Middle East

Qatar Personal Data Privacy Protection Law (Law No. 13 of 2016) + NDS 2030: AI Compliance Requirements

Qatar's Personal Data Privacy Protection Law (PDPPL) governs collection, processing, and transfer of personal data in Qatar. The Qatar National Cyber Security Agency (NCSA) and the Ministry of Transport and Communications regulate AI data practices. Qatar National Development Strategy 2030 sets AI governance expectations for regulated sectors including finance (QCB), healthcare (MoPH), and government (MME). Non-compliance can result in substantial fines and operational suspension.

Check your compliance — freeDownload checklist

Key Facts

Effective Date

November 14, 2016

Enforcement Begins

November 14, 2017

Maximum Penalty

QAR 1,000,000 (~$275,000 USD) per violation. Repeat violations may result in license revocation.

What Your Business Must Do

4 compliance requirements identified. Critical requirements carry the highest risk of enforcement action.

Lawful Basis and Explicit Consent

Critical

PDPPL Article 4 requires a lawful basis for all personal data processing: consent, contract, legal obligation, vital interests, or legitimate interest. AI systems using personal data of Qatar residents must document the lawful basis prior to any processing. Consent must be freely given, specific, informed, and unambiguous.

Data Subject Rights and AI Automated Decisions

Critical

PDPPL Articles 9-12 grant residents the right to access, correct, delete, and object to processing of their personal data. AI systems making automated decisions affecting Qatar residents must provide a human review mechanism and clear explanation of the decision logic. Response deadline: 30 days.

Cross-Border Data Transfer Controls

High Priority

PDPPL Article 14 restricts transfer of personal data outside Qatar to countries with adequate protection levels as determined by MOTC. Cloud AI services must document which jurisdictions process Qatari data and obtain MOTC approval for transfers to non-adequate countries.

NDS 2030 AI Governance for Regulated Sectors

Medium Priority

Qatar National Development Strategy 2030 mandates AI governance for financial, healthcare, and government entities. QCB-regulated firms using AI in credit decisioning or fraud detection require prior approval. MoPH requires ethical AI review for clinical AI. All regulated-sector AI must maintain audit logs and bias documentation.

Frequently Asked Questions

Does Qatar Personal Data Privacy Protection Law (Law No. 13 of 2016) + NDS 2030 apply to my business?

Qatar's Personal Data Privacy Protection Law (PDPPL) governs collection, processing, and transfer of personal data in Qatar. The Qatar National Cyber Security Agency (NCSA) and the Ministry of Transport and Communications regulate AI data practices. . Use ComplianceIQ's free scanner to get a personalized assessment in under 5 minutes.

What is the penalty for non-compliance?

The maximum penalty under Qatar Personal Data Privacy Protection Law (Law No. 13 of 2016) + NDS 2030 is: QAR 1,000,000 (~$275,000 USD) per violation. Repeat violations may result in license revocation.. Fines are typically scaled by company size, severity of violation, and whether violations were willful or accidental.

How do I comply with Qatar Personal Data Privacy Protection Law (Law No. 13 of 2016) + NDS 2030?

The 4 requirements above cover the core obligations. The fastest path to compliance is: (1) conduct an AI risk assessment, (2) document your AI systems, (3) implement transparency disclosures where required. ComplianceIQ generates all required documents automatically.

Official Source

https://www.motc.gov.qa/en/media-center/news/personal-data-privacy-protection-law

Last updated: 2026-04-14 — verify at source before relying on this information.

Don't leave compliance to chance

ComplianceIQ scans your AI tools, tells you exactly which regulations apply, and generates all required documents — in 30 minutes.

Start your free compliance scan