The Kuwait Communication & Information Technology Authority ('CITRA') published, on 21 September 2021, a Cloud Computing Regulatory Framework in exercise of its supervisory and regulatory role in relation to the telecommunications and IT sectors in line with Kuwait's general policy to achieve comprehensive development. In particular, the framework notes that it was created to regulate the use of cloud computing services within the State of Kuwait and that its regulations and articles therein are binding on the following parties:

• all cloud computing service providers licensed by CITRA who have data centres within Kuwait and host third and fourth level data;
• all cloud computing service providers registered and approved by CITRA who host first and second level data for public sector subscribers;
• all public sector subscribers of cloud computing services; and
• private sector subscribers who host government data.

Furthermore, in addition to the Framework, CITRA has issued a set of mandatory and indicative policies and guides that support and comply with the provisions contained within the Framework, including the following:

• Data Classification Policy;
• Cloud First Policy;
• Data Privacy Protection Regulation;
• Cloud Service Provides Regulations and Commitments;
• Subscribers Guide to Cloud Services; and
• Cloud Migration Guide.

 Notably, the framework covers, among other things, the licensing of cloud computing service providers, data classification, cybersecurity, contracting, quality control standards, and CITRA's powers.

You can read the framework here.