Official government website of the Government of the Kingdom of Saudi Arabia
Links to official Saudi websites end with gov.sa

All links to official websites of government agencies in the Kingdom of Saudi Arabia end with gov.sa.

Government websites use the HTTPS protocol HTTPS for encryption and security

Secure websites in the Kingdom of Saudi Arabia use the HTTPS protocol for encryption.

DGAlogo
Registered with the Digital Government Authority under number : 20250406046
Toll Free 939

Rights to Information

 

​​​​​​Key Principles and General Rules of Freedom of Information:

Scope​​

This policy applies to all requests by individuals to access or obtain public information — non-protected information produced by public entities regardless of its source, form, or nature. This includes paper records, emails, information stored on computers, audio or video recordings, maps, photographs, manuscripts, handwritten documents, or any other form of recorded information.

This policy does not apply to protected information:
  • Information whose disclosure may harm the state’s national security, policies, interests, or rights.
  • Military and security information.
  • Information and documents obtained pursuant to an agreement with another country and classified as protected.
  • Investigations, inquiries, seizure procedures, inspection activities, and surveillance related to a crime, violation, or threat.
  • Information containing recommendations, proposals, or consultations for issuing legislation or a governmental decision that has not yet been issued.
  • Commercial, industrial, financial, or economic information whose disclosure may result in unlawful profit or loss.
  • Scientific or technical research, or rights involving intellectual property rights, where disclosure may infringe moral rights.
  • Information related to competitions, tenders, and auctions whose disclosure may compromise fair competition.
  • Information that is confidential or personal under another law, or that requires specific legal procedures to access or obtain.

Key Principles of Freedom of Information:

  • First Principle: Transparency

Individuals have the right to know information related to the activities of public entities in order to enhance integrity, transparency, and accountability.

  • Second Principle: Necessity and Proportionality

Any restrictions on requests to access or obtain protected information received, produced, or handled by public entities must be clearly and explicitly justified.

  • Third Principle: Disclosure is the Default for Public Information

Every individual has the right to access public information — non-protected information — without the need to demonstrate a specific status or interest in such information, and without being subject to any legal accountability related to exercising this right.

  • Fourth Principle: Equality

All requests to access or obtain public information shall be treated equally and without discrimination among individuals.

​Rights of Individuals Regarding Access to or Obtaining Public Information

First: The right to access and obtain any non-protected information held by any public entity.

Second: The right to know the reasons for refusing access to or obtaining the requested information.

Third: The right to appeal decisions rejecting requests to access or obtain the requested information.

Obligations of Public Entities:

  • Public entities shall be responsible for preparing and implementing policies and procedures related to exercising the right to access or obtain public information, and the entity’s chief official shall approve and adopt them.
  • Public entities shall establish an administrative unit linked to the Data Management Offices in government entities established pursuant to Royal Order No. 59766 dated 20/11/1439 AH. This unit shall be responsible for developing, documenting, and monitoring the implementation of policies and procedures approved by senior management regarding access to information. The unit’s tasks and responsibilities shall include establishing appropriate standards for determining data classification levels where such standards do not exist — in accordance with the Data Classification Policy — and using them as a primary reference when processing requests for access to or obtaining public information.
  • Public entities shall determine and provide available means (public information request forms), whether paper-based or electronic, through which individuals may request access to or obtain public information.
  • Public entities shall verify individuals’ identities before granting them access to or obtaining public information in accordance with controls approved by the National Cybersecurity Authority and relevant entities.
  • Public entities shall establish standards for determining fees associated with processing requests to access or obtain public information based on the nature and volume of data, effort exerted, and time spent — in accordance with the Data Monetization Policy document. Public entities shall also document all records of information access requests and decisions taken regarding such requests, and these records shall be reviewed to address cases of misuse or non-response.
  • Public entities shall prepare and document policies and procedures for retaining and disposing of request records in accordance with applicable laws and regulations related to the entity’s activities and operations.
  • Public entities shall prepare and document the procedures necessary for managing, processing, and documenting extension requests and rejected requests, while defining the tasks and responsibilities of the relevant work team and the cases requiring notification of the regulatory authority and the office according to the administrative hierarchy and within the specified timeframes for request processing.
  • Public entities shall notify individuals — in an appropriate manner — if a request is fully or partially rejected, clarifying the reasons for rejection and the right to appeal and how to exercise that right within a period not exceeding (15) days from the date of the decision.
  • Public entities shall prepare awareness programs to promote a culture of transparency and raise awareness in accordance with Freedom of Information policies and procedures approved by the entity’s senior management.
  • Public entities shall be responsible for periodically monitoring compliance with Freedom of Information policies and procedures and presenting them to the entity’s chief official or their delegate. Corrective actions to be taken in cases of non-compliance shall also be identified and documented, and the regulatory authority and office shall be notified according to the administrative hierarchy.

Main Steps for Accessing or Obtaining Information

Main Requirements for Requests to Access or Obtain Public Information:
  • The request must be submitted in writing or electronically.
  • The approved <Public Information Request Form> issued by the public entity must be completed.
  • The request must be for the purpose of accessing or obtaining public information.
  • The request form must include details on how the final decision and notifications will be sent to the individual (national address, email, entity website, etc.).
  • The request form must be submitted directly to the public entity.

Main Steps for Requesting Access to or Obtaining Public Information:

First: Requests shall be submitted by completing the <Public Information Request Form> — electronically or in paper form — and submitting it to the public entity that holds the information.

Second: Within a specified period (30 days) from receiving the request to access or obtain public information, the public entity shall make one of the following decisions:

  • Approval:

    • If the public entity approves the request to access or obtain information fully or partially, the individual must be notified in writing or electronically of the applicable fees. The entity must make the information available within a period not exceeding (10) working days from receipt of payment.

  • Rejection:

    • If the request to access or obtain information is rejected, the rejection must be in writing or electronically and include the following:

    • Whether the rejection is full or partial.
    • Reasons for rejection, if possible.
    • The right to appeal the rejection and how to exercise this right.
  • Extension:

    • If it is not possible to process the request within the specified period, the public entity should extend the response period for a reasonable duration depending on the size and nature of the requested information — for example, an additional period exceeding (30) days — and provide the individual with the following:

    • Extension notice and the expected completion date of the request.
    • Reasons for the delay.
    • The right to appeal the extension and how to exercise this right.

  • Notification:

    • If the requested information is available on the entity’s website or falls outside its jurisdiction, the individual must be notified in writing or electronically, including the following:

    • Type of notification: for example, the requested data is available on the entity’s website or is outside its jurisdiction.
    • The right to appeal this notification and how to exercise this right.

    Third: If the individual wishes to appeal the rejection of a request by a public entity, they may submit a written or electronic appeal notice to the entity’s office within a period not exceeding (10) working days from receiving the entity’s decision. The grievance committee at the entity’s office shall review the request, make the appropriate decision, and notify the individual of the review fees — which shall be refunded if the committee approves the request and appeal decision.

    General Provisions

    First: Public entities shall align this policy with their organizational documents — policies and procedures — and circulate them to all affiliated or associated entities in a manner that achieves integration and ensures fulfillment of the intended objectives.

    Second: Public entities must balance the right to access and obtain information with other necessary requirements such as national security and the protection of personal data privacy.

    Third: Public entities must comply with this policy and periodically document compliance according to the mechanisms and procedures established after coordination.

    Fourth: Regulatory entities — after coordination with the office — shall prepare mechanisms, procedures, and controls related to handling complaints according to a specified timeframe and organizational hierarchy.

    Fifth: Public entities must notify the office if a request to access or obtain public information is rejected or if the specified period for providing such information is extended — provided the request falls within the scope.

    Sixth: When public entities contract with other entities — such as companies delivering public services — they must periodically verify the compliance of such entities with this policy according to mechanisms and procedures established by the entity, including any subsequent contracts entered into by those entities.

    Seventh: Public entities may establish additional rules for processing requests related to specific types of public information according to their nature and sensitivity after coordination with the office.

    Eighth: Public entities must prepare forms for accessing or obtaining public information — whether paper-based or electronic — specifying the required information and available methods for submitting requests.

    Freedom of Information and Open Data

    Open data programs and policies around the world are typically developed to support national economy and innovation agendas. Making certain public information available to researchers, entrepreneurs, innovators, and startups undoubtedly helps create a favorable environment for business growth and reflects an open and transparent government.

    Open data programs and policies are also considered a proactive step by entities to preserve the right to access public information by making certain information available or published as open data before requests for access or obtaining such information are submitted. Therefore, effective open data programs and policies reduce the volume of public information access requests, resulting in lower government expenditures related to request processing.

    Related Legislation and Policies

    According to the National Data Governance Policies announced by the Saudi Data and Artificial Intelligence Authority (SDAIA):   Click here to download the file

    Based on the National Data Governance Policies document issued by the Saudi Data and Artificial Intelligence Authority (SDAIA), the following principles have been covered:

    • Key principles and general rules of Freedom of Information.
    • Key principles and general rules of Open Data within these policies.

    If you have any inquiries or feedback, you may contact us through the Unified Contact Page:

    Click Here





    Latest edit date: 09 May 2026 01:09 PM Kingdom of Saudi Arabia time.
    I rated this service as: ()
    Last Rating: Nothing Total Rating: 0 Number of Evaluators:0
    Your response has been sent successfully!
    Error message Re-evaluate again

    Please tell us why. (You can select multiple options)

    I'm

    Please tell us why. (You can select multiple options)

    I'm
    namadon
    cookie Banner icon

    Cookies Policy

    By clicking Accept All Cookies, you agree to the storing of first-party cookies on your device to enhance site navigation, analyze site usage.

    Cookies Policy
    Accept