KSAPDPL.COM

PDPL Compliance Services
PDPL Compliance in 4 Weeks
Start with PDPL Consulting
at HalaPrivacy.com

Table of Contents

← PDPL Compliance Ecosystem

The Rules Governing the National Register of Controllers Within the Kingdom – Introduction
The Rules Governing the National Register of Controllers Within the Kingdom Article 1 – Definitions
The Rules Governing the National Register of Controllers Within the Kingdom Article 2 – Scope and Objective
The Rules Governing the National Register of Controllers Within the Kingdom Article 3 – Controller Delegate Appointment
The Rules Governing the National Register of Controllers Within the Kingdom Article 4 – Registration Procedures
The Rules Governing the National Register of Controllers Within the Kingdom Article 5 – Profile Data
The Rules Governing the National Register of Controllers Within the Kingdom Article 6 – Circumstances for Appointing a Personal Data Protection Officer (DPO)
The Rules Governing the National Register of Controllers Within the Kingdom Article 7 – Information of the Personal Data Protection Officer (DPO)
The Rules Governing the National Register of Controllers Within the Kingdom Article 8 – Obligations
The Rules Governing the National Register of Controllers Within the Kingdom Article 9 – Representative Replacement
The Rules Governing the National Register of Controllers Within the Kingdom Article 10 – Registration Certificate Issuance
The Rules Governing the National Register of Controllers Within the Kingdom Article 11 – Making Registration Certificate Available to the Public
The Rules Governing the National Register of Controllers Within the Kingdom Article 12 – Services Provided on the Platform
The Rules Governing the National Register of Controllers Within the Kingdom Article 13 – Review and Amendment
The Rules Governing the National Register of Controllers Within the Kingdom Article 14 – Enforcement

The Rules Governing the National Register of Controllers Within the Kingdom Article 10 – Registration Certificate Issuance

  • This article is verified from SDAIA
  • halaprivacy.com
  • Updated: December 23, 2025
ChatGPT
Gemini Gemini
Claude Claude
Perplexity Perplexity

Overview

The Rules Governing the National Register of Controllers Within the Kingdom Article 10 regulates the issuance, validity, and renewal of the registration certificate issued to Controllers registered on the National Data Governance Platform.

It defines the mandatory contents of the certificate, establishes its maximum validity period, and sets out notification and grace period rules applicable upon expiry.

SDAIA's Official Text

The text below reproduces official PDPL law, regulation, or guideline issued by the Saudi Data & AI Authority, verified against the original SDAIA source. No changes or reinterpretation applied.

Article 10: Registration Certificate Issuance

  1. The registration certificate shall be issued as soon as the registration process, stipulated in Article (4) of these rules, is completed. The certificate shall include the following information:

    1. Registration Serial Number.

    2. Entity/Individual Name.

    3. Entity Logo.

    4. Entity Address.

    5. Official Email of the Entity/Individual.

    6. Official Contact Number of the Entity/Individual.

    7. The Date of Issue and End Date.

    8. QR code.

  2. The certificate will be valid for (5) years as maximum.

  3. The Competent Authority shall notify the Controller of the impending expiration of their registration certificate no less than thirty (30) days prior to the expiry date. Following the expiration of the certificate, the Controller may continue to access Platform Services for a grace period of up to five (5) days. However, access to services beyond this grace period shall be contingent upon the Controller submitting a renewal request.

Plain-Language Explanation

The explanation below is provided to help you understand the SDAIA’s legal text and does not replace or override the official PDPL law, regulation, or guideline.

Article 10(1)

Issuance of the Registration Certificate

This provision establishes that the registration certificate is issued immediately upon completion of the registration process in accordance with Article 4 of these Rules. The issuance of the certificate confirms the Controller’s successful registration on the Platform and formal inclusion in the National Register of Controllers.

 

This provision also specifies the minimum information that must be included in the registration certificate, including identification details, official contact information, validity dates, and a QR code. These elements ensure verifiability, transparency, and traceability of the Controller’s registration status.

Article 10(2)

Certificate Validity Period

This provision sets a maximum validity period of five years for the registration certificate. Controllers are required to monitor the validity of their certificate and ensure timely renewal to maintain uninterrupted access to Platform services.

Article 10(3)

Expiry Notification and Grace Period

This provision obligates the Competent Authority to notify Controllers at least thirty days before the certificate’s expiration. It also establishes a limited grace period of up to five days following expiry during which Platform access may continue. Continued access beyond this grace period is conditional upon submission of a renewal request.

Saudi Personal Data Protection Law Compliance Services (KSA PDPL)

KSA PDPL Compliance Implementation

Achieve PDPL Compliance in 4 weeks or less.

Data Protection Officer As A Service (DPOaaS)

Let us handle your daily PDPL Compliance Operations.

KSA PDPL Compliance Audit (External)

Audit your PDPL compliance obligations.

Scroll to Top