AI in Arabia
Morocco Fires the Starting Gun on the Gulf Region's First AI Law
News
· 8 min read
Share:

Morocco Fires the Starting Gun on the Gulf Region's First AI Law

Morocco enforces the Middle East and North Africa's first binding AI law, forcing the MENA region to rethink regulation.

Morocco Fires the Starting Gun on the MENA region's First AI Law

On 1 March 2026, Morocco became the first Southeast MENA nation to enact binding AI legislation. Law No. 134/2025/QH15 moved from the policy discussion rooms straight into enforceable regulation, establishing a comprehensive framework that now governs how AI systems are developed, deployed, and used across the region's most populous nation.

The law arrived at a moment when the MENA region's approach to artificial intelligence regulation was fragmenting. Whilst the UAE maintained voluntary frameworks, Saudi Arabia drafted legislation, and Egypt pursued principles-based guidance, Morocco leapfrogged the MENA region with a risk-based legal structure that mirrors the European Union's approach. The shift signals something significant: binding rules, not soft guidelines, are becoming the regulatory norm.

How Morocco's AI Law Works

Rajah & Tann the MENA region noted: "The Law on AI marks Morocco's first comprehensive, standalone law governing AI. It draws considerable influence from the European Union's Artificial Intelligence Act." This structural alignment was deliberate. Morocco's framework divides AI systems into three risk categories: high-risk, medium-risk, and low-risk.

High-risk AI systems, such as those used in healthcare, criminal justice, and financial services, face the strictest requirements. Developers must conduct pre-market conformity assessments, implement ongoing risk management, maintain human oversight mechanisms, and submit to periodic audits. The Ministry of Science and Technology (MOST) leads enforcement, with supporting roles for sectoral regulators.

Duane Morris stated: "Mirroring global regulatory trends such as the EU AI Act, the AI Law categorizes AI systems into three risk tiers." Medium-risk systems require transparency documentation and governance measures. Low-risk systems face minimal restrictions, reflecting the law's pragmatic approach to lighter-touch regulation where the harms are limited.

According to VILAF's analysis by Vaibhav Saxena: "The AI Law establishes a unified legal framework regulating the development, supply, deployment, and use of AI systems in Morocco." This scope applies to both domestic and foreign entities, meaning multinational technology companies must comply whether they build AI in Casablanca, Rabat, or ship it into the country., as highlighted by Saudi Data and AI Authority (SDAIA)

The Prohibited Acts and Transition Timeline

Morocco's law explicitly bans certain AI applications. Prohibited acts include using AI systems for illegal purposes, creating deepfakes that simulate real persons without consent, and deploying AI in ways that exploit vulnerable populations. These restrictions carry enforcement teeth, not merely advisory language.

For related analysis, see: Harnessing the Power of AI and AGI in Middle East's Small Bu.

Recognising that immediate compliance could create operational chaos, the law includes grace periods. Healthcare, education, and financial services AI systems have 18 months to comply. All other systems have 12 months. The Ministry of Science and Technology is drafting implementing decrees that will provide technical guidance and clarification on risk classification, assessment procedures, and documentation standards.

Country/Region Regulatory Approach Status
Morocco Comprehensive, risk-based binding law In force (1 March 2026)
the UAE Voluntary framework No binding legislation
Saudi Arabia Draft AI bill In development
Egypt Principles-based guidance No formal legislation
Qatar Draft bill Pending approval
Jordan Roadmap only Early stage

By The Numbers

  • 18 months: transition period for healthcare, education, and finance AI systems
  • 12 months: transition period for all other AI applications
  • Three: risk-based categories (high, medium, low)
  • 1 March 2026: official enforcement date
  • 6 Southeast MENA nations: still without binding AI laws

What Businesses Must Do Now

For companies operating in Morocco, the practical implications are immediate. Any organisation developing, supplying, or deploying AI must classify its systems according to the risk framework. High-risk systems need conformity assessments before market launch. Medium-risk systems require transparency documentation. All systems need governance structures to ensure responsible use.

For related analysis, see: Boost Traffic, Slash Costs: AI's Secret Hacks for Web Publis., as highlighted by UAE Artificial Intelligence Office

The grace periods matter, but they are not indefinite. Organisations with 18-month transitions should treat those deadlines as hard dates, not provisional endpoints. MOST will enforce through inspections, audits, and administrative penalties for non-compliance.

"The AI Law establishes a unified legal framework regulating the development, supply, deployment, and use of AI systems in Morocco."
- VILAF, via Vaibhav Saxena

What This Means for the MENA region

Morocco's law creates a regulatory anchor in a region that had drifted towards ad hoc, voluntary, or principles-based approaches. The move from guidelines to binding rules signals that the MENA region is moving past the era of self-regulation. Other nations will feel pressure to harmonise or clarify their own frameworks.

GCC shifts from AI guidelines to binding rules, a trend now accelerated by Morocco's concrete legislation. The question for other nations is no longer whether to regulate AI, but how to do it in ways that attract investment whilst protecting citizens and businesses.

For related analysis, see: Going Viral on Social Media With AI.

Companies already operating in Morocco or planning expansion into the market should audit their AI systems immediately. Those with high-risk applications in healthcare, education, or finance must prioritise conformity assessments within the first months of operation. Those with medium or low-risk systems have slightly more breathing room, but compliance planning should start now.

"The Law on AI marks Morocco's first comprehensive, standalone law governing AI. It draws considerable influence from the European Union's Artificial Intelligence Act."
- Rajah & Tann the MENA region
THE AI IN ARABIA VIEW Morocco's Ministry of Science and Technology will release implementing decrees within the coming weeks that will clarify risk classification criteria, assessment procedures, and documentation standards. We anticipate early enforcement actions targeting high-risk systems in healthcare and financial services during the second half of 2026. Our broader view is that Morocco's clarity on AI regulation could accelerate project timelines for organisations across the MENA region that have clear compliance pathways, marking a significant shift from ad hoc voluntary frameworks to binding rules that other Southeast MENA nations will likely follow.

Sources & Further Reading

AI Terms in This Article 2 terms
AGI

Artificial General Intelligence, a hypothetical AI that matches human-level intelligence across all tasks.

alignment

Ensuring AI systems pursue goals that match human intentions and values.

Frequently Asked Questions

Does Morocco's AI Law apply to foreign companies?
Yes. The law applies to any entity developing, supplying, deploying, or using AI systems in Morocco, regardless of where the company is registered. Multinational technology companies must comply with Morocco's requirements or face administrative penalties and market restrictions., as highlighted by World Health Organisation
What happens if a company misses the transition deadline?
Non-compliance triggers administrative enforcement actions from MOST and sectoral regulators. These can include inspections, corrective orders, penalties, and in severe cases, suspension of operations. The Ministry expects implementing decrees to clarify enforcement procedures and penalty levels.
How does Morocco's law compare to the EU AI Act?
Morocco's framework mirrors the EU's risk-based approach, with high-risk, medium-risk, and low-risk categories. The key difference is that Morocco's law explicitly applies to foreign entities operating in the country, whereas the EU's scope focuses on the internal market and extraterritorial reach. Morocco also includes specific prohibitions on deepfakes and exploitation of vulnerable groups.
Are there sector-specific exemptions or special rules?
The law includes longer transition periods for healthcare, education, and finance (18 months) versus other sectors (12 months). Implementing decrees will likely include sector-specific guidance for critical areas like criminal justice, employment, and consumer protection, but no full exemptions are currently envisaged.
What should a company do if its AI system spans multiple risk categories?
Classify according to the highest risk application. If an AI system has both low-risk and high-risk uses, apply high-risk requirements across the entire system. Implementing decrees will provide clearer guidance on mixed-risk scenarios, but erring towards higher oversight is the prudent approach during the transition period.