On Point: The Licensing of Internet Exchange Points in Saudi Arabia

The term ‘Internet Exchange Point’ or ‘IXP’ refers to physical infrastructure that allows networks to interconnect directly. Internet infrastructure and network providers, such as Internet Service Providers and Content Delivery Networks, can connect their networks and exchange traffic (i.e. data transmitted and received over the internet). IXPs allow for high speed data transfer, reduced latency, fault tolerance, improved bandwidth and routing efficiency. The costs associated with operating IXPs are usually shared between the participating infrastructure and network providers. IXPs often use a ‘peering’ arrangement, which permits exchange of internet traffic for free. Some large networks, with greater market share, may charge smaller networks for peering services.

In this article, we look at the status of IXPs in Saudi Arabia, and a recent proposal to regulate.

Proposed Regulation of IXPs in Saudi Arabia

Currently, there is no legal framework specifically regulating IXPs in Saudi Arabia. In 2018, the Communication and Information Technology Commission (‘CITC’) issued a public consultation document on a draft IXP Framework, indicating its intention to regulate the operations of IXPs in Saudi Arabia.

The proposed IXP Framework covers topics such as IXP ownership, registration, participation, operations, international cable landing point access and the CITC’s powers. In its draft form, it is intended to apply to any and all IXP services provided within Saudi Arabia. Additionally, any entity engaged, in whole or in part, as an IXP service provider in Saudi Arabia is required to apply for registration with the CITC.

Notably, the draft IXP Framework provides for:

• Ownership: Foreign ownership of IXPs operating in Saudi Arabia will be allowed in line with the Kingdom’s WTO commitment in respect of foreign ownership in the telecoms sector. Foreign entities will be allowed to form joint ventures and consortia for the ownership of IXPs in Saudi Arabia. The ownership stakes of each participant in such ventures/consortia may be determined at their sole discretion. If CITC designates an IXP as the Designated National IXP, CITC may impose restrictions on ownership. With respect to international cable landing points, the IXP Framework also contemplates rights of ownership and colocation obligations for IXP service providers;
• Participation: Every IXP provider shall be required to publish a membership policy and make it publicly available. Peering policies, pricing policies and tariff mechanisms will also need to be publicly available. An IXP service provider may reject a membership application, but the CITC has the discretion to direct IXPs to accept members. If CITC designates an IXP as the Designated National IXP, CITC may impose additional requirements at its sole discretion; and
• Operations: IXP service providers can offer associated services, such as supporting network operations centres for monitoring and fault detection, guaranteed service levels, internet security services, Ethernet switches for peering or transit among participants, and other appropriate services. IXP service providers will not be permitted to provide any service that requires a licence or authorisation from CITC. Infrastructure and personnel of IXPs licensed in Saudi Arabia will need to be located in the KSA. More generally, the IXP service provider will need to cooperate with CITC and other local authorities.

The draft IXP Framework contemplates empowering CITC to penalise IXP service providers for violations, and issue guidelines and standard contracts and clauses to help streamline the industry.

Content Liability

An IXP’s function is to exchange traffic rather than serving end users. As such, content is the responsibility of the IXP members and not the IXP itself. The draft IXP Framework states that IXP members are responsible for complying with local content and filtering requirements in Saudi Arabia, and that an IXP service provider will not incur any administrative or criminal liability based solely on the fact that unlawful content or infringing content has been uploaded, processed or stored on the IXP service provider’s network.

No obligation would be placed upon an IXP service provider to monitor its network, actively and constantly, for unlawful or infringing content. However, the draft IXP Framework contemplates IXP service providers promptly notifying CITC or any other appropriate authority if they become aware of any content or information on any IXP member’s network that may constitute a violation of any of the various content-related considerations set out in Saudi Arabia’s Anti-Cyber Crime Law (Royal Decree No. M/17; 8 Rabi 1 1428 / 26 March 2007).

Additionally, IXP service providers would be obligated to forward to the relevant authorities any complaints they receive from third parties about unlawful or infringing content on any IXP member’s network. IXP service providers would need to fully cooperate with the local authorities on such matters. If CITC designates an IXP as the Designated National IXP, CITC may impose additional requirements with regard to such matters.

Under the laws establishing the CITC, the CITC is empowered to impose penalties. Such penalties are without prejudice to such other penalties that may be imposed under any other applicable law in the Kingdom (such as the Anti-Cyber Crime Law).

Other Considerations

One aspect of the draft IXP Framework that may be problematic is the requirement that all IXP related personnel be located within Saudi Arabia. We do not rule out the possibility that the final version of the IXP Framework may elaborate on this point.
A further aspect that may benefit from elaboration is the application of the IXP Framework to IXPs that are already in operation. At the very least we would expect that such IXPs will be given sufficient extra time in order to ensure compliance with the new requirements.

What Now?

To reiterate, the IXP Framework is, at the time of writing, just a draft under consideration by local and international stakeholders. The timeline for completion of the consultation process and (if applicable) entry into force of the IXP Framework is not yet public.

Industry participants and potential investors would be well advised to watch this space. If the IXP Framework comes into effect, it would be appropriate to approach the CITC for clarification of any material concerns.

Al Tamimi & Company’s Technology, Media & Telecommunication team regularly advises on telecoms sector licensing issues. For further information please contact Nick O’Connell (n.oconnell@tamimi.com) or Zil Ur Rehman (z.rehman@tamimi.com).