Saudi Arabia SMS Best Practices, Compliance, and Features

SMS Market Overview: Saudi Arabia Mobile Landscape

Mobile Network Codes (MNC) (ITU-T E.212 Standard):

• 420 01 – Saudi Telecom Company (STC) / Al Jawal
• 420 03 – Etihad Etisalat Company (Mobily)
• 420 04 – Zain Saudi Arabia
• 420 05 – Virgin Mobile Saudi Arabia (MVNO)
• 420 06 – Lebara Mobile (MVNO)
• 420 21 – Saudi Railways GSM (RGSM)

Source: ITU-T Recommendation E.212 (2018)

Market Conditions: Saudi Arabia operates a highly developed mobile market with widespread SMS adoption for business communications. As of 2024, three main Mobile Network Operators (MNOs) serve the market: STC leads with 43.2% market share, Mobily holds 40%, and Zain accounts for 16.4%, plus two MVNOs (Virgin Mobile and Lebara). While OTT messaging apps like WhatsApp and Telegram dominate consumer conversations, SMS remains essential for business-to-consumer messaging, two-factor authentication (OTP), and transactional notifications. The market shows high mobile penetration with extensive 4G and 5G network deployment, making SMS delivery reliable across the Kingdom.

Source: TowerXchange Saudi Arabia Market Report (2024), Opensignal May 2024 Report

SMS Features and Technical Capabilities in Saudi Arabia

Saudi Arabia supports most standard SMS features for A2P (Application-to-Person) messaging, including concatenated messages and alphanumeric sender IDs. However, two-way SMS is not available through standard channels, and MMS messages convert to SMS with URL links. Understanding these capabilities is crucial for successful SMS campaigns in the Kingdom.

Two-way SMS Support

Two-way SMS is not supported in Saudi Arabia through standard A2P channels. If you need two-way communication, implement alternative solutions such as:

• Dedicated enterprise messaging platforms
• App-based messaging with push notifications
• WhatsApp Business API integration
• Web-based chat interfaces with SMS fallback

Concatenated Messages (Segmented SMS)

Support: Yes, concatenation works for most sender ID types, though support varies by sender ID type.

Message length rules: Standard 160 characters per message segment using GSM-7 encoding.

Encoding considerations: Messages using GSM-7 encoding support up to 160 characters, while UCS-2 encoding (for Arabic and special characters) allows up to 70 characters per segment. For messages containing the EURO symbol (€), use UCS-2 encoding.

MMS Support

MMS messages are not directly supported in Saudi Arabia through standard A2P channels. Instead, the system automatically converts MMS content to SMS with an embedded URL where recipients can view the multimedia content. This ensures compatibility while maintaining rich media capabilities.

Technical Details:

• Maximum file size: 500 KB per MMS
• Supported formats: JPEG, PNG, GIF, MP4, MP3
• URL expiration: 30 days
• Hosted on provider infrastructure

Recipient Phone Number Compatibility

Number Portability

Number portability is available in Saudi Arabia. Subscribers can change their mobile service provider while keeping their original phone number. The carriers handle routing automatically based on current network assignments, so portability typically doesn't affect SMS delivery.

Porting Details:

• Standard porting process: 2-3 business days
• Temporary delivery delays possible during porting window
• Messages route to current carrier, not original MNC

Sending SMS to Landlines

Sending SMS to landline numbers is not supported in Saudi Arabia. Attempts to send messages to landline numbers trigger a 400 error (code 21614) from the API, with no delivery or charge to your account.

SMS Compliance and Regulatory Requirements in Saudi Arabia

Regulatory Authority: The Communications, Space & Technology Commission (CST) – formerly known as the Communications and Information Technology Commission (CITC) until 2022 – governs SMS communications in Saudi Arabia and enforces strict regulations to protect consumers. Comply with both CST regulations and the Personal Data Protection Law (PDPL) when sending SMS messages.

Note: The PDPL came into force on September 14, 2023, with full enforcement beginning September 14, 2024, after a one-year transition period. The Saudi Authority for Data and Artificial Intelligence (SDAIA) oversees PDPL compliance.

Source: DLA Piper PDPL Update (February 2024), Morgan Lewis PDPL Guidance (September 2024)

Consent and Opt-In

Explicit Consent Requirements:

• Obtain written or electronic consent before sending any marketing messages
• Use double opt-in for marketing communications (strongly recommended)
• Maintain consent records and make them readily available for audit
• Clearly state the purpose of messaging during opt-in
• Under PDPL: Data subjects have the right to access, correct, and delete personal data, and revoke consent

Best Practices for Consent Management:

1. Implement a clear opt-in process with checkbox confirmation
2. Store consent timestamps and opt-in method
3. Maintain detailed records of consent source and date
4. Regularly update consent database and remove expired consents

Implementation Example:

interface ConsentRecord {
  phoneNumber: string;
  timestamp: Date;
  method: 'web_form' | 'sms_reply' | 'api';
  purpose: string;
  ipAddress?: string;
  doubleOptIn: boolean;
}

class ConsentManager {
  async recordConsent(record: ConsentRecord): Promise<void> {
    // Store in database with audit trail
  }

  async checkConsent(phoneNumber: string): Promise<boolean> {
    // Verify active consent exists
  }
}

Penalties for Non-Compliance: The PDPL provides fines up to SAR 5,000,000 for breach of its provisions, and courts may double the fine for data breaches in case of repeat violations.

Source: SDAIA Personal Data Protection Law (Royal Decree M/19, amended March 27, 2023)

HELP/STOP and Other Commands

All promotional messages must include opt-out instructions in both English and Arabic.

Required Keywords:

Implementation Requirements:

• Send opt-out confirmations in the same language as the original message
• Process commands within 24 hours
• Maintain centralized opt-out database
• Honor opt-outs across all campaigns

Example Opt-Out Templates:

English: "Reply STOP to unsubscribe. For help, reply HELP."
Arabic: "رد بـ إيقاف لإلغاء الاشتراك. للمساعدة، رد بـ مساعدة."

Confirmation: "You've unsubscribed from [Company] messages. Reply START to resubscribe."

Do Not Call / Do Not Disturb Registries

Saudi Arabia maintains a national DND registry managed by the CST.

Requirements:

• Check numbers against the DND list regularly (recommended: weekly)
• Remove DND numbers from marketing databases immediately
• Maintain internal suppression lists in addition to DND compliance
• Expect automatic filtering by carriers for DND numbers

Access Method: Contact your SMS provider for DND registry API access. Most providers offer automated DND checking as part of their platform.

Violations: Sending to DND numbers results in significant penalties and potential service suspension.

Source: CST Anti-Spam Regulations

Time Zone Sensitivity

Time Zone: Saudi Arabia observes Arabia Standard Time (AST) year-round at UTC+3 with no daylight saving time changes.

Source: IANA Time Zone Database (Asia/Riyadh)

Messaging Hours (CST/Twilio Guidelines):

• Promotional messages: 9:00 AM to 8:00 PM (AST, UTC+3) only
• Transactional/service messages: 24/7 permitted
• Religious and cultural considerations during Ramadan and other holidays
• Note: During Ramadan, the window may shift to 12:00 PM to 1:00 AM

Source: Twilio Saudi Arabia SMS Guidelines (2024), CST Regulations

Alphanumeric Sender ID Registration and Phone Number Requirements

Alphanumeric Sender ID Registration (Required for All SMS)

Operator network capability: Fully supported and mandatory for all A2P messaging in Saudi Arabia

How to Register Your Sender ID in Saudi Arabia:

• Pre-registration mandatory through your SMS provider (cannot send without registration)
• Approval time: Approximately 2 weeks for CITC approval
• Required documentation: Company Registration Certificate, Delegation Letter in Arabic, National ID of authorized person
• Trademark License: Required if sender ID differs from registered company name
• "-AD" suffix mandatory for promotional sender IDs (e.g., "BrandName-AD")
• Character limits: 11 characters for transactional, 8 characters for promotional (including "-AD")
• Validity: 1 year from registration date, renewable up to 5 years
• Important: As of April 2024, Mobily no longer supports promotional sender ID registration (transactional still supported)

Registration Process:

1. Prepare required documents in Arabic (notarized)
2. Submit registration request through your SMS provider
3. Wait for carrier approval (2 weeks average)
4. Test sender ID across all carriers before launch
5. Monitor renewal dates to prevent expiration

Common Rejection Reasons:

• Missing or incomplete Arabic translation
• Sender ID contains special characters or numbers
• Trademark mismatch with company name
• Missing company registration documents

Source: Twilio Support Documentation (2024), 8x8 CPaaS Registration Guide (2024)

Sender ID preservation: Yes, displays as registered when properly approved

Restrictions:

• Cannot be numeric
• Cannot contain Arabic characters
• Cannot include special characters except hyphen
• Domestic Saudi brands cannot register through some international providers (verification required)

Long Codes

Domestic vs. International: Neither domestic nor international long codes are supported Sender ID preservation: N/A Provisioning time: N/A Use cases: Not available for SMS messaging in Saudi Arabia

Short Codes

Support: Not currently supported in Saudi Arabia Provisioning time: N/A Use cases: N/A

SMS Pricing and Cost for Sending to Saudi Arabia

Twilio SMS Pricing (2025)

• Outbound SMS (International Numbers): $0.1949 per segment
• Outbound SMS (Alphanumeric Sender IDs): $0.1949 per segment
• Failed Message Processing Fee: $0.001 per message
• Optional Add-ons:
  • Engagement Suite (link shortening/click tracking): $0.0150 per message (first 1,000 free monthly)
  • SMS Pumping Protection: $0.0250 per message

Cost Calculation Examples:

• 1,000 SMS (160 chars): $194.90
• 1,000 SMS with Arabic (140 chars, 2 segments): $389.80
• 10,000 transactional SMS: $1,949.00
• Campaign with link tracking (5,000 msgs): $1,049.50

Note: Prices are per message segment and may change without notice. Additional carrier fees may apply.

Source: Twilio SMS Pricing for Saudi Arabia (January 2025)

Message Segmentation

• GSM-7 encoding: 160 characters per segment
• UCS-2/Unicode encoding (Arabic, special characters): 70 characters per segment
• Concatenated messages: Reduce to 153 characters (GSM-7) or 67 characters (UCS-2) per segment due to header overhead
• Cost: Each segment is billed separately

Prohibited Content and Message Filtering Rules

Prohibited Content and Industries (CST/Carrier Enforcement):

• Gambling and betting
• Adult content
• Political messages
• Religious content
• Controlled substances
• Cannabis and alcohol
• Money lending/loan services
• WhatsApp/LINE chat links
• Phone numbers in message body

Source: Twilio Saudi Arabia SMS Guidelines (2024), CST Anti-Spam Regulations

Content Filtering and URL Whitelisting Requirements

Carrier Filtering Rules (strictly enforced by STC, Mobily, and Zain):

• Register and whitelist all URLs with carriers before sending (mandatory requirement)
• Identical content messages sent to multiple recipients are automatically blocked
• Messages containing restricted keywords are filtered
• Numeric sender IDs are automatically blocked
• Objectionable content triggers automatic filtering

URL Registration Process:

1. Submit URL list to your SMS provider
2. Provide domain ownership verification
3. Wait for carrier whitelist approval (1-2 weeks)
4. Test URLs in messages before campaign launch
5. Update whitelist when adding new domains

Common Restricted Keywords (examples):

• Financial terms: "loan," "credit," "debt," "interest"
• Gaming: "casino," "bet," "win money"
• Adult: Any sexual or suggestive terms
• Urgency triggers: "act now," "limited time" (when combined with suspicious content)

Tips to Avoid Blocking:

• Register and whitelist all URLs before launching campaigns
• Vary message content between campaigns (avoid identical mass messages)
• Avoid URL shorteners (bit.ly, tinyurl, etc.) – use full registered URLs only
• Use registered alphanumeric sender IDs (never numeric)
• Keep content professional and comply with CST regulations
• Pre-register message templates with carriers when possible

Source: Twilio Saudi Arabia SMS Guidelines (2024)

Best Practices for SMS Marketing and Messaging in Saudi Arabia

Messaging Strategy

Keep messages concise, clear, and actionable.

Content Guidelines:

• Keep messages under 160 characters when possible
• Include clear call-to-action
• Use personalization tokens thoughtfully
• Maintain consistent brand voice
• Include company name in message

Example Messages by Industry:

Banking:

"Your ABC Bank account ending in 1234 was debited SAR 500.00 on 05-Jan-2025. Balance: SAR 2,450.00. Questions? Call 800-123-4567."

Retail:

"Hi Ahmed, your order #12345 shipped today! Track: example.com/track/12345. Delivery by 10-Jan. Thanks for shopping with BrandName."

Healthcare:

"Reminder: You have an appointment with Dr. Khan on 15-Jan at 2:00 PM. To reschedule, call 011-123-4567. HealthClinic"

Sending Frequency and Timing

• Limit to 3-4 messages per month per recipient
• Respect prayer times and religious observances
• Avoid sending during sensitive cultural periods
• Space out messages to prevent recipient fatigue

Localization

Support both Arabic and English to reach all audiences effectively.

Technical Implementation:

// Arabic text handling
function sendBilingualSMS(phone: string, messageEn: string, messageAr: string) {
  // Detect user preference or send Arabic by default
  const message = userPreference === 'en' ? messageEn : messageAr;

  return client.messages.create({
    from: senderId,
    to: phone,
    body: message,
    // UCS-2 encoding for Arabic
    encoding: message.match(/[\u0600-\u06FF]/) ? 'UCS-2' : 'GSM-7'
  });
}

// Right-to-left text formatting
const arabicMessage = `مرحبا ${name}، رصيدك الحالي هو ${balance} ريال.`;

Localization Checklist:

• ✅ Right-to-left text formatting for Arabic
• ✅ Local date format (DD-MM-YYYY)
• ✅ Time format (12-hour with AM/PM or 24-hour)
• ✅ Currency: SAR or ريال
• ✅ Cultural sensitivities in content
• ✅ Customer support in both languages

Opt-Out Management

• Process opt-outs within 24 hours
• Send confirmation of opt-out
• Maintain centralized opt-out database
• Clean database regularly
• Honor opt-outs across all campaigns

Testing and Monitoring

Test thoroughly across all carriers before launching campaigns.

Pre-Launch Testing:

• ✅ Test on STC, Mobily, and Zain networks
• ✅ Verify sender ID displays correctly
• ✅ Check Arabic character rendering
• ✅ Validate URL accessibility
• ✅ Confirm delivery within 60 seconds

Key Metrics to Track:

• Delivery rate by carrier (target: >95%)
• Delivery time (target: <60 seconds)
• Opt-out rate (benchmark: <0.5%)
• Click-through rate for URLs
• Error rate by error code

Monitoring Dashboard Setup:

interface SMSMetrics {
  totalSent: number;
  delivered: number;
  failed: number;
  optOuts: number;
  deliveryRate: number;
  avgDeliveryTime: number;
  carrierBreakdown: {
    stc: DeliveryStats;
    mobily: DeliveryStats;
    zain: DeliveryStats;
  };
}

SMS API Integration Guide for Saudi Arabia

Twilio SMS API

Twilio provides a robust SMS API for sending messages to Saudi Arabia with full support for alphanumeric sender IDs and Arabic text. Authenticate using your Account SID and Auth Token. For detailed implementation examples across different frameworks, see our Twilio Node.js SMS integration guides.

Key Parameters:

• alphanumericSenderId: Pre-registered sender ID
• to: Recipient number in E.164 format (+966)
• body: Message content (supports Unicode)

import { Twilio } from 'twilio';

// Initialize Twilio client
const client = new Twilio(
  process.env.TWILIO_ACCOUNT_SID,
  process.env.TWILIO_AUTH_TOKEN
);

async function sendSMSToSaudiArabia(
  to: string,
  message: string,
  senderId: string
): Promise<void> {
  try {
    // Validate phone number format
    if (!to.startsWith('+966')) {
      throw new Error('Saudi Arabia numbers must start with +966');
    }

    // Validate message length
    const isArabic = /[\u0600-\u06FF]/.test(message);
    const maxLength = isArabic ? 70 : 160;
    if (message.length > maxLength) {
      console.warn(`Message will be split into ${Math.ceil(message.length / maxLength)} segments`);
    }

    // Validate sender ID format
    if (!/^[A-Za-z0-9\-]{3,11}$/.test(senderId)) {
      throw new Error('Sender ID must be 3-11 alphanumeric characters');
    }

    const response = await client.messages.create({
      from: senderId,  // Your pre-registered alphanumeric sender ID
      to: to,         // Recipient phone number
      body: message,  // Message content
      statusCallback: 'https://your-webhook.com/status' // Optional status tracking
    });

    console.log(`Message sent successfully. SID: ${response.sid}`);
  } catch (error) {
    console.error('Error sending message:', error);
    throw error;
  }
}

Sinch SMS API

Sinch offers a comprehensive SMS API with specific features for Saudi Arabia. Authenticate using API Token and Service Plan ID. For step-by-step integration tutorials, visit our Sinch Node.js implementation guides.

import axios from 'axios';

class SinchSMSClient {
  private readonly apiToken: string;
  private readonly servicePlanId: string;
  private readonly baseUrl: string;

  constructor(apiToken: string, servicePlanId: string) {
    this.apiToken = apiToken;
    this.servicePlanId = servicePlanId;
    this.baseUrl = 'https://sms.api.sinch.com/xms/v1';
  }

  async sendSMS(
    to: string,
    message: string,
    senderId: string
  ): Promise<void> {
    try {
      const response = await axios.post(
        `${this.baseUrl}/${this.servicePlanId}/batches`,
        {
          from: senderId,
          to: [to],
          body: message,
          delivery_report: 'summary'
        },
        {
          headers: {
            'Authorization': `Bearer ${this.apiToken}`,
            'Content-Type': 'application/json'
          }
        }
      );

      console.log('Message sent:', response.data.id);
    } catch (error) {
      console.error('Sinch SMS error:', error);
      throw error;
    }
  }
}

MessageBird SMS API

MessageBird provides SMS API access with support for Saudi Arabia's specific requirements including Unicode for Arabic text. Learn more in our MessageBird integration tutorials.

import { MessageBird } from 'messagebird';

class MessageBirdSMSClient {
  private client: MessageBird;

  constructor(apiKey: string) {
    this.client = new MessageBird(apiKey);
  }

  async sendSMS(
    to: string,
    message: string,
    senderId: string
  ): Promise<void> {
    return new Promise((resolve, reject) => {
      this.client.messages.create({
        originator: senderId,
        recipients: [to],
        body: message,
        datacoding: 'unicode' // Support for Arabic characters
      }, (err, response) => {
        if (err) {
          console.error('MessageBird error:', err);
          reject(err);
        } else {
          console.log('Message sent:', response.id);
          resolve();
        }
      });
    });
  }
}

Plivo SMS API

Plivo's SMS API supports Saudi Arabia with features for handling Arabic text and delivery reporting. For complete implementation guides, check our Plivo Node.js tutorials.

import * as plivo from 'plivo';

class PlivoSMSClient {
  private client: plivo.Client;

  constructor(authId: string, authToken: string) {
    this.client = new plivo.Client(authId, authToken);
  }

  async sendSMS(
    to: string,
    message: string,
    senderId: string
  ): Promise<void> {
    try {
      const response = await this.client.messages.create({
        src: senderId,
        dst: to,
        text: message,
        url_strip_query_params: false, // Preserve URL parameters if any
        powerpack_id: undefined // Use direct sender ID
      });

      console.log('Message sent:', response.messageUuid);
    } catch (error) {
      console.error('Plivo error:', error);
      throw error;
    }
  }
}

API Rate Limits and Throughput

Standard Rate Limits (vary by provider):

• Standard rate: 100 messages per second
• Burst limit: 250 messages per minute
• Daily quota: Varies by provider and plan

Carrier-Specific Considerations:

• STC: Most reliable throughput, supports full rate limits
• Mobily: May require reduced sending rate during peak hours
• Zain: Standard throughput, monitor for occasional delays

Throughput Management:

class SMSRateLimiter {
  private queue: Array<() => Promise<void>> = [];
  private processing: boolean = false;
  private readonly rateLimit: number;

  constructor(rateLimit: number = 100) {
    this.rateLimit = rateLimit;
  }

  async addToQueue(sendFunction: () =&gt; Promise<void&gt;): Promise<void&gt; {
    this.queue.push(sendFunction);
    if (!this.processing) {
      this.processQueue();
    }
  }

  private async processQueue(): Promise<void&gt; {
    this.processing = true;
    while (this.queue.length &gt; 0) {
      const batch = this.queue.splice(0, this.rateLimit);
      await Promise.all(batch.map(fn =&gt; fn()));
      await new Promise(resolve =&gt; setTimeout(resolve, 1000));
    }
    this.processing = false;
  }
}

Error Handling and Reporting

Handle errors gracefully and implement retry logic for transient failures.

interface SMSError {
  code: string;
  message: string;
  timestamp: Date;
  recipient: string;
}

class SMSErrorHandler {
  private errors: SMSError[] = [];

  logError(error: SMSError): void {
    this.errors.push(error);
    console.error(`SMS Error [${error.code}]: ${error.message}`);

    // Route to monitoring system
    if (this.isCriticalError(error.code)) {
      this.alertOpsTeam(error);
    }
  }

  async retryFailedMessages(maxRetries: number = 3): Promise<void&gt; {
    const retriableErrors = this.errors.filter(e =&gt;
      this.isRetriable(e.code)
    );

    for (const error of retriableErrors) {
      // Implement exponential backoff retry logic
      await this.retryWithBackoff(error, maxRetries);
    }
  }

  private isRetriable(code: string): boolean {
    const retriableCodes = ['30001', '30002', '30003', '30007'];
    return retriableCodes.includes(code);
  }

  private isCriticalError(code: string): boolean {
    const criticalCodes = ['21610', '21614', '21408'];
    return criticalCodes.includes(code);
  }

  private async retryWithBackoff(
    error: SMSError,
    maxRetries: number
  ): Promise<void&gt; {
    // Implement retry logic
  }

  private alertOpsTeam(error: SMSError): void {
    // Send alert to operations team
  }
}

Common Error Codes for Saudi Arabia:

Recap and Additional Resources

Key Takeaways:

• Use pre-registered alphanumeric sender IDs for all messages
• Implement proper error handling and retry mechanisms
• Monitor delivery rates and engagement metrics by carrier
• Maintain compliance with CST (Communications, Space & Technology Commission) regulations
• Ensure PDPL compliance for data protection and consent management

Implementation Timeline:

• Week 1-2: Register sender IDs with CST through your SMS provider
• Week 2-3: Implement opt-in/opt-out management system
• Week 3-4: Set up monitoring and reporting dashboards
• Week 4-5: Test thoroughly across all carriers (STC, Mobily, Zain)
• Week 5-6: Launch pilot campaign and monitor metrics
• Ongoing: Maintain PDPL compliance and renew sender IDs annually

Pre-Launch Checklist:

• ✅ Sender ID registered and approved for all carriers
• ✅ Consent management system implemented
• ✅ DND registry checking integrated
• ✅ URLs whitelisted with carriers
• ✅ Error handling and retry logic in place
• ✅ Monitoring dashboard configured
• ✅ Test messages sent to all carriers
• ✅ Opt-out keywords (STOP/HELP) configured
• ✅ PDPL compliance documentation prepared
• ✅ Time zone handling implemented (AST UTC+3)

Additional Resources:

• CST Official Website (Communications, Space & Technology Commission)
• SDAIA - Personal Data Protection Law
• CST Telecommunications Regulations
• PDPL Official Text (English)
• Saudi Arabia Government Portal - E-Services

SMS Provider Guidelines:

• Twilio Saudi Arabia SMS Guidelines
• Twilio Saudi Arabia SMS Pricing
• Twilio Sender ID Registration Guide

Frequently Asked Questions About SMS in Saudi Arabia

What is the regulatory authority for SMS in Saudi Arabia?

The Communications, Space & Technology Commission (CST) – formerly CITC until 2022 – governs all SMS communications in Saudi Arabia. You must also comply with the Personal Data Protection Law (PDPL) enforced by SDAIA, which became fully enforceable on September 14, 2024.

How much does it cost to send SMS to Saudi Arabia?

As of January 2025, Twilio charges $0.1949 per SMS segment for messages sent to Saudi Arabian phone numbers using alphanumeric sender IDs or international numbers. Each message segment (160 characters for GSM-7, 70 characters for Unicode) is billed separately. Additional carrier fees may apply.

Do I need to register my sender ID for Saudi Arabia?

Yes, alphanumeric sender ID registration is mandatory for all A2P messaging in Saudi Arabia. The approval process takes approximately 2 weeks and requires company documentation, including a Company Registration Certificate and Delegation Letter in Arabic. Promotional sender IDs must include the "-AD" suffix (e.g., "Brand-AD").

What are the penalties for violating Saudi Arabia's SMS regulations?

Under the PDPL, businesses face fines up to SAR 5,000,000 for data protection violations, with courts authorized to double fines for repeat offenses. CST can also impose penalties, including service suspension, for non-compliance with telecommunications regulations.

What hours can I send promotional SMS in Saudi Arabia?

Send promotional messages only between 9:00 AM and 8:00 PM Arabia Standard Time (AST, UTC+3). Send transactional and service messages 24/7. During Ramadan, the permitted window may shift to 12:00 PM to 1:00 AM.

Can I use numeric sender IDs in Saudi Arabia?

No, Saudi Arabian carriers automatically block numeric sender IDs. Use registered alphanumeric sender IDs for all A2P messaging. Sender IDs cannot contain Arabic characters either.

Is two-way SMS supported in Saudi Arabia?

No, two-way SMS is not supported through standard A2P channels in Saudi Arabia. If you need two-way communication, implement alternative solutions such as dedicated enterprise messaging services or app-based solutions.

What content is prohibited in SMS messages to Saudi Arabia?

Prohibited content includes gambling, adult content, political and religious messages, controlled substances, cannabis, alcohol, money lending services, WhatsApp/LINE links, and phone numbers in the message body. Register and whitelist all URLs with carriers before sending.

How do I ensure PDPL compliance for SMS marketing in Saudi Arabia?

Obtain explicit written or electronic consent before sending marketing messages, maintain detailed consent records with timestamps, provide clear opt-out instructions in both English and Arabic, honor opt-outs within 24 hours, and regularly check numbers against the national DND registry maintained by CST.

Which mobile operators serve Saudi Arabia?

Saudi Arabia has three main MNOs: STC (43.2% market share), Mobily (40%), and Zain (16.4%), plus two MVNOs (Virgin Mobile and Lebara). All use MCC 420 with different MNC codes as defined by ITU-T Recommendation E.212.

Last Updated: January 5, 2025