Abstract This study examines the implementation of the Saudi Personal Data Protection Law (PDPL) in government institutions under the growing influence of artificial intelligence (AI), using the Civil Affairs sector as a case study. Although the PDPL was enacted in 2021, limited empirical evidence exists on how its requirements are operationalized within AI-enabled public services. To address this issue, the study adopts a mixed-methods design combining a structured questionnaire administered to 40 Civil Affairs employees with semi-structured interviews conducted with five senior officials and experts. Quantitative analysis using descriptive statistics, t-tests, and ANOVA indicates high awareness of PDPL principles (mean ≈ 4.2), contrasted with moderate implementation challenges related to technical infrastructure, data governance, and AI integration (means ≈ 3.8–3.9). While institutional commitment to data protection is evident, governance practices remain unevenly embedded in operational processes. The survey instrument demonstrates acceptable reliability (Cronbach’s α = 0.777). The findings show that PDPL compliance in practice is constrained less by legal awareness than by organizational and technical capacity, underscoring the need for stronger data governance mechanisms and clearer accountability structures for AI use in Saudi government institutions.
Alaeaid et al. (Sun,) studied this question.