Governments in the Middle East and North Africa (MENA) are at a critical juncture.
The region is rapidly becoming a global digital hub, particularly for artificial intelligence (AI) and cloud computing. But their integration introduces policy challenges that existing regulatory frameworks are struggling to manage.
As MENA continues its rapid technological development, governments must shape digital policies that support innovation, investment, and an open Internet.
The Artificial Intelligence and Cloud Computing Landscape
Driven by ambitious national visions and massive investments in infrastructure, businesses in MENA are outpacing their global peers in adopting advanced digital technologies.
Artificial intelligence (AI) has become central to national strategies across MENA, through both AI expert systems, used for automated decision-making in finance or healthcare, and generative AI, which creates content.
By 2030, the region’s AI market is projected to exceed $34 billion USD, and 39% of businesses already make advanced use of generative AI.
Cloud computing allows people to store and process data on remote servers, connected via the Internet. This technology is crucial for low-latency services, data aggregation, and regional infrastructure investment.
Major tech giants—including Amazon, Google, Microsoft, and Oracle—have established multiple cloud regions in MENA, with the cloud computing market projected to be worth $179.51 billion USD by 2032.
As governments move to regulate these massive industries, they must protect their citizens and anticipate consequences on the emerging technologies they address. This applies particularly to legislation in four key areas:
Data Governance
Data governance relates to how data is used, stored, and shared. Many MENA nations have introduced robust data protection laws, a positive step toward increasing citizen trust. However, cross-border data transfer is a recurring issue.
Regulations that impose overly complex or restrictive conditions on data flowing out of the country can undermine key technologies and a globally connected Internet.
For example, in Oman, data used by transportation apps is required to be located in the country, effectively banning them. In the United Arab Emirates, without special permission, health data must be stored in the country, limiting access to certain foreign services.
AI systems rely on vast, diverse datasets for effective training, but data localization laws prevent the free flow of information across borders. This can directly lead to less effective or even biased AI systems, undermining the quality of services people receive.
Cloud services also thrive on data aggregation in regional hubs, which data localization requirements can prevent. Restrictions could deter cloud providers from investing, increase operational costs for local businesses, and ultimately leave the Internet less globally connected.
Policy makers must balance legitimate national concerns with the necessity of global data flows.
Privacy Protection
Privacy protections, a specific type of data governance, secure personal data. Many MENA countries have privacy-protecting legislation. But gaps remain in AI-driven profiling, which analyzes a user’s online activity to categorize and predict their interests and behaviors.
For example, Saudi Arabia’s Personal Data Protection Law ensures basic privacy rights. But it does not specifically address new challenges related to AI, automated personal data processing, or the right to know when profiling technologies are used.
Privacy regulations must evolve to explicitly address the use of personal data in this new context, ensuring transparency and providing clear user consent or opt-out mechanisms.
Intermediary Liability Protection
Intermediary liability protection is the principle that platforms are not legally responsible for content created by their users.
A user may upload copyright-infringing content to a social media platform. The social media company is not responsible for editing or posting the content. But without protections, some jurisdictions would consider them responsible.
For example, the Jordanian Cybercrime Law holds websites and social media platforms liable for prohibited content, regardless of whether it came from a third party.
Intermediary liability represents a significant vulnerability across MENA. Without clear protections in several countries, companies face crippling legal risk for content they merely host. This severely limits the growth and innovation of domestic digital platforms and forces citizens to rely on foreign providers.
Cloud companies often act as intermediaries, hosting data for third parties. This regulatory gap acts as a significant barrier, discouraging investment and limiting the availability of global cloud services.
The Encryption Imperative
Encryption—the process of scrambling data, making it unintelligible to anyone without the key to decode it—is not just a technology. It is a fundamental security layer for protecting data and a non-negotiable principle for a secure Internet.
Encryption restrictions like those in some MENA countries undermine the foundation of privacy laws and erode the trustworthiness of the Internet. Egypt’s Telecommunications Law, for example, requires people to get a permit from the government before using any encryption technology.
By introducing vulnerabilities and exposing data, these restrictions create a fertile ground for sophisticated cybercrime, data leaks, and malicious attacks.
Global cloud providers and multinational corporations rely on strong end-to-end encryption for their operational security. Any regulatory uncertainty in this area acts as a powerful deterrent, limiting investment in the region and reducing the availability of advanced digital services.
Strong, unhindered encryption is paramount for fostering a secure and competitive digital economy in the MENA region.
The Next Step
Comprehensive, coherent policy in all four of these areas is essential for a resilient digital ecosystem. Governments are not asked to abandon regulation, but to embrace a holistic approach that both protects citizens and unleashes the full potential of AI and cloud computing.
We at the Internet Society stand ready to help governments navigate policy challenges and assess proposed legislation through tools like our Internet Impact Assessment Toolkit, ensuring an open, globally connected, secure, and trustworthy Internet in MENA.
Want to learn more about developing balanced regulations in MENA? Check out our full report, Emerging Digital Technologies and their Impact on Policy and Regulation in the Middle East and North Africa.
Image © Urban Pixel Lebanon