 |
| The Kats are in Riyadh! |
On 23 September 2025, the Saudi Authority for Intellectual Property (SAIP) issued a
decision that quietly placed the Kingdom on the global AI-law map. A user was fined SAR 9,000 (≈ USD 2,400) for modifying another person’s photograph with an AI tool and publishing it without permission. Reported as the first publicly known AI-related copyright fine in Saudi Arabia, the case did not rely on a novel regulatory instrument but rather on the
Copyright Law (Royal Decree M/41), a statute conceived long before generative models or deep-learning datasets existed.
From a technical legal perspective, this enforcement demonstrates a strategic reliance on interpretive elasticity. By using existing provisions on authorship and infringement, SAIP effectively treated algorithmic transformation as a derivative work made without consent. The act of modification was qualified not as the creation of a new work but rather as the misappropriation of the protected expression. Functionally, the decision operated within copyright doctrine; substantively, it addressed conduct that borders on unfair competition constituting an exploitation of another’s creative asset to obtain an economic advantage through automation.
This analytical overlap is crucial. As AI tools increasingly reproduce brand styles, trade dress, or even personality traits, the boundary between intellectual property and market regulation blurs. The civil-law concept of acts contrary to honest commercial practice offers a flexible mechanism for capturing algorithmic imitation, deceptive output, and data-driven free-riding. If a dedicated legislative framework for AI and IP were to emerge in the Arab region, it could logically fall under the umbrella of unfair competition, where intent, economic effect, and fairness already co-exist.
Regionally, this interpretive pragmatism aligns with broader policy design. The Gulf states’ economic transformation strategies, exemplified by
SaudiArabia’s National Strategy for Data and AI (2020) and its
Personal Data Protection Law (Royal Decree M/19 of 2021, amended 2023) , seek to integrate AI across sectors without imposing meaningful compliance barriers. A responsive model allows regulators to intervene ex post, calibrating sanctions to specific technological behaviours rather than locking innovation behind pre-emptive restrictions.
Comparatively, the
European Union’s AI Act represents a preventive architecture: ex-ante classification of risk levels, transparency mandates, and traceability of training data. The United States, conversely, follows an interpretive path where courts and agencies adapting antitrust, copyright, and consumer-protection doctrines to algorithmic contexts. Saudi Arabia’s approach situates itself between both poles: reactive in procedure, but principled in outcome.
