The Communications, Space, and Technology Commission (CST) of the Kingdom of Saudi Arabia (KSA) has announced that the “Data Centre Services Regulations” document has come into force on January 1, 2024. The regulations that were originally made public in August 2023 cover a wide variety of obligations and procedures pertaining to registration, energy management and sustainability, among other relevant subjects.
Why were the regulations required?
Saudi Arabia had envisioned an ambitious digital transformation plan as part of Saudi Vision 2030, and has been taking sure and steady strides towards these goals surrounding economic diversification, attracting foreign investment, developing high tech modern infrastructure in exclusive business and leisure zones, as well as building futuristic cities such as NEOM. Many government services are also being increasingly offered digitally in Kingdom where the median age of citizens as per the 2022 Census was 29 years, and where over 60 percent of people are under the age of 30 years. This young population is tech-savvy and it has high standards when it comes to digital services.
More and more data is being generated every day, and this is just the beginning. Moreover, there are also growing concerns about data sovereignty worldwide, and especially in the Middle East where The United Arab Emirates (UAE), Bahrain and a few others have already enacted stringent laws to safeguard the data of their citizens. All this means more Cloud and Data Center infrastructure needs to be built, maintained and updated/upgraded periodically to keep up with the burgeoning demand.
At present, Saudi Arabia has close to two dozen data centers established and operated by major global and regional players such as Gulf Data Hub, GO Datacenter (Etihad Atheeb Telecom), NourNET, Mobily, etc. Recently, Google launched a new Saudi Cloud Region, and Microsoft that announced in February 2023 that it was planning a Cloud Region in KSA. According to a recent report by Knight Frank, a leading global independent property consultancy, Saudi Arabia is the fastest growing data center market in MENA.
It is therefore understandable that the Kingdom would invest in creating a favourable economic and regulatory environment bearing in mind the potential for growth of the Cloud and Data Center industry. KSA also wants to attract foreign investors, and wants to create an environment where international technology giants feel comfortable putting down some roots in the Kingdom.
What do the regulations say?
The regulations first define a Data Center as “a dedicated building or space to centralized accommodation, interfaces, information technology operations and network communications equipment that provides data storage, processing, and transportation services, together with all facilities and infrastructure for energy distribution and environmental control, as well as necessary levels of flexibility and safety required to provide the availability of required service.”
They go on to define Data Center Services as “colocation services that include space, power, and cooling provided by Data Center Service Providers to Customers to host “co-locate” servers, network components, storage equipment etc.”
The regulations go on to define Data Center Serices, Service Providers, Customers, and Carrier Neutral Data Centers. On the subject of registration, the regulations state that the registrations for Tier I data centers would come under the limited category and would only be for existing facilities and will not be issued for new facilities. Regulations mandate that all new Tier II (Standard) and Tier III (Advanced) Data Centers should be Carrier Neutral and that Service Providers should provide energy management and sustainability plans to reduce their energy consumption carbon emissions and electronic waste. Registrations would be valid for three Gregirian years (a distinction made as the Gregorian calendar is different from Islamic calendars that are also used widely in the Middle East).
Some other obligations placed on Data Center Service Providers include making arrangements for adequate security on the premises of the facility, providing Service Level Agreements (SLA) to Customers and adhering to any rules or guidance provided by Communications, Space, and Technology Commission (CST) from time to time. There are also some other regulations pertaining to insurance, liability, contractual obligations etc.
