AIFl@sh is a monthly collection of critical upgrades and changes across the GCC’s AI landscape – with a smattering of relevant changes from outside of the region. To subscribe to the newsletter on LinkedIn, click here.
GCC
Kingdom of Saudi Arabia
SDAIA – International consultations on data governance and AI
On 14 June 2026, SDAIA and the World Bank concluded an international consultation programme on data governance, AI and digital policy frameworks, following sessions held in Belgium and Germany from 8 to 12 June 2026. The programme reviewed international practices in AI governance, digital regulation, data governance, privacy, cross-border emerging technology challenges, the EU AI Act, European standards and responsible AI applications, while also showcasing Saudi Arabia’s national data and AI ecosystem.
AI governance from a Saudi perspective is increasingly aligned with international leading practice. Organisations operating in the Kingdom should expect AI governance to increasingly reflect global good practice, including stronger evidence around data governance, privacy-by-design, AI risk assessments, explainability, regulatory mapping and cross-border data considerations.
The United Arab Emirates
Artificial Intelligence and Data Authority established
On 14 June 2026, the UAE approved the establishment of the Artificial Intelligence and Data Authority as the single national body responsible for data, AI and digital government, reporting directly to the Cabinet. The new authority brings together functions previously held by the Office of Artificial Intelligence, Digital Economy and Remote Work Applications, the Digital Government Sector at TDRA and the UAE Data Office, and will lead national policies, legislation, strategies, standards and compliance relating to data, AI and digital government.
This is a major centralisation of AI and data governance at the federal level. For organisations, it signals a move towards more consistent national standards, stronger compliance expectations and a closer link between AI adoption, government data quality, cybersecurity, digital services and accountability.
This marks a practical shift from AI strategy to AI execution in government operations. For organisations, the governance message is clear: agentic AI requires stronger controls around authority limits, audit trails, escalation, service quality, data protection and accountability, particularly where AI systems perform actions rather than merely provide recommendations.
State of Qatar
Digital sovereignty and AI legislation focus
On 27 June 2026, the speaker of Qatar’s Shura Council highlighted the need to deepen digital sovereignty and strengthen legislative readiness in response to rapid AI developments. He emphasised the importance of updating legislation to protect national privacy, personal data, identity and Arab culture, and called for a joint Arab parliamentary vision supporting data localisation, secure cloud infrastructure and AI-powered technologies.
Qatar’s AI governance discussion is moving beyond general AI regulation into a wider digital sovereignty agenda. Organisations operating in Qatar should monitor not only AI-specific legislative developments, but also cloud, data-residency, privacy and public-sector digital transformation requirements that may shape how AI systems are deployed.
Sultanate of Oman
No new Oman-specific AI law or policy update was identified for June 2026
State of Kuwait
No new Kuwait-specific AI law or policy update was identified for June 2026.
Kingdom of Bahrain
No new Bahrain-specific AI law or policy update was identified for June 2026.
International
European Union
AI Act implementation timeline and high-risk AI guidance updated
In June 2026, the EU AI Act implementation timetable changed materially. On 16 June 2026, the European Parliament approved simplification measures postponing high-risk AI obligations to 2 December 2027 for standalone high-risk AI systems and 2 August 2028 for high-risk AI systems embedded as safety components in products covered by EU sectoral safety and market-surveillance legislation. The Commission has also closed consultations on draft Article 50 transparency guidelines and draft high-risk AI classification guidelines and published the final Code of Practice on marking and labelling AI-generated content.
The delay should not be read as a pause on AI governance. Rather, organisations are being given more preparation time and also clearer direction: inventorise AI systems now, separate transparency obligations from high-risk obligations, assess whether systems fall under Annex III or product-safety categories, and prepare marking, labelling, documentation and governance evidence before all relevant deadlines.
China
AI integration into networks, consumption and robotics
On 10 June 2026, China issued 2026–2028 implementation guidelines to accelerate AI integration into information and communications networks, aiming for an initial stage of high-level autonomous intelligence by 2028. The plan calls for more than 30 high-value use cases, specialised intelligent agents and broader low-latency access to computing power in metropolitan areas. On 18 June 2026, China also announced measures to promote “AI-plus consumption”, including AI-enabled products and services, consumer electronics and humanoid robots.
China’s June updates show an industrial roll-out approach to AI, using policy to push deployment across networks, services, consumption and robotics. For businesses, the governance implications are practical: AI systems deployed in China should be assessed not only for content and data compliance, but also for platform integration, safety, user protection and scalability in highly supervised sectors.
United Kingdom
Data law reform and sector-led AI oversight
On 19 June 2026, the UK’s Data (Use and Access) Act 2026 received royal assent, meaning the UK’s data protection law and the privacy and electronic communications regulations (PECRs) are now in force. At the same time, the UK’s Financial Conduct Authority (FCA) continues to shape its approach to AI in financial services through industry engagement, reflecting the UK’s preference for regulating AI through existing data, financial services and sectoral frameworks rather than through a single AI act.
The UK’s approach shows how AI governance can be enforced through existing legal frameworks. Organisations using AI in the UK should assess AI deployments against data protection, electronic communications, financial regulation, consumer protection and accountability requirements, rather than waiting for a dedicated AI law.
United States of America
Executive action on advanced AI innovation and security
On 2 June 2026, the White House issued Executive Order 14409 on advanced AI innovation and security, followed on 5 June 2026 by a national security memorandum directing national security enterprises to adopt suitable commercial or open-source AI technologies from diverse suppliers. Public reporting also noted that the policy push includes accelerating AI use for national security and updating autonomous weapons policies.
The US is moving AI governance further into national security, cybersecurity and critical infrastructure. Organisations supplying AI to government, defence or critical sectors should expect increased scrutiny around model security, supply-chain resilience, access controls, human command responsibility, testing and safeguards against misuse.
India
RBI proposes AI and machine-learning risk management rules
On 24 June 2026, India’s banking regulator, the Reserve Bank of India, proposed draft guidelines for managing risks arising from AI and machine-learning models used by banks and other regulated entities. The draft requires board-approved model risk management frameworks, ongoing model-level and enterprise-level risk assessments, independent validation including for third-party models, human oversight for automated decision-making and additional cybersecurity safeguards for customer-facing generative AI systems, with public comments due by 24 July 2026.
India’s AI governance is becoming increasingly sector-led and operational. Rather than waiting for a single standalone AI law, financial institutions and regulated entities should expect AI obligations to emerge through regulators, with the emphasis on model validation, third-party risk, explainability, cybersecurity, human oversight and board accountability.
United Nations
AI environmental transparency is added to the governance agenda
On 23 June 2026, the UN Secretary-General called for AI companies to disclose the environmental impact of data centres, including water, carbon and land use, and launched the UN AI Environmental Transparency Initiative. The announcement reflects growing concern that AI infrastructure may create significant energy, water and sustainability impacts as demand for computing power increases.
AI governance is expanding beyond privacy, bias, safety and model risk into sustainability and environmental accountability. Organisations should begin considering compute-related environmental impact, supplier energy sources, data-centre dependencies and sustainability disclosures as part of responsible AI governance.
