Trusq

factual analysis · traceable to primary sources

Topics Opportunities Take the check Work with us LinkedIn NLยทEN
Analysis

The Gulf region and AI: strategy and oversight in the UAE and Saudi Arabia

Adopted 2026-06-22 ยท updated 2026-06-29 ยท ≈ 3 min read ยท Dirk Baaijen

The Gulf states treat AI as an economic engine. On 14 June 2026 the UAE merged its AI, data and digital-government bodies into one Federal Authority for AI and Data, reporting to the Cabinet; Saudi Arabia steers through SDAIA. Growth comes first, not a binding AI law like the EU's.

Short answer: The Gulf states โ€” led by the United Arab Emirates (UAE) and Saudi Arabia โ€” treat AI mainly as an economic engine and diplomatic tool, not as something to be constrained by a binding law. The approach centres on national strategies, specialised government bodies and ethical principles, with the emphasis on investment and adoption. A horizontal, enforceable AI law like the EU AI Act does not (yet) exist there.

The UAE: early and institutional

In 2017 the UAE was one of the first countries in the world with a Minister for Artificial Intelligence and a national AI strategy targeting 2031. It set up specialised bodies, invested in homegrown models and compute, and positions itself as a regional AI hub. Governance is strongly delivery-oriented: strategy, programmes and guidance rather than a central law with fines. Sectoral regulators and data protection rules (notably in the financial free zones) form the binding layer.

June 2026: one federal authority for AI, data and digital government

On 14 June 2026 Sheikh Mohammed bin Rashid Al Maktoum, the UAE's Vice-President and Prime Minister, approved the creation of a Federal Authority for Artificial Intelligence and Data โ€” described by the Cabinet as "the single national body responsible for data, artificial intelligence and digital government in the UAE", reporting directly to the Cabinet. It is chaired by Omar Sultan Al Olama, Minister of State for Artificial Intelligence, Digital Economy and Remote Work Applications.

The move is a consolidation, not a new rulebook. The Authority absorbs three existing entities into one structure: the UAE Artificial Intelligence Office, the Information and Digital Government Sector of the Telecommunications and Digital Government Regulatory Authority (TDRA), and the Emirates Data Office. Its mandate is broad and forward-looking: develop and lead the national AI strategy; propose national policies, legislation and strategies; set standards and guidelines for data and AI management; manage government data platforms for evidence-based decision-making; deliver integrated โ€” and increasingly agentic โ€” digital government services; and expand international AI partnerships.

For organisations, the significance is institutional rather than immediately regulatory. The Authority creates no new binding obligations on private companies on day one; it centralises policymaking and gives the UAE a single point of contact and a clear engine for drafting future AI and data rules. The body that until now ran the national strategy from ai.gov.ae is folded into a Cabinet-level authority empowered to propose legislation โ€” a signal that the Gulf's "growth-first" model is acquiring firmer governance scaffolding, even as the binding layer still sits in sector rules and data protection.

Saudi Arabia: SDAIA as the hub

Saudi Arabia steers its AI policy through SDAIA, the Saudi Data and AI Authority. SDAIA has developed a national strategy for data and AI and published ethical principles and guidance for responsible AI use. AI is explicitly tied to the broader economic diversification agenda (Vision 2030). Here too, steering through policy, principles and investment dominates over a binding horizontal law.

What this means for governance

The Gulf approach is "growth first, governance as enabler". Ethical principles and guidance exist but are largely non-binding; the hard obligations sit in sector rules, data protection and contractual arrangements. For organisations operating in the region this means the strategic ambitions are high, but the legal obligations are less uniform and less enforceable than in the EU.

Place on the world map

In philosophy the Gulf region resembles Singapore: voluntary frameworks, speed and attractiveness over binding obligations. That contrasts with South Korea, which adopted a binding basic act, and with the EU. See also how Africa is developing a continental strategy, and our comparison of international AI governance.

What this means

  • Distinguish ambition from obligation: strategies and principles are directional, not automatically enforceable.
  • Check the sectoral and data layer: data protection and sector supervision form the binding rules there.
  • Build on the shared grammar: governance based on the EU's risk-based structure and the NIST framework transfers well to the region.

Sources

  1. https://eur-lex.europa.eu/eli/reg/2024/1689/oj
    Regulation (EU) 2024/1689 (AI Act): the binding, risk-based EU AI law, contrasted with the growth-first approach of the Gulf states.
  2. https://ai.gov.ae/
    Official portal of the UAE Office for Artificial Intelligence, Digital Economy and Remote Work Applications: national AI strategy and initiatives.
  3. https://uaecabinet.ae/en/news/mohammed-bin-rashid-approves-establishing-artificial-intelligence-and-data-authority
    UAE Cabinet (14 June 2026): the Federal Authority for AI and Data โ€” single national body for data, AI and digital government, reporting to the Cabinet.

Share on LinkedIn

Read next

U

NIS2 duty of care: the security measures

Article 21 of the NIS2 Directive requires essential and important entities to implement ten concrete, risk-based security measures for which management bears ultimate responsibility.

W

AI Act board briefing: a template for the board and management team

A concise template to get the AI Act and AI use onto the board table: what is happening, which risks and deadlines, which decisions are needed, and which oversight questions the board should ask. Adopt it for your next board/management meeting.

W

AI use policy: a ready-to-use template to adopt

A directly usable template for an internal AI use policy โ€” what is and isn't allowed, which data may go into AI tools, approval of new tools, and the link to AI literacy (art. 4). Adopt it and adapt it to your organisation.

Dirk Baaijen

About this knowledge base

Compiled and maintained by YRproject โ€” programme and project direction at the intersection of digital transformation, AI and regulation. Every factual claim is traceable to its primary source. YRproject is led by Dirk Baaijen About & method โ†’

A project or programme? Work with YRproject โ†’

The monthly briefing

AI regulation in five minutes: what changed, what is coming and what it means. No spam, unsubscribe anytime.

Your address is used for this only and stored on our own servers.