The final Law Update of 2022 is here, and it’s packed full of articles. The double edition features two focus areas, first is a spotlight on Energy and Resources and second we feature a collection of articles on Transport and Logistics. The developments occurring in these sectors in the MENA region are unprecedented and our lawyers cover vast themes for you.
The Energy and Resources focus features topics such as diversifying energy resources, solar PV, mining in the Middle East, renewable energy and green hydrogen. From a transport perspective, we draw attention to the Bahrain metro project, discuss the challenges and remedies associated with the repossession of an aircraft, and there is advice on what to consider should a party vary the terms of a shipping contract.
This edition navigates you through updates from across jurisdictions such as, Oman, Jordan, Saudi Arabia, Egypt, Iraq, Qatar, and the UAE. Each article is timely and provides insights into legal issues and cases that are affecting these sectors across the region.Read the full edition
Cloud computing is a particular innovation that is growing rapidly worldwide with more and more businesses, government entities, and consumers adopting cloud services.
As you are probably aware, cloud computing is a type of computing that relies on sharing computing resources through remote access and universal data storage, rather than having local servers or personal devices to handle applications.
If GCC countries are serious about positioning their major centres as strategic business hubs, they need more high specification data centres to store the increasing volume of data and to attract leading international cloud providers.
From a consumer perspective, there are three main reasons why having more local data centres and internet exchange points are important to the overall customer experience for cloud services:
According to datacentermap.com there are currently 104 co-location data centres across 14 Middle East countries.
By comparison there are:
There are 8 listed in the UAE. Malta and Lithuania also have 8. Cyprus has 12.
Based on a scorecard system developed by BSA – The Software Alliance (www.bsa.org) to measure ‘cloud readiness’ of a country, there are some aspects in the current legal and regulatory regimes of GCC countries that may need to be addressed for the GCC to be assessed as a more favourable environment for cloud computing.
By way of example only, in the UAE context (which broadly represents a median for the regional regimes) the following are likely to be seen as potential issues:
There is also an aspect of the UAE legal system that could potentially be misconstrued as a regulatory hurdle. The UAE uses the inquisitorial system, which is a legal system where the court or a part of the court is actively involved in investigating the facts of the case, as opposed to an adversarial system where the role of the court is primarily that of an impartial referee between the prosecution and the defence. Under the inquisitorial system, which is tied to common Civil Law, the truth is uncovered through questioning those most familiar with the dispute by a judicial authority. It’s up to an ‘independent’ prosecutor or investigating magistrate to distinguish between reliable and unreliable evidence. Accordingly, under Federal Law No. 35 Concerning the Penal Procedures Law, the Public Prosecution (not the police) , in proceeding with an investigation, can order a person in possession of something which the Public Prosecution deems should be seized or perused, to submit it (see Article 78). This could include data held by data hosting providers.
Those more used to an adversarial system, where judges focus on the issues of law and procedure and act as a referee in the contest between the defence and the prosecutor, are often uncomfortable with the investigative powers of the public prosecution. However, the inquisitorial system is not unique to the Middle East. If the cloud related aspects of a business are in France, Germany, or Japan the public prosecutions will have similar powers.
Proposed Cloud Regulation in KSA
To address objectives that include encouraging investment in a local cloud industry Saudi Arabia’s Communications and Information Technology Commission (‘CITC’) has recently undertaken public consultation on the proposed regulation of cloud computing.
The CITC is proposing a Cloud Infrastructure and Services License (‘CISL’) for Cloud Service Providers (’CSPs’) with data centres, or other key cloud infrastructure, in the Kingdom and those processing or storing sensitive user content.
The proposed regulations seek to address many of the gaps outlined above. For example:
There are some aspects of the proposed regulation that do require careful consideration. It is proposed that no ‘Level 3’ user content can be transferred outside Saudi Arabia. While the higher Level 4 classifies concerns highly sensitive or secret content belonging to concerned governmental agencies or institutions (and it is understandable that there may be a reason to localise such content), the ‘Level 3’ classification in the proposed regulations is much broader and includes ‘sensitive’ user content of private sector companies or organisations. What is ‘sensitive’ is not defined.
However, overall, the CITC’s proposed cloud-specific regulations should be welcomed as a positive move to benefit users of cloud services and for the development of the cloud industry in Saudi Arabia, and will hopefully act as a prompt for appropriate cloud-specific regulation in other GCC jurisdictions.