01The reality

    Someone on your team is pasting client data into ChatGPT.

    No rules. No oversight. It is not a hypothesis - it is what we find in every organization we audit.

    02The exposure

    You are using AI. Qatar law says you are exposed.

    One breach, one inspection, one complaint - up to QAR 5,000,000 and 3 years imprisonment under Qatar's PDPL. Most teams cannot answer the question a regulator will eventually ask.

    03The aegis

    Arcus turns invisible AI risk into a defensible shield.

    Every tool mapped against Qatar's applicable laws. Every gap documented. A governance framework you can show any client, regulator, or auditor - delivered in 48 hours.

    04The move

    Know exactly where you stand. In 48 hours.

    A 15-minute questionnaire. Your AI Risk Score back within 48 hours. No credit card, no commitment - real value before any purchase.

    Governance coverage for the AI tools your team already uses

    Delivered in 48 hours

    Your Risk Report lands in two days - prioritised and ready to implement Monday morning. Most advisory firms take weeks.

    01/The Risk Reality

    Using AI in your business today means this is your legal exposure - right now.

    Not a hypothesis. These are the everyday actions we find inside Doha businesses every week - each one mapped to a specific Qatar law and a specific penalty.

    ChatGPT + client data

    PDPL Art. 7 (Law 13/2016)

    Personal data processed with no lawful basis.

    Penalty: QAR 5,000,000 + 3 years
    Critical exposure0%

    AI images of real people

    Cybercrime Law Art. 10

    Editing real, identifiable people without consent.

    Penalty: 2 years + deportation
    High exposure0%

    No DPA with your AI vendor

    QFC DPR Art. 12

    No vendor agreement = you carry the full liability.

    Penalty: QAR 5,000,000
    High exposure0%
    Quick Check

    How exposed are you right now?

    Six questions. No email required. Toggle what's true for your organisation and watch your exposure profile build in real time.

    Estimated exposure

    0/ 100

    MINIMAL

    Nothing toggled - but the exposure you can't see is the kind that costs the most. A 48-hour audit confirms you're actually clean.

    02/Who This Is For

    Find your business. See your top AI risks.

    Every sector uses AI differently - and is exposed differently under Qatar law. Here's where your industry is most at risk today.

    Marketing Agency

    • Client data pasted into ChatGPT, Jasper or Copilot without a DPA - PDPL Art. 7
    • AI-generated or edited images of real, identifiable people - Cybercrime Law Art. 10

    Restaurant & F&B

    • Customer contact lists loaded into AI marketing tools - PDPL Art. 7
    • Loyalty and reservation data shared with un-vetted vendors - PDPL / Consumer Protection

    Medical Clinic

    • Patient health data in AI = maximum PDPL exposure + mandatory DPIA - PDPL (special-nature data)
    • AI transcription / scribe tools with no Data Processing Agreement - QFC DPR Art. 12

    Real Estate

    • Buyer / tenant IDs and finances entered into AI tools - PDPL Art. 7
    • AI-staged listing images of real interiors and people - Cybercrime Law / IP Law

    Professional Services

    • Confidential client files pasted into public AI models - PDPL / professional duty
    • No AI usage policy - undocumented, ungoverned decisions - PDPL / NCSA

    Hotel & Hospitality

    • Guest passport & payment data in AI systems - high PDPL exposure - PDPL (special-nature data)
    • Cross-border data transfers to AI vendors without safeguards - PDPL transfer rules
    03/The Audit, Simplified

    From questionnaire to Risk Report - in four steps.

    A structured, repeatable methodology - not ad-hoc consulting. You always know exactly what happens next.

    Step 1 of 4

    15 minutes

    Fill the online questionnaire

    No technical knowledge required. You describe the AI tools your team uses, how data is handled, and your main priorities.

    Step 2 of 4

    Behind the scenes

    Arcus analyses your tools against Qatar's applicable laws

    PDPL, Cybercrime Law, QFC DPR, NCSA Framework, QCB AI Directives and more - every exposure identified and prioritised.

    Step 3 of 4

    Free

    You receive your Risk Report

    Your Risk Report is free. It includes:

    • Your company's current compliance status
    • A personal recommendation on whether you need our services
    • Your identified risk exposure

    Delivered in under 48 hours.

    Step 4 of 4

    Your call

    You implement - or we support you further

    Act on the report yourself, or move to the Advanced toolkit with the full set of operational documents and a 6-month checkpoint.

    The Deliverable

    Review your Risk Roadmap.

    Every Arcus engagement plots your risks by likelihood and impact - so leadership sees what to fix first, not just what's wrong. This is a live sample.

    Click any highlighted point to explore.

    Business impact ↑
    LowHigh
    Likelihood →
    High priority

    Confidential data in public AI tools

    Likelihood

    88%

    Impact

    86%

    Recommended action

    Deploy an AI usage policy and an approved-tool list; block or wrap high-risk inputs.

    Illustrative data shown for demonstration. Your real map is built from your environment, then re-scored after mitigation to show progress.

    How we handle your data

    Everything you share is strictly confidential and used solely to deliver your audit, aligned with Qatar's PDPL and the GDPR. Read our Privacy Policy.

    04/Services & Pricing

    Two audits. Both priced at a fraction of a single fine.

    Standard tells you where the problem is. Advanced gives you the documented proof that you solved it.

    Standard

    Standard Audit

    Know where you stand. Act today.

    QAR 8,500≈ EUR 2,150

    Risk Report · 5 Priority Actions · Approved Tool List · delivered in 3 business days.

    You will know exactly where your team is exposed, what to fix first, and how to talk about your AI practices to any client or regulator.

    • A concise, decision-focused executive risk report, written for business leaders
    • Visual AI risk heat map
    • Key risk identification across legal, financial, and reputational dimensions
    • Immediate action checklist with justification for each item
    • Escalation recommendations
    • Monthly progress checkpoints for 3 months

    → Not subject to VAT, no hidden fees, follow-up included.

    Recommended

    Advanced

    Advanced Audit

    From exposure to defensible governance.

    QAR 15,000≈ EUR 3,800

    Risk Report · 16 Operational Documents · 6-month checkpoint · full compliance toolkit.

    A documented, auditable governance framework you can show to any client, regulator, or auditor - with confidence.

    Everything in Standard, plus:

    • Arcus Risk Mapping Framework - full architecture of your AI risk landscape
    • Structured risk register with severity, impact, and assigned ownership
    • Control gap analysis - exactly what is missing and why it matters
    • Three AI misuse scenarios with financial, legal, and reputational impact analysis
    • Employee AI Responsibility Agreement - signed by every team member
    • Data Handling Guidelines distributed to your full team
    • 6-month implementation roadmap
    • Monthly progress checkpoints for 6 months
    • Client-Facing AI Data Statement - ready to send to your clients
    • Vendor Risk Assessment (DPA gap check) for every AI tool your team uses
    • 10 additional operational documents covering every governance dimension

    → Not subject to VAT, no hidden fees, follow-up included.

    QAR 5,000,000

    Maximum PDPL fine

    0.00%

    The Standard Audit, as a share of your maximum exposure

    < 1 hour

    with a QFC law firm - for less than that, you get the full audit

    You are here
    QAR 8,500-15,000 · your auditQAR 5,000,000 · maximum regulatory fine

    Already audited? Annual Refresh - QAR 4,000 keeps your governance current as the law evolves.

    05/FAQ

    Questions? Answered.

    Everything you need to know before reaching out.

    One audit, two frameworks

    Qatar-first. Built for anywhere.

    Our framework is built on Qatar law and EU standards - which makes it applicable to businesses operating worldwide. Wherever you are, the governance challenges remain the same, and Arcus maps your AI use to the laws that apply to you.

    The next move is yours

    Most businesses using AI are not compliant. Most never know until it's too late.

    Free - receive your personalised risk feedback in under 48 hours. The cost of finding out later: everything.

    Not sure which you need?