SDAIA issues deepfake guidelines regulating responsible use of AI

Applications of AI


(This report is based on the original SPA dispatch and expanded with key findings from the full SDAIA Deepfake Guidelines document (SDAIA-P119, May 2025).)

RIYADH: To address the rapid evolution of artificial media, the Saudi Data and Artificial Intelligence Authority (SDAIA) has published a comprehensive regulatory document, “Deepfake Guidelines: Mitigating risks while fostering innovation”, published in May 2025 with document number SDAIA-P119.

The guidelines define deepfakes as hyper-realistic synthetic media created using deep learning techniques, such as generative adversarial networks (GANs), automated encoders, and face-swapping algorithms, to manipulate audio, video, and other digital content in ways that make it increasingly difficult to distinguish them from reality.

Double-edged technology

The document clearly distinguishes between malicious and non-malicious deepfakes and emphasizes that this technology is not inherently harmful, and that its intent and use will determine its impact.

SDAIA acknowledges active applications across six key areas: marketing, entertainment, retail, education, healthcare, and culture, while warning of significant risks from the malicious side, which fall into three major threat types:

The first is identity fraud. Deepfakes can be used to convincingly imitate the voice, facial expressions, and mannerisms of trusted individuals to authorize fraudulent financial transactions or extract sensitive information. The guidelines cite real-life cases in which employees of multinational companies were defrauded of large sums of money by fraudsters who pretended to be senior executives during video conferences.

The second threat category is nonconsensual manipulation. This involves creating explicit or infringing content without an individual’s consent, leading to severe emotional distress, reputational damage, and potential intimidation.

The third is disinformation and propaganda. Deepfake videos and audio clips can be used to falsely portray politicians as saying things they did not actually say, potentially swaying public opinion and destabilizing democratic processes.

Looking to the future, the document warns of a new threat landscape, including near-perfect AI-generated voice scams and completely fabricated virtual environments designed to mislead users through simulated news reports, meetings, or interviews.

Obligations of developers and content creators

The guidelines require deepfake technology developers to comply with national and international data privacy frameworks, with particular reference to Saudi Arabia’s Personal Data Protection Law (PDPL) and Cybercrime Law, as well as international standards such as GDPR and CCPA.

Developers must implement robust data protection measures, including privacy-by-design principles, anonymization techniques, and consent management systems that allow individuals to request removal of their likeness from training datasets.

When it comes to transparency, developers should embed non-intrusive digital watermarks into synthetic content, maintain comprehensive documentation of AI models, and include explanation features to help users and stakeholders understand the output.

The guidelines also call for human-in-the-loop (HITL) monitoring mechanisms at critical stages of model training and deployment, alongside automated systems that detect and flag fraudulent or unethical use of deepfake tools.

Content creators face similarly stringent requirements. Using deepfake services for fraud, impersonation, or defamation is prohibited, and all synthetic content must have a visible tamper-resistant watermark. Creators must secure explicit consent before using a person’s likeness, maintain auditable consent records, and distribute content exclusively through secure and controlled channels.

The guidelines also recommend integrating blockchain and cryptographic hashes to create an immutable record of the original content, allowing any changes to be traced back to its source.

Guidance for regulators

Regulators have been directed to establish platform monitoring mechanisms that prioritize high-risk deepfake content (particularly in the financial, political, and identity theft sectors), while providing greater flexibility for lower-risk and educational content. The document calls for a formal approval process for deepfake technology before commercial deployment and recommends that regulators adopt content provenance standards such as those outlined by the Coalition for Content Provenance and Authenticity (C2PA).

In enforcement, penalties for abuse are proportionate to the severity, intent, and recurrence of the violation, but there are provisions that limit sanctions to minimal or incidental uses of the technology. It also provides for an annual use case inventory, independent audits, and mandatory training programs for government officials, as well as public awareness campaigns to foster informed public debate.

Enabling consumers to detect deepfakes

A significant portion of the guidelines is devoted to equipping the public with practical detection skills. SDAIA recommends a three-step approach: assessing the source and context of the message. Analyze audiovisual elements for telltale signs such as erratic facial movements, lip sync lag, unnatural blinking patterns, and lighting mismatches. We also authenticate content using AI-based detection tools such as Deepware Scanner and Sensity AI, and content provenance tools such as Adobe’s Content Authenticity Initiative and blockchain-based verification systems.

Victims of deepfake incidents are encouraged to immediately document evidence, report the content to relevant platforms, and notify Saudi authorities through the Corona Amun app or the Ministry of Interior Cybercrime Division.

Financial fraud cases should also be reported to the Saudi Central Bank. We recommend hiring an attorney experienced in digital rights, as well as digital forensics experts to trace the origin of manipulated content.

Useful applications and future developments

The guidelines highlight how deepfake technology has transformative potential when used ethically. In the medical field, voice restoration is already improving the quality of life of ALS patients by restoring their ability to communicate. In education, virtual tutoring and remote training tools can expand access to underserved communities. In culture, this technology can preserve endangered dialects and bring historical events to life. In entertainment, consensual aging of actors and digital character creation are cited as legitimate and creative applications.

The document concludes with three key principles. The need for continuous learning and skill development to keep pace with advances in AI. Prepare your organization with customized training and strategic recruitment. and a commitment to ethical and positive applications that foster innovation while protecting public trust.

The full Deepfake Guidelines document is available at https://sdaia.gov.sa/en/SDAIA/about/Files/File0001.pdf.



Source link