No, sharing passwords in Saudi Arabia violates the Anti-Cyber Crime Law (Royal Decree No. M/17, 2007) and the Personal Data Protection Law (PDPL, effective 2026), exposing individuals and entities to fines up to SAR 3M or imprisonment under Communications and Information Technology Commission (CITC) oversight.
Key Regulations for Sharing Passwords in Saudi Arabia
- Anti-Cyber Crime Law (2007): Criminalizes unauthorized access to systems via shared credentials, with penalties under Article 3 for “hacking” or facilitating breaches.
- PDPL (2026): Prohibits password sharing under Article 5, classifying it as a data privacy violation if it risks exposing personal or corporate information.
- CITC Enforcement: Mandates strict access controls; violations trigger audits and sanctions per CITC Resolution No. 2-122-2023 on cybersecurity standards.
Shared passwords undermine NCA (National Cybersecurity Authority) guidelines, which require multi-factor authentication for sensitive systems. Employers face liability for negligent password practices, while individuals risk prosecution for enabling unauthorized access. Exceptions exist only for legally authorized entities under court orders or regulatory mandates.