FAQs
Common questions.
Here are some of the most common questions we get. If you're wondering about something else, reach out.
What AI regulations apply to companies operating in the UAE and GCC?
The regulatory landscape is evolving rapidly. The UAE has published national AI principles and sector-specific guidance, while DIFC and ADGM are developing frameworks for regulated entities. Saudi Arabia's SDAIA has issued AI ethics principles. Bahrain's Central Bank has integrated technology risk expectations into its rulebook. Companies in regulated sectors also align with ISO/IEC 42001 and NIST AI RMF.
What is the difference between AI governance and AI compliance?
AI compliance is about meeting specific regulatory requirements: filing documentation, passing audits, satisfying supervisory expectations. AI governance is broader: the system of policies, roles, processes, and controls that determines how an organization develops, deploys, and monitors AI responsibly. Compliance is one output of good governance.
How do banks in the GCC manage AI risk?
GCC banks typically manage AI risk through existing operational risk frameworks, model risk management practices, and emerging AI-specific policies. Central bank expectations from the CBUAE, SAMA, and CBB increasingly require institutions to demonstrate oversight of algorithmic decision-making, particularly in credit scoring and fraud detection.
What is the NIST AI Risk Management Framework and how does it apply in the Middle East?
The NIST AI RMF is a voluntary, risk-based framework organized around four core functions: Govern, Map, Measure, and Manage. In the Middle East, it is particularly relevant for multinational companies, GCC organizations that supply AI-enabled services to US clients, and as a credible benchmark where local regulations have not yet prescribed specific methodologies.
What does ISO/IEC 42001 require for AI management systems?
ISO/IEC 42001 is the first international management system standard specifically for AI. It requires organizations to establish, implement, and continually improve an AI management system, including defining an AI policy, conducting systematic risk assessments, implementing controls across the AI lifecycle, and establishing processes for monitoring and improvement.
What is an AI governance operating model?
An AI governance operating model defines how an organization makes decisions about AI at scale. It specifies who is accountable for AI-related risks, what governance bodies exist, which processes govern the AI lifecycle, and what tools and reporting mechanisms support oversight. It typically includes board-level oversight, clear three-lines-of-defense responsibilities, and defined escalation paths.