AI Regulation ReferenceDoes QCB Artificial Intelligence Guideline require Risk Assessment?
Qatar • enforcing
Yes — 1 provision
Requirements at a glance
This regulation imposes 9 specific requirements for Risk Assessment across 1 provision:
- AI strategy — Firms must establish and periodically review an AI strategy aligned with business objectives
- Governance function — Dedicated AI oversight function with clear accountability; board and senior management responsible for AI outcomes
- Risk management — Identify, assess, and mitigate AI risks including bias, discrimination, privacy, security, and lack of transparency
- High-risk categorization — Identify and categorize high-risk AI systems based on guideline criteria; apply stricter scrutiny
- Pre-approval — QCB approval required before launching any new AI system
- High-risk pre-approval — Prior QCB approval required for purchasing, licensing, or outsourcing high-risk AI systems
- Sandbox testing — QCB may require sandbox testing before granting approval for high-risk systems
- AI register — Maintain an updated register of all AI systems in use
- Life cycle management — Governance covering development, deployment, data governance, security, and ongoing monitoring
AI Governance and Risk Management #
First binding AI-specific regulation in the GCC. All QCB-licensed financial entities must establish AI governance frameworks, risk management systems, and obtain QCB pre-approval before deploying any AI system. High-risk AI systems face additional scrutiny and may require sandbox testing.
Requirements
| Requirement | Details |
|---|---|
| AI strategy | Firms must establish and periodically review an AI strategy aligned with business objectives |
| Governance function | Dedicated AI oversight function with clear accountability; board and senior management responsible for AI outcomes |
| Risk management | Identify, assess, and mitigate AI risks including bias, discrimination, privacy, security, and lack of transparency |
| High-risk categorization | Identify and categorize high-risk AI systems based on guideline criteria; apply stricter scrutiny |
| Pre-approval | QCB approval required before launching any new AI system |
| High-risk pre-approval | Prior QCB approval required for purchasing, licensing, or outsourcing high-risk AI systems |
| Sandbox testing | QCB may require sandbox testing before granting approval for high-risk systems |
| AI register | Maintain an updated register of all AI systems in use |
| Life cycle management | Governance covering development, deployment, data governance, security, and ongoing monitoring |