Regulatory approaches to cross-border IoT and M2M connectivity continue to evolve across the Middle East, particularly in relation to permanent roaming, authorisation regimes and SIM registration obligations.

Global connectivity still relies heavily on SIM cards roaming across borders to connect devices deployed worldwide. As regulatory frameworks continue to evolve, Cullen International’s latest analysis examines how these developments affect connectivity models based on roaming architectures, while noting that many of the same rules also apply to deployments using local SIM profiles.

Cullen International’s latest analysis shows that, while some MENA countries allow IoT connectivity through cross-border roaming arrangements, others increasingly rely on telecommunications licensing frameworks and identity verification requirements to regulate connected devices.

Key takeaways

Permanent roaming for IoT and M2M services is not uniformly regulated across the Middle East. While some jurisdictions tolerate roaming-based connectivity models under specific regulatory conditions, others impose time limits or require connectivity to transition to locally issued SIM cards or licensed operators. Regulators are also increasingly distinguishing between closed M2M communications and services that resemble public internet access.

Authorisation requirements for IoT connectivity depend on how services are structured and delivered. Some countries permit connectivity based on roaming arrangements without requiring a specific telecommunications licence, while others apply licensing or approval frameworks for IoT connectivity or require IoT systems to operate within approved regulatory structures. Providers must also consider how telecommunications licensing regimes may create indirect local presence requirements where authorisation is required.

SIM registration frameworks apply across the region and generally require subscriber identity verification before SIM activation. However, the regulatory approach varies considerably between jurisdictions, including differences in identity verification procedures, data retention obligations and compliance mechanisms that may also involve device registration or additional requirements for certain IoT deployments.

Regulatory developments in 2025

Several regulatory developments recorded in 2025 illustrate how regulators in the region continue to refine their oversight of IoT connectivity.

In Qatar, the Communications Regulatory Authority clarified its policy approach to permanent roaming for IoT services, introducing a framework that signals a potential 90-day limit on inbound roaming in the absence of bilateral agreements. In Saudi Arabia and the United Arab Emirates, regulators continue to enforce strict identity verification procedures for SIM registration, reflecting broader national frameworks for digital identity and subscriber verification.

Türkiye also reinforced its regulatory position on IoT connectivity by maintaining its prohibition on permanent roaming and strengthening enforcement of localisation requirements for remote SIM provisioning.

These developments highlight how regulators across the region increasingly rely on licensing frameworks, identity verification requirements and roaming restrictions to monitor IoT connectivity deployments.

Why it matters

For global IoT providers, regulatory compliance in the Middle East depends on the interaction between roaming models, telecommunications licensing frameworks and national SIM registration regimes.

Even where roaming-based connectivity models remain technically feasible, providers must assess whether local licensing obligations, numbering policies or subscriber identification requirements create barriers to long-term deployment. As a result, regulatory compliance is becoming an increasingly important factor in how multinational IoT connectivity services are designed and deployed.

Scope
Region: Middle East
Countries covered: 9 (Bahrain, Jordan, Kuwait, Lebanon, Oman, Qatar, Saudi Arabia, Türkiye and the United Arab Emirates)
Policy area: Internet of Things
Last updated: March 2026

For more information and to access the research, please click 'Access full content' - or 'Request access' if you are not a subscriber to our IoT service.

Interested in other regions? Check these out:

• Africa   
• Americas