Oman PDPL
Personal Data Protection Law (Royal Decree 6/2022)
Oman's data protection law with world's strictest health data regulation: outright BAN on health data processing without Ministry of Health permit. Also requires 72-hour breach notification.
Jurisdiction
Oman
OM
Enacted
Jan 24, 2022
Effective
Feb 1, 2024
Enforcement
Data Protection Authority
Strictest globally - outright ban on health data processing without ministry permit
What It Requires
Who Must Comply
This law applies to:
- • ALL entities processing health data in Oman
- • Data controllers and processors
- • Mental health and medical AI services
Capability triggers:
Who bears obligations:
Safety Provisions
- • OUTRIGHT BAN on health data processing without Ministry of Health permit
- • 72-hour breach notification to DPA
- • Data Protection Officer required
- • Data Protection Impact Assessment mandatory
- • Cross-border transfer requires DPA approval
Enforcement
Enforced by
Data Protection Authority
Penalties
OMR 50K
Fines up to OMR 50,000 (USD 130,000)
Quick Facts
- Binding
- Yes
- Mental Health Focus
- Yes
- Child Safety Focus
- No
- Algorithmic Scope
- No
Why It Matters
Oman's outright health data processing ban creates ABSOLUTE barrier for mental health chatbots and crisis support apps serving Omani users without Ministry of Health permit. This is the strictest health data regulation worldwide.
Recent Developments
Effective February 2024; strictest health data regulation globally
What You Need to Comply
Ministry of Health permit REQUIRED before processing ANY health data including mental health conversations
NOPE can helpCite This
APA
Oman. (2022). Personal Data Protection Law (Royal Decree 6/2022). Retrieved from https://nope.net/regs/om-rd-6-2022
BibTeX
@misc{om_rd_6_2022,
title = {Personal Data Protection Law (Royal Decree 6/2022)},
author = {Oman},
year = {2022},
url = {https://nope.net/regs/om-rd-6-2022}
} Related Regulations
Israel Privacy Amendment 13
Israel's most significant privacy reform in 40 years, explicitly covering AI systems. Requires Data Protection Officers (DPOs) for entities processing sensitive data at scale, mandates Data Protection Impact Assessments (DPIAs) before AI deployment, and enhances Protection of Privacy Authority enforcement powers. One of first data protection laws to explicitly require DPIAs before AI development or deployment.
Jordan PDPL
Jordan's data protection law with medical data processing exceptions, data portability rights, and oversight including security services.
Saudi Arabia PDPL
Saudi Arabia's comprehensive personal data protection law with extraterritorial scope, DPO requirements for sensitive processing, and National Data Governance Platform registration.
Egypt AI Strategy 2025
Ambitious national strategy positioning Egypt as regional AI hub for Africa and Middle East. Targets 7.7% ICT sector GDP contribution by 2030, training 30,000 AI specialists, establishing 250 AI companies. Built on six strategic pillars: governance, infrastructure, technology, data, ecosystem, and talent. Accompanied by Egyptian Charter for Responsible AI (April 2023) with ethics principles.
Qatar QCB AI Guidelines
Binding AI governance requirements for Qatar's financial sector. Mandates board-level accountability, risk assessments, human-in-the-loop for high-impact decisions, and prior QCB approval for high-risk AI systems.
UAE Media Law
Comprehensive media regulation requiring licensing for all digital platforms, social media operations, and influencers. 20 binding content standards with significant penalties.