In November 2024, SDAIA issued a quiet enforcement guidance memo to a cohort of Saudi financial institutions. The memo didn't make headlines. It wasn't publicized through official press releases. But inside several major banks and insurance firms, it triggered emergency governance reviews, compliance sprints, and at least two board-level conversations about AI risk that had never happened before.
The memo's contents have not been made public. What has leaked, through compliance officers and regulatory consultants, is the underlying message: SDAIA had reviewed AI deployments at these institutions and found them materially non-compliant with the National AI Ethics Principles — not because the organizations were acting in bad faith, but because they had never structured their AI deployments to be governed in the first place.
That gap is the defining compliance risk of 2026 for any organization operating AI systems in the Kingdom. Three regulators — SDAIA, SAMA, and the National Cybersecurity Authority — have built overlapping governance frameworks that together cover nearly every dimension of AI risk: ethics, model performance, data protection, and cybersecurity. Most organizations are running AI under one of these frameworks, poorly, while ignoring the other two entirely.
That is not a sustainable position.
What SDAIA Actually Requires
SDAIA's authority derives from its founding mandate — to regulate data and AI across the Saudi economy — but also from the Personal Data Protection Law, enacted in 2021 and substantively enforced since 2023. The PDPL is the sharpest edge of SDAIA's governance toolkit. Article 37 sets administrative penalties at up to SAR 5 million for violations involving unlawful processing of sensitive personal data, and the law explicitly covers automated decision-making that produces legal or similarly significant effects on individuals.
The National AI Ethics Principles, published by SDAIA and periodically updated, establish the substantive standards for how AI systems must behave. These are not aspirational values. They are organized around three operational pillars: Human-Centric AI, Ethical AI, and Secure AI. Each pillar carries specific technical and procedural expectations.
Human-Centric AI means that AI systems affecting people — hiring decisions, credit access, healthcare triage, content moderation — must preserve meaningful human oversight. Not nominal human oversight where a person clicks "approve" on every AI recommendation without reviewing it. Meaningful oversight: documented review processes, escalation paths, and audit trails showing that humans can and do intervene. Organizations running automated pipelines where human review is theatrical rather than substantive are exposed here.
Ethical AI translates to bias testing before deployment and during operation, explainability requirements calibrated to the risk level of the system, and fairness monitoring across demographic groups. SDAIA has not published specific enforcement timelines for these requirements, but the direction of travel is unambiguous — the agency is moving from principle articulation toward audit and enforcement.
Secure AI, the third pillar, is where SDAIA's framework overlaps with the NCA's, and where the documentation burden becomes acute. Organizations must demonstrate that their AI systems are resilient to manipulation and that their training data and model infrastructure are protected. SDAIA's expectations here are less granular than the NCA's Essential Cybersecurity Controls, but they are additive — meaning an organization cannot satisfy both with a single set of controls without deliberate cross-referencing.
The PDPL fine ceiling of SAR 5 million per violation matters less, in practice, than the reputational exposure that accompanies a public enforcement action. In a market where government contracts and regulatory licenses depend on demonstrable compliance, a SDAIA enforcement finding is a business disruption event.
SAMA's Model Risk Framework: The Financial Sector's Specific Problem
For banks, insurance companies, investment firms, and the rapidly expanding fintech sector operating under SAMA's remit, AI governance carries an additional layer of specificity. SAMA has issued model risk management guidance — reflecting principles similar to those established by banking regulators in other major jurisdictions — that applies directly to AI and machine learning systems used in financial decision-making.
The framework is demanding because it is comprehensive. SAMA expects financial institutions to treat AI models as financial risk infrastructure, not software features. That means:
Independent model validation before deployment. Not internal testing by the team that built the model. Independent validation by a separate function with the authority to block deployment until identified risks are addressed. For smaller institutions, this is structurally difficult — it requires either a dedicated validation team or a third-party arrangement, both of which add cost and timeline.
Documented model governance throughout the lifecycle. From initial development through deployment, monitoring, and retirement, every significant decision about a model — architecture choices, data sources, threshold calibrations, performance benchmarks — must be documented in a form that can be reviewed by SAMA examiners. This is not how most engineering teams currently operate. Sprint documentation and GitHub commit histories are not model risk documentation.
Ongoing performance monitoring with defined trigger thresholds. Once deployed, models must be monitored against pre-defined performance standards. When a model drifts below those standards — or when input data distributions shift enough to compromise predictions — there must be documented processes for escalation, revalidation, or retirement. SAMA's implicit expectation is that institutions know when their models are failing, in real time, and can demonstrate that knowledge.
Consumer transparency for AI-driven decisions. When AI determines a customer's credit limit, flags a transaction as fraudulent, or prices an insurance policy, the customer must have a meaningful path to understand what happened and challenge it. SAMA has emphasized this in the context of consumer protection — the framing is not just about technical transparency, but about fair treatment of Saudi customers interacting with automated systems.
The cumulative burden of these requirements is substantial. Financial institutions that have been deploying machine learning models without formal model risk infrastructure are facing a significant retrofit challenge. The question is not whether to comply but how quickly they can close the gaps without disrupting operations.
The NCA's Cybersecurity Controls: A Separate Framework That Everyone Forgets
The National Cybersecurity Authority's Essential Cybersecurity Controls — commonly referred to as the NCA ECC — were updated to address AI-specific risks, and the update reflects a sophisticated understanding of how AI systems fail under adversarial conditions.
The NCA's posture is that AI systems are not just software — they are attack surfaces. Training data can be poisoned to introduce backdoors. Models can be inverted to extract sensitive information about the individuals whose data trained them. Prompt injection can redirect AI systems toward unintended outputs. Federated deployments expand the perimeter in ways that traditional network security controls do not address.
The ECC requirements for AI-adjacent systems include encryption for training data, model weights, and inference outputs at rest and in transit. They include role-based access controls with separation of duties between teams that develop models and teams that deploy them — a requirement that many organizations violate through organizational convenience rather than malice. They require supply chain security vetting for third-party models, datasets, and AI APIs, which is a real problem given how extensively Saudi organizations use foreign foundation models and cloud-based inference services.
For organizations in critical infrastructure sectors — energy, healthcare, telecommunications, water — the NCA adds mandatory incident reporting requirements. Material cybersecurity incidents affecting AI systems must be reported within 24 hours. That clock starts the moment an incident is discovered, not the moment it is confirmed or understood. Organizations that have not established AI-specific incident detection and response procedures will struggle to meet that timeline.
The NCA ECC also requires independent security assessments before deploying AI systems in critical infrastructure contexts. This is not optional and not waivable. It adds a formal gate to deployment timelines that most engineering organizations have not accounted for.
Where the Three Frameworks Collide
Running three regulatory frameworks simultaneously is harder than running any one of them, for a specific reason: they create conflicting obligations that cannot be resolved by simply following all three.
SDAIA's transparency requirements may require documenting and disclosing how a model makes decisions. SAMA's model governance requirements may classify detailed model architecture documentation as confidential risk management information that should not be disclosed externally. NCA's supply chain controls may require disclosing information about third-party AI vendors that those vendors consider proprietary. There is no authoritative guidance on how to resolve these tensions when they arise in a specific case.
Organizations that have not built governance structures capable of managing multi-regulator conflicts will default to the most conservative interpretation, which is often the most operationally disruptive one, or to ad hoc decisions made by whoever is closest to the problem at the time.
The documentation burden is the most visible symptom of the multi-regulator challenge. SDAIA requires documented ethical risk assessments for AI deployments. SAMA requires model risk documentation covering the full model lifecycle. NCA requires cybersecurity documentation for AI systems, including threat models and security test results. These three documentation sets overlap substantially in content but differ in format, depth, and intended audience. Organizations managing them separately — which most are — face significant redundancy. Organizations that have not started any of them face a gap that cannot be closed quickly.
Audit fatigue is a related problem that tends to arrive suddenly. An organization might go twelve months without a regulator requesting documentation, then receive three simultaneous requests because a regulatory coordination effort surfaced the same organization's name across all three authorities' risk registers. The organizations that survive this without disruption are the ones that maintain centralized evidence management — a single system of record for AI governance documentation that can generate regulator-specific outputs without redundant manual effort.
The Structural Failure Underneath the Compliance Gap
It is worth being direct about why most organizations are behind.
AI governance has been treated as a compliance function, assigned to legal or regulatory teams that lack the technical context to assess whether a machine learning model is actually producing explainable, auditable, bias-tested outputs. At the same time, the engineering teams building and deploying models have treated governance as someone else's problem — a checkbox that compliance handles after the real work is done.
The result is a structural gap between what regulators expect and what organizations can demonstrate. Regulators expect integrated governance: evidence that the people making technical decisions about AI are accountable to governance standards, and that governance standards are informed by the people who understand the technical realities. What they find, instead, is a compliance team with policy documents and an engineering team with models, and very little connection between the two.
Closing this gap requires organizational change, not just documentation. It requires governance committees with genuine technical representation. It requires engineering workflows that capture model decisions, data sources, and performance metrics in a form that serves regulatory evidence requirements. It requires risk and compliance teams that understand enough about machine learning to evaluate whether what they are being told about a model's behavior is plausible.
This is not a quick fix. The organizations that will be genuinely ready for 2026 enforcement activity started building these capabilities in 2024 or earlier. The organizations starting now will be managing a race condition between their governance maturation timeline and the pace of regulatory enforcement.
What the Enforcement Window Looks Like
SDAIA has not published a formal enforcement roadmap. SAMA's model risk expectations have been in effect for financial institutions for several years, though examination intensity for AI systems specifically has been increasing. The NCA's ECC requirements for AI have timelines that vary by sector and risk classification.
What can be said with confidence is that the window for building governance in the background — before regulators start asking hard questions — is narrowing. The November 2024 SDAIA engagement with financial institutions was not an isolated event. It reflects a maturing regulatory posture where Saudi authorities are moving from framework publication to examination.
Organizations that treat this transition as a reason to rush toward paper compliance — documented policies without underlying operational reality — are making a mistake that is specific to multi-regulator environments. When three authorities are independently examining the same AI systems, inconsistencies between documented policies and operational practice become visible in ways they would not be in a single-regulator context.
The organizations that will navigate 2026 well are the ones that have built governance that is coherent, not just comprehensive. Coherent governance is documented, technically accurate, operationally integrated, and consistent across the three regulatory frameworks that now govern AI in Saudi Arabia. It is not easy to build. But in a market where the alternative is enforcement exposure across three authorities simultaneously, it is the only defensible position.
The time for treating AI governance in the Kingdom as a future problem has passed. For most organizations, it became a present problem the moment they deployed their first AI system without a documented ethical risk assessment, a validated model, and a security-tested infrastructure. That moment, for many, was years ago.
Published by PeopleSafetyLab — AI safety and governance research for KSA organizations.