نعم

This policy applies to all individuals' requests to view or obtain public information - unprotected and produced by public authorities, regardless of its source, form or nature. This includes paper records, emails, information stored on the computer, audio or video tapes, maps, or photographs, or manuscripts, handwritten documents, or any other form of recorded information.

  1. Information that the disclosure of which would harm the national security of the state, its policy, interests or rights.
  2. Military and security information.
  3. Information and documents obtained by virtue of an agreement with another country and classified as protected.
  4. Investigations, seizures, searches, and surveillance related to a crime, violation or threat.
  5. Information that includes recommendations, suggestions, or consultations for the issuance of legislation or government decision that has not yet been issued.
  6. Information of a commercial, industrial, financial or economic nature, the disclosure of which would lead to the achievement of profit or encounter loss in an unlawful manner.
  7. Scientific, or technical research, or rights that contain an intellectual property right whose disclosure leads to an infringement of a moral right.
  8. Information related to bids and auctions, the disclosure of which prejudices the fairness of competition.
  9. Information that is confidential or personal under another system, or requires certain legal procedures to access or obtain it.

  1. Transparency


    The individual has the right to know information related to the activities of public authorities to enhance the system of integrity, transparency and accountability. Necessity and proportionality

  2. ​Necessity and proportionality


    Any restrictions on requesting access to or access to protected information that public authorities receive, produce, or deal with must be justified in a clear and explicit way.The original information disclosure:

  3. The original information disclosure:


    Every individual has the right to access public information - which is not protected - and it is not necessary for the applicant to enjoy a certain specificity or interest in this information in order to be able to obtain it, nor is he subjected to any legal accountability related to this right.

  4. Equality:


    All requests to access or obtain public information are dealt with on the bases of equality and non-discrimination between individuals.
First: The right to see and obtain any information that is not protected by any public authority. 
Second: The right to know the reason for refusing to see or obtain the requested information. 
​Third: The right to file a grievance against the decision to reject the request for access and to obtain the required information.
    1. The public entity is responsible for preparing and implementing policies and procedures related to practicing the right to access or obtain public information. The entity’s primary official is responsible for approving it. 2. The public entity establishes an administrative unit to be linked to the data management offices in the government agencies that were established pursuant to the Royal Decree No. 59766 dated 11/20/1439 AH. The unit will be assigned the responsibility to develop, document and monitor the implementation of the policies and procedures approved by the entity's senior management related to the right to access the information. Provided that the tasks and responsibilities of the unit include setting appropriate standards for determining the levels of data classification in case of absence of them - in accordance with the data classification policy - and using them as a main reference when processing requests to access or obtain public information. 3. The public entity determines and provides the possible means (public information request forms) - whether it is a paper or electronic form - through which an individual can request access to or access to public information. 4. The public entity verifies the identity of individuals before granting them the right to view or obtain public information in accordance with the controls approved by the National Cybersecurity Authority and the relevant authorities. 5. The entity sets the necessary criteria for determining the fees involved in processing requests to access or obtain public information based on the nature and size of the data, the effort exerted and the time spent - in accordance with the data monetization policy document. The public entity documents all records of requests to access or obtain information and decisions taken regarding these requests, provided that these records are reviewed to address cases of misuse or non-response. 6. The public entity shall prepare and document the policies and procedures for maintaining and disposing of records of requests in accordance with the laws and legislations related to the entity’s business and activities. 7. The public agency prepares and documents the necessary procedures to manage, process and document extension requests, rejected requests, and define tasks and responsibilities related to the relevant work team, and cases in which the regulatory authority and the office are notified according to the administrative hierarchy and the time period specified for processing the requests. 8. The public authority notifies the individual - in an appropriate manner - if the request is rejected in whole or in part, with an explanation of the reasons for rejection, the right to complain, and how to exercise this right within a period not exceeding (15) days after the decision is made. 9. The public entity prepares awareness programs to promote a culture of transparency and raise awareness in accordance with the freedom of information policies and procedures approved by the entity's senior management. 10. The public entity is responsible for monitoring compliance with freedom of information policies and procedures periodically and presented to the entity’s first official or whomever he delegates. Corrective actions that will be taken in the event of non-compliance are identified and documented, and the regulatory authority and office are notified according to the administrative hierarchy.

The Main Requirements for Requests to Access or Obtain Public Information:

  1. The application must be in writing or electronically.
  2. You must fill out the approved by the public authority.
  3. The request must be for the purposes of accessing or obtaining public information.
  4. The application form must include details on how to send the final decision and notices to the individual (national address, e-mail, or the entity’s website ... etc.
  5. ​The application form must be sent directly to the public authority.

​The Main Steps for Requesting Access to or Obtain General Information:
First: Applications are submitted by filling out - electronic or paper - and submitting it to the public authority that has the information.

Second: The public authority shall, within a specified period of time (30 days) from receiving the request to view or obtain public information, take one of the following decisions:
1. Consent: In the event that the public authority has approved the request to access or obtain information in whole or in part, the individual must be notified in writing or electronically of the applicable fees. The public authority must make this information available to the individual within a period of time not exceeding (10) working days from receipt the amount. 
2. Rejection: In the event that the request to access or obtain information is rejected, the rejection must be in writing or electronically and should include the following information: * Determine whether the application was rejected in whole or in part. * Reasons for refusal, if applicable * The right to complain about this refusal and how to exercise this right. 
3. Extension: In the event that the request for access to information cannot be processed in the specified time, the public entity should extend the period in which the response will be responded to a reasonable period depending on the size and nature of the information requested. For example, exceeding an additional (30) days - and provide the individual with the following information: 

* Notice of the extension and the date on which the application is expected to be completed * Reasons of delay * The right to complain about this extension and how to exercise this right. 3. Notice: If the requested information is available on the entity’s. 

4. website, or it is not within its competence, the individual must be notified of this in writing or electronically, provided that it includes the following information: 

* Notice type: For example, the required data is available on the entity’s website, or it is not within its competence. 
* The right to complain about this notice and how to exercise this right. 

Third: In the case that an individual wishes to file a grievance against the rejection of the request by a public authority, he can submit a written or electronic notice of the grievance to the office of the entity within a period of time not exceeding (10) working days from receiving the decision of the public authority. 
The Grievance Committee at the entity’s office reviews the request and takes the appropriate decision and notification to the individual of the review fee. It will be refunded in the event that the committee.
First: The public authorities shall harmonize this policy with their regulatory documents - policies and procedures, and circulate them to all their affiliated or related entities in order to achieve complementarity and ensure the achievement of the desired goal of preparing them. 

Second: The public authorities must balance the right to access and obtain information with other necessary requirements such as achieving national security and maintaining the privacy of personal data. 

Third: The public authorities must comply with this policy and document compliance periodically in accordance with the mechanisms and procedures that these authorities specify after coordination. 

Fourth: The regulatory authorities - after coordination with the office shall prepare the mechanisms, procedures and controls related to handling complaints according to a specific timeframe and the organizational hierarchy. 

Fifth: The public authorities must notify the office in the event that a request to access or obtain public information is rejected, or to extend the period specified for providing this information – which is within the domain. 

Sixth: The public entity, when contracting with other bodies, such as companies that carry out public services, must periodically verify the compliance of other entities with this policy in accordance with the mechanisms and procedures specified by the entity, provided that this includes any subsequent contracts that other parties undertake. 

Seventh: The public authorities have the right to set additional rules for handling requests related to specific types of public information according to their nature and sensitivity after coordination with the office. 

Eighth: Public authorities must prepare forms for viewing or obtaining public information - whether paper or electronic - in which he specifies the necessary information and possible means to provide the required information.

Freedom of information and open data:
Open data programs and policies are usually prepared and developed around the world to support the national economic and innovation agenda. Undoubtedly, the availability and dissemination of a specific set of public information for researchers, entrepreneurs, innovators and start-ups helps to create an environment conduc​ive to business growth, and indicates an open and transparent government. Open data programs and policies are also a proactive step by the authorities in maintaining the right to access public information by making available or publishing a specific set of information - such as open data - before requesting access to or obtaining it. Thus, effective open data programs and policies reduce the volume of requests to access public information, thus reducing government expenditures related to processing requests.

According to the national data governance policies announced by the Saudi Data and Artificial Intelligence Authority (SDAIA:

Legislations: