2026UAE AI Law expected to take effect, the first dedicated AI legislation in the region
65%of MENA enterprises have no formal AI governance framework in place
faster AI deployment in organisations with governance built in from the start

There is a governance gap opening up in enterprise AI across the Middle East, and it is widening faster than most organisations realise. On one side: regulators in the UAE and Saudi Arabia moving with genuine urgency to establish AI frameworks, ethics principles, and in some cases binding legislation. On the other: enterprises that are still treating AI governance as a compliance checkbox rather than a strategic capability.

The organisations caught in that gap will face a reckoning. Not necessarily a dramatic one, more likely a slow accumulation of friction: AI initiatives stuck in legal review, board-level discomfort about liability, regulators asking questions that internal teams can't answer, and the quiet erosion of trust that comes when AI systems produce outcomes nobody can fully explain or defend.

The good news is that this gap is closeable. AI governance done well is not a bureaucratic burden: it is a competitive advantage. In my experience working with enterprise leaders across the region, the organisations that get governance right move faster, not slower.

This article is a practical overview of the AI governance landscape in the Middle East, the most common gaps I see in enterprise programmes, and what genuinely good AI governance looks like in practice.


The regulatory landscape: where things stand in 2026

Both the UAE and Saudi Arabia have made AI a national strategic priority, and their regulatory approaches reflect that ambition.

The United Arab Emirates

The UAE has been the most proactive AI regulator in the region. The country appointed the world's first Minister of AI in 2017 and has since built out a progressively more structured regulatory environment. Key frameworks enterprise leaders need to understand include the UAE National AI Strategy 2031, the TDRA AI Ethics Principles and Guidelines, sector-specific guidance from ADGM and DIFC for financial services, and a dedicated UAE AI Law currently in development expected to introduce binding obligations including mandatory impact assessments for high-risk AI applications.

AI governance in the Middle East is coming. The question is whether your organisation builds that capability proactively or scrambles to retrofit it when regulation arrives.

Saudi Arabia

Saudi Arabia's AI governance approach is closely tied to Vision 2030 and the National Data and AI Authority (NDAIA). The Saudi PDPL, which came into force in 2022, has significant implications for AI systems that process personal data. SAMA and CCHI have issued sector-specific AI guidance for financial services and healthcare respectively.


The five governance gaps I see most often

1. No inventory of AI systems in production

Most large enterprises have AI and machine learning systems running across multiple functions, deployed by different teams at different times, with varying levels of documentation and oversight. Nobody has a complete picture. You cannot govern what you cannot see. An AI system inventory, covering what is deployed, where, what data it uses, what decisions it influences, and who owns it, is the foundation of any governance programme.

2. Accountability that lives nowhere

When an AI system produces a biased outcome, a costly error, or a result a regulator questions, the honest answer in most enterprises is that accountability is unclear. Regulators, and increasingly boards, want a named person who is accountable for each significant AI system. Not a committee. Not a shared mailbox. One person, with a title, who can be asked questions and who owns the answers.

3. Explainability treated as a technical problem

Explainability, the ability to describe in understandable terms why an AI system made a particular decision, is often treated as a model architecture question. It isn't. It is a governance and communication question. Governance frameworks need to specify what level of explainability is required for each AI system, and for which audiences.

4. Data governance and AI governance treated separately

Data quality, data provenance, data access controls, and data retention policies are the foundation on which every AI system sits. Yet in most organisations, data governance and AI governance are run by different teams, with different frameworks, and minimal coordination. This creates invisible risk.

5. Governance designed to say no, rather than to enable

In many organisations, AI governance has become associated with delay, refusal, and friction. Well-designed AI governance provides clear lanes: here is what you can build quickly and with minimal oversight, here is what requires structured review, here is what requires board-level approval. It gives teams certainty rather than ambiguity.


What good AI governance looks like in practice

A risk-tiered approach to AI systems

Not all AI systems carry the same risk. Effective governance frameworks are tiered accordingly, applying proportionate scrutiny based on the potential for harm, the regulatory context, and the degree of human oversight in the final decision. This tiering is the key to making governance workable at scale.

An AI Ethics and Risk Committee with teeth

The most effective governance structures have a cross-functional committee, typically including legal, compliance, data, technology, and at least one senior business leader, with a clear mandate, decision rights, and an escalation path to the board for the highest-risk systems.

AI impact assessments built into the development process

Rather than reviewing AI systems at the point of deployment, leading organisations conduct structured AI impact assessments earlier in the development lifecycle. Building this into the development process is the single most effective way to reduce the cost and friction of governance compliance.

Human oversight that is genuine, not performative

Genuine human oversight requires the right information, the right time, and the right training. It means designing workflows so that human reviewers have what they need to make an informed decision, not just a recommendation and an approve/reject button.

AI governance is not a tax on innovation. It is the infrastructure that allows innovation to scale. The organisations that understand this build governance early and move faster because of it.


Where to start: a practical sequence for enterprise leaders

  1. Complete an AI system inventory. Before anything else, understand what you have deployed.
  2. Apply a risk tier to each system. Use a simple high/medium/low classification based on potential for harm and regulatory context.
  3. Establish accountability for high-risk systems. Name a responsible owner for every high-risk AI system.
  4. Define your explainability standard. Decide what level of explanation is required for each category of AI decision.
  5. Build the governance process into development. Introduce a lightweight AI impact assessment as a standard step before deployment.
  6. Establish the governance function and its authority. Name the committee, define its mandate, and give it genuine decision rights.

Vijay Jaswal is Founder and CEO of Kudo Advisory. He can be reached at info@kudoadvisory.com or on LinkedIn.