Category Archives: Data Protection Law

Older posts

Esports Contracts: Protecting Teams, Players and Intellectual Property

Posted on by

Esports has emerged as a rapidly growing sector in Saudi Arabia, reflecting the Kingdom’s broader ambitions under Vision 2030 to develop its digital and entertainment economy. With professional teams, tournaments, streaming platforms and brand sponsorships now integral to the industry, the legal landscape surrounding esports has become increasingly complex. Central to this ecosystem are contracts that govern the relationships between teams, players, organisers, and other stakeholders. Properly structured agreements not only protect commercial interests but also ensure regulatory compliance and long-term sustainability.

 

Team and Player Agreements

Contracts between esports organisations and players are the foundation of professional engagement. These agreements establish the rights and obligations of each party, including remuneration, performance expectations, standards of behaviour, and dispute-resolution mechanisms. Legal considerations include ensuring that contracts comply with employment law or, where appropriate, independent contractor arrangements. Special attention is required when contracting minors, as additional safeguards and regulatory compliance measures apply. Clearly drafted contracts help prevent disputes, protect teams’ operational interests, and secure players’ professional rights.

Intellectual Property Ownership

Intellectual property (IP) is a core asset in esports, encompassing team branding, game content, streaming footage, and proprietary digital assets. Teams and organisers must ensure that they hold the necessary licenses to use game titles and related intellectual property, while also protecting their own branding and content. Agreements should clearly delineate ownership and usage rights, including rights in broadcasting, merchandising, sponsorship, and digital distribution. Protecting IP rights through contracts is critical for monetisation, long-term brand value, and resolving disputes over content ownership.

Sponsorship and Commercial Arrangements

Esports rely heavily on commercial partnerships, including sponsorships, endorsements, and merchandising. Contracts in this context must clearly define each party’s rights and responsibilities, including branding placement, advertising compliance, revenue sharing, and exclusivity provisions. Transparency and compliance with consumer protection and advertising regulations are essential. Well-structured commercial agreements mitigate risk, enhance credibility with partners, and enable sustainable monetisation strategies.

Media and Streaming Rights

The digital nature of esports makes media rights a central consideration in contracts. Agreements governing streaming, broadcasting, and content distribution must ensure compliance with national media regulations, content standards, and licensing requirements. This includes adherence to rules relating to online platforms, advertising, and public communications. Legal frameworks should address licensing fees, revenue splits, territorial rights, and content usage restrictions, allowing esports organisations to leverage their digital presence while avoiding regulatory violations.

Data Protection and Cybersecurity

Esports contracts increasingly need to account for data protection and cybersecurity considerations. Online platforms collect and process significant volumes of personal data from players, viewers, and users. Compliance with the Personal Data Protection Law (PDPL) is critical, particularly for platforms that engage with minors or operate cross-border. Contracts should allocate responsibility for data handling, consent management, and security measures to prevent breaches, maintain trust, and ensure regulatory compliance.

Dispute Resolution and Governing Law

Given the international nature of esports, contracts should incorporate clear dispute resolution mechanisms. Arbitration or mediation clauses provide neutral and enforceable avenues for resolving conflicts, particularly where parties are based in different jurisdictions. The choice of governing law and jurisdiction must be carefully considered to balance enforceability with operational practicality. Effective dispute resolution frameworks preserve relationships, protect reputations, and ensure business continuity.

Esports contracts are central to the professionalisation and commercial success of the industry in Saudi Arabia. By carefully structuring agreements between teams, players, sponsors, and platforms, organisations can protect intellectual property, ensure regulatory compliance, manage risks, and maximise commercial value. In an evolving sector driven by digital platforms, tournaments, and sponsorships, proactive legal planning is essential to support sustainable growth and safeguard the interests of all stakeholders.

Digital Streaming in KSA: Compliance for Global Platforms

Posted on by

Digital streaming has become a central component of global media consumption, with international platforms delivering on-demand video, audio, and interactive content to millions of users. In the Kingdom of Saudi Arabia, this trend has been accompanied by significant changes to the legal and regulatory framework governing digital streaming services.

 

As the country strengthens its digital economy and aligns its media regulations with broader national development goals, both local and international streaming platforms must navigate a complex compliance landscape to operate effectively and lawfully within the Kingdom.

At the forefront of regulatory change is the Regulations for Providing Digital Content Platform Services, issued by the Communications, Space and Technology Commission (CST). These regulations came into force on 1 January 2024 and define the legal obligations for a wide range of digital content platforms, including streaming services that deliver video and audio over the internet. The regulations apply to both local and foreign operators that provide services to users in Saudi Arabia and require such service providers to obtain a licence, register, or submit a notification, depending on the nature and scale of their operations. Failure to comply with these requirements may result in enforcement action by the CST.

Under the CST’s digital content platform regulations, operators of satellite pay television and Internet Protocol Television (IPTV) services must obtain a licence to offer these services within Saudi Arabia. Licences are typically valid for ten years and are subject to application and annual fees. For over‑the‑top video (OTT) platforms, audio‑on‑demand services and internet radio platforms with a significant user base in the Kingdom, registration with the CST is required instead of a full licence. Smaller platforms and certain categories of services may be subject to a simpler notification requirement, where the provider submits key corporate and operational information to the regulator. Across all categories, the appointment of a Platform Liaison Officer (PLO) is mandatory, serving as the primary point of contact between the platform and the CST.

These regulatory obligations are designed to ensure transparency, accountability and quality of service in the digital content sector. By requiring formal registration and licensing, the framework encourages providers to establish clear operational structures, maintain audited financial records and sustain ongoing communication with regulators. For global streaming platforms, this often involves determining whether an existing user base in Saudi Arabia exceeds thresholds that trigger regulatory requirements and, if so, whether to establish a local commercial presence or comply from abroad under the applicable registration regime.

In addition to licensing and registration duties, digital streaming platforms must ensure compliance with broader content rules enforced under the Audiovisual Media Law (2018) and related content regulation guidelines. These regulatory instruments require that media content, including that delivered through digital streaming services, respect Saudi cultural and social norms and comply with Shari’ah principles. Prohibited content includes material that is offensive to public morals, promotes illegal activity, or undermines public order. The General Authority for Media Regulation (GAMR) oversees these standards, and providers must ensure that their content moderation practices align with the Kingdom’s regulatory expectations.

Data protection and consumer rights are additional compliance considerations for streaming platforms. Although Saudi Arabia’s Personal Data Protection Law (PDPL) primarily focuses on the handling of personal data by commercial entities, streaming services that collect, process, or store user data within the Kingdom must adhere to the law’s provisions on data privacy, consent, and security. Platforms operating in multiple jurisdictions must carefully design cross‑border data-transfer mechanisms and user-consent frameworks to reconcile global operational practices with domestic legal expectations.

Operational compliance also extends to advertising and content moderation. Streaming services that incorporate advertising must ensure that advertising content complies with national standards and does not violate cultural norms or consumer protection rules. Content moderation policies should address issues such as inaccurate information, harmful material, and age‑restricted content, and include mechanisms to remove or block prohibited material when identified by users or regulators.

As Saudi Arabia continues to refine its regulatory regime for digital media, platforms must remain vigilant to legislative changes and evolving enforcement practices. For example, consultations on a new consolidated Media Law have included proposals for expanded content moderation and licensing obligations that could further affect digital streaming operations. Staying abreast of these developments and proactively engaging with regulatory authorities can help global platforms manage compliance risks and secure sustainable access to one of the Middle East’s fastest‑growing digital media markets.

Digital streaming platforms operating in the Kingdom of Saudi Arabia face a multifaceted compliance landscape. This encompasses licensing and registration under the CST’s digital content platform regulations, adherence to cultural and content standards enforced by the GAMR, data protection obligations under the PDPL and advertising and moderation requirements aligned with national values. Understanding and fulfilling these legal obligations is critical for global platforms seeking to serve Saudi audiences lawfully and effectively in a dynamic regulatory environment.

Influencer Contracts 2026: Protecting Brands and Talent

Posted on by

Influencer marketing has matured into a core component of modern brand strategy, with creators playing an influential role in shaping consumer behaviour and public perception. As the industry continues to professionalise, influencer contracts are evolving to address heightened legal, commercial, and reputational risks.

 

In 2026, well-structured influencer agreements will no longer be optional; they will be essential tools for protecting both brands and talent in an environment defined by increased regulation, greater transparency, and more complex commercial relationships.

The Changing Landscape of Influencer Relationships

Influencer engagements have moved beyond informal collaborations into long-term, high-value commercial arrangements. Brands now expect measurable performance, brand alignment, and compliance with regulatory and ethical standards, while influencers seek certainty around compensation, creative control, and content ownership. This shift has placed greater emphasis on clear contractual frameworks that define expectations, allocate risk, and support sustainable partnerships. Contracts in 2026 must reflect the reality that influencers operate as professional content businesses rather than casual promoters.

Defining Scope of Services and Deliverables

A central feature of modern influencer contracts is the precise definition of services and deliverables. Agreements should clearly outline the type of content to be produced, platforms to be used, posting schedules, performance obligations, and approval processes. Ambiguity in scope can lead to disputes over underperformance or excessive demands. By setting detailed expectations at the outset, both parties benefit from clarity, accountability, and a shared understanding of campaign objectives.

Compensation Structures and Commercial Transparency

Compensation models in influencer contracts have become increasingly sophisticated, incorporating fixed fees, performance-based incentives, affiliate commissions, and long-term brand ambassador arrangements. Contracts should clearly specify payment terms, timing, tax responsibilities, and conditions for bonuses or clawbacks. Transparency in remuneration protects influencers from delayed or disputed payments while allowing brands to align compensation with measurable outcomes. Clear financial terms are essential to maintaining trust and avoiding regulatory scrutiny.

Intellectual Property and Content Ownership

Ownership and usage rights over influencer content are among the most critical contractual issues. Influencer contracts must address who owns the content created, how it may be used, and for how long. Brands often seek rights to reuse content across marketing channels, while influencers may wish to retain ownership and control future exploitation. Carefully balanced intellectual property clauses help avoid misuse, unauthorised distribution, or disputes over commercial rights, particularly as content continues to generate value long after a campaign ends.

Brand Protection, Morality, and Reputation Clauses

As public scrutiny of online behaviour intensifies, brands are increasingly focused on protecting their reputation. Influencer contracts commonly include morality and conduct clauses that require influencers to act in a manner consistent with brand values. These provisions may allow termination where conduct causes reputational harm or public controversy. While such clauses are important for brand protection, they must be drafted proportionately to avoid unfair restrictions on personal expression or arbitrary enforcement.

Advertising Compliance and Disclosure Obligations

Regulatory focus on advertising transparency has significantly influenced influencer contract drafting. Contracts must require clear disclosure of sponsored content, compliance with advertising standards, and adherence to platform rules. Responsibility for regulatory compliance should be expressly allocated, ensuring that both brands and influencers understand their obligations. Failure to comply can result in legal penalties, content removal, and reputational damage, making compliance clauses a critical risk management tool.

Data Protection and Audience Engagement

Influencer marketing increasingly relies on audience data, analytics, and direct engagement. Contracts should address how data is collected, shared, and used, particularly where campaigns involve competitions, giveaways, or direct messaging. Clear data protection provisions help manage privacy risks and ensure that both parties handle personal information responsibly. As data regulation continues to tighten, contractual clarity in this area is essential to avoid liability.

Termination, Exclusivity, and Future Engagements

Termination rights and exclusivity provisions play a significant role in influencer contracts. Brands may seek exclusivity to prevent association with competitors, while influencers require flexibility to maintain diverse income streams. Contracts should define the duration and scope of exclusivity, grounds for termination, and consequences of early termination. Balanced drafting allows brands to protect their investment while ensuring that influencers are not unreasonably restricted in their professional activities.

Managing Risk in a Professionalised Market

Influencer contracts are as much about risk management as they are about promotion. Clear contractual terms reduce uncertainty, support regulatory compliance, and protect long-term commercial interests. Both brands and influencers benefit from agreements that anticipate disputes, allocate responsibility fairly, and reflect the evolving legal and commercial environment of digital media.

Influencer contracts have become essential instruments for safeguarding value, reputation, and compliance in a rapidly evolving digital economy. As the influencer industry continues to professionalise, contracts that clearly define rights, obligations, and protections are critical to successful collaboration. By adopting robust, transparent, and forward-looking contractual frameworks, brands and talent alike can build sustainable partnerships that thrive in an increasingly regulated and competitive marketplace.

Media Law Shake-Up: What Every Content Creator Must Know

Posted on by

The media landscape is undergoing rapid legal transformation as digital platforms, social media, and on-demand content continue to redefine how information is created, shared, and consumed. For content creators, these changes bring both opportunity and risk. Regulatory authorities are updating media laws to address misinformation, online harm, intellectual property misuse, and evolving advertising practices. As a result, creators must understand how new legal expectations affect their content, conduct, and commercial arrangements in order to operate responsibly and sustainably.

 

Expanding Scope of Media Regulation

Modern media law no longer applies only to traditional broadcasters and publishers. Digital creators, influencers, podcasters, streamers, and independent journalists increasingly fall within the scope of regulatory oversight. Laws and regulatory frameworks are being updated to reflect the reality that individual creators can reach audiences comparable in size and influence on established media organisations. This expansion means that content creators may now be subject to licensing rules, content standards, and accountability mechanisms that previously applied only to formal media entities.

Content Standards and Legal Responsibility

One of the most significant aspects of the media law shake-up is the heightened focus on content standards. Creators are expected to avoid publishing material that is misleading, defamatory, offensive, or harmful to public order or individual rights. Legal responsibility increasingly rests not only on platforms but also on creators themselves. This means that creators must exercise greater care when producing commentary, satire, reviews, or opinion-based content, particularly where it involves individuals, institutions, or sensitive social issues.

Intellectual Property and Ownership Risks

Intellectual property remains a central legal concern in the content creation space. New enforcement approaches and clearer regulatory guidance have increased scrutiny of copyright infringement and unauthorised use of music, images, video clips, and branded material. Creators must ensure that content is original or properly licensed and that any third-party material is used in accordance with applicable legal exceptions. Ownership of content, especially where collaborations, sponsorships, or platform monetisation are involved, should also be clearly understood to avoid disputes and loss of control over creative work.

Advertising, Sponsorships, and Transparency

Commercial content is receiving increased regulatory attention, particularly where advertising is integrated into entertainment or informational material. Content creators are expected to clearly disclose paid partnerships, sponsorships, and promotional relationships. Failure to distinguish between genuine opinion and paid endorsement may expose creators to regulatory action and reputational damage. As monetisation models become more sophisticated, legal compliance in advertising practices has become essential to maintaining audience trust and regulatory approval.

Data Protection and Privacy Considerations

Media law developments are increasingly intersecting with data protection and privacy obligations. Content creators who collect, process, or publish personal data, whether through audience engagement tools, competitions, or storytelling, must ensure the lawful handling of such information. Publishing images, recordings, or personal details without proper consent may lead to legal liability. As privacy standards tighten, creators must adopt responsible practices when engaging with audiences and featuring individuals in their content.

Platform Accountability and Creator Exposure

Regulatory reforms often place new obligations on digital platforms, but these changes can also affect creators indirectly. Platform rules may tighten in response to legal requirements, resulting in stricter content moderation, demonetisation policies, or account suspensions. Creators who rely on platforms for distribution and income must therefore understand how legal compliance, platform terms, and regulatory enforcement interact. Building compliance awareness helps creators manage risk and adapt quickly to changes in platform governance.

Managing Legal Risk in a Changing Environment

As media laws continue to evolve, content creators benefit from adopting a proactive legal mindset. This includes understanding applicable regulations, maintaining clear records of content rights and permissions, using transparent commercial disclosures, and applying consistent content review standards. Where content addresses controversial topics or involves third-party rights, careful planning and responsible editorial judgement are essential. Legal awareness is no longer optional for creators who wish to grow their audience and protect their work.

The current media law shake-up reflects a broader effort to balance creative freedom with accountability in an increasingly digital world. For content creators, the legal environment is more complex and demanding but also more structured and predictable. By understanding their legal responsibilities, respecting content standards, and adopting transparent and ethical practices, creators can navigate regulatory change with confidence. In doing so, they protect not only their creative output but also their reputation, income, and long-term sustainability in a rapidly evolving media ecosystem.

Regulatory Compliance in Non-Bank Financial Institutions

Posted on by

Non-bank financial institutions play an increasingly important role in modern financial systems, providing services such as financing, payments, asset management, insurance-related activities, and financial technology solutions. As these institutions grow in scale and influence, regulatory compliance has become a central pillar of their operations. Regulatory frameworks are designed to protect consumers, ensure market integrity, and manage systemic risk, while also supporting innovation and financial inclusion. For non-bank financial institutions, effective compliance is therefore not merely a legal obligation but a strategic necessity for sustainable growth and credibility.

 

The Regulatory Environment for Non-Bank Financial Institutions

Non-bank financial institutions operate within a complex and evolving regulatory landscape that differs from traditional banking regulation but is no less rigorous. Regulatory requirements typically address licensing, governance, capital adequacy, risk management, and operational resilience.

Authorities increasingly expect non-bank institutions to demonstrate robust internal controls and transparency comparable to those applied to banks, particularly where activities involve consumer finance, payment services, or systemic financial exposure. As regulatory oversight expands, institutions must continuously assess how changes in law and policy affect their business models and service offerings.

Governance and Internal Control Frameworks

Strong governance structures underpin regulatory compliance. Non-bank financial institutions are expected to maintain clear organisational hierarchies, defined decision-making authority, and effective oversight mechanisms. Boards and senior management carry responsibility for setting the tone of compliance, approving policies, and ensuring accountability across the organisation. Internal control frameworks should support compliance through documented procedures, regular audits, and effective reporting lines. A well-designed governance structure not only satisfies regulatory expectations but also enhances operational efficiency and risk awareness.

Risk Management and Regulatory Expectations

Risk management is a core focus of regulatory scrutiny for non-bank financial institutions. Institutions must identify, assess, and manage a broad range of risks, including operational, financial, conduct, and technology-related risks.

Regulators increasingly expect risk management frameworks to be proportionate to the institution’s size and complexity while remaining sufficiently robust to prevent harm to consumers and markets. Effective risk management enables institutions to anticipate regulatory concerns, respond to supervisory enquiries, and adapt to changing regulatory standards.

Consumer Protection and Conduct Compliance

Consumer protection has become a defining element of financial regulation affecting non-bank institutions. Regulatory frameworks often require fair treatment of customers, transparency in pricing and terms, and responsible marketing and sales practices. Institutions must ensure that products are suitable for their target customers and that complaint-handling mechanisms are accessible and effective.

Compliance in this area is essential not only to meet legal obligations but also to maintain trust and reputation in a highly competitive financial services environment.

Anti-Money Laundering and Financial Crime Prevention

Non-bank financial institutions are subject to stringent obligations relating to anti-money laundering, counter-terrorist financing, and financial crime prevention. Regulatory authorities require institutions to implement customer due diligence, transaction monitoring, and reporting systems capable of detecting suspicious activity. Compliance in this area depends on strong policies, trained personnel, and effective use of technology. Failure to meet these obligations can result in significant regulatory sanctions and reputational damage, making financial crime compliance a top priority for non-bank institutions.

Technology, Data Protection, and Operational Resilience

As non-bank financial institutions increasingly rely on digital platforms and data-driven services, regulators are paying closer attention to technology governance and data protection. Institutions must ensure that systems are secure, resilient, and compliant with applicable data protection requirements.

Operational resilience, including business continuity and incident response planning, has become a regulatory focus, particularly where service disruption could impact consumers or financial stability. Integrating compliance considerations into technology and innovation strategies is, therefore, essential.

Managing Regulatory Change

Regulatory frameworks affecting non-bank financial institutions are subject to frequent change as authorities respond to market developments, emerging risks, and technological innovation. Institutions must establish mechanisms for monitoring regulatory developments, assessing their impact, and implementing changes in a timely and effective manner. Proactive regulatory change management reduces uncertainty and enables institutions to align compliance efforts with strategic planning, rather than reacting to regulatory developments at the last minute.

Regulatory compliance is a defining feature of responsible and sustainable operation for non-bank financial institutions. By investing in strong governance, effective risk management, consumer protection, and financial crime controls, institutions can meet regulatory expectations while supporting innovation and growth. In an environment of increasing scrutiny and complexity, compliance should be viewed not as a constraint, but as an essential framework that underpins trust, stability, and long-term success in the non-bank financial sector.

 

Regulatory Compliance for International Media Companies Operating in Saudi Arabia

Posted on by

Saudi Arabia’s media landscape has undergone significant transformation, propelled by Vision 2030’s ambition to diversify the economy and position the Kingdom as a regional media hub. For international media companies seeking to establish a presence in Saudi Arabia, navigating the regulatory framework is paramount. This article outlines the key legal and regulatory requirements, highlighting the roles of pertinent authorities and the compliance obligations that foreign entities must adhere to.

 

Licensing and Establishment

International media companies aiming to operate in Saudi Arabia must first obtain the necessary licences from the Ministry of Investment (MISA). MISA facilitates foreign investment and ensures that international entities comply with local laws and regulations. Upon securing an investment licence, companies are required to register with the Ministry of Commerce to obtain a Commercial Registration (CR), which legally authorises them to conduct business activities within the Kingdom.

The General Authority for Media Regulation (GAMR), established in 2012 and formerly known as the General Commission for Audiovisual Media (GCAM), is the primary regulatory body overseeing media activities in Saudi Arabia. GAMR is responsible for issuing licences for audiovisual media services, including broadcasting, digital content production, and distribution. Foreign media companies must obtain an Audiovisual Media Licence from GAMR to legally engage in media-related activities within the Kingdom.

Content Compliance and Cultural Sensitivity

Saudi Arabia enforces stringent content regulations to preserve its cultural and religious values. Media content, whether produced locally or imported, must align with Islamic principles and public decency standards. This includes prohibitions on content that promotes or depicts nudity, substance abuse, gambling, or content deemed offensive to public morals.

The GAMR provides detailed guidelines outlining acceptable content standards for media activities. These guidelines mandate that all media content undergoes review and approval processes to ensure compliance with Saudi Arabia’s cultural norms. International media companies must adhere to these content standards and obtain the necessary approvals before disseminating any media content within the Kingdom.

Data Privacy and Consumer Protection

The Personal Data Protection Law (PDPL), enacted in 2020, governs the collection, processing, and storage of personal data in Saudi Arabia. Under the PDPL, businesses engaged in media activities must obtain explicit consent from individuals before collecting or processing their personal data. This includes data gathered through digital platforms, online tracking, and direct marketing activities.

International media companies must implement robust data protection measures to ensure compliance with the PDPL. This includes establishing transparent data collection practices, securing data storage systems, and providing individuals with rights regarding data access and deletion. Non-compliance with the PDPL can result in significant penalties, including fines and reputational damage.

Enforcement and Penalties

The enforcement of media regulations in Saudi Arabia is stringent. The GAMR actively monitors media activities to ensure compliance with licensing requirements and content standards. Violations can lead to severe penalties, including substantial fines and potential suspension or revocation of licences.

For instance, international media companies found operating without the requisite licences may face fines up to SAR 5 million (approximately £1 million). Additionally, the Kingdom’s legal framework allows for the prosecution of offences related to misleading advertising, the unauthorised use of personal data, and the dissemination of content that contravenes public morals.

Saudi Arabia presents significant opportunities for international media companies, driven by its strategic location, growing digital infrastructure, and evolving entertainment sector. However, success in the Kingdom’s media landscape requires a comprehensive understanding of the regulatory framework and a commitment to compliance with local laws and cultural norms.

International media companies seeking to establish operations in Saudi Arabia should engage with legal professionals experienced in Saudi media laws to navigate the licensing processes, ensure content compliance, and implement data protection measures. By adhering to the regulatory requirements, foreign entities can mitigate legal risks and leverage the full potential of Saudi Arabia’s dynamic media market.

Legal Implications of Social Media Advertising in KSA

Posted on by

Saudi Arabia’s rapid digital transformation has positioned it as a leader in the Middle East’s digital economy. The Kingdom’s Vision 2030 initiative underscores the importance of diversifying the economy, with a significant emphasis on digital media and marketing. As a result, social media advertising has become a pivotal component of business strategies. However, this burgeoning sector is governed by a complex legal framework designed to ensure compliance with national values, consumer protection, and data privacy.

 

Regulatory Landscape for Social Media Advertising

The General Authority for Media Regulation (GAMR), formerly the General Commission for Audiovisual Media (GCAM), is Saudi Arabia’s regulator for audiovisual and broader media content. Established in 2012, it issues licenses and oversees media content to ensure compliance with the Kingdom’s laws, culture, and policy.

In 2022, GAMR/GCAM introduced the Mawthooq permit, which requires individuals (both Saudi and non-Saudi) who earn revenue from advertising or promotional content on social media to obtain a license (fee ~SR 15,000 for 3 years). The rules came into force on 1 October 2022. Non-Saudis have additional requirements. The purpose is to formalise and regulate influencer marketing under the Kingdom’s media standards.

Failure to obtain the necessary licence can result in penalties, including fines and potential legal action.

Content Compliance and Cultural Sensitivity

Saudi Arabia enforces strict content regulations to maintain its cultural and religious integrity. Advertising content, including that disseminated through social media, must align with Islamic principles and public decency standards. This encompasses prohibitions on content that promotes or depicts nudity, substance abuse, gambling, or content deemed offensive to public morals. Advertisers are also required to ensure that their content does not mislead consumers or make unsubstantiated claims.

The GAMR provides detailed guidelines outlining acceptable content standards for social media advertising. Advertisers must ensure that their campaigns do not contravene these guidelines to avoid sanctions. Additionally, influencers and content creators are encouraged to disclose any sponsored content transparently, fostering trust with their audience and ensuring compliance with advertising standards.

Data Privacy and Consumer Protection

The Personal Data Protection Law (PDPL), enacted in 2020, governs the collection, processing, and storage of personal data in Saudi Arabia. Under the PDPL, businesses engaged in social media advertising must obtain explicit consent from individuals before collecting or processing their personal data. This includes data gathered through cookies, online tracking, and direct marketing activities. Advertisers are obligated to inform consumers about the purpose of data collection, the duration of data retention, and their rights regarding data access and deletion.

Non-compliance with the PDPL can result in significant penalties, including fines and reputational damage. Therefore, advertisers must implement robust data protection measures and ensure that their marketing practices align with the PDPL’s requirements.

Enforcement and Penalties

The enforcement of advertising regulations in Saudi Arabia is stringent. GAMR actively monitors social media platforms for compliance with licensing requirements and content standards. Violations can lead to severe penalties, including substantial fines and potential imprisonment. Individuals or entities found operating without the requisite licence may face fines up to SAR 5 million (approximately £1 million). Moreover, the Kingdom’s legal framework allows for the prosecution of offences related to misleading advertising and the unauthorised use of personal data.

In addition to financial penalties, advertisers may also suffer reputational harm, which can have long-term implications for their business operations in Saudi Arabia. Therefore, adherence to the legal and regulatory framework is crucial for the success and sustainability of social media advertising campaigns in the Kingdom.

Social media advertising in Saudi Arabia presents significant opportunities for businesses to engage with a tech-savvy and youthful population. However, navigating the Kingdom’s legal landscape requires a comprehensive understanding of the regulatory framework governing digital marketing activities. By obtaining the necessary licences, ensuring content compliance with cultural standards, safeguarding consumer data, and adhering to advertising regulations, businesses can mitigate legal risks and leverage the full potential of social media advertising in Saudi Arabia.

For businesses seeking to operate within this dynamic sector, consulting with legal professionals experienced in Saudi Arabia’s advertising laws is advisable to ensure full compliance and to capitalise on the opportunities presented by the Kingdom’s digital economy.

Protecting Athlete Image Rights Under Saudi Law: Challenges and Opportunities

Posted on by

Saudi Arabia’s rapid transformation has placed sports at the heart of its global positioning. With significant investments in football, motorsport, boxing, and e-sports, athletes are increasingly in the spotlight as both competitors and brand ambassadors. This surge in visibility has amplified the importance of protecting and monetising athlete image rights.

While Saudi Arabia does not yet recognise a standalone “right of publicity,” athletes benefit from protection through a patchwork of legal frameworks. These range from copyright and data protection laws to advertising regulations and contract principles. Understanding this framework is critical for athletes, clubs, and sponsors seeking to safeguard value and navigate compliance in one of the world’s fastest-growing sports markets.

Legal and Regulatory Framework for Athlete Image Rights

Copyright Law and Consent
Saudi Copyright Law prohibits the publication or commercial use of a person’s photograph or likeness without their consent, subject to limited exceptions. This provides athletes with a foundational legal tool to control unauthorised use of their image in campaigns, merchandise, or media.

Personal Data Protection Law (PDPL)
The PDPL, implemented in 2021 and updated in 2023, classifies an individual’s image and biometric features as personal data. Organisations must obtain explicit consent to collect, process, or share this data, and are subject to restrictions on cross-border transfers and data retention. For athletes, this ensures additional control over the commercial use of their likeness in digital and broadcast media.

Anti-Cyber Crime Law
The Anti-Cyber Crime Law criminalises acts that invade privacy, including unauthorised use or distribution of personal images via electronic means. This provides athletes with recourse against online misuse of their images, such as “deepfakes” or unlicensed digital endorsements.

Trademark Protection
Names, signatures, and even player numbers may be registered as trademarks with the Saudi Authority for Intellectual Property (SAIP). This enables athletes to secure exclusive rights to their commercial identity, strengthen enforcement against counterfeiting, and create structured licensing programmes.

Advertising and Media Regulations
Saudi advertising regulations prohibit misleading promotions and require transparency in sponsored content. Influencers and athletes endorsing products on social media must obtain a media licence and disclose paid partnerships. Breaches may result in fines or licence suspension, underscoring the importance of compliance in brand collaborations.

Civil Transactions Law (2023)
The recently enacted Civil Transactions Law codifies principles of contract and tort liability. It provides a framework for damages claims where unauthorised use of an athlete’s image causes material or moral harm. This enhances legal certainty in disputes relating to image rights breaches.

Monetisation of Athlete Image Rights

Endorsements and Sponsorships
Athletes in Saudi Arabia are increasingly signing endorsement deals spanning apparel, technology, financial services, and lifestyle products. Agreements typically cover the scope of use, territorial rights, exclusivity, approval processes, and morality clauses.

Licensing and Merchandising
Image rights can be licensed for merchandise such as jerseys, collectables, and digital content. Trademark registration strengthens protection and enforcement, while well-drafted licensing contracts ensure revenue sharing and quality control.

Collective Rights in Team Sports
Clubs and federations often control collective image rights for team campaigns and league promotions, while athletes retain personal rights. Careful contract drafting is required to prevent conflicts between personal endorsements and league sponsors.

Digital and Social Media Content
With the rise of influencer marketing, athletes increasingly monetise personal platforms. Compliance with PDPL, advertising disclosure rules, and influencer licensing is essential to avoid regulatory breaches.

Tax Considerations
  • Withholding Tax (WHT): Payments for licensing or endorsement fees to non-resident athletes are often treated as royalties and may be subject to 15% WHT, subject to treaty relief.
  • Value-Added Tax (VAT): Image rights services supplied in Saudi Arabia are generally subject to 15% VAT. For non-resident athletes, Saudi entities may need to account for VAT under the reverse charge mechanism.
  • Zakat/Income Tax: Saudi or GCC nationals may fall under zakat rules, while foreign athletes and entities remain subject to corporate income tax.

Tax structuring is therefore critical in cross-border endorsement and licensing arrangements.

Key Legal Risks
  • Unauthorised Exploitation: Online misuse or counterfeit merchandise can dilute brand value.
  • Ambush Marketing: Unauthorised association with major sporting events may infringe advertising rules and trademark rights.
  • Reputation Management: Breach of morality clauses or reputational disputes can trigger contract termination.
  • Compliance Failures: Lack of influencer licensing or PDPL consent may result in regulatory penalties.
  • Cross-Border Complexities: Multinational campaigns must reconcile Saudi rules with foreign IP, tax, and data regimes.
Dispute Resolution and Enforcement

Disputes may arise over endorsement contracts, misuse of images, or trademark infringement. Saudi courts and the Saudi Center for Commercial Arbitration (SCCA) provide avenues for enforcement. As a signatory to the New York Convention, Saudi Arabia also enforces foreign arbitral awards, subject to Sharia principles. Regulatory authorities such as SAIP, SDAIA, and the Ministry of Commerce play active roles in policing infringements.

Strategic Opportunities

The legal framework—though fragmented—offers clear pathways for athletes and brands to protect and commercialise image rights. Key opportunities include:

  • Brand Building: Registering trademarks and reserving digital domains to strengthen brand portfolios.
  • Digital Innovation: Leveraging compliant social media and e-commerce channels for monetisation.
  • Structured Contracts: Aligning endorsement and licensing agreements with PDPL, advertising, and tax rules.
  • Event Leverage: Harnessing the Kingdom’s investment in mega-sporting events to expand regional and global brand reach.

Saudi Arabia’s evolving sports ecosystem offers unprecedented opportunities for athletes to monetise their image rights. While the Kingdom lacks a unified “publicity right,” a combination of copyright, data protection, advertising, and contract laws provides robust protection when used strategically. By anticipating compliance requirements and structuring deals carefully, athletes, clubs, and brands can unlock long-term value while safeguarding reputation and legal integrity.

Data Privacy vs Business Growth: Navigating KSA’s Evolving PDPL Landscape

Posted on by

As Saudi Arabia continues to accelerate its digital transformation under Vision 2030, the balance between data privacy and commercial innovation has become a defining business challenge. The Personal Data Protection Law (PDPL) now plays a central role in shaping how organisations operate in the Kingdom, bringing both regulatory rigour and commercial opportunity.

 

Since its introduction, the PDPL has evolved into a sophisticated framework that aligns with global standards, while being tailored to the Kingdom’s socio-economic context. For companies operating in or interacting with the Saudi market, understanding the PDPL is no longer optional. Compliance is now a strategic imperative.

A Brief Overview of the PDPL Framework

The PDPL was first issued under Royal Decree No. M/19 on 16 September 2021 and is overseen by the Saudi Data and Artificial Intelligence Authority (SDAIA), in collaboration with the National Data Management Office (NDMO). The law aims to establish a transparent, accountable and secure system for the collection and processing of personal data.

Since its inception, the PDPL has undergone significant amendments, with the latest set of executive regulations issued in 2024. These updates introduced a more flexible and risk-based approach, particularly in areas such as international data transfers, consent mechanisms, and the role of data protection officers.

Core Compliance Requirements

Organisations subject to the PDPL must meet several key obligations:

  • Lawful Processing: All personal data must be processed on a lawful basis. Consent remains the default, but exceptions include legal obligations, the protection of vital interests, or legitimate interests that do not conflict with the rights of individuals.
  • Purpose, Limitation, and Data Minimisation: Data must only be collected for clear, lawful purposes and limited to what is necessary to achieve those purposes.
  • Transparency and Rights of Data Subjects: Individuals have the right to be informed about how their data is processed. They can also request access to their data, corrections, deletion in some cases, and object to specific uses.
  • Security and Risk Mitigation: Organisations are required to implement appropriate technical and organisational measures to protect data against unauthorised access, misuse, or loss.
  • Data Breach Notification: Entities must notify SDAIA without undue delay in the event of a data breach. If the breach poses a high risk to individuals, those affected must also be informed.
  • Registration and Governance Roles: Certain entities may need to register with SDAIA and appoint a data protection officer, particularly where large-scale or sensitive data processing is involved.
Cross-Border Data Transfers: A Pragmatic Shift

One of the most notable developments in the updated PDPL is the shift in approach to international data transfers. Initially, the law imposed strict limitations on sending personal data outside Saudi Arabia. However, the revised regime allows transfers subject to specific conditions, including:

  • Adequacy of protection in the receiving jurisdiction
  • Contractual safeguards such as standard clauses
  • Regulatory approval, where applicable
  • Justified business needs or legal obligations

This change is particularly welcome for multinationals and digital service providers, as it brings Saudi Arabia’s framework closer to established models like the EU’s GDPR, without losing sight of national interests.

Key Challenges for Businesses

While the PDPL aims to support innovation, it introduces several operational and legal complexities:

  • Rising Compliance Costs: Achieving and maintaining compliance requires investment in legal advisory, IT systems, internal training, and policy development. This is especially challenging for SMEs with limited resources.
  • Slower Product and Service Rollouts: New products must be designed with privacy in mind from the start. This “privacy by design” principle can add time and cost to development pipelines, particularly for data-reliant services like AI, analytics, or targeted advertising.
  • Complex Third-Party Ecosystems: Businesses are responsible for the data practices of their service providers and partners. Due diligence, contractual oversight, and regular audits are now essential.
  • Evolving Legal Landscape: Executive regulations and technical guidance continue to develop. Staying compliant means staying up to date with SDAIA’s latest requirements and being ready to adapt internal practices quickly.
A Strategic Approach to Compliance and Growth

Rather than viewing compliance as a regulatory hurdle, forward-looking organisations are embedding privacy into their long-term business strategy. Recommended actions include:

  • Build Privacy into Design: Whether developing digital products or structuring internal processes, integrating privacy from the outset reduces future risks and builds trust with users and partners.
  • Appoint Internal Leadership: Even where not required, designating a data protection lead or team ensures internal accountability and strengthens governance.
  • Embrace Privacy-Enhancing Technologies: Automation tools that support consent management, audit logging, and data access requests can streamline compliance while supporting scalability.
  • Conduct Routine Data Audits: Regular reviews of data processing activities help identify gaps, assess risk exposure, and ensure data is only held for valid purposes.
  • Maintain a Dialogue with Regulators: Engaging with SDAIA and the NDMO through consultations or industry roundtables can help clarify expectations, especially in novel use cases or high-risk sectors.
Privacy as a Competitive Advantage

Saudi Arabia’s PDPL is more than a regulatory milestone; it is a cornerstone of the Kingdom’s broader ambition to become a global digital leader. Organisations that treat data privacy not just as a legal requirement, but as a business enabler, will be best placed to thrive.

Compliance can unlock greater customer confidence, smoother cross-border operations, and increased investment readiness. In today’s digital economy, trust is currency, and privacy is its foundation.

By adopting a forward-thinking, principles-based approach to data governance, businesses can not only meet PDPL obligations but also drive innovation, protect their brand, and contribute to a resilient and future-ready Saudi economy.

Cybersecurity Laws in Saudi Arabia: Safeguarding Against Digital Threats

Posted on by

As digital transformation accelerates across sectors, cybersecurity has become a national priority for Saudi Arabia. Anchored by Vision 2030, the Kingdom has taken substantial legislative, regulatory, and institutional steps to build a secure and resilient digital environment. These efforts reflect the growing recognition that cyber threats, whether targeting critical infrastructure, personal data, or digital services, pose serious risks to national security and economic stability.

 

National Cybersecurity Authority (NCA)

Established in 2017, the National Cybersecurity Authority (NCA) remains the central regulator for cybersecurity in Saudi Arabia. It leads the development and implementation of national cybersecurity strategies, frameworks, and compliance obligations. The NCA mandates compliance with sector-specific and national cybersecurity controls, including the Essential Cybersecurity Controls (ECC), which are compulsory for public entities and operators of critical infrastructure, including those in energy, finance, health, transport, and telecom sectors.

Recent NCA circulars and updates continue to emphasise cybersecurity maturity assessments, third-party risk management, cloud security controls, and incident response protocols.

Cybercrime Law (Royal Decree No. M/17)

The Cybercrime Law, issued under Royal Decree No. M/17 (2007) remains a foundational statute. It criminalises a wide range of offences, including unauthorised system access, data breaches, identity theft, electronic fraud, and the creation or dissemination of malicious software. Although drafted before the current digital boom, it remains in effect rigorously. The government is currently reviewing potential amendments to further modernise the law in light of emerging threats, such as ransomware, AI-driven cyberattacks, and deepfake technology.

Personal Data Protection Law (PDPL)

The Personal Data Protection Law (PDPL), enacted in 2021 under Royal Decree M/19 and fully enforced as of September 2023, represents a significant step forward in aligning with global standards, such as the GDPR. The PDPL mandates data controllers to:

  • Obtain explicit consent before data collection
  • Implement robust technical and organisational security measures
  • Notify breaches within specified timeframes
  • Ensure cross-border data transfers comply with local rules

Enforcement is overseen by the Saudi Data and Artificial Intelligence Authority (SDAIA) and its executive arm, the National Data Management Office (NDMO). As of early 2025, SDAIA has issued several supplementary regulations to guide businesses on practical compliance.

Capacity Building and Workforce Development

Saudi Arabia continues to invest in cybersecurity human capital through initiatives such as:

  • CyberIC Programme – focused on professional development and national capacity building
  • Saudi Cybersecurity Federation – supporting competitions, education, and skills training
  • Public-private partnerships with global tech firms for training and infrastructure modernisation

These efforts aim to cultivate a strong domestic talent pool capable of defending against sophisticated cyber threats.

Regional and International Cooperation

Saudi Arabia is an active participant in global and regional cybersecurity frameworks. It collaborates with:

  • The Gulf Cooperation Council (GCC) on regional incident response coordination
  • The International Telecommunication Union (ITU) on standardisation and cybersecurity rankings
  • Bilateral agreements with major nations to enable knowledge-sharing and joint readiness

Such collaboration strengthens the Kingdom’s global cybersecurity posture and supports harmonisation with international standards.

Business Obligations and Compliance Imperatives

For companies operating in Saudi Arabia, cybersecurity is a regulatory and strategic requirement. Organisations must:

  • Comply with NCA-mandated controls (such as ECC)
  • Ensure PDPL-compliant data handling and breach reporting
  • Conduct regular security risk assessments and third-party audits
  • Train staff on cyber hygiene and incident response

Non-compliance can result in significant fines, reputational harm, and operational disruption. As cyber threats become more complex and targeted, proactive compliance is now central to corporate governance and enterprise risk management.

Saudi Arabia has made considerable progress in establishing a comprehensive cybersecurity ecosystem. Through strong legal frameworks, institutional oversight, national skills development, and international cooperation, the Kingdom is better positioned than ever to address current and emerging cyber threats. As the digital economy expands, maintaining trust, resilience, and security in cyberspace will remain fundamental to national prosperity and stability.

 

Older posts