Legal Assessment of Delivery Services in KSA from Legislations Perspective 

Written by: Mohamed Elmutaz Ibrahim, September 2022.

This study will focus on Delivery Services in KSA with a view to identify the extent to which such services are regulated and to examine whether the current legislations governing these services are adequate or need to be developed and improved.
Definition of Delivery Services
Generally speaking, Delivery Services can be defined as follows: the pickup of one or more local products from a local merchant and delivery of the local products to a customer.
Or: fulfilment of delivery requests, meaning the pickup from any location of any item or items and the delivery of the items using a passenger vehicle, bicycle, scooter, walking, public transportation, or other similar means of transportation, to a location selected by the customer.

The scope within which delivery services may be used by merchants, or requested by customers is very wide, and may cover wide retail commercial activities, e.g. food delivery, electronic devices, courier, etc.
Retail food delivery, may be defined as: a courier service in which a restaurant, store, or independent food-delivery company delivers food to a customer. An order is typically made either through a restaurant or grocer’s website or mobile app, or through a food ordering company.

There are two categories of delivery services depending on whether the delivery services are the sole or main activity of the business of the firm / store, or are a complementary of its business.
The merchant, and/or the entity may uses delivery services directly through its own employees or alternatively designates an independent company to carry out the delivery services of its products to its customers.
Currently delivery services witnessed a tremendous increase as a result of the shift by merchants to the use of the electronic devices and platforms made available due to the revolutionary technological development, and the adoption of the so called e-commerce, accordingly, the merchant may be a company which offers its delivery services to its customers which may include, entities, firms, companies or individuals.

Laws and Regulations governing Delivery Services

We shall discuss here the laws and regulations governing delivery services in KSA, and shall examine those directly addressing delivery services issued by competent authorities supervising such activity.

First: Regulations for Delivery Service Provision via E-Platforms

These regulations were issued by the CITC on May 2020 to regulate the delivery service across e-platforms in the Kingdom of Saudi Arabia, based on Cabinet Resolution No. (403) dated 12.07.1440 AH.

These regulations apply to the provider of delivery service via e-platforms inside the Kingdom.

With respect to the scope within which these regulations will be applicable, it should be known that the regulations do not apply on the order, subject matter of the delivery, which means that any requirements that are required by the competent authorities in the Kingdom will be applicable to the subject matter of the order, especially, without limitation, requirements for the delivery of medicines, animals, food, and dangerous materials, delivery of which must be adhered to by the service provider. For example, order requested by customer to deliver an item that the transfer, possession or use is prohibited by law.
The regulations do not also apply when the store delivers its products to its customers through its distribution network (off-Line delivery).
Article 3 of the regulations states in details the service provision regulations, and obligations which are addressed in the following order:
General Provisions on Service Providers, and Obligations of the Service Provider regarding the Service Agreement with the Beneficiary/Customer.

3. Service Provision Regulations:

3.1 General Provisions on Service Providers:

3.1.1 Anyone who wishes to provide an e-platform delivery service in accordance with the provisions contained herein within the Kingdom must register with CITC according to the registration requirements published on the CITC website.

3.1.2 The regulations and decisions issued by CITC must be adhered to, including but not limited to the document “General rules for maintaining the privacy of data for users in the telecommunications, information technology and postal sectors.”

3.1.3 It is obligatory to provide CITC with any report or information requested within the requirements for the application of this document during the period specified for that and as stated in the CITC application, and the service provider shall be responsible before CITC for any failure that may ensue. In addition, CITC will treat these documentations, documents and information with complete confidentiality, according to its absolute discretion.

3.1.4 The electronic link of the CITC platform for delivery applications must be adhered to in accordance with the mechanism and specifications specified in the relevant document, while adhering to the improvements or modifications that occur to the linking process in the future.

3.1.5 A database must be created that includes all basic information for delivery agents, including the dates of their joining the service provider and the actions taken towards them related to deletion or ban from the platform and the dates for the same, in addition to the registered orders, and the service provider must keep this data for a period of no less than six (6) months from the date it was entered.

3.1.6 An electronic payment method must be available to the beneficiary.

3.1.7 The agent registration requirements must be adhered to in accordance with Annex No.(1).

3.1.8 All conditions and requirements issued by the concerned authorities, such as the Ministry of Health and the Ministry of Municipal and Rural Affairs, must be adhered to.

3.1.9 All procedures must be taken to verify the agent’s commitment to the precautionary procedures and preventive measures issued by CITC and the relevant authorities, including the implementation of a preparation program for the agent before starting work.

3.1.10 A free means of communication must be provided and published to serve the beneficiaries inside the Kingdom.

3.1.11 An administrative unit should be designated to receive, manage and handle beneficiaries’ complaints.

3.1.12 The e-platform must include a form for submitting the beneficiaries’ complaints, where its number, date, and what is done in connection with it are recorded, along with the preparation and publication of complaint handling procedures, and their duration.

3.1.13 It should be possible to track the order for the beneficiary as much as possible, and to communicate with the delivery agent.

3.1.14 Any practices that may prejudice competition must be refrained from.

3.1.15 The beneficiary should not be forced to accept the refunded amounts as a balance in its e-wallet for the delivery platform.

3.1.16 The request to return the paid amount must be submitted within an hour of cancelling the service (order) and notifying the beneficiary of the same.

3.1.17 The laws, regulations and decisions applied in the Kingdom that regulate the operations of receiving, collecting, and returning amounts of money must be adhered to.

3.1.18 It is a must to grant full cooperation to the CITC inspectors, facilitate their tasks and make available all possible resources of the service provider to carry out the inspection process, including: It is a must to review the service provider’s systems and provide the inspector with all the required documentations and documents that would confirm the service provider’s commitment to the CITC systems. CITC will treat these documentations, documents and information with complete confidentiality.

3.1.19 All agent registered with the service provider must be informed of all the controls, conditions and regulations approved by CITC and other relevant authorities, and any updated thereto, and the service provider bears responsibility for failure to do so.

3.2 Obligations of the Service Provider regarding the Service Agreement with the Beneficiary:

3.2.1 The service provider must display to the beneficiary in the e-platform the service information and prices, whether from one or several stores, promotional offers, if any, and the terms and conditions for providing the service, in a clear manner and without ambiguity or vagueness, and the service provider must adhere to what it declared.

3.2.2 The service provider must obtain the approval of the beneficiary on the service provided, the prices, the payment, cancellation and refund mechanism before executing its order, or upon subscribing to the service and the updates that may occur to that. The service provider bears the burden of proof of the same.

3.2.4 The service provider must provide the beneficiary with an electronic invoice or text message explaining the details of the order and the details of the amount paid by the beneficiary, including delivery fees, tax, any discounts and the like.

3.2.5 The upper limit of the expected time that it will take to deliver the order must be made clear to the beneficiary.

4. Service Provision Guidelines
   The Regulations set in Article 4, clear guidelines for service provider to raise its service provision level and improve the experience of its beneficiaries.
   This Article contains rules that can guide the service provider in order to raise its service provision level, improve the experience of its beneficiaries, and increase the level of competitiveness to provide better services, according to the following:
   4.1 Providing appropriate means of communication for people with special needs.
   4.2 Preparing and publishing rules and procedures for compensation, when breaching one of the obligations, such as loss or delay of the order, or a mistake in delivery.
   4.3 Preparing and publishing standards to ensure service quality, and providing a service level agreement (SLA), which includes clarification of the implications for breaching or failure of the service provider or the beneficiary to implement their obligations.
   4.4 Preparing and publishing rules and procedures for handling undeliverable orders.
   4.5 Preparing and publishing procedures to verify receipt of the beneficiary to its order.

4.6 Setting standards to raise the quality of the beneficiaries ‘experience, measure it, and improve its level based on the results of the measurements and the beneficiaries’ evaluations.

4.7 Allowing the beneficiary to cancel the delivery request, and publishing the conditions for accepting the cancellation request and its fees, if any.

4.8 Notifying the beneficiary in the event that the request cancellation is accepted via an email or text message.

5. Requirements from the Service Beneficiary
   5.1 The beneficiary must review the terms and conditions of the service, the contract, the payment mechanism, and the refund before agreeing to submit the application or register on the platform.

5.2 The beneficiary must pay the fee to the service provider as agreed upon in the service agreement.

5.3 The beneficiary is responsible for the correctness of the information and the data entered by it for any dealings that take place through or because of the platform.

6. Compliance

The service provider complies hereby to put the provisions hereof into effect. Failure to comply with this document is deemed a breach of the provisions of registration with CITC, and CITC may take what it deems appropriate against those who did not adhere to it. This includes, without limitation, warning the service provider, suspending or cancelling the registration of the service provider with CITC or requesting the blocking of the service provider’s e-platform.

Annex (1): Delivery Agent Registration Controls attached to the Regulation states as follows:

Without prejudice to any regulations in force in the Kingdom, the provider of delivery service via e-platforms must adhere to the following requirements when registering an agent, unless CITC declares otherwise:

1. The agent must have a valid national or resident ID card.
2. The agent must have a valid driver’s license.
3. It is prohibited to register or use motorcycles for delivery.
4. The vehicle driving document used in the delivery process must be valid.
5. The agent undertakes not to disclose or misuse the beneficiary information.

Second: Document on General Principles for Personal Data Protection in the Telecommunications, Information Technology and Postal Sectors

Document of General Principles for Personal Data Protection in the Telecommunications, Information Technology and Postal Sectors was prepared pursuant to the Communications and Information Technology Commission (CITC) ordinance issued by the Council of Ministers Resolution No. 74 dated 05/03/1422 AH (corresponding to 27/05/2001), as amended by the Council of Ministers Resolution No. 133 dated 21/05/1424 AH (corresponding to 21/07/2003). Promulgating that the Communications and Information Technology Commission shall undertake the Information Technology Functions, and the Telecommunications Act issued by the Council of Ministers Resolution No.74 dated 05/03/1422 AH and its amendments and its implementing regulation (bylaw), and the Council of Ministers Resolution No. 403 dated 12/07/1440 AH which tasked the Communications and Information Technology Commission with the regulatory and supervisory functions of the Postal Sector.
General Principles for Personal Data Protection in the Telecommunications, Information Technology and Postal Sectors Document aims at the following:

Maintaining the privacy of customers’ personal data and protecting their rights in accordance with international best practices.
Increase consumers’ trust in ICT and postal services that depend on processing personal data.
Establishing the principles and the legal foundations that enable the service providers to invest and innovate in services and applications that provide added value to users by utilizing the personal data.
Definitions
This Document clearly sets the following definitions namely:
CITC: The Communications and Information Technology Commission.
Service Provider: The service provider of telecommunications or information technology or postal services under CITC laws and regulations.
Customer: The natural or juridical person. who uses any of the telecommunications. information technology or postal services. provided by the Service Provider.
Personal Data Breaches: Personal Data disclosure, revealing, publishing. acquisition, and authorizing access thereto without a legal basis intentionally or accidentally.
Personal Data: Any information, regardless of its source or form, which would lead to identifying the customer. or that would render the customer identifiable directly or indirectly. including. but not limited to. names. ID numbers, addresses. contact numbers, licenses and registrations numbers and personal properties. bank account numbers and credit cards numbers. customer’s photos or videos, as well as any other data of personal nature.
Personal Data Processing: All processes performed on personal data by any means, including but not limited to. data collection. transfer, storage. sharing, destruction. analysis. patterns extraction processing or making conclusions based thereon and integrating them with other data.
Main Principles:
The Document also provides for certain main principles that should be adhered to by Service Provider in order to maintain protection of Customer Personal Data, those main principles are:
Customers. personal data processing shall be done in a lawful and in a transparent manner. Hence, the results of customer, personal data processing must be fair in order to avert unjustified negative impact on customers’ interests.
Customers’ personal data shall be processed for specified and clear purposes to the customer.
Customers’ personal data shall be collected in adequate and limited to what is necessary, in relation to the purposes for which they are processed.
personal data shall not be kept in a form that allows the identification of the customer for longer than is necessary to achieve purposes of Personal Data Processing,
personal data shall be securely protected to ensure its privacy and prevent the unauthorized access thereto or breach or tampering or misuse thereof.

SERVICE PROVIDERS OBLIGATIONS:

3-1. The service provider shall develop and implement a privacy program to maintain customers’ personal data protection, where it should include developing, documenting, implementing, and enforcing policies and procedures for maintaining of customers’ personal data privacy. This program should be approved by the head of the service provider or the delegate thereof. In addition, the service provider shall adhere to submit the program’s plan to CITC before its approval and shall regularly report the program’s activities to CITC after its approval. Therefore, CITC has the right to request any amendments it deems appropriate.

3.2. The Service provider shall assign the role and responsibilities of customers’ personal data protection to an independent function that established for this purpose and shall provide the proper support for this function in order to enable it to carry out its activities, without prejudice to conflict of interests.

3.3 The Service provider shall adhere to develop, approve, and publish a personal data privacy policy, that shall include the types of processed customers’ personal data the purpose of such processing, whether such personal data will be shared with third parties inside or outside KSA. retention periods. the Protection measures, customers’ rights with respect to their personal data, and how such rights can be exercised.
3-4. The service provider shall adhere to process customers’ personal data inside the KSA, and shall not process such personal data abroad without obtaining CITC’s written approval.
3-5. The service provider shall adhere to keep the customers’ personal data for the specified purposes and periods. and in accordance with approved instructions by CITC.
3-6. The service provider shall notify CITC immediately when any breach of customers’ personal data occurs. through the mechanisms and procedures approved by CITC.

CUSTOMERS RIGHTS REGARDING THEIR PERSONAL DATA PROTECTION:

4-1 It is prohibited to process customers’ personal data without their explicit consent thereof, and the customers may also withdraw their consent at any time, except in cases where it is required by relevant laws, regulations and instructions.
4-2 Customers must be provided by the privacy policy prior to processing their personal data.
4-3 Customers must be enabled to access their personal data being processed by the service provider at any time and correct them when there is incorrect or inaccurate data
4-4) Customers must be enabled to obtain a copy of their personal data in electronic format, in accordance with CITC’s instructions.
Third: The Personal Data Protection Law (PDPL)
It is noteworthy here to mention that Kingdom of Saudi Arabia has published its first-ever comprehensive data protection law. The Personal Data Protection Law (PDPL) aims to protect individuals’ personal data privacy and regulate organisations’ collection, processing, disclosure, or retention of personal data.
The PDPL provides comprehensive requirements related to processing principles, data subjects’ rights, organisations’ obligations while processing the personal data of individuals, cross-border data transfers mechanisms, and lays out penalties for organisations in case of non-compliance with the PDPL.
One of the prominent features of the PDPL is that it does not prejudice any provision that grants a right to the data subject or stipulates better protection in any other law or an international convention to which Saudi Arabia is a party.

Furthermore, the Saudi Data Protection Regulatory Authority, the SDAIA in collaboration with the National Data Management Office (NDMO) issued a draft version of the Executive Regulations on 10 March, 2022.
The PDPL will come into force on 17 March 2023.
SADAIA was established in August 2019 pursuant to Royal Order No. (74167) and Cabinet Decision No. 98/1443, and is chaired by the Board of Directors’ Deputy Prime Minister. SADAIA is an independent authority responsible for regulating and overseeing data collection and processing in the Kingdom. There are three other entities connected to it, the National Centre for Artificial Intelligence; the National Data Management Office; and an existing centre at the Ministry of Interior, the National Information Centre.
Fourth: General Requirements for Food Transport

The transportation of food is one of the most critical stages, which can considerably affect food safety throughout the food chain. Therefore, it is greatly important to ensure that the movement of food is carried out under the most appropriate conditions in terms of temperature and sanitation as stipulated in the relevant approved Saudi and GSO standards and regulations.
The purpose of the issued guide document is to set forth general requirements and temperature controls for the transport of various food products as set out by relevant standards and regulations. A clear understanding of these measures is necessary to ensure the safety of food products in transit and to prevent any potential (e.g.: physical, chemical, or biological) risks during this stage. This guide is concerned with the requirements for the transportation of chilled and frozen foods and (frozen, non-frozen, cold, and dried) beverages.
Food transporter or distributor is accountable for the following: • Carrying out proper cleaning and sanitation. • Ensuring effective separation in consignments containing more than one type of food. • Ensuring that foods in transit are kept under appropriate temperatures as outlined in table 1 & 2. • Disposing immediately of any food items, which have undergone contamination or spoilage during transportation.

Means of Transport Requirements

• The transport vehicle must be designated for transporting chilled or frozen foods, and must have a cooling capacity sufficient to maintain the temperature required for the transported products.
• The transport vehicle must be suitable clean and adequately insulated. Using the vehicle for the transport of any substances, which may pose risk to food or public health, is strictly prohibited
• The transport vehicle must have a cooling system capable of keeping food products under appropriate temperatures throughout the journey.
• The refrigerated containers must keep food products under temperatures ranging from 1.5 to 10°C as deemed appropriate to the type and nature of the product transported, while keeping the temperatures above 10°C in case of fruit and vegetables as shown in Table 1 and 2.
• In case of frozen food, the cold storage must have a maximum temperature of -18°C.
• Non-refrigerated vehicles may be used for dry or packaged foods, provided that the storage room maintains a maximum temperature of 25 to 30 °C and allows for air circulation sufficient to lower the temperature and relative humidity inside.
• The transport vehicle must be sufficiently sealed to prevent entry of pests, dust or any other physical pollutants.
• The transport vehicle must be clean, disinfected and free of any unpleasant odors.
• The refrigerated containers must be of high cooling and freezing quality and provided with a thermometer whose dial is placed outside the room to give a reading representative of all the loading space.
• The temperature readings of the refrigerators and freezers must be recorded continuously and kept long enough as a reference.
• The refrigerated container must be set at a maximum threshold temperature of 10°C long enough before loading.
• The refrigerated containers and freezers must be provided with instruments to measure relative humidity.
• Adequate circulation of air must be maintained inside the refrigerated containers and freezers with a circulation rate within a reasonable range to prevent fluctuations in temperature and humidity.
• The space between packages must be good enough to allow for adequate air circulation and sufficient exposure of package surfaces to the circulating air.
• All food transport vehicles must be well designed, well maintained and in good condition.
• All food transport containers must be made of easy-to clean and easy to-sanitize materials. The design must take into account the removal of excess water, and other substances used for sanitization.
• The packages inside the container must not be stacked in direct contact with the floor or walls. It is preferable that the distance between the packages and the walls is less than 45 cm.
• The internal surfaces of the container must be smooth and have no sharp edges.
• The internal surfaces of the containers must have as few welded bolts and joints as possible.
• Adequate lighting must be installed in the means of transport.
• Packages must be stacked in regular rows on shelves or pallets.
• The interior floor, walls and ceiling must be corrosion resistant (made of stainless steel, aluminium or any other appropriate food-grade materials).
• The ceiling must be fitted with rustproof hooks to hang chilled and frozen carcasses.
• The doors must be provided with air or plastic curtains to prevent cool air from escaping during loading or unloading.
• Tankers of water or liquid substances of food must be made of food-grade rustproof (e.g.: stainless steel) materials. They must be provided with detachable hoses.
• The refrigerated equipment must be designed in such a way as to prevent food contamination.
• Necessary corrective measures must be put in place to detect any leakage in the cooling system.
• Refrigerants must be designated as per GSO 970 “Stores for Frozen and Chilled Foodstuffs – Part III: Labelling and Marking”.
• Unwashed raw vegetables must be kept away from cooked or ready to eat foods.
• If the means of transport is designated for the carriage of unpackaged foodstuff or milk where the interior surfaces of the container come into direct contact with food, the surfaces must be capable of withstanding steam, hot water or chemical sterilization.
  Tables of Temperature Controls for Foodstuff.
  The general requirements for transporting, fresh, chilled, frozen, un refrigerated and unfrozen food stuff, are provided for in 12 Tables. Each Table specifies temperature controls required during its transporting movement. These Tables are titled as follows:
  Fresh Vegetables (Table 1), Fresh Fruits (Table 2), Chilled Dairy & Dairy Products (Table 3), Chilled Meat & Meat Products (Table 4), children food (Table 5), Meats and Meats Products (Table 6), Dairy and Dairy Products (Table 7), Vegetables, fruit, and Their Products (Table 8), Oils, Plant-Based Fats, and Its products (Table 9), Grains, Legumes, Nuts, and Their Products (Table 10), Beverages and Water(Table11), and Other various products (Table 12).
  Table of Violations and Penalties
  SFDA is the entity responsible for applying the penalties set forth in the provisions of The Implementing Regulations of Food Law.
  pursuant to Paragraph (Second) of Article (36) of Food Law states that SFDA shall:
  implement the penalties stipulated in Paragraphs (1), (2), (3) and (4) of Clause (First/a) of this Article per the classification of violations therein. Tables containing the penalties are structured to be imposed on three categories namely, Small and Medium Establishments (SMEs); Including retail stores, and foodstuffs processing stores, Retail Stores; including organized entity equipped to receive, display and sell foodstuffs of various types, sizes and shapes, Foodstuff processing stores; including organized entities equipped to produce, operate, manufacture and store raw materials and products with less production space than factory.

Fifth: Regulations of the Ministry of Municipal & Rural Affairs relating to Delivery Services

There are number of regulations issued by the Ministry of Municipal & Rural Affairs with regards to the general requirements relating to different business and commercial activities applicable to investors, merchants who must adhere to such regulations. These requirements cover all business activities carried out locally throughout the kingdom that require license to be issued by the Ministry of Municipal & Rural Affairs as per the provisions of the law.
This study will focus only on how delivery services is supervised and monitored by the Ministry of Municipal & Rural Affairs in coordination with other Ministries and governmental agencies and entities.
On April 2020, during Covid 19 pandemic, the Ministry of Municipal & Rural Affairs issued the Provisional Regulation for Health Requirements of Home Delivery Services.
This Regulation sets forth certain requirements applicable to agents’ firms and merchants practising the activity of delivery services through the use of platforms licensed by CITC to deliver the orders of the customers at their home. All such agents and firms must strictly adhere to these requirements. Agents are those individual employed by firms or retail service provider. The Agent must be a Saudi national, of good standing, not convicted before, and holds a health certificate or medical test
The Agent must not deliver any items he suspects it violates the law or are considered by law as prohibited or dangerous, and must report the same to security entities. The Agent must not deliver items to customers if the time for its delivery, from the firm or store to the place of customer exceeds 45 minutes.
CITC shall immediately suspend the registered account of the agent in case the agent violates any of the provisions of the Regulation. Firms using platforms for delivery of its items, must evaluate agent performance, and receive customers’ feedback in order to improve quality of the service and solving any violations and complaints issues.
The Regulation provides also for specific requirements relating to the mean of transportation used by the agent, namely; the car used for delivery must have a valid traffic license, valid insurance policy, and be clean and supplied by containers for food as specified in the law of Food and Drug law and the regulations and instructions of SFDA (Saudi Food &Drug Authority) in order to maintain food in good condition during delivery time. Cars and agents must be clean, and agents must be clean and in good appearance.
These specific requirements on Agents should be read with Annex (1) of Regulations for Delivery Service Provision via E-Platforms titled Delivery Agent Registration Controls issued by CITC which states as follows:
Without prejudice to any regulations in force in the Kingdom, the provider of delivery service via e-platforms must adhere to the following requirements when registering an agent, unless CITC declares otherwise:

1. The agent must have a valid national or resident ID card.
2. The agent must have a valid driver’s license.
3. It is prohibited to register or use motorcycles for delivery.
4. The vehicle driving document used in the delivery process must be valid.
5. The agent undertakes not to disclose or misuse the beneficiary information.

Sixth: Competition Law

In the month of Muharram, 1439 AH, the regulation of the Saudi General Authority for Competition was issued, according to which it moved from being a council subordinate to the Minister of Commerce to become a general competition authority directly linked to the Council of Ministers. This was the first step in the transformation of this control entity to be more independent.
The issuance of the competition law in Jumada al-Akhirah 1440 AH aims to constitute an integrated other transformation of the legislative environment for competition. Competition Law 1440 AH and its Regulations are fundamentally different from the Saudi Competition Law 1425 AH and its Implementing Regulation in many ways, and this is not the place to point out in detail these differences.. The Implementing Regulations of the Saudi Competition Law came to clarify more a number of issues covered in 90 Articles covering wide competition issues, the most important of which are the so called economic concentration operations, including mergers and acquisitions which requires that approval of the General Authority for Competition must be obtained. The Regulation also provides for some restrictions on ​​exemption of entities owned wholly or partially by the government.
Seventh: CONSUMER PROTECTION LAWS

On 31 March 2022, the Ministry of Commerce published for consultation, the Draft of Consumer Protection Law (“Draft Law “) on the Public Consultation Platform, which closed for comments on 15 May 2022. The law is derived from the best international practices. Under KSA consumer law, consumers are entitled to a free of charge repair of defective goods and if the defect is re-occurring, a replacement of the goods. These rights expire two years from date of purchase. The responsibility to provide a remedy is on the seller, the agent and/or the manufacturer of the product. The Draft law includes the right to compensation, protection from fraud and unfair competition, as well as alternative dispute resolution mechanisms. Stakeholders would have one year from the date the Draft Law comes into force to comply with its provisions.

Currently, there is no comprehensive legislation for consumer protection, but there are many laws and legislations that prohibit cheating and deceptive selling conduct, for example, the law on combating commercial fraud.
It is noted by many scholars and lawyers that the current legal framework sets in E- commerce law does not provide adequate protection for the Saudi consumer who deals with foreign vendors who do not comply legally. From Saudi customer perspective the penalties provided for works effectively only with local vendors or foreign vendor who have presence in KSA, but it dose not protect Saudi consumers against foreign vendors who breach the law. This is a gap in the 2019 E-commerce law of Saudi Arabia. It should be noted here that any gap in any legislation with respect to consumer protection rights, the competent court will rfill this hap by referring to Sharia law principles, derived from the two main sources: the Quran and the Sunnah.
The primary source of Islamic law comes from opinions of religious scholars in books known as “fiqh” The consumer is protected under Islamic law, which compels merchants to execute specific duties towards the purchaser. The duties entailed in Islamic contracts are divided into two obligations: from vendor towards customer and from customer towards vendor. For example, merchants are required to state, within the contract of sale, the quality, quantity, and exact date of delivery of the goods to be supplied and must “act in good faith.” In the same contract, purchasers are required to pay the price, pick the goods and “to assume the risk of the property.” All contracting parties must comply with these terms and conditions.
In the case of a breach of the fundamental terms and conditions of the Islamic contract, the party in compliance with the terms and conditions has the right to admit or reject the contract, as not complying with the terms and conditions renders the contract defective.
The Draft Consumer Law, as a comprehensive law on protection of consumer, is expected to eliminate any gap in the current different laws addressing the issue of consumer protection.
When this Draft Consumer Law comes into force non-compliance with this law will result in penalties to be imposed which may include receiving a warning, a fine of 1,000,000 Saudi Riyals, the prevention of practitioners from trading online temporarily, or permanently blocking the online service provider.
The Draft Law also sets out the following penalties that may be imposed for violations of its provisions:

1. Corrective measures. This includes but is not limited to provisions obligating the Economic Operator to rectify any violation within a specific period or suspend the availability of the product or service subject to the violation until the violation is corrected or obligating the Economic Operator who is in violation of the Draft Law to display an explicit warning on its website of such violation, restricting access to the website or removing its contents.
2. Administrative penalties. This includes but is not limited to provisions such as seizure of the product in violation of the Draft Law, a fine not exceeding SAR 100,000 or suspending the activity or business – in whole or in part – for a period not exceeding 90 days including closing shops and blocking websites.
3. Criminal penalties. These include fines of up to SAR 3,000,000 for:

• failing to comply with certain provisions of the Draft Law;
• violation of judicial rulings and orders issued by the competent court to stop or prevent any violated actions; and not complying with corrective measures required pursuant to the Draft Law.

Eighth: E-Transactions Law

The E-Transactions Law aims to establish unified legal rules for all use of electronic transactions in public and private sectors. It was issued with the purpose of protecting data by imposing certain obligations to internet service providers such as privacy of information collected in the course of their business, regardless of its reference to a public or private sector.
We should always remember that any profession which is subject to license or permit in Saudi Arabia cannot be practiced through E-Commerce unless proper license or permit is issued by relevant authority in Saudi Arabia.
Ninth: E-Commerce Law

The Ministry of Commerce initiated a project to legislate for e-commerce in the Kingdom of Saudi Arabia. As a result, in 2019, a law was issued by Royal Decree No. (M/126), enforceable for both domestic and international vendors and consumers, to protect e-consumers in Saudi Arabia. The law contains 26 articles, which, among other functions, govern electronic contractual relationships, define relevant terms, govern electronic advertisements, provide guidelines for traders and consumers, govern the use of consumer information and identify the parties that must comply with the legislation. In 2020, the Implementing Regulation was enacted and become enforceable in the kingdom of Saudi Arabia. The Implementing Regulation of e-commerce law contains 20 articles, which define the relevant terms, identify the activity of vendors, regulate identify information by vendors in the e-shop profile including business location, protecting consumer personal information, regulate the condition of the e-contract, govern electronic advertisements, identify the conditions for lawful and unlawful e-contract termination, regulate for e-platforms (intermediary between purchasers and service providers.
This law applies to both local and international sellers, with no mention of how the law is going to be enforced on international sellers, or how this law protects the Saudi consumer from foreign vendors who do not comply legally. This is a gap in the 2019 E-commerce law of Saudi Arabia. Enforcing the law upon foreign sellers, raises the issue of the cross-border law enforcement problem. Moreover, blocking foreign sellers as penalty has practical issues. For example, the seller can easily change their personal information and continue to operate in the country.
To conclude, the E- Commerce law is adequate to protect Saudi e-consumers locally, however this law is inadequate to protect e-consumers internationally due to the cross border-issue.