In Effect Regulation AI Safety Context Relevance

Qatar QCB AI Guidelines

Qatar Central Bank AI Guidelines for Licensed Financial Institutions

Binding AI governance requirements for Qatar's financial sector. Mandates board-level accountability, risk assessments, human-in-the-loop for high-impact decisions, and prior QCB approval for high-risk AI systems.

Jurisdiction

Qatar

Enacted

Sep 4, 2024

Effective

Sep 4, 2024

Enforcement

Qatar Central Bank (QCB)

Binding for all QCB-licensed financial institutions

What It Requires

Risk Assessment

Must evaluate and document potential harms before deployment

Transparency

Must disclose AI nature, data practices, or algorithmic decisions

Who Must Comply

This law applies to:

• All QCB-licensed financial institutions
• Banks operating in Qatar
• Financial services providers using AI

Capability triggers:

● financialDecisions (required)

● Required ◐ Increases applicability

Who bears obligations:

Deployer

This regulation places direct obligations on deployers (organizations using AI systems).

Safety Provisions

• Board-level accountability and robust AI strategy aligned with risk appetite
• Mandatory risk assessment for all AI systems
• Human-in-the-loop for high-impact decisions
• Registration: entities must maintain updated register of all AI arrangements
• Prior QCB approval required for new/materially changed high-risk systems
• Customer transparency: disclosure and consent when AI used in customer-facing products

Compliance Timeline

Sep 4, 2024

Guidelines effective for all QCB-licensed entities

Dec 31, 2025

Phase 1: Foundation - governance, consultations, pilots

Dec 31, 2026

Phase 2: Sectoral implementation

Dec 31, 2027

Phase 3: Full deployment, Gulf-regional alignment

Enforcement

Enforced by

Qatar Central Bank (QCB)

Penalties

license revocation

License revocation

Regulatory enforcement by QCB; specific penalties not published but include license conditions

Primary Source

Qatar Central Bank (opens in new tab)

https://www.qcb.gov.qa/

Quick Facts

Binding: No
Mental Health Focus: No
Child Safety Focus: No
Algorithmic Scope: Yes

Why It Matters

Only binding AI requirements in Qatar/GCC outside Saudi Arabia. Financial sector specific but sets precedent. Human-in-the-loop requirement for high-impact decisions.

Recent Developments

Issued September 2024. Part of Qatar's phased AI implementation (2024-2027). Complemented by voluntary NCSA Guidelines for Secure AI Adoption (February 2024). Qatar following European regulatory approach.

What You Need to Comply

Financial institutions must: establish board-level AI governance; conduct risk assessments for all AI; maintain AI register; obtain prior approval for high-risk systems; ensure human oversight for high-impact decisions; provide customer disclosure.

NOPE can help

Cite This

APA

Qatar. (2024). Qatar Central Bank AI Guidelines for Licensed Financial Institutions. Retrieved from https://nope.net/regs/qa-qcb-ai-guidelines

BibTeX

@misc{qa_qcb_ai_guidelines,
  title = {Qatar Central Bank AI Guidelines for Licensed Financial Institutions},
  author = {Qatar},
  year = {2024},
  url = {https://nope.net/regs/qa-qcb-ai-guidelines}
}

Related Regulations

In Effect EG • AI Safety

Egypt AI Strategy 2025

Ambitious national strategy positioning Egypt as regional AI hub for Africa and Middle East. Targets 7.7% ICT sector GDP contribution by 2030, training 30,000 AI specialists, establishing 250 AI companies. Built on six strategic pillars: governance, infrastructure, technology, data, ecosystem, and talent. Accompanied by Egyptian Charter for Responsible AI (April 2023) with ethics principles.

In Effect SA • AI Safety

SDAIA AI Framework

Comprehensive AI governance from Saudi Data & AI Authority: Ethics Principles (Sep 2023), Generative AI Guidelines (Jan 2024), AI Adoption Framework (Sep 2024). Combined with PDPL creates binding + guidance framework.

In Effect AE-DIFC • AI Safety

DIFC AI Regulation

First enacted AI-specific regulation in the Middle East, Africa, and South Asia (MEASA) region. Establishes risk-based framework for AI systems in the DIFC financial free zone, with requirements for transparency, human oversight, and accountability.

In Effect IL • Data Protection

Israel Privacy Amendment 13

Israel's most significant privacy reform in 40 years, explicitly covering AI systems. Requires Data Protection Officers (DPOs) for entities processing sensitive data at scale, mandates Data Protection Impact Assessments (DPIAs) before AI deployment, and enhances Protection of Privacy Authority enforcement powers. One of first data protection laws to explicitly require DPIAs before AI development or deployment.

In Effect JO • Data Protection

Jordan PDPL

Jordan's data protection law with medical data processing exceptions, data portability rights, and oversight including security services.

In Effect SA • Data Protection

Saudi Arabia PDPL

Saudi Arabia's comprehensive personal data protection law with extraterritorial scope, DPO requirements for sensitive processing, and National Data Governance Platform registration.

Back to all regulations Check if this applies to you