Learn · Semantic cluster

CST Cloud Computing Regulations (CCRF) — Registration Classes & Buyer's Guide

SKYLINE delivers cst cloud computing regulations (ccrf) — registration classes & buyer's guide across Riyadh, Jeddah, Dammam, NEOM, and every major Saudi city — by a Saudi engineering team, with Arabic-native software, local support, and on-premise or cloud deployment.

Saudi Arabia is one of the few markets where cloud provision itself is a regulated activity. The Communications, Space & Technology Commission (CST) — formerly CITC — first issued the Cloud Computing Regulatory Framework (CCRF) in 2019, and in October 2023 approved updated Cloud Computing Service Provisioning Regulations that superseded CCRF version 3. The core mechanics carried through: any provider that directly or effectively controls data-centre or critical cloud infrastructure used to serve Saudi customers must register with CST, and registration falls into categories tied to the sensitivity of subscriber data the provider is allowed to handle.

That data-classification ladder is what buyers actually need to understand. CST recognises four levels — from Level 1 public content up to Level 4 highly sensitive data — and providers in higher registration classes may carry the more sensitive tiers, including government workloads. In practice this means a marketing site and a ministry database cannot be judged by the same checklist: the first works on almost any registered provider, the second belongs only with a provider whose class and in-Kingdom infrastructure match the data. Because classes, obligations and even the framework's name have changed more than once, treat CST's published regulations and its current cloud register as the source of truth — verify a provider's entry rather than relying on a badge on a sales page.

For most private-sector buyers the practical checklist is short: confirm the provider appears on the CST register, ask which category it holds, and confirm where the infrastructure physically sits. Skyline Cloud answers the infrastructure question plainly — cloud hosting in Saudi Arabia runs from Riyadh (ksa-c-1) and Jeddah (ksa-w-1), with a Dammam region powered by Google Cloud (me-central-2), billed in SAR with Arabic and English support. If you are mapping your own data against the CST levels, our team can review the classification with you, and a free 14-day trial (no credit card) lets you evaluate the platform before any commitment.

1,757search terms
3linked services
6KB articles
15+KSA cities served

Top 30 search terms

Highest-intent terms in this semantic cluster

CST cloud computing regulatory framework Saudi Arabia CCRF Saudi Arabia explained CST cloud provider registration cloud license classes Saudi Arabia Class C cloud provider KSA CST data classification level 3 cloud computing service provisioning regulations 2023 CST registered cloud providers list how to verify cloud provider CST registration government data cloud hosting rules KSA cloud regulations for businesses Saudi Arabia CST cloud registration requirements subscriber data classification CST cloud provider categories Saudi Arabia CITC CCRF replaced cloud compliance buyer checklist KSA hosting government workloads Saudi cloud cloud sovereignty rules Saudi Arabia CST cloud register lookup cloud provider due diligence Saudi Arabia الإطار التنظيمي للحوسبة السحابية في السعودية تنظيمات الحوسبة السحابية هيئة الاتصالات تسجيل مزودي الخدمات السحابية في السعودية فئات تسجيل مزودي السحابة تصنيف البيانات السحابية في المملكة مزود سحابي مسجل لدى هيئة الاتصالات والفضاء والتقنية استضافة البيانات الحكومية في السحابة التحقق من تسجيل مزود سحابي لوائح تقديم خدمات الحوسبة السحابية متطلبات استضافة بيانات الجهات الحكومية

Related SKYLINE services

Services SKYLINE delivers under this cluster

Cloud Services

AWS · Azure · GCP · Oracle · Huawei Cloud — migration, FinOps, security.

Cybersecurity & Data Centre

SOC/NOC, MDR, vulnerability management, NCA ECC + SAMA + SACS-210 ready.

Server Infrastructure

Rack, blade, hyperconverged — design, build, operate.

Latest KB articles

Technical guides & references in this cluster

Frequently asked questions

Quick answers about CST Cloud Computing Regulations (CCRF) — Registration Classes & Buyer's Guide

Who must register with CST to provide cloud services in Saudi Arabia?
Any provider that directly or effectively controls the data centres or critical infrastructure of a cloud service offered to customers in the Kingdom. Resellers and brokers face lighter treatment than infrastructure operators, but the dividing lines are defined in the current CST regulations — check the published text for your exact case.
What are the CST cloud registration classes?
Registration falls into categories that determine which subscriber-data classifications a provider may handle — higher classes are required for more sensitive and government data. The exact category names and thresholds have evolved with the 2023 regulations, so confirm the current scheme on CST's website rather than relying on older CCRF summaries.
What do the data classification levels 1–4 mean?
They grade subscriber content by sensitivity: Level 1 covers public, non-sensitive data; Level 2 confidential data; Levels 3 and 4 cover secret and highly sensitive data, typically including government and regulated workloads. Your job as a buyer is to classify your own data honestly, then match it to a provider registered to carry that level.
Is the CCRF still in force?
The framework was superseded: CST approved updated Cloud Computing Service Provisioning Regulations in October 2023, replacing CCRF version 3 while keeping registration and data-classification at the core. People still say "CCRF" informally, but always cite and check the current regulations on CST's site.
As a business buying cloud, do these regulations apply to me?
The registration obligations sit mainly on providers. Your exposure as a buyer comes through your data: if you handle government or highly classified information, you must place it with a provider in the right class, and sector regulators (SAMA, NCA and others) add their own requirements on top. For ordinary commercial data, choosing a registered provider is usually sufficient diligence on this axis.
How do I verify a provider's CST registration?
Ask the provider for its registration details, then cross-check against CST's published cloud register and regulations pages. Be wary of vague claims like "fully licensed" with no reference — a legitimate provider will state its category and where its infrastructure runs without hesitation.

Get a quote for CST Cloud Computing Regulations (CCRF) — Registration Classes & Buyer's Guide

Talk to a SKYLINE specialist — assessment + quote in under 24 business hours.