NCA Compliance and PDPL: What Saudi enterprises need from software vendors. This article covers the National Cybersecurity Authority (NCA) Essential Cybersecurity Controls (ECC-1:2018), Personal Data Protection Law (PDPL) requirements, Saudi data residency obligations, and the key questions procurement teams must ask software vendors. Topics include: data localisation requirements, cybersecurity control verification, vendor compliance assessment frameworks, and how to evaluate performance management platforms against NCA and PDPL standards.