We, Haitham bin Tarik, the Sultan of Oman
after perusal of the Basic Statute of the State,
the Police Law promulgated by Royal Decree 35/90,
the Cybercrime Law promulgated by Royal Decree 12/2011,
the Statistics and Information Law promulgated by Royal Decree 55/2019,
and Royal Decree 51/2024 Establishing the National Records Centre and Determining Its Competences,
and in pursuance of public interest,
have decreed as follows
Article I
The attached National Records Law hereby applies.
Article II
The Inspector General of Police and Customs shall issue the executive regulation of the attached law after the approval of the Council of Ministers, and until it is issued, the existing regulations and decisions continue to operate to the degree that they do not contradict with the provisions of the attached law.
Article III
All that is contrary to the attached law, or in conflict with its provisions, is hereby repealed.
Article IV
This decree must be published in the Official Gazette, and comes into force on the day following the date of its publication.
Issued on: 1 Jumada Al-Awwal 1446
Corresponding to: 3 November 2024
Haitham bin Tarik
Sultan of Oman
The National Records Law
Chapter One
Definitions and General Provisions
Article 1
In the application of the provisions of this law, the following words and phrases have the meaning assigned to each of them, unless the context requires otherwise:
1. Centre:
The National Records Centre in the Royal Oman Police.
2. Relevant entities:
The entities stipulated in article 2 of this law.
3. Competent entities:
The units of the administrative apparatus of the state and other public legal persons relating to information technology and cyber defence.
4. National records:
The database established by the centre that includes all data produced or possessed by the relevant entities and provided to the centre, as well as the information resulting from its processing.
5. Data:
A set of letters, words, numbers, symbols, pictures, or signs relating to variables relating to economic, population, social, technical, cultural, environmental, and other dimensions.
6. Information:
A dataset that has been processed.
7. Securing national records:
Technical measures that maintain the confidentiality, safety, unity, and integration of data and information.
8. Electronic breach:
Unauthorised access to national records for the purpose of accessing, deleting, altering, modifying, defacing, corrupting, duplicating, destroying, publishing, or republishing data and information.
9. Regulation:
The executive regulation of this law.
Article 2
The provisions of this law apply to the following entities:
1. Units of the administrative apparatus of the state and other public legal persons, including the Central Bank of Oman.
2. Companies whose capital is wholly owned by the state or in which the state has a shareholding of more than 40% (forty percent).
3. Establishments and companies that have been granted by the state a concession or licence to manage or exploit a natural resource or a public utility in accordance with the controls specified by the centre.
The data of military and security services that the National Security Council deems confidential are exempt from the application of the provisions of this law.
Article 3
The centre shall coordinate with the Ministry of Transport, Communications, and Information Technology in aspects relating to government digital transformation within the scope of application of the provisions of this law.
Article 4
The data and information produced or held by the relevant entities are not considered confidential towards the centre.
Article 5
The regulation must specify the list of data sources and the structure of each source, as well as the charge for the services provided by the centre after the approval of the Ministry of Finance.
Chapter Two
Obligations and Rights of the Relevant Entities
Article 6
The relevant entities shall provide the centre with the structure of all data they produce or possess in the manner specified by the regulation.
Article 7
The relevant entities shall notify the centre in advance, whenever it is necessary to suspend, modify, update, or re-structure the systems of the data they produce or possess, or to carry out additional collection operations.
Article 8
The relevant entities shall ensure the immediate and direct flow of the data they produce or possess electronically to the centre in accordance with its latest update. In the event that this is not possible, they shall provide the centre with it using traditional methods, and without financial charge in both cases.
Article 9
The relevant entities shall specify an administrative division in its organisational structure that is competent to coordinate with the centre. The head of this division is responsible for ensuring that those entities implement their obligations stipulated in this law.
Article 10
The relevant entities shall, when collecting the data they produce or possess, take into account its accuracy, completeness, appropriateness of its structure, the reliability of its source, ensuring its readiness for flow, updating it continuously, and other data quality standards, in accordance with the policies and controls adopted in this regard.
Article 11
The centre may request, as it deems fit, from the relevant entities to provide it with other data they produce or possess, such as digital data, papers, documents, records, books, maps, charts, drawings, photographs, video films, and audio recordings of any kind.
Article 12
The relevant entities shall make use of national records to achieve integration and exchange of data in accordance with the conditions, controls, and procedures specified by the regulation.
Article 13
The centre may reject the request of the relevant entities stipulated in article 2(1) of this law to benefit from national records, in any of the following cases:
1. The lack of competence of the relevant entity to access the requested data.
2. The existence of legal restrictions on sharing data.
3. The failure of the relevant entity to meet the technical and security standards for data exchange.
The centre may also reject the request of other relevant entities stipulated in the same article without giving reasons.
Article 14
The relevant entity benefiting from the national records data and information shall not make such data or information available to any other entity, except after the approval of the centre.
Chapter Three
Preservation of National Records
Article 15
The centre shall secure and preserve national records against any electronic breach, in coordination with the competent entities.
Article 16
The competent entities shall cooperate with the centre to put in place appropriate technical measures to ensure the efficiency, safety, and security of national records.
Article 17
The data and information of national records are deemed confidential, without prejudice to the provisions of article 12 of this law.
Chapter Four
Punishments
Article 18
Without prejudice to any punishment more severe stipulated in any other law, whoever commits any of the following acts must be punished by a fine no less than 300 (three hundred) Rial Omani and not exceeding 500 (five hundred) Rial Omani:
1. Deliberately refrains from providing the centre with the requested data.
2. Knowingly provides the centre with outdated or incomplete data.
3. Divulges information relating to his work in the centre or relating to national records, even after the end of his service.