While AI has been around for decades, over the past few years, AI has evolved almost beyond imagination. Regulations that seemed sufficient a few short years ago are now entirely outdated and unequipped to regulate AI’s current capabilities. For countries seeking to expand into the tech industry and grow their global reputation, this development presents equal parts of risk and opportunity.
The Middle East is a particularly good representation of this phenomenon, as countries in the region seize the opportunity to cement their position in the tech market and become AI superpowers. By 2030, AI could contribute $320 billion to the Middle East. The Middle East’s legislative framework is characterized as much by support for innovation as by data protection.
In this article, we explore the existing AI regulatory framework across the UAE, Saudi Arabia, and Israel, and how these respective regulations affect tech companies operating in the region.
The UAE: superpower aspirations
The UAE has made clear its aspirations to become an AI global superpower by 2031 and it pushing itself to embrace AI’s potential as a cornerstone for economic growth. This ambition is outlined in the National AI Strategy 2031, which outlines the UAE’s future strategies for AI development and management. Local companies like G24, an AI group that received a $1.5 billion investment in 2024, are taking the lead in developing a powerful AI ecosystem across high-priority sectors, including technology, healthcare, energy, logistics, and education. US-UAE private sector partnerships help power such progress and will play a significant role in cementing the UAE’s reputation as an AI leader and increasing its AI assets.
To make sure these goals are met securely and ethically, the UAE is creating an innovation-friendly regulatory environment that will support R&D, startups, and exports. Although there is no single law concerning AI in the UAE at this moment, various decrees, including Law 25 from 2018, which establishes a foundational framework for technology use and data protection in the UAE, function as partial frameworks regarding the usage of new technologies that have so far developed. While not AI-specific, Law 25 includes preventive measures that influence how AI systems handle data, and the Law can serve as a baseline for future AI-specific laws. Additionally, a number of new, non-binding frameworks, like the AI Ethics Guide of 2022 and the AI Adoption Guideline in Government Services of 2023, have also been issued as part of the attempt to establish standards that are ethical and practical.
The DIFC (Dubai International Financial Center) has also created its own set of Data Protection Regulations and amended them in 2023 to extend to the use of data by AI applications. This amendment included Regulation 10, the very first enacted regulation in the Middle East to regulate data usage by an autonomous system such as AI. In 2024, the UAE issued an AI Charter, which further encourages the use of ethical AI by detailing the principles of governance, transparency, and privacy.
Saudi Arabia: investing in innovation and data management
Like many other Gulf states, Saudi Arabia has chosen to take a business-friendly approach to AI by minimizing regulations restricting its development. With the recent announcement that the government plans to invest 40 billion US dollars into AI development, supporting the goals of specific sectors such as smart cities and energy, and the country’s plans for a digital economy plainly outlined in Saudi Arabia’s Vision 2030, it’s clear that supporting AI growth is a top priority.
Despite the government’s permissive stance and current lack of enforceable AI-specific regulations, the Saudi Data and Artificial Intelligence Authority (SDAIA) has acknowledged that while data and AI are essential to achieving the goals outlined in Vision 2030, responsible use is critical. The National Data Management Office (NDMO) is a data regulator linked to the SDAIA, which has introduced some optional regulatory standards, such as its primary framework, the Data Management and Personal Data Protection Standards. These standards place a strong emphasis on compliance with data localization mandates, specifically requiring data, particularly data used by public sector and government entities, to be processed and stored locally.
In 2023, SDAIA itself issued a public draft of the AI Ethics Principles, while in 2024, the Generative AI Guidelines were issued publicly to guide ethical AI practices. Neither is legally binding, yet they do provide businesses working with AI clear guidelines that will help make sure responsible practices are applied and further reduce potential data security risks associated with AI technology.
Israel: balancing restriction with innovation
As a world leader in developing technology, including AI, Israel’s reputation hinges on the importance of enabling innovation. Instead of formal legislation, Israel supports flexible policies built upon existing laws, like the Privacy Protection Law (PPL). These laws form the foundation on which Israel has built up its entire regulatory framework and affect data use in applications related to AI, especially those involved in cybersecurity and defense, two areas where Israel has established a global presence. By leveraging the PPL and other “soft law” frameworks, Israel reduces the pressure on organizations to comply with rigid regulations enabling AI innovation while maintaining a strong stance on data privacy and ethical standards.
This law was amended in August 2024 to better align with existing standards, such as the EU’s GDPR, and address modern data management challenges. This includes expanding its definition of “Personal Data” and “Highly Sensitive Data” to include a broader range of personal information, such as biometric identifiers and medical data. Similarly, its database registration requirements expanded to include major commercial databases in the possession of public frameworks. In addition, this amendment gives the PPA powers to issue preliminary opinions on data practices, impose administrative penalties, and seek court orders for violations.
In December 2023, the Israeli Ministry of Innovation, Science, and Technology, in collaboration with the Ministry of Justice, published its first comprehensive policy on AI regulation and ethics. This policy aims to balance technological advancement with human rights, reflecting the high-tech sector’s significant contribution to Israel’s economy, accounting for nearly 20% of GDP. The policy emphasizes a unified regulatory framework to foster AI innovation while managing associated risks. It proposes the establishment of an AI knowledge and coordination center within the Ministry of Innovation, Science, and Technology. This center, along with a steering committee, is intended to guide regulatory coordination, facilitate knowledge sharing, and advise on policy development. However, enforcement authority remains with existing regulatory bodies, with the center serving as a supportive mechanism.
The effectiveness of this framework depends on adequate resources and inter-agency cooperation. Challenges may arise due to potential budget constraints and the capacity of existing regulators, who might lack specific expertise or resources to oversee AI-related matters effectively.
Navigating AI regulations across the Middle East: similarities and distinctions
Middle Eastern nations are making distinct choices in AI regulation to support innovation while addressing their unique priorities around security and privacy. The UAE and Saudi Arabia, for instance, emphasize data localization, requiring that data generated within their borders be stored and processed locally. This strategy supports their drive for digital sovereignty and control over infrastructure, reinforcing their ambitions to establish strong AI ecosystems. In contrast, Israel, with its established expertise in cybersecurity, has opted for a flexible regulatory framework anchored in existing privacy laws, such as the Privacy Protection Law. This approach aligns with Israel’s tech-centric economy, allowing for innovation within a more stringent privacy context.
Other Gulf countries, like Qatar and Bahrain, are also shaping their AI landscapes. Qatar’s National AI Strategy emphasizes ethical AI deployment and capacity building with a focus on education and research to foster a sustainable AI ecosystem. Bahrain has adopted a business-friendly regulatory environment that prioritizes training programs and encourages openness to AI innovation while maintaining alignment with international data protection standards.
These differing frameworks create both opportunities and hurdles for companies aiming to work across the region. While the UAE and Saudi Arabia’s regulatory environments encourage rapid AI adoption and a streamlined business climate, Israel’s strong emphasis on data protection and ethical practices introduces a more measured approach. This focus on privacy may add complexities for businesses handling personal data or deploying AI solutions across borders within the region.
Thrive in the Middle East with Gcore
To navigate the complex landscape of AI regulation in the Middle East, companies must consider local compliance standards and leverage solutions that support secure and compliant data practices. This region is a hotbed of innovation, offering exciting opportunities to businesses ready to meet local regulatory requirements. When compared with stricter standards such as Europe’s GDPR, which prioritizes privacy and accountability, and the US which adopts a more sectoral and flexible approach, the Middle East prioritizes supporting innovation and favors more flexible, innovation-friendly approaches.
At Gcore, we provide sovereign AI and cloud solutions that offer localized data processing and storage tailored to meet current and future AI laws. These solutions help businesses align with regional requirements for data processing and sovereignty. Particularly for industries with stringent data regulations, like healthcare and finance, Gcore edge solutions are a powerful tool, enabling companies to store and process data closer to users while adhering to each region’s data localization and privacy mandates. With numerous points of presence in the Middle East—and beyond—Gcore is an obvious partner for businesses seeking simplified AI compliance in the region.
