The National Cybersecurity Authority (NCA) has invited the general public to submit their feedback on the “Regulatory Framework for Licensing Cybersecurity Services, Products, and Solutions”. The framework reflects NCA’s mandate to setting cybersecurity policies, governance rules, frameworks, rules, standards, and directives; communicating the same to relevant agencies; monitoring compliance therewith; and updating them. As well, licensing individuals and non-government agencies to engage in cybersecurity activities and operations specified by the NCA. And stimulating the growth of the cybersecurity sector in the Kingdom and encouraging innovation and investment therein.
NCA stated that the regulatory framework is part of its continued efforts to regulate and advance the cybersecurity sector in the Kingdom, safeguarding the Kingdom's vital interests and national security while enhancing the quality and reliability of services provided to national entities. It builds upon previous regulatory milestones, including the publication of the list of registered cybersecurity service, solution, and product providers, and the licensing of companies authorized to deliver Managed Security Operations Center (MSOC) services at Tier 1 & 2.
Developed in line with leading international methodologies, standards, and classification practices, the framework provides a comprehensive sector-wide taxonomy covering all cybersecurity services, products, and solutions in the Kingdom. It classifies sector activities into five primary domains: cybersecurity products and solutions, professional cybersecurity services, cybersecurity technical implementation services, managed cybersecurity services, and cybersecurity training and capacity-building services. These domains are further divided into 25 sub-domains encompassing more than 100 cybersecurity products and services.
The framework establishes the minimum licensing requirements for entities seeking to provide cybersecurity services, products, and solutions in the Kingdom. It applies to all entities currently operating in, or intending to enter, the cybersecurity services market across the Kingdom.
NCA encourages all relevant stakeholders and interested parties to review the framework and submit their feedback by Thursday, 26 March 2026. Feedback may be submitted through the Public Consultation Platform “Istitlaa” or by filling out the feedback form available on NCA’s website and sending it to: info@nca.gov.sa The document is accessible through NCA’s official website.
Last Update at: 25/02/2026 - 12:38pm Saudi time