Regulatory approaches to cross-border IoT and M2M connectivity continue to evolve across the Middle East, particularly in relation to permanent roaming, authorisation regimes and SIM registration obligations.
Global connectivity still relies heavily on SIM cards roaming across borders to connect devices deployed worldwide. As regulatory frameworks continue to evolve, Cullen International’s latest analysis examines how these developments affect connectivity models based on roaming architectures, while noting that many of the same rules also apply to deployments using local SIM profiles.
Cullen International’s latest analysis shows that, while some MENA countries allow IoT connectivity through cross-border roaming arrangements, others increasingly rely on telecommunications licensing frameworks and identity verification requirements to regulate connected devices.
Key takeaways
Permanent roaming for IoT and M2M services is not uniformly regulated across the Middle East. While some jurisdictions tolerate roaming-based connectivity models under specific regulatory conditions, others impose time limits or require connectivity to transition to locally issued SIM cards or licensed operators. Regulators are also increasingly distinguishing between closed M2M communications and services that resemble public internet access.
Authorisation requirements for IoT connectivity depend on how services are structured and delivered. Some countries permit connectivity based on roaming arrangements without requiring a specific telecommunications licence, while others apply licensing or approval frameworks for IoT connectivity or require IoT systems to operate within approved regulatory structures. Providers must also consider how telecommunications licensing regimes may create indirect local presence requirements where authorisation is required.
SIM registration frameworks apply across the region and generally require subscriber identity verification before SIM activation. However, the regulatory approach varies considerably between jurisdictions, including differences in identity verification procedures, data retention obligations and compliance mechanisms that may also involve device registration or additional requirements for certain IoT deployments.
Regulatory developments in 2025
Several regulatory developments recorded in 2025 illustrate how regulators in the region continue to refine their oversight of IoT connectivity.
In Qatar, the Communications Regulatory Authority clarified its policy approach to permanent roaming for IoT services, introducing a framework that signals a potential 90-day limit on inbound roaming in the absence of bilateral agreements. In Saudi Arabia and the United Arab Emirates, regulators continue to enforce strict identity verification procedures for SIM registration, reflecting broader national frameworks for digital identity and subscriber verification.
Türkiye also reinforced its regulatory position on IoT connectivity by maintaining its prohibition on permanent roaming and strengthening enforcement of localisation requirements for remote SIM provisioning.
These developments highlight how regulators across the region increasingly rely on licensing frameworks, identity verification requirements and roaming restrictions to monitor IoT connectivity deployments.
Why it matters
For global IoT providers, regulatory compliance in the Middle East depends on the interaction between roaming models, telecommunications licensing frameworks and national SIM registration regimes.
Even where roaming-based connectivity models remain technically feasible, providers must assess whether local licensing obligations, numbering policies or subscriber identification requirements create barriers to long-term deployment. As a result, regulatory compliance is becoming an increasingly important factor in how multinational IoT connectivity services are designed and deployed.
Scope
Region: Middle East
Countries covered: 9 (Bahrain, Jordan, Kuwait, Lebanon, Oman, Qatar, Saudi Arabia, Türkiye and the United Arab Emirates)
Policy area: Internet of Things
Last updated: March 2026
For more information and to access the research, please click 'Access full content' - or 'Request access' if you are not a subscriber to our IoT service.
Interested in other regions? Check these out:
more news
09 April 26
Asia-Pacific sharpens regulatory control of IoT connectivity across roaming, licensing and SIM registration frameworks
Global IoT connectivity continues to rely heavily on SIM-based architectures, often using cross-border roaming to connect devices deployed at scale. Cullen International’s latest research examines how regulatory frameworks across seven APAC markets affect these connectivity models, while also reflecting broader implications for deployments using local SIM profiles or hybrid architectures.
03 April 26
Spectrum policy and new consumer protection rules in the LATAM telecoms market
Cullen International’s latest LATAM Telecoms Update highlights policy developments over the past three months affecting the regulation of radio spectrum, wholesale networks and consumer protection in six markets in the region: Argentina, Brazil, Chile, Colombia, Mexico and Peru.
30 March 26
Transposition status of key EU environmental directives
Our latest benchmark contains summary information on the transposition status of six key EU environmental directives.