Cyber Security and Data Protection (English/Arabic)

Please click on the Arabic PDF icon to download the Arabic version of this document.

Overview

This Practice Note provides an updated overview of the legislative and regulatory landscape for cyber security and data protection in Kuwait. It reflects significant legal advancements, including the establishment of comprehensive data protection regulations by the Communication and Information Technology Regulatory Authority (CITRA), alignment with international data protection standards such as the GDPR, and initiatives towards digital transformation.

Definitions

CITRA: Communication and Information Technology Regulatory Authority.
GDPR: General Data Protection Regulations.

Practical Guidance

Legislative framework

Kuwait has taken considerable steps to strengthen its cyber security and data protection regime. The key legislative instruments include Kuwait Law No. 63/2015 On Combating Cyber Crimes, Kuwait Law No. 20/2014 On Electronic Transactions and the recent Kuwait Administrative Decision No. 26/2024 Concerning the Issuance of the Data Privacy Protection Regulation which abrogated Kuwait Decision No. 42/2021 On the Data Privacy Protection Regulation. These laws and decisions collectively establish a robust legal foundation for protecting digital data and privacy, imposing strict penalties for cybercrimes, and setting forth obligations for the collection, processing, and storage of personal data.