Read Every Page. Flag Every Risk.
Security Tenders in Riyadh.

The State of Security Procurement in Riyadh

Updated 15 May 2026

## Gemini-Extracted Compliance Matrices for High Commission for Industrial Security (HCIS) RFPs

When downloading a 400-page physical security infrastructure RFP from the Etimad portal, tender writers immediately face the challenge of mapping High Commission for Industrial Security (HCIS) directives. Lucius AI deploys a Gemini-extracted compliance matrix to parse complex PDF specifications, isolating mandatory SEC-01 to SEC-19 security requirements from standard commercial terms. For a recent 50,000,000 SAR perimeter security upgrade at King Khalid International Airport, the system automatically mapped 342 distinct technical requirements against the Saudi Civil Aviation Holding Company (MATARAT) evaluation criteria. This extraction engine identifies specific hardware certifications required by the National Cybersecurity Authority (NCA), ensuring the bid team addresses every Essential Cybersecurity Controls (ECC-1:2018) mandate. The Gemini-extracted compliance matrix also isolates the Saudi Building Code (SBC) fire and life safety requirements, ensuring the proposed perimeter fencing does not violate SBC 801 regulations. By utilizing the Files API caching mechanism, the platform retains the entire Ministry of Transport and Logistic Services tender pack in memory, allowing writers to instantly query specific HCIS SAF-04 fire protection clauses without re-parsing the source documents. The resulting matrix directly links each Ministry of Interior mandate to the exact page and paragraph in the bidder's response template.

## Detecting Indemnity Asymmetry and Penalty Clauses Under the Government Tenders and Procurement Law

Navigating the strict liability frameworks within the Government Tenders and Procurement Law requires precise identification of non-standard penalty clauses hidden deep within the Ministry of Finance standard contract templates. Lucius AI executes automated risk flag detection to highlight indemnity asymmetry, specifically scanning for deviations from the standard 10% maximum delay penalty cap mandated by Article 71 of the GTPL. During a 15,500,000 SAR manned guarding procurement for the Ministry of Municipal and Rural Affairs and Housing (MOMRAH), the system flagged a bespoke liquidated damages clause imposing a 5,000 SAR daily fine for biometric attendance system failures. By analyzing the Ministry of Finance's Unified Contract for Operation and Maintenance, the AI engine cross-references the proposed Ministry of Human Resources and Social Development (MHRSD) labor compliance terms against the buyer's specific SLA definitions, isolating uninsurable risks related to third-party liability. Tender writers receive a detailed risk register that pinpoints exact contractual anomalies within the General Directorate of Civil Defense draft agreement, enabling the legal team to draft targeted clarification questions before the Etimad portal Q&A deadline expires.

## Deep Think Contradiction Audits Across Ministry of Defense Security Specifications

Large-scale defense procurements frequently contain conflicting technical specifications spread across the Instructions to Bidders (ITB), the Scope of Work (SOW), and the Ministry of Defense Standard Public Works Contract. Lucius AI utilizes a Deep Think contradiction audit to systematically compare the Royal Saudi Air Force's physical access control requirements against the accompanying IT infrastructure appendices. In a recent 120,000,000 SAR base security modernization tender, the audit engine discovered a critical discrepancy where the SOW demanded Tier IV data center redundancy for the CCTV storage arrays, while the pricing schedule only allowed for Tier III power distribution units. The system maps these contradictions against the Saudi Standards, Metrology and Quality Organization (SASO) guidelines referenced in the main RFP body, highlighting exactly where the buyer's stated ISO 27001 compliance requirements clash with their specified hardware bill of materials. This clause-vs-clause contradiction audit ensures tender writers do not commit to mutually exclusive Service Level Agreements within the General Authority for Military Industries (GAMI) localized manufacturing mandates, specifically regarding the mandatory 50% local content threshold required by the Local Content and Government Procurement Authority (LCGPA).

## Drafting Technical Responses Using File Search Citations from Past Presidency of State Security Wins

Constructing a compelling methodology for critical national infrastructure requires precise alignment with the Presidency of State Security's operational protocols and the National Cybersecurity Authority's (NCA) Cloud Cybersecurity Controls (CCC-1:2020). Lucius AI powers draft generation grounded in the bidder's past won responses, utilizing File Search citations across the bid library to pull exact deployment schedules and risk mitigation plans from previously successful Ministry of Interior submissions. For an 85,000,000 SAR biometric access control deployment targeting the National Information Center (NIC), the platform synthesized a localized project management plan by extracting the exact Saudi Council of Engineers (SCE) certification matrices used in a winning 2022 bid. The Files API caching ensures that the AI model references the most current Saudi Data and Artificial Intelligence Authority (SDAIA) data sovereignty compliance narratives stored in the corporate repository. Every generated paragraph includes a direct citation to the source document, allowing the tender writer to verify that the proposed incident response times match the historical Service Level Agreements approved by the Saudi Arabian National Guard (SANG).

## Etimad Portal Submission Readiness and ZATCA Certificate Validation

The final hurdle before uploading a completed response to the Etimad portal involves a rigorous verification of all mandatory administrative attachments required by the National Center for Government Resources Systems (NCGR). Lucius AI performs a comprehensive submission readiness check against the buyer's stated rules, cross-referencing the final bid package against the Ministry of Investment of Saudi Arabia (MISA) licensing requirements. During a 30,000,000 SAR crowd management and event security contract for Riyadh Season via the General Entertainment Authority (GEA), the system verified the inclusion and validity dates of the Zakat, Tax and Customs Authority (ZATCA) certificate, the General Organization for Social Insurance (GOSI) compliance letter, and the Saudization (Nitaqat) platinum status certificate. The platform audits the pricing schedules to ensure all line items include the mandatory 15% Value Added Tax (VAT) as stipulated by the Saudi Ministry of Finance guidelines. This automated verification confirms that the bank guarantee for the 1% initial bid bond matches the exact wording required by the Saudi Central Bank (SAMA) standard templates, preventing technical disqualification during the public bid opening session managed by the General Court of Audit (GCA).

Bidders into Riyadh security contracts compete under Etimad and the Government Tenders and Procurement Law. Sector-specific compliance bars include SIA licensing, BS 7858 vetting, Approved Contractor Scheme (ACS) and PSI Act compliance — Lucius AI maps each one to your response with a page-cited audit trail, so legal review reads as fast as engineering review.