NCA ECC-2:2024: The 108 Controls Your AI Vendor Must Meet

What ECC-2:2024 Is and Who It Applies To

The National Cybersecurity Authority's Essential Cybersecurity Controls, second edition (ECC-2:2024), is a mandatory framework applying to all government entities and critical national infrastructure operators in Saudi Arabia, with significant implications for any private sector organization that processes data on behalf of or in connection with those entities. The framework supersedes ECC-1:2018 and introduces 108 controls across five domains, with several additions that directly affect AI systems and the vendors that supply them.

The critical point for procurement is this: NCA holds the entity — not the vendor — responsible for ensuring that vendor-operated systems comply with ECC-2:2024. Contractual delegation of responsibility to a vendor does not transfer the regulatory exposure. If your AI vendor fails a control, the compliance gap belongs to your organization.

The Five Domains and Their AI Relevance

ECC-2:2024 organizes its 108 controls across five domains:

• Cybersecurity Governance (Domain 1): Covers policies, roles, and accountability structures. For AI procurement, this means organizations must have a defined AI security policy, assign ownership of AI risk, and include AI systems in their cybersecurity risk register. Vendors must demonstrate that their AI products fall within a documented security governance structure.
• Cybersecurity Defense (Domain 2): The largest domain, covering asset management, identity and access management, data protection, cryptography, physical security, email and web protection, and vulnerability management. AI systems introduce specific exposures: model weights are assets that require classification and protection; API access to AI services requires privileged access controls; training data pipelines require data protection controls equivalent to production systems.
• Cybersecurity Resilience (Domain 3): Addresses business continuity, disaster recovery, and backup. AI vendors must demonstrate that model availability, inference infrastructure, and fine-tuning environments are covered by resilience plans that meet NCA's recovery time and recovery point objectives.
• Third-Party and Cloud Cybersecurity (Domain 4): This domain is the most directly relevant to AI procurement. It requires that organizations assess vendor cybersecurity posture before engagement, include cybersecurity requirements in contracts, monitor ongoing vendor compliance, and conduct periodic reassessments. For AI vendors specifically, this includes evaluating the security of training infrastructure, the provenance of training data, and the controls applied to model output logging.
• Industrial Control Systems Security (Domain 5): Applies primarily to operational technology environments. Organizations using AI for industrial process monitoring, predictive maintenance, or critical infrastructure management must assess whether their AI deployments fall within the scope of Domain 5 controls.

The AI-Specific Controls

ECC-2:2024 introduces controls not present in the first edition that specifically address the risks associated with AI and machine learning systems. These include requirements for:

• Logging and monitoring of AI model inputs and outputs for anomaly detection and forensic purposes
• Access controls on model training environments, fine-tuning pipelines, and inference APIs
• Data lineage documentation for training datasets, including provenance and consent verification where personal data is involved
• Adversarial robustness testing for AI systems deployed in security-relevant or high-stakes decision-making contexts
• Incident response procedures specific to AI system compromise, including model poisoning and prompt injection scenarios

What a Compliant AI Procurement Process Looks Like

A procurement process that satisfies ECC-2:2024 obligations requires more than a vendor security questionnaire. Before contract execution, the procuring organization must:

• Obtain evidence of the vendor's cybersecurity certification or assessment against ECC-2:2024 or an accepted equivalent
• Review the vendor's data processing and model hosting architecture to verify Domain 2 and Domain 4 controls are implemented
• Ensure the contract includes explicit cybersecurity obligations, audit rights, breach notification timelines, and data return or destruction provisions
• Conduct a risk assessment that classifies the AI system according to the sensitivity of data it will process and the criticality of decisions it will influence
• Define monitoring and reassessment cadences in the vendor management program

Common Failures in AI Vendor Due Diligence

Assessment experience across Saudi organizations identifies several recurring deficiencies:

• Treating AI vendor onboarding as an IT procurement exercise rather than a cybersecurity compliance obligation
• Accepting SOC 2 or ISO 27001 certifications as evidence of ECC-2:2024 compliance without mapping the control sets
• Failing to include AI-specific controls in vendor contracts — particularly logging, audit rights, and incident notification
• Not reassessing vendor compliance when the vendor updates its AI models, infrastructure, or subprocessors
• Assuming that cloud-hosted AI services inherit the cloud provider's NCA compliance posture, when in fact the application layer controls remain the organization's responsibility

The 108 controls are not a ceiling — they are a floor. Organizations in regulated sectors or those processing sensitive personal data will need to apply additional controls beyond the ECC-2:2024 baseline.