The key to unlocking digital growth in the Middle East

In today’s world, emerging technologies such as artificial intelligence are creating new ways for consumers to interact and disrupting traditional business models. This is an era where machines learn to teach themselves; autonomous vehicles communicate with each other; and smart devices respond to and anticipate consumer needs. This requires digital regulations to regulate these new-age technologies. We are not yet witnessing the establishment of global or even supra-regional agencies or organizations to manage digital regulations globally or within a group of countries (we will cover this in the second part of our series on digital regulations).

Nevertheless, there have been some successes at both global and regional levels. Data sharing is the quintessence of today’s technology, and it rightly has consumers around the world concerned about the privacy and security of their data. In the UK, for example, the Competition and Markets Authority (CMA) and the Information Commissioner’s Office (ICO) are cross-sector competition and data protection agencies that set standards across the economy and redefine markets and market power. The EU’s General Data Protection Regulation (GDPR) requires companies to seek certain permissions to share data and gives individuals the right to access, delete and control its use. It has proven to be one of the first international regulations to achieve global success, even after being put to the test during the pandemic.

In the Middle East, Qatar was the first GCC member country to pass a law in line with the adoption of GDPR in Europe in 2016. KSA recently implemented its first-ever comprehensive data protection law. The Personal Data Protection Act (PDPL) provides comprehensive requirements regarding processing principles, rights of data subjects, obligations of organizations when processing personal data of natural persons and mechanisms for cross-border data transfer, and also specifies penalties for organizations in the event of non-compliance with the PDPL.

Another application of digital regulation is artificial intelligence, where the EU recently launched the Artificial Intelligence Regulatory Framework and the Artificial Intelligence Act⁵ was approved by the EU Parliament in March 2024. The framework classifies the potential risks associated with AI systems and states that all AI systems should be analyzed and classified according to their potential threats. Artificial intelligence systems that pose unacceptable risks (e.g. cognitive behavioral manipulation or social scoring) should be banned. Similarly, high-risk AI systems (for example, critical infrastructure management) should be assessed before they are released on the market, as well as during their lifecycle.