stranded and sending ripple effects through global port networks.

The consequences are not confined to energy markets. Construction projects across the GCC, including infrastructure developments in Saudi Arabia, the UAE, Kuwait, and Qatar, are experiencing delays in materials delivery, cost escalation driven by freight surcharges, disruptions to international personnel movements, and uncertainty over the continuity of subcontractor chains. These developments are no longer theoretical risks. They are live issues affecting ongoing projects today.

What Force Majeure Actually Means and What It Doesn’t

For businesses navigating these circumstances, an understanding of force majeure is essential. The term refers to a contractual provision that excuses a party, in whole or in part, from performing its obligations when an extraordinary event beyond its control renders performance impossible or fundamentally impracticable. However, the legal scope of the clause varies substantially depending on jurisdiction and the precise wording agreed by the parties.

Under English law, force majeure has no automatic legal definition. Its scope depends entirely on the specific language of the contract. A party seeking relief must demonstrate that the event falls within the clause’s definition; that the event has caused the inability to perform, not merely made performance more expensive or commercially disadvantageous; and that the affected party has taken reasonable steps to mitigate the impact. The key threshold is typically whether performance has been prevented rather than merely made more costly.

Under UAE law, parties may have broader recourse even where contracts lack an express force majeure clause. The UAE Civil Code provides statutory mechanisms that may excuse performance when a supervening event renders an obligation impossible or excessively onerous. Kuwait’s Civil Code similarly extinguishes a contractual obligation when performance becomes impossible due to circumstances beyond the obligated party’s reasonable foresight and control and also recognises a hardship doctrine for circumstances in which performance has become unreasonably burdensome.

The Megaproject Dimension: Construction Contracts in the Crosshairs

Gulf megaprojects occupy a distinctive legal and commercial environment. Contracts are typically multi-party, multi-jurisdictional, and long-duration, often governed by frameworks such as FIDIC standard conditions or bespoke employer-drafted documents. Supply chains stretch from East Asia to Europe, with critical materials such as steel, specialist equipment, and chemicals now reliant on shipping lanes subject to severe disruption.

The current crisis is generating a surge in contractual notices across the construction sector. Contractors are sending force majeure notifications to employers; subcontractors are notifying contractors; material suppliers are alerting downstream purchasers. For employers and developers, the challenge is to evaluate the genuine legal merit of these claims while managing project timelines and cost exposure. For contractors, the imperative is to ensure that notices are issued promptly under most force majeure clauses, which impose strict notice periods, and that they are supported by sufficient substantiation to preserve entitlements.

Extension-of-time claims will inevitably follow, along with disputes over prolongation costs, the recovery of escalated material prices, and the question of whether delays triggered by force majeure events entitle contractors to additional compensation or only to relief from liquidated damages. War-risk insurance has also become a critical pressure point. Many standard construction all-risks policies exclude war and acts of hostility, and the dramatic repricing of specialist war-risk coverage and, in some cases, its withdrawal altogether, leaves projects exposed precisely when risk is highest.

Beyond Contracts: Sovereign-Level Force Majeure and Investment Risk

The force majeure dynamic is operating beyond the project level. Multiple Gulf states have begun internal reviews to assess whether the clause can be invoked in broader investment commitments and government contracts, as regional budgets face pressure from declining hydrocarbon revenues, rising defence costs, and disruptions to tourism and aviation. Gulf sovereign wealth funds, which had pledged substantial investment commitments to international counterparties, may face questions about their capacity to honour those obligations in the short term.

This sovereign dimension introduces a new layer of risk for international businesses and investors with contractual relationships with Gulf state entities. Material adverse change clauses are also receiving renewed scrutiny, as parties on both sides of transactions assess whether the current environment meets the threshold for invoking exit rights or renegotiation provisions.

Strategic Responses: What Businesses Must Do Now

The window for protective action is narrow. Businesses with operations, contracts, or supply chains in or through the Gulf should treat the following as immediate priorities.

First, audit your contract portfolio. Identify every agreement with counterparties and locate force majeure clauses, notice provisions, and related risk-allocation mechanisms. Understand whether your governing law is English, UAE, Qatari, Kuwaiti, or another jurisdiction, and what that means for your entitlements.

Second, issue notices promptly. If performance has been affected, do not wait. Most force majeure clauses impose strict notice periods, typically 14 to 28 days from the occurrence of the triggering event. Failure to notify in time can extinguish an otherwise valid claim. Notices should be detailed, specific, and tied to causal chains connecting the conflict to the performance failure.

Third, document everything. The evidential burden in force majeure disputes falls on the party seeking relief. Record all disruptions in real time: delayed deliveries, cost escalations, personnel movement restrictions, insurance changes, and supplier notifications. This contemporaneous record will be essential in any subsequent dispute.

Fourth, mitigate actively and visibly. Force majeure does not relieve a party of the obligation to take reasonable steps to minimise the impact of the triggering event. Identify alternative supply routes, substitute suppliers, and other mitigation measures. Document what has been explored and why alternatives are unavailable or impractical.

Fifth, review your insurance coverage. Engage brokers immediately to clarify which war-risk coverage remains in force, at what premium, and for what period. Consider whether specialist political risk insurance is appropriate for your exposure profile.

Sixth, engage counterparties commercially. In many cases, commercial negotiation, extensions of time, cost-sharing arrangements, and scope adjustments will produce better outcomes than formal legal notices.

Early dialogue is generally preferable to an entrenched dispute. Seventh, seek specialist legal advice. The interaction between force majeure, hardship doctrines, war-risk provisions, insurance policies, and dispute resolution mechanisms is complex. Businesses need advisers with specific knowledge of GCC law, international construction contracts, and dispute resolution in the region.

The Longer View: Rethinking Risk in Gulf Megaprojects

The current crisis will pass; however, future contracts in the region should be drafted with greater care around force majeure provisions: definitions should be precise and comprehensive; notice periods should be realistic; hardship and exceptional circumstances provisions should be considered where applicable law permits; and the interplay with insurance, dispute resolution, and termination rights should be explicitly addressed.

More broadly, businesses operating in the Gulf should build resilience into their operating models: diversified supply chains, financial buffers for cost escalation, genuine political risk insurance programmes, and legal advisory relationships capable of rapid response. Force majeure has demonstrated that it can shift in a matter of days from a theoretical provision to an operational crisis. The businesses that navigate the current disruption best will be those that treated this possibility as real before events forced the issue.

This article is provided for informational purposes and does not constitute legal advice.

Remote work in Saudi Arabia is no longer an exceptional arrangement. It has become a structured and regulated employment model, supported by Vision 2030’s broader objectives of workforce participation, digital transformation, and private-sector growth.

 

For employers operating in the Kingdom, however, remote work is not simply a commercial or operational choice. It is governed by a defined statutory framework under Saudi labour and data protection law. Businesses that fail to align their employment structures, contracts and internal policies with this framework risk regulatory exposure, reputational harm and employment disputes.

The Legal Foundation: Saudi Labour Law and the Telework Regulation

Remote work in Saudi Arabia is governed principally by the Saudi Labour Law and the Telework Regulation issued by the Ministry of Human Resources and Social Development (MHRSD).

The Telework Regulation formally recognises teleworking as a legitimate employment arrangement. It provides that a teleworker must have a written employment contract specifying the remote nature of the work. The contract must clearly define:

• The job description and duties
• The method of supervision and performance evaluation
• Working hours and availability
• Compensation and benefits

Crucially, the regulation affirms that remote employees enjoy the same statutory rights as on-site employees. This includes protection under Articles 84–87 of the Labour Law relating to end-of-service benefits, wage protection obligations, leave entitlements and termination protections. Remote work does not create a separate category of worker. It remains a standard employment relationship subject to full Labour Law protection.

Employer Obligations Remain Intact

One of the most common misconceptions is that remote work reduces employer responsibility. Under Saudi law, this is not the case.

The employer remains responsible for compliance with:

• The Wage Protection System (WPS
• GOSI registration and contributions
• Saudisation (Nitaqat) classification requirements
• Occupational safety obligations

Article 122 of the Labour Law imposes a duty on employers to take precautions necessary to protect employees from hazards. While the Telework Regulation allows work to be performed outside the employer’s premises, it does not remove the employer’s duty of care. Employers must therefore ensure that remote arrangements are structured in a manner that does not expose them to claims of unsafe working conditions or unregulated working hours.

From a governance perspective, this means that remote work policies must address supervision, documentation of working time, and health and safety awareness.

Contractual Clarity and Risk Allocation

In practice, legal risk in remote work arrangements most often arises from inadequate contractual drafting.

Saudi courts and labour dispute committees will examine the substance of the employment relationship, not merely the label applied to it. If remote working terms are ambiguous or undocumented, disputes may arise over working hours, overtime entitlements, place of work, or termination rights.

Under Article 52 of the Labour Law, employment contracts must clearly define essential terms. For remote employees, this requires additional clarity regarding:

• Whether the arrangement is permanent or hybrid
• Whether the employer may require a return to on-site work
• Equipment provision and ownership
• Confidentiality and information security obligations

Failure to properly document these elements may result in disputes before the Labour Courts established under the Labour Courts Law.

Data Protection and Confidentiality

Remote work significantly increases data protection exposure, particularly where employees handle client data, financial information or sensitive corporate materials.

Saudi Arabia’s Personal Data Protection Law (PDPL) imposes binding obligations on data controllers. Employers are typically considered controllers in respect of employee and client data processed in the course of business.

The PDPL requires:

• A lawful basis for processing personal data
• Implementation of appropriate security measures
• Restrictions on cross-border data transfers
• Notification obligations in the event of data breaches

Remote employees working from home networks or personal devices increase cybersecurity risk. However, under the PDPL, liability rests with the data controller not the individual employee alone.

Employers must therefore implement technical and organisational safeguards, including secure VPN access, device management policies and data handling protocols.

The Saudi Data and Artificial Intelligence Authority (SDAIA), which oversees PDPL implementation, has emphasised the importance of security controls. Non-compliance may lead to administrative penalties and, in certain cases, criminal liability.

Working Time and Overtime Exposure

Remote arrangements can blur boundaries around working hours. Under Articles 98–107 of the Labour Law, working hours are regulated and overtime compensation is mandatory where applicable. Employers must ensure that remote working does not result in undocumented overtime claims. Digital monitoring mechanisms must, however, be proportionate and compliant with privacy standards.

Clear internal policies and agreed availability windows are therefore essential to mitigate wage disputes.

Saudisation and Workforce Classification

Remote work may support Saudisation objectives by enabling greater workforce participation, including among women and persons with disabilities. However, employers must ensure that telework arrangements are properly recorded in MHRSD systems to avoid inconsistencies in Nitaqat calculations.

Incorrect classification can affect a company’s compliance status and access to government services.

Dispute Trends and Practical Exposure

While Saudi case law is not published in the same manner as common law jurisdictions, recent labour disputes increasingly reflect claims relating to:

• Termination of remote employees without documented performance grounds
• Overtime claims arising from flexible arrangements
• Disputes over equipment costs and internet allowances

Labour Courts have demonstrated a consistent approach: where ambiguity exists, interpretation tends to favour employee protection under the Labour Law’s public order principles.

This reinforces the importance of precision in drafting and structured governance.

A Structured Legal Approach

For employers operating in Saudi Arabia, remote work should be implemented within a defined legal framework rather than through informal managerial discretion.

At a minimum, businesses should ensure:

• A formal remote work policy aligned with the Telework Regulation
• Updated employment contracts or addenda
• PDPL-compliant data security measures
• Clear supervision and performance documentation mechanisms

Remote work, when properly structured, can deliver flexibility and commercial advantage. When implemented without legal alignment, it can create significant regulatory and litigation exposure.

Saudi Arabia has provided a clear statutory basis for remote work. The Telework Regulation and Labour Law together establish that remote employment is fully legitimate but not lightly regulated. For employers, the legal message is straightforward: remote work does not dilute statutory obligations. It requires thoughtful contractual drafting, disciplined compliance with labour and data protection law, and consistent governance across the organisation.