KSA: Cybercrime Law

1. Introduction

Cybercrime law known as “Anti-Cybercrime Law” via Royal Decree No. M/17 was promulgated by the Kingdom of Saudi Arabia (KSA) on 26 March 2007. The objective of this law is to counter cyber crimes, secure information security, protect public interests, moral and religious values, and defend individual rights regarding technology and information. In the Gulf area, it was one of the first cybercrime legislations reflecting the great efforts of Saudi Arabia to mitigate technology-based crimes.

2. Scope of the Law

This law covers numerous forms of criminal activity on the internet, such as online fraud, breaking into computer networks, spreading viruses, and disseminating false information. The legislation focuses on both the creation of unlawful content and the distribution of illegal materials. There are no specific exemptions mentioned for researchers,journalists,or artists. Anyone who violates the law will be punishable, even if undertaken for art, news, or education.

3. Key Provisions

• Prohibited Acts: Articles (3,4,5, and 6): According to these articles, it is prohibited for any individual to access a website, computer, or network, breach data, produce disturbing materials, commit cybercrime, and violate people’s privacy.
• Consent Requirements:There are strict protocols in this law regarding consent. A person’s private info without their permission is illegal. One can view someone’s private information, such as photos, communication, or systems, without prior permission.
• Platform Responsibilities: Although the Anti-Cybercrime Law targets individuals, platforms should delete illegal information, cooperate with law enforcement if needed, and keep the user record for an investigation when necessary.

4. Fines and Enforcement:

• Violations, Penalties, and fines: The nature of crime defines the nature of punishment.Unauthorized access fine of up to SAR 500,000 or imprisonment for up to 1 year, violations of privacy, and Online Defamation fine of up to SAR 500,000 or imprisonment for 1 year.
• Enforcement Authority: The Ministry of Interior and the Communications and Information Technology Commission are responsible for the enforcement of the law.

5. Notable Cases 

Saudi Arabia rarely releases full court judgments. For example, Fake news cases of COVID-19, where several people were arrested in 2020 for spreading false information regarding the pandemic, were prosecuted under the cybercrime law for damaging public security. All cases are conducted privately to ensure public order and confidentiality.

6. Comparison to Global Standards

Saudi Arabia, as compared to the EU and the U.S., tightly controls online content that offends social norms or religious sentiments. Similar to the EU’s GDPR, it also strictly safeguards personal data, but with potentially stricter sanctions for infringements. It has broader definitions than in U.S. legislation, meaning a wider range of activities may be deemed criminal.

7. Implications

Victims of cybercrime can make a complaint via the Cybercrime reporting services of the Interior’s Aman App or directly at the police station. The content creators must obtain prior consent to share personal photos or personal information.

8. Future Outlook

Cybercrime policies are reshaping in Saudi Arabia in response to AI-created deepfakes ,Blockchain, and cryptocurrency scams. Vision 2030 also involves an emphasis on tough cybersecurity laws. It means even more precise regulations are anticipated shortly.