Regulatory requirements for IoT connectivity via mobile networks vary significantly across the Middle East, particularly regarding authorisation and the permissibility of permanent roaming. Connectivity providers operating in these markets must comply with the enforcement of strict SIM registration rules.
These are some of the main conclusions from Cullen International’s latest research examining IoT/M2M regulatory frameworks across ten Middle Eastern countries: Bahrain, Israel, Jordan, Kuwait, Lebanon, Oman, Qatar, Saudi Arabia, Türkiye, and the UAE.
Our research provides three critical benchmarks:
- Permanent roaming for IoT/M2M – Regulations vary widely across the region. While Bahrain and Israel allow permanent roaming with minimal restrictions, Türkiye and Saudi Arabia enforce strict time limits or outright bans, requiring local SIM registration after 90–120 days.
- Authorisation requirements for IoT services – Some countries, like Bahrain and Kuwait, allow IoT/M2M connectivity without licensing, provided there is no direct relationship with local end users. Others, such as Saudi Arabia and Türkiye, require full telecommunications authorisation. New frameworks, like Qatar’s upcoming IoT class licence, signal further regulatory developments.
- SIM registration for IoT devices – Many Middle Eastern countries impose strict SIM registration requirements, particularly for consumer IoT. Saudi Arabia and the UAE require biometric authentication, while Israel remains one of the few markets without mandatory SIM registration for IoT/M2M. The rise of eSIM technology is also prompting new regulatory considerations.
For IoT providers, navigating these regulatory challenges is crucial to ensuring compliance and market success. Cullen International’s latest benchmarks provide in-depth, actionable insights to help businesses understand local obligations, avoid regulatory risks, and develop effective market strategies.
For full access to our research, click 'Access full content' – or 'Request access' if you are not yet a subscriber to our IoT service.
Interested in other regions? Check these out:
more news
01 June 26
Privacy in the digital age
Our latest benchmark compares data protection laws across 14 jurisdictions. It covers recent legal updates, lawful bases for processing personal data, and extraterritorial applicability. It also examines privacy rules for location, biometric, and children’s data, as well as enforcement practices involving these data types and big tech groups.
01 June 26
Fewer European countries offer local loop unbundling over copper
29 May 26
How are EU member states transposing NIS2?
Our latest benchmark tracks the progress of the Directive on measures for a high common level of cybersecurity across the EU (NIS2) transposition in the 27 EU member states.