The Arabian Stories, 8 April 2026: Oman’s Ministry of Transport, Communications and Information Technology has issued a mandatory IT Risk Management Policy applicable to all government agencies, aimed at strengthening cyber resilience and protecting public digital assets.

The policy was introduced after the Ministry identified inconsistent IT risk oversight across government units. Previously, entities operated under fragmented practices, leading to varied levels of preparedness and potential vulnerabilities.

Under the new framework, all units of the State’s administrative apparatus—including contractors and IT service providers—must integrate IT risk management into their core operations. The policy requires entities to maintain documented risk registers, regularly conduct risk assessments, establish incident‑response and risk‑treatment plans, escalate high‑impact risks to senior leadership, and embed risk clauses in IT contracts.

For more news and content, try Lexis Middle East. Click on lexis.ae/demo to begin your free trial of Lexis® Middle East platform.

You can also explore the legal landscape by subscribing to our Weekly Newsletter.

Want to learn more about Lexis® Middle East? Visit https://www.lexis.ae/lexis-middle-east-law/.