Skip to main content
NOPE
In Effect Law Data Protection

Oman PDPL

Personal Data Protection Law (Royal Decree 6/2022)

Oman's data protection law with world's strictest health data regulation: outright BAN on health data processing without Ministry of Health permit. Also requires 72-hour breach notification.

Jurisdiction

Oman

Enacted

Jan 24, 2022

Effective

Feb 1, 2024

Enforcement

Data Protection Authority

Strictest globally - outright ban on health data processing without ministry permit

Al Tamimi & Company Analysis

Why It Matters

Oman's outright health data processing ban creates ABSOLUTE barrier for mental health chatbots and crisis support apps serving Omani users without Ministry of Health permit. This is the strictest health data regulation worldwide.

Recent Developments

Effective February 2024; strictest health data regulation globally

At a Glance

Applies to

Mental Health AppGeneral Chatbot

Who Must Comply

  • ALL entities processing health data in Oman
  • Data controllers and processors
  • Mental health and medical AI services

Obligations fall on:

Safety Provisions

  • OUTRIGHT BAN on health data processing without Ministry of Health permit
  • 72-hour breach notification to DPA
  • Data Protection Officer required
  • Data Protection Impact Assessment mandatory
  • Cross-border transfer requires DPA approval

Compliance & Enforcement

Penalties

OMR 50K

View on map

Oman

Focus Areas

Mental health & crisis
Active safeguards required

Compliance Help

Ministry of Health permit REQUIRED before processing ANY health data including mental health conversations

See how NOPE helps

Cite This

APA

Oman. (2022). Personal Data Protection Law (Royal Decree 6/2022).

Related Regulations

In Effect IL

Israel Privacy Amendment 13

Israel's most significant privacy reform in 40 years, explicitly covering AI systems. Requires Data Protection Officers (DPOs) for entities processing sensitive data at scale, mandates Data Protection Impact Assessments (DPIAs) before AI deployment, and enhances Protection of Privacy Authority enforcement powers. One of first data protection laws to explicitly require DPIAs before AI development or deployment.

In Effect JO

Jordan PDPL

Jordan's data protection law with medical data processing exceptions, data portability rights, and oversight including security services.

In Effect SA

Saudi Arabia PDPL

Saudi Arabia's comprehensive personal data protection law with extraterritorial scope, DPO requirements for sensitive processing, and National Data Governance Platform registration.

In Effect EG

Egypt AI Strategy 2025

Ambitious national strategy positioning Egypt as regional AI hub for Africa and Middle East. Targets 7.7% ICT sector GDP contribution by 2030, training 30,000 AI specialists, establishing 250 AI companies. Built on six strategic pillars: governance, infrastructure, technology, data, ecosystem, and talent. Accompanied by Egyptian Charter for Responsible AI (April 2023) with ethics principles.

In Effect QA

Qatar QCB AI Guidelines

Binding AI governance requirements for Qatar's financial sector. Mandates board-level accountability, risk assessments, human-in-the-loop for high-impact decisions, and prior QCB approval for high-risk AI systems.

In Effect AE

UAE Media Law

Comprehensive media regulation requiring licensing for all digital platforms, social media operations, and influencers. 20 binding content standards with significant penalties.

All regulations Check if this applies to you

Last updated January 22, 2026. Verify against primary sources before relying on this information.