Regulatory requirements for IoT connectivity via mobile networks vary significantly across the Middle East, particularly regarding authorisation and the permissibility of permanent roaming. Connectivity providers operating in these markets must comply with the enforcement of strict SIM registration rules.
These are some of the main conclusions from Cullen International’s latest research examining IoT/M2M regulatory frameworks across ten Middle Eastern countries: Bahrain, Israel, Jordan, Kuwait, Lebanon, Oman, Qatar, Saudi Arabia, Türkiye, and the UAE.
Our research provides three critical benchmarks:
- Permanent roaming for IoT/M2M – Regulations vary widely across the region. While Bahrain and Israel allow permanent roaming with minimal restrictions, Türkiye and Saudi Arabia enforce strict time limits or outright bans, requiring local SIM registration after 90–120 days.
- Authorisation requirements for IoT services – Some countries, like Bahrain and Kuwait, allow IoT/M2M connectivity without licensing, provided there is no direct relationship with local end users. Others, such as Saudi Arabia and Türkiye, require full telecommunications authorisation. New frameworks, like Qatar’s upcoming IoT class licence, signal further regulatory developments.
- SIM registration for IoT devices – Many Middle Eastern countries impose strict SIM registration requirements, particularly for consumer IoT. Saudi Arabia and the UAE require biometric authentication, while Israel remains one of the few markets without mandatory SIM registration for IoT/M2M. The rise of eSIM technology is also prompting new regulatory considerations.
For IoT providers, navigating these regulatory challenges is crucial to ensuring compliance and market success. Cullen International’s latest benchmarks provide in-depth, actionable insights to help businesses understand local obligations, avoid regulatory risks, and develop effective market strategies.
For full access to our research, click 'Access full content' – or 'Request access' if you are not yet a subscriber to our IoT service.
Interested in other regions? Check these out:
more news
25 February 26
Protection of minors: overview of national initiatives on banning access to social media
Our latest benchmark shows that an increasing number of European countries are discussing a potential social media ban on children.
23 February 26
The DNA explained: universal service to serve the same goals under a revised approach
Cullen International is issuing a series of analyses on different aspects of the Digital Networks Act (DNA) proposal. This report covers universal service.
20 February 26
Revised Cybersecurity Act (CSA2) - Changes to the EU cybersecurity certification framework
Cullen International published an analysis of the proposed changes to the EU cybersecurity certification framework under the draft Cybersecurity Act 2 (CSA2) delivered by the European Commission on 20 January 2026.