Open Company Data in Saudi Arabia: Official Sources, APIs and Reuse Rights

Saudi Arabia has a serious official company-data ecosystem, but it should not be reduced to a simple list of companies. The right way to evaluate Saudi Arabia is to start with the official register, then add open-data, statistics, procurement, intellectual-property and regulator layers.

The strongest route is the Ministry of Commerce, Wathq API services, Wathq Commercial Registration API, Etimad procurement, GASTAT statistics, CMA, SAMA, ZATCA and WIPO IP context. That makes Saudi Arabia a high-value Gulf API-and-controlled-access source guide with explicit special-review caveats, but it does not remove the usual reuse checks: dataset terms, attribution, no-endorsement language, privacy, marketing-law boundaries and source freshness.

This guide maps the main official sources for company data in Saudi Arabia, explains what each source can and cannot do, and shows where a normalized CompaniesData-style dataset adds value.

The deeper question is not whether a source exists. The useful question is which source can be trusted for identity, which one proves events or filings, which one is usable at scale, which one is only a manual service, and which fields become legally sensitive once the data is reused commercially.

Quick Answer

Saudi Arabia is commercially important and source-rich, but it should be refreshed as a controlled-access source guide. Stable evidence exists through the Ministry of Commerce, Wathq API documentation, Etimad, GASTAT, CMA, SAMA, ZATCA and WIPO; several other useful portals remain held because current live checks time out or return 403.

For practical work, the most useful source stack is: Ministry of Commerce, Wathq API services, Wathq Commercial Registration API, Etimad, General Authority for Statistics, Capital Market Authority.

The safe editorial answer is this: Saudi Arabia has strong public and official business-data sources, but public data is not automatically bulk-downloadable, marketing-ready or free of personal-data constraints.

A serious Saudi Arabia dataset normally needs at least four layers: the legal register for entity identity, official publications or filings for change events, public procurement/regulator/IP/statistical sources for enrichment, and a separate compliance layer for privacy, contact-data use, suppression and lawful outreach.

Key Takeaways

• Best starting point: the Ministry of Commerce, Wathq API services, Wathq Commercial Registration API, Etimad procurement, GASTAT statistics, CMA, SAMA, ZATCA and WIPO IP context.
• Core source stack: Ministry of Commerce, Wathq API services, Wathq Commercial Registration API, Etimad, General Authority for Statistics, Capital Market Authority.
• Reuse rule: public visibility is not the same as bulk reuse, resale permission or marketing-contact permission.
• Buyer value: the useful dataset is the normalized, deduplicated and source-auditable version, not a raw list of portal links.
• Commercial separation: official company records, enriched company profiles and business contact data should remain separate layers with separate compliance notes.

Editorial Methodology

This article uses an official-source-first method. Sources are included when they help verify legal existence, public filings, procurement activity, taxpayer or identifier context, IP ownership, regulated status, statistics or lawful compliance context. Commercial providers and contact-data products are not used as authority for official reuse rights.

• Prefer the national registry, company house, gazette or official business-registration authority before any secondary source.
• Classify access as search, API, bulk download, paid extract, subscription, document workflow, data catalogue or unclear/manual access.
• Separate legal-entity data from establishment statistics, procurement suppliers, listed-company disclosures, tax identifiers and private contact data.
• Treat beneficial owners, officers, addresses, signatures, insolvency notices and sole-trader records as privacy-sensitive unless the source and law clearly support reuse.
• Hold or omit unstable source links when live QA shows 403, 429, 5xx, DNS, TLS or timeout behaviour that would create broken-link noise.

What Counts as Company Data in Saudi Arabia?

In Saudi Arabia, these layers should not be collapsed into one undifferentiated database. A registry result may prove legal existence, a procurement notice may prove public-sector activity, an IP record may prove brand or invention ownership, and a regulator list may prove supervision. Those are different facts with different update cycles, identifiers and reuse boundaries.

Reuse Rights and Compliance

Across jurisdictions, public-sector-information and open-data policies can support reuse of public-sector data, and high-value dataset rules increasingly treat company and company-ownership data as important public information. In practice, Saudi Arabia's actual reuse position still depends on each source, endpoint, licence and access method.

• Cite official sources and preserve update dates where the source provides them.
• Do not imply that a derived dataset is endorsed by the registry or public authority.
• Do not mix public register data with marketing-contact permission.
• Check whether API, bulk download, paid extract and web-search access have different terms.
• Treat officers, beneficial owners and natural-person data as GDPR-sensitive where applicable.

Refresh as a special-review controlled-access guide: Ministry of Commerce and Wathq API documentation support official commercial-register context, but do not claim complete free open bulk coverage. Preserve sanctions/export-control, privacy, API-contract, no-endorsement, marketing-contact and held-source caveats.

Coverage, Access and Update Risk

The most common mistake in Saudi Arabia company-data work is to confuse visibility with completeness. A public search screen can be authoritative for one entity lookup without being suitable for bulk ingestion. A downloadable dataset can be reusable for a defined snapshot while still excluding filings, documents, directors, inactive entities or historical changes.

• Coverage: identify whether the source covers companies, business names, branches, non-profits, sole traders, listed issuers, regulated entities or only a sector subset.
• Freshness: preserve the source update date and avoid mixing live portal results with old downloaded files without version labels.
• Identifiers: map registration numbers, tax identifiers, procurement supplier IDs, LEI records and exchange tickers as separate keys until verified.
• Language and formats: normalize local-language names, legal forms, transliteration, accents, abbreviations and address formats carefully.
• Operational access: document whether the workflow is public search, API, bulk file, paid extract, login-only service, PDF, CKAN/OData/SPARQL or manual request.

Reuse Checklist for Saudi Arabia

Special Review Clearance

Saudi Arabia is handled as a special-review refresh. The article is cleared only as an official-source guide with controlled-access, privacy, lawful-use and held-source caveats; it is not a clearance to publish sensitive personal data or a contact list.

• Sanctions Export Control: No broad automatic sanctions/export-control block identified for an editorial source guide, but operational users must screen counterparties, restricted parties, sectors and end-use before using any enriched dataset.
• Source Reliability: Refresh can rely on Ministry of Commerce, Wathq, Etimad, GASTAT, CMA, SAMA, ZATCA and WIPO links that returned clean HTTP responses in this run. Business.sa, open.data.gov.sa, SAIP direct and Saudi Exchange are held because current-node checks time out or return 403.
• Wartime Availability Safety: No active war-access blocker for the public sources checked, but service portals can enforce access controls, geofencing, login, rate limits or bot protection.
• Privacy Beneficial Ownership: Owners, managers, national identifiers, phone fields, addresses, tax data, procurement contacts and API payloads must be treated as privacy-sensitive and field-limited.
• Lawful Use: Public or API-visible company data is not marketing-contact permission and does not imply government endorsement of a derived CompaniesData product.
• Publication Clearance: Cleared only for refreshing the existing article with stable sources, held-source caveats, no complete-free-bulk claim and explicit contact-data separation. Not cleared for publishing sensitive personal data, beneficial-owner extracts or a Saudi contact list.

Held Sources Not Used as Public Links

These routes are commercially relevant, but they were deliberately held out of the public source matrix because the current live checks returned timeouts or 403 responses. They should be re-opened manually before any future operational ingestion claim.

• Saudi Business Center: held from public linking because connect_timeout_from_current_node; Hold as controlled workflow context; do not link publicly until live checks recover.
• Saudi Business Center open data: held from public linking because connect_timeout_from_current_node; Search/web cache indicates official open-data page exists, but direct QA times out; keep as held/manual confirmation, not a public source link.
• Saudi Open Data Portal: held from public linking because connect_timeout_from_current_node; Hold as national open-data context until direct live checks recover.
• Saudi Authority for Intellectual Property: held from public linking because connect_timeout_from_current_node; Use WIPO Saudi Arabia IP profile as stable high-quality IP context; keep SAIP direct link held.
• Saudi Exchange: held from public linking because 403_from_current_node; Do not link in the public source matrix; use CMA/SAMA for financial-regulator context unless browser/manual checks recover.

Resource Pack

Use this resource pack as a working map for verification, ingestion planning and source-risk review. The small source logos are decorative credibility cues only; the authority still comes from the official URL, owner, access model and reuse note.

Main Official Sources: Deep Dive

1. Ministry of Commerce

Owner: official registry authority. Access: https://mc.gov.sa/en/Pages/default.aspx.

• What it gives: Authority context for commercial registration and company services.
• Reuse value: official site and service terms
• Main limitation: Authority layer, not proof of unrestricted open bulk registry data.

Ministry of Commerce is a official registry authority source for Saudi Arabia. Its main practical value is Authority context for commercial registration and company services. Access is through https://mc.gov.sa/en/Pages/default.aspx, so the source should be treated according to that access model rather than assumed to be an unrestricted bulk feed.

For reuse, the working rule is: official site and service terms. The main limitation is Authority layer, not proof of unrestricted open bulk registry data. In a normalized company-data workflow this source should be captured with provenance, retrieval date, field-level caveats and a clear distinction between legal-entity facts, compliance signals and any later marketing/contact enrichment.

2. Wathq API services

Owner: official API / Ministry of Commerce service. Access: https://developer.wathq.sa/en/apis.

• What it gives: API discovery for official Saudi government and Ministry of Commerce data services.
• Reuse value: Wathq API terms / service terms
• Main limitation: API use is service-governed and may require credentials, contracts or field-level restrictions.

Wathq API services is a official API / Ministry of Commerce service source for Saudi Arabia. Its main practical value is API discovery for official Saudi government and Ministry of Commerce data services. Access is through https://developer.wathq.sa/en/apis, so the source should be treated according to that access model rather than assumed to be an unrestricted bulk feed.

For reuse, the working rule is: Wathq API terms / service terms. The main limitation is API use is service-governed and may require credentials, contracts or field-level restrictions. In a normalized company-data workflow this source should be captured with provenance, retrieval date, field-level caveats and a clear distinction between legal-entity facts, compliance signals and any later marketing/contact enrichment.

3. Wathq Commercial Registration API

Owner: official API / Ministry of Commerce service. Access: https://developer.wathq.sa/en/api/31.

• What it gives: Commercial-registration API context for registered businesses in Saudi Arabia.
• Reuse value: Wathq API terms / Ministry of Commerce service terms
• Main limitation: Official API access is not the same as a complete free bulk dataset or marketing-contact permission.

Wathq Commercial Registration API is a official API / Ministry of Commerce service source for Saudi Arabia. Its main practical value is Commercial-registration API context for registered businesses in Saudi Arabia. Access is through https://developer.wathq.sa/en/api/31, so the source should be treated according to that access model rather than assumed to be an unrestricted bulk feed.

For reuse, the working rule is: Wathq API terms / Ministry of Commerce service terms. The main limitation is Official API access is not the same as a complete free bulk dataset or marketing-contact permission. In a normalized company-data workflow this source should be captured with provenance, retrieval date, field-level caveats and a clear distinction between legal-entity facts, compliance signals and any later marketing/contact enrichment.

4. Etimad

Owner: official procurement. Access: https://www.etimad.sa/.

• What it gives: Supplier, tender and public-contract enrichment.
• Reuse value: Etimad terms
• Main limitation: Procurement subset only; login redirects may apply.

Etimad is a official procurement source for Saudi Arabia. Its main practical value is Supplier, tender and public-contract enrichment. Access is through https://www.etimad.sa/, so the source should be treated according to that access model rather than assumed to be an unrestricted bulk feed.

For reuse, the working rule is: Etimad terms. The main limitation is Procurement subset only; login redirects may apply. In a normalized company-data workflow this source should be captured with provenance, retrieval date, field-level caveats and a clear distinction between legal-entity facts, compliance signals and any later marketing/contact enrichment.

5. General Authority for Statistics

Owner: official statistics. Access: https://www.stats.gov.sa/en.

• What it gives: Business, economic and market statistical context.
• Reuse value: GASTAT terms
• Main limitation: Aggregate/statistical layer, not a company-level registry file.

General Authority for Statistics is a official statistics source for Saudi Arabia. Its main practical value is Business, economic and market statistical context. Access is through https://www.stats.gov.sa/en, so the source should be treated according to that access model rather than assumed to be an unrestricted bulk feed.

For reuse, the working rule is: GASTAT terms. The main limitation is Aggregate/statistical layer, not a company-level registry file. In a normalized company-data workflow this source should be captured with provenance, retrieval date, field-level caveats and a clear distinction between legal-entity facts, compliance signals and any later marketing/contact enrichment.

6. Capital Market Authority

Owner: regulator. Access: https://cma.gov.sa/en/Pages/default.aspx.

• What it gives: Capital-market regulated-entity, issuer and disclosure context.
• Reuse value: CMA terms
• Main limitation: Regulated/listed subset only.

Capital Market Authority is a regulator source for Saudi Arabia. Its main practical value is Capital-market regulated-entity, issuer and disclosure context. Access is through https://cma.gov.sa/en/Pages/default.aspx, so the source should be treated according to that access model rather than assumed to be an unrestricted bulk feed.

For reuse, the working rule is: CMA terms. The main limitation is Regulated/listed subset only. In a normalized company-data workflow this source should be captured with provenance, retrieval date, field-level caveats and a clear distinction between legal-entity facts, compliance signals and any later marketing/contact enrichment.

7. Saudi Central Bank

Owner: regulator. Access: https://www.sama.gov.sa/en-US.

• What it gives: Banking, insurance and financial-sector context.
• Reuse value: SAMA terms
• Main limitation: Sector-specific.

Saudi Central Bank is a regulator source for Saudi Arabia. Its main practical value is Banking, insurance and financial-sector context. Access is through https://www.sama.gov.sa/en-US, so the source should be treated according to that access model rather than assumed to be an unrestricted bulk feed.

For reuse, the working rule is: SAMA terms. The main limitation is Sector-specific. In a normalized company-data workflow this source should be captured with provenance, retrieval date, field-level caveats and a clear distinction between legal-entity facts, compliance signals and any later marketing/contact enrichment.

8. Zakat, Tax and Customs Authority

Owner: identifier/tax. Access: https://zatca.gov.sa/en/Pages/default.aspx.

• What it gives: Tax, VAT and compliance context for known entities.
• Reuse value: ZATCA terms and privacy notices
• Main limitation: Service/guidance layer, not a reusable company dataset and not marketing permission.

Zakat, Tax and Customs Authority is a identifier/tax source for Saudi Arabia. Its main practical value is Tax, VAT and compliance context for known entities. Access is through https://zatca.gov.sa/en/Pages/default.aspx, so the source should be treated according to that access model rather than assumed to be an unrestricted bulk feed.

For reuse, the working rule is: ZATCA terms and privacy notices. The main limitation is Service/guidance layer, not a reusable company dataset and not marketing permission. In a normalized company-data workflow this source should be captured with provenance, retrieval date, field-level caveats and a clear distinction between legal-entity facts, compliance signals and any later marketing/contact enrichment.

9. WIPO Saudi Arabia IP profile

Owner: high-quality international IP source. Access: https://www.wipo.int/en/web/country-profiles/SA.

• What it gives: IP-office, trademark, patent and design context when the SAIP site is not stable from this node.
• Reuse value: WIPO terms
• Main limitation: Context/enrichment layer, not a Saudi company register.

WIPO Saudi Arabia IP profile is a high-quality international IP source source for Saudi Arabia. Its main practical value is IP-office, trademark, patent and design context when the SAIP site is not stable from this node. Access is through https://www.wipo.int/en/web/country-profiles/SA, so the source should be treated according to that access model rather than assumed to be an unrestricted bulk feed.

For reuse, the working rule is: WIPO terms. The main limitation is Context/enrichment layer, not a Saudi company register. In a normalized company-data workflow this source should be captured with provenance, retrieval date, field-level caveats and a clear distinction between legal-entity facts, compliance signals and any later marketing/contact enrichment.

Practical Options

Official open-data or API route

Start with the Ministry of Commerce and Wathq API documentation for commercial-registration authority and API mechanics, then use Etimad, GASTAT, CMA, SAMA, ZATCA and WIPO for procurement, statistics, regulator, tax and IP enrichment. Treat Saudi Business Center, the national open-data portal, SAIP direct and Saudi Exchange as held/manual routes until direct live checks recover.

For production use, treat this route as an ingestion plan rather than a single download. Start with the official registry or data catalogue, keep raw source snapshots, record access terms, then add enrichment sources one by one with field-level provenance.

Manual verification and document route

Some countries expose important company facts through certificates, PDF filings, gazette notices, paid extracts or login-based services. Those sources can be valuable, but they should be documented as controlled workflows. Do not describe them as open APIs or bulk datasets unless the authority clearly publishes that access model.

Contact-data and marketing-list route

For sales outreach, company identity data is only the first layer. Business emails, phone numbers, contact roles, suppression logic and segmentation require a separate compliant contact-data process. That layer should be documented separately from official registry reuse.

Private reports and risk products

Private company-report providers can be useful for manual due diligence in Saudi Arabia, but the editorial focus here is not a directory of competitors. The strategic value is understanding which official sources exist and where normalization is required.

If a user needs CRM-ready company records, the practical path is to combine official-source provenance with enrichment, deduplication, quality checks and lawful delivery controls. That is different from buying a generic lead list: the official-source layer explains what can be verified, while the commercial dataset layer explains how the records can be used operationally.

What Is Missing from Official Open Data?

• Do not claim a complete free official bulk Saudi Arabia company-register file unless a current official dataset proves that exact scope and reuse right.
• Wathq and other official API routes are service-governed; API visibility is not unrestricted scraping, resale or open bulk permission.
• Saudi Business Center, Saudi Business Center open data, open.data.gov.sa, SAIP direct and Saudi Exchange are not used as public article links in this refresh because current-node checks time out or return 403.
• Owners, managers, national identifiers, phone fields, addresses, procurement contacts, tax records and API payloads must be treated as privacy-sensitive and field-limited.
• Procurement, tax, regulator, exchange, statistics and IP sources are enrichment layers, not a universal legal-entity master file.
• Public registry, API, tax, procurement, officer, address or regulated-entity records are not marketing-contact consent.
• Business emails, phone numbers and CRM-ready contact fields require a separate lawful contact-data workflow through CompaniesData.cloud.
• Operational use requires sanctions/export-control, restricted-party, sector and end-use screening before delivery of an enriched dataset.

This is why company-data products often add value even when the underlying public sources are strong: official data is frequently split across authorities, formats, languages, identifiers and access models.

Missing data should be treated explicitly in the dataset design. If an official source lacks bulk downloads, CompaniesData should not pretend that the bulk file exists; it should record the source limitation, add alternate official enrichment where lawful, and expose confidence fields so users know which attributes came from which layer.

Recommended Data Model

A practical CompaniesData-style model for Saudi Arabia should keep source evidence and commercial-use fields separate. The core table should hold legal entity identity, status, registration identifiers, legal form, jurisdiction, registered address and source dates. Separate enrichment tables can then store procurement awards, IP assets, regulator status, listed-company signals, LEI matches, sanctions/compliance hits and statistics-sector context.

• Entity identity: legal name, normalized name, registration number, jurisdiction, legal form and lifecycle status.
• Source provenance: source URL, authority, retrieval date, access method, licence/reuse note and confidence flag.
• Event history: incorporation, amendments, filings, gazette notices, insolvency or dissolution where legally public.
• Enrichment: procurement, IP, regulator, exchange, LEI and official statistics layers with their own source dates.
• Commercial delivery: CRM-ready exports, segmentation and contact-data fields only when a separate lawful basis and suppression workflow exist.

How CompaniesData Adds Value

For Saudi Arabia, CompaniesData's role is to turn fragmented source material into a usable business dataset: normalized company names, deduplicated entities, consistent country and activity fields, source provenance, update tracking and enrichment hooks.

• Normalize register identifiers and legal names.
• Match official company records with procurement, IP, LEI and regulator signals.
• Flag source provenance so every derived profile can be audited.
• Separate company identity from contact-data and marketing-permission layers.
• Package data for analysis, CRM enrichment and market research instead of forcing users to parse portals manually.

For Saudi Arabia, the editorial value of CompaniesData is not claiming that every record is open or that every field can be reused without conditions. The value is the opposite: making source boundaries visible, normalizing messy records, adding explainable enrichment and delivering a dataset that users can audit instead of a black-box scrape.

Request a CompaniesData sample for Saudi Arabia if you need a practical dataset rather than a list of source portals.

Source Matrix

Source	Owner	What it gives	Reuse value	Limitations
Ministry of Commerce	official registry authority	Authority context for commercial registration and company services.	official site and service terms	Authority layer, not proof of unrestricted open bulk registry data.
Wathq API services	official API / Ministry of Commerce service	API discovery for official Saudi government and Ministry of Commerce data services.	Wathq API terms / service terms	API use is service-governed and may require credentials, contracts or field-level restrictions.
Wathq Commercial Registration API	official API / Ministry of Commerce service	Commercial-registration API context for registered businesses in Saudi Arabia.	Wathq API terms / Ministry of Commerce service terms	Official API access is not the same as a complete free bulk dataset or marketing-contact permission.
Etimad	official procurement	Supplier, tender and public-contract enrichment.	Etimad terms	Procurement subset only; login redirects may apply.
General Authority for Statistics	official statistics	Business, economic and market statistical context.	GASTAT terms	Aggregate/statistical layer, not a company-level registry file.
Capital Market Authority	regulator	Capital-market regulated-entity, issuer and disclosure context.	CMA terms	Regulated/listed subset only.
Saudi Central Bank	regulator	Banking, insurance and financial-sector context.	SAMA terms	Sector-specific.
Zakat, Tax and Customs Authority	identifier/tax	Tax, VAT and compliance context for known entities.	ZATCA terms and privacy notices	Service/guidance layer, not a reusable company dataset and not marketing permission.
WIPO Saudi Arabia IP profile	high-quality international IP source	IP-office, trademark, patent and design context when the SAIP site is not stable from this node.	WIPO terms	Context/enrichment layer, not a Saudi company register.

Saudi Arabia has a strong official source stack for a deep refresh when unstable links are held: Ministry of Commerce for registry authority, Wathq for API documentation, Etimad for procurement, GASTAT for statistics, CMA/SAMA for regulated entities, ZATCA for tax-service context and WIPO for IP context. The article must clearly separate official source evidence from complete bulk claims, sensitive personal fields and marketing/contact-data use.

FAQ

Is there a single free official bulk company database for Saudi Arabia?

Not always. Saudi Arabia has official company-data sources, but bulk access, API access, paid extracts and web search can be separate products. Do not assume a complete free bulk file unless the specific source proves it.

What is the best first source for Saudi Arabia company data?

The best first source is the Ministry of Commerce, Wathq API services, Wathq Commercial Registration API, Etimad procurement, GASTAT statistics, CMA, SAMA, ZATCA and WIPO IP context. It should then be combined with statistics, procurement, IP and regulator sources.

Can public company data be reused commercially?

Often yes, but only under the conditions of the specific source. Attribution, update-date preservation, no-endorsement wording and GDPR controls may apply.

Can I use registry data for cold email marketing?

No automatic conclusion follows from public registry access. Marketing requires a separate lawful basis, suppression handling and contact-data compliance review.

Why use CompaniesData instead of manually collecting Saudi Arabia sources?

Manual collection is slow because identifiers, formats, languages and coverage differ by source. CompaniesData adds normalization, matching, deduplication, provenance and practical delivery formats.

How often should Saudi Arabia company data be refreshed?

Refresh cadence depends on the source. Registry searches and APIs can support frequent checks, while gazettes, procurement portals, statistical releases and paid extracts may update on different schedules. A reliable dataset should store retrieval dates and source-specific update notes.

What should be audited before publishing or selling an enriched dataset?

Audit source authority, licence terms, personal-data exposure, contact-data lawful basis, field provenance, suppression rules, update dates and whether any official source prohibits automated reuse or resale.

Sources

• Ministry of Commerce – official registry authority
• Wathq API services – official API / Ministry of Commerce service
• Wathq Commercial Registration API – official API / Ministry of Commerce service
• Etimad – official procurement
• General Authority for Statistics – official statistics
• Capital Market Authority – regulator
• Saudi Central Bank – regulator
• Zakat, Tax and Customs Authority – identifier/tax
• WIPO Saudi Arabia IP profile – high-quality international IP source