If you know DiliTrust, you know that being close to our clients has been a priority from the very beginning. This is reflected in our local customer service presence in key regions—but we don’t stop there. To better meet regulatory requirements and strengthen local trust, the company also ensures it has local infrastructure. As such, we’ve expanded our hosting infrastructure in the MEA (Middle East and Africa) region, now adding the United Arab Emirates and Saudi Arabia.
We spoke with Yacine Gouich, Regional General Manager for the MEA region at DiliTrust, and Alexis Agahi, Chief Technical Officer at DiliTrust, to understand the reasoning behind this strategy, as well as the stakes and challenges of this technical project.
DiliTrust already had a strong presence in the region. Why this new investment now?
Yacine Gouich: Indeed, since we arrived here in 2017, the DiliTrust suite has been hosted locally in the Emirates and Saudi Arabia. What’s new is that we are now extending this hosting to two key modules: CLM (Contract Lifecycle Management) and the Virtual Data Room (document fund management).
We made this decision in response to strong demand from our clients, especially in highly regulated sectors such as finance, sovereign wealth funds, and the public sector. By adding these modules to our local hosting, we are strengthening our ability to support our clients across the entire value chain.
Why is local hosting so important in the legal and corporate sectors?
Alexis Agahi: In the legal sector, data residency is not just a regulatory detail—it’s a matter of trust, confidentiality, and sovereignty.
Yacine Gouich: Exactly. Without it, some organizations and entities simply do not trust LegalTech solutions. When a law firm or a legal department is working on sensitive contracts or M&A operations, it is crucial that the data remains within the country.
So what are the most significant regulatory aspects in these two regions?
Yacine Gouich: Unlike the European Union, which relies on a common framework like the GDPR, each country here has its own regulations. Most of the time, strategic and confidential data must not leave national borders. This is especially regulated in the sectors we mentioned earlier, but also in insurance, energy, and telecommunications. Local data hosting in Saudi Arabia and the UAE is not a nice-to-have—it is an absolute necessity. Each region has its own legal specifics.
Alexis Agahi: Absolutely. From a technical standpoint, this requires us to comply with multiple regulatory frameworks and security standards. In the UAE, our infrastructure meets the requirements of DESC (Dubai Electronic Security Center), the NESA framework, and of course, ISO 27001 and SOC 2 standards.
In Saudi Arabia, we’ve chosen a category C hosting provider, the highest security classification according to local authorities.
What were the biggest technical and regulatory challenges in setting up this infrastructure in Saudi Arabia and the UAE?
Yacine Gouich: In reality, the implementation of the infrastructure went quite smoothly and quickly. It was probably the preparatory phase beforehand that was more time-consuming.
Alexis Agahi: Clearly, the main challenge was aligning with the local regulations in both regions. In the UAE, we had to meet the DESC requirements and the NESA framework. In Saudi Arabia, it was about finding the right hosting partner to meet Category C standards.
How has this evolution been received by your clients and prospects since its official announcement?
Yacine Gouich: We’ve seen a very positive impact. Having local infrastructure opens the doors to sectors we previously couldn’t target. Today, we can respond to strategic tenders, particularly in the public sector, and strengthen our presence with major corporations and other entities.
Alexis Agahi: To build on what Yacine said, local hosting has three key advantages in my view. First, latency—since access is faster locally. Then, reliability. And finally, cybersecurity. By complying with specific regulations, users are assured of data protection that is 100% aligned with their legal framework requirements.
So it’s this local approach that sets DiliTrust apart from other solutions in the region?
Yacine Gouich: Absolutely. We’ve made a clear commitment to supporting the digital transformation of countries like the UAE and Saudi Arabia, which are currently at the heart of major structural projects. Our clients want strong, responsive, and locally rooted partners. We are one of the few vendors that check all those boxes. This is where our strategy stands out: we are the only SaaS player in the region offering a fully local cloud solution.
Alexis Agahi: From a technical standpoint, this strategy allows us to offer a sovereign, secure, high-performing cloud without compromise. Our clients need solutions like DiliTrust because protecting their business data is non-negotiable. That requires sovereign hosting that complies with local requirements. As Yacine explained, very few SaaS providers go to these lengths—most invest in infrastructure in the United States, which doesn’t meet the region’s actual needs. For us, it’s obvious that offering local infrastructure is essential to guarantee the level of confidentiality our clients expect.
Thank you!
By fully localizing its services—from customer support to technical infrastructure—DiliTrust is not just meeting market demand: it is redefining the standards of commitment in the MEA region.
