August 23rd, 2023 Legal Updates

Kuwait National Cybersecurity Center Strengthens Data Privacy Efforts with Decision No. 35 of 2023

In its ongoing commitment to strengthening data privacy, the Kuwait National Cybersecurity Center (“Center“) remains at the forefront, as evidenced by the recent issuance of Decision No. 35 of 2023. This pivotal decision is crafted to lay the cornerstone of a comprehensive national framework encompassing cybersecurity operations and governance. Its intent is to not only optimize operational efficacy and administrative procedures but also to do so within the parameters of robust regulatory frameworks.

The Center was established pursuant to Decision No. 37 of 2022, with the aim of achieving the objectives derived from The National Strategy for Cybersecurity.

For more information about the Center, you could read our overview with respect to the Center’s recent decision at

The decision introduced the governance principles for each of the following:

  1. The Supreme Committee, which is the National Supreme Committee established by Cabinet Resolution No. 355 during its meeting in 11/2019;
  2. The Center;
  3. The Military and Security entities, which include the Kuwaiti Army, the Ministry of Interior, the National Guard, and the Fire Department;
  4. The Licensee, which is defined as the entity authorized by law to grant individuals, companies, and others the right to provide one or more services to beneficiary/ beneficiaries;
  5. The Licensed or Service Provider, which is defined as individuals or companies who are granted a license to provide one or more services to beneficiary/ beneficiaries;
  6. The Regulator of the Electronic Services Sector, which is the entity authorized by laws, regulations, and rules to oversee and regulate the plans and implementation processes of electronic projects and their governance;
  7. The Provider of Public Electronic Services, which is defined as entities affiliated with state institutions and their companies, which have the right to operate and offer electronic services;
  8. Vital Entities: defined as the relevant entities that possess sensitive data, systems, networks, or facilities that ensure the continuity of essential state functions, society, or the economy. The disruption, destruction, or damage to these entities could result in significant harm to national security, public safety, or the state’s economy; and
  9. Cybersecurity service provider.

This decision marks a pivotal step towards realizing the Center’s strategic objectives, underlining its instrumental role in shaping the landscape of cybersecurity in Kuwait.

For any assistance, please contact Maha El Meihy, Legal Director, Asad Ahmad, Senior Associate and Salma Farouq, Associate.