AI Governance & SDAIA Compliance

Course Duration: Three Days

Duration (Hrs) 15 Hours/Hours

Request a quote

Programme Overview

A specialist three-day programme that prepares organisations to design, deploy and operate AI systems in line with Saudi Arabia’s evolving AI-governance ecosystem. It covers SDAIA’s AI Ethics Principles, alignment expectations for the National AI Index (NAII), PDPL and data-protection obligations, AI management systems under ISO/IEC 42001, and the sector-specific regulatory interfaces with the Saudi Central Bank (SAMA), the Communications, Space & Technology Commission (CST), the National Cybersecurity Authority (NCA), the Ministry of Health (MoH) and the Ministry of Communications and Information Technology (MCIT). Participants leave with a working knowledge of compliance obligations, model-governance documentation, and the ability to conduct an AI risk-and-compliance assessment in their own organization.

Learning Objectives

By the end of this programme, participants will be able to:

  • Work with SDAIA’s AI Ethics Principles and apply its five principles (fairness, accountability, transparency, safety and sustainability) to real use cases.
  • Interpret the PDPL and data-sovereignty requirements for AI systems that process Saudi data.
  • Map the organisation’s AI portfolio to the National AI Index (NAII) maturity domains and identify compliance gaps.
  • Design an AI management system aligned with ISO/IEC 42001 and integrate it with existing ISO 27001 or 9001 programmes.
  • Conduct an AI risk-and-compliance assessment on deployed and planned use cases.
  • Prepare for regulatory engagement with SDAIA, sector regulators and external auditors.
  • Establish the internal governance structures, policies and documentation required for responsible AI at enterprise scale.

Programme Content & Modules

Day 1: The governance landscape and the SDAIA framework
Module 1: Why AI Governance Matters

The types of risk in AI systems, including bias, hallucination, model drift, adversarial threats and sovereignty. The global governance picture, including the EU AI Act, the NIST AI Risk Management Framework, the OECD principles and UNESCO’s Recommendation on the Ethics of AI. How Saudi Arabia positions itself internationally.

Module 2: SDAIA’s AI Ethics Principles in Depth

Fairness, accountability, transparency, safety and sustainability. Case studies of how each principle applies inside real Saudi organisations. Common failure modes and how to avoid them.

Module 3: The PDPL, Data Sovereignty & Cross-Border Implications

What the PDPL requires, how it interacts with AI systems, and the related data-sovereignty questions. Practical considerations for organisations deploying foreign foundation models.

Day 2: Management systems, maturity and sector interfaces
Module 4: ISO/IEC 42001 for AI Management Systems

The structure of the standard. The AI-management-system life cycle. Linkage with existing ISO 27001 and ISO 9001 programmes. Documentation expectations and audit readiness.

Module 5: NAII Alignment & Maturity Assessment

The National AI Index framework, its main and sub-pillars, and what the maturity levels require in practice. A practical exercise mapping a participant organisation to the NAII domains.

Module 6: Sector-Specific Regulatory Interfaces

The Saudi Central Bank (SAMA) AI guidance for the financial sector. The Communications, Space & Technology Commission (CST) for telecoms and digital services. The National Cybersecurity Authority (NCA) for cybersecurity controls. The Ministry of Health (MoH) for health AI. The Ministry of Communications and Information Technology (MCIT) for public-sector digital services. Handling multi-regulator situations.

Day 3: Applied compliance and the operating model
Module 7: Conducting an AI Risk-and-Compliance Assessment

A structured methodology. Documentation templates. A facilitated workshop in which participants assess one of their live use cases against the full SDAIA and sector ecosystem.

Module 8: Building the Governance Operating Model

The roles, including an AI ethics committee, a model-risk officer and an AI review board. Policies, controls, documentation and reporting indicators. Organisational placement and escalation paths.

Module 9: The Sovereign-AI Question & the Capstone Project

The long-term strategic implications of relying on foreign AI infrastructure. Where sovereign boundaries matter and where they do not. Applied capstone project: each participant presents a 90-day compliance roadmap for their organisation.

Suggested Duration

Three training days.

Target Audience & Prerequisites

Target audience: Chief compliance officers, chief data officers, chief AI officers, data-protection officers, chief risk officers, legal counsel and heads of legal, internal auditors, members of AI-governance committees and senior policy leaders in government, financial institutions, healthcare, telecoms, energy and the public sector under SDAIA’s oversight.

Prerequisites: Working knowledge of the organisation’s compliance, risk or legal environment. Basic familiarity with AI concepts is helpful but not required, as the programme includes foundational AI content on Day 1. Participants are encouraged to bring one live use case from their organisation to work on in the Day 3 capstone workshop.

Share this page