Why NDAA matters in KSA (and why your old cameras might be a liability)
NDAA Section 889 — the U.S. National Defense Authorization Act provision that prohibits federal procurement of certain Chinese-manufactured surveillance equipment — has reshaped the global CCTV supplier landscape since 2019. Even in Saudi Arabia, where NDAA isn’t directly enforced, its impact is significant. Multinational corporations operating in KSA, hotel brands managed under U.S. or international flags, and any organisation in the supply chain of NDAA-restricted entities face indirect compliance pressure.
The result: NDAA-compliant cameras have become the de facto enterprise procurement standard in Saudi Arabia, even where local regulations don’t mandate them. If your CCTV estate predates 2020-2021, it likely contains equipment that’s now restricted by your stakeholders.
What NDAA Section 889 actually says
Section 889 prohibits U.S. federal agencies and federal contractors from using equipment from specified Chinese manufacturers — most notably Hikvision, Dahua, and their subsidiaries — including for video surveillance. The prohibition extends to companies receiving federal funding and to contractors supplying to those entities.
For Saudi Arabia specifically: directly enforceable on U.S. government and U.S.-affiliated entities operating in KSA, indirectly relevant to multinational corporations with U.S. operations, increasingly required by international hotel brands and global enterprises operating in the Kingdom.
HCIS site security requirements layered on top
Saudi Arabia’s High Commission for Industrial Security (HCIS) regulates CCTV at industrial sites — petrochemicals, energy, sensitive industrial facilities. HCIS specifications include camera type requirements, coverage standards, recording retention, monitoring capabilities, and equipment approval lists. NDAA compliance has been incorporated into HCIS-equivalent specifications for many high-security sites.
If your facility falls under HCIS regulation, NDAA-equivalent compliance is effectively mandatory.
Insurance carrier requirements you might not know about
Insurance carriers serving the Saudi market — particularly those underwriting larger commercial properties, retail, and hospitality — increasingly require specific CCTV coverage standards as part of policy terms. Coverage requirements typically include: defined camera coverage at all entry/exit points, retention duration, recording quality benchmarks, integration with intrusion detection, and equipment from approved manufacturers (which now typically excludes NDAA-restricted brands).
Review your insurance policy schedules. The CCTV requirements may have updated since the policy was originally negotiated, and non-compliance during a claim is an expensive surprise.
Brand standards (hospitality, retail, banking)
International hospitality brands operating in Saudi Arabia have updated their brand-standard CCTV requirements to align with NDAA-compliant manufacturers. Marriott, Hilton, Hyatt, IHG, Accor — all major international hotel brands now specify NDAA-compliant CCTV in their brand technical standards. Pre-opening audits will check for compliance.
Retail brands (department stores, branded outlets) operating in Saudi Arabia under international flags face similar requirements. Banking compliance — particularly for branches operating in audit-rigorous regulatory environments — also increasingly excludes NDAA-restricted equipment.
Approved manufacturers — Hanwha, Axis, Bosch, Avigilon, etc.
The approved-manufacturer landscape for NDAA-compliant CCTV in Saudi Arabia includes: Hanwha Vision (formerly Samsung Techwin) — broad portfolio with strong Saudi presence. Axis Communications — premium IP camera leader, deep enterprise integration. Bosch Security — robust enterprise and industrial portfolio. Avigilon (Motorola Solutions) — strong VMS integration with Avigilon Control Center. i-PRO (formerly Panasonic Security) — enterprise-grade IP and analytics. FLIR/Teledyne — thermal imaging and specialised industrial. Pelco (Motorola Solutions) — industrial-grade and broadcast quality.
Each has strengths in particular segments. The right choice depends on your VMS, integration requirements, and use case profile.
Auditing your existing estate — a 4-step process
Step 1 — inventory: catalogue every camera by manufacturer, model, and serial number. Most organisations are surprised by what’s actually deployed once an inventory is conducted.
Step 2 — identify restricted equipment: cross-reference against current NDAA prohibition lists, your insurance carrier’s requirements, and any brand standards applicable.
Step 3 — risk assessment: which restricted equipment is in customer-facing or audit-visible locations vs back-of-house only.
Step 4 — remediation plan: phased replacement, prioritising by risk and lifecycle. Cameras at end-of-life refresh first; mid-lifecycle equipment next; recently-purchased equipment last.
Migration paths from prohibited equipment
Phased replacement is almost always the right approach — full estate replacement in a single project rarely fits budget cycles. Typical phasing: 25% replacement per quarter over 12 months for high-risk locations, opportunistic replacement at lifecycle end for lower-risk locations. New deployments should default to NDAA-compliant from procurement decision onwards.
Many organisations use the upgrade as an opportunity to also upgrade VMS, expand analytics capabilities, and improve coverage gaps surfaced by the inventory exercise.
For an NDAA-compliance audit of your existing CCTV estate, book a CCTV discovery call. We deliver a written compliance gap report with phased remediation costs. Pair CCTV with structured cabling, networking services, and cyber security for an integrated physical and logical security programme.
