Proposed Foundational Principles for the Egyptian Data Governance Authority (EDGA)

This Annex complements Masaar’s paper “Egypt’s Open Data Policy: From a Transitional Framework to Effective Governance,” along with the “Proposed List of Entities Mandated to Publish Their Data via the National Open Data Portal,” and the “Open Data Standards.“

In its current form, Egypt’s Open Data Policy proposes the establishment of the Egyptian Data Governance Authority (EDGA) as a central instrument for coordinating the release of public data and overseeing its quality and use. However, this authority — which has not yet been established — is presented in the policy more as a bureaucratic extension of the National Council of Artificial Intelligence than as an independent body with genuine oversight or accountability powers.

Establishing binding standards for the work of the Egyptian Data Governance Authority constitutes a fundamental pillar for ensuring respect for the right to access information stipulated in Article 68 of the Constitution, and for protecting the right to privacy guaranteed under national legislation and international human rights standards.

In this context, standards grounded in a rights-based and social approach serve as instruments to safeguard rights, constrain the discretionary power of government entities, and prevent its use as a pretext for withholding data or violating individual and collective rights. Accordingly, integrating detailed standards—covering the duty of disclosure, quality assurance, grievance and appeal mechanisms, scope of exceptions, and procedures for privacy protection—becomes essential prerequisite to transform the Authority into a mechanism for rights protection rather than a mere administrative channel for top-down data flow management.

First: Independence of the Authority

1. Legal Personality and Mandate

Designing an independent Data Governance Authority in Egypt requires granting it a distinct legal personality and an independent financial budget enabling it to exercise its powers without organizational or administrative subordination to any ministry or executive council. This institutional independence is the fundamental guarantee to prevent the authority from becoming an extension of the executive power, ensuring instead that it remains accountable solely to parliamentary and judicial oversight—the two legitimate frameworks for regulating its work.

The Authority’s substantive mandate should be based on binding all actors to its decisions, including ministries, public agencies, and state-owned enterprises as well as private entities that manage or produce data of public value by virtue of public delegation, public funding, or a de facto monopoly over knowledge.

The scope of this mandate should also extend to setting national data and licensing standards, identifying high-value datasets, approving binding update schedules, and enforcing orders for publication, correction, and the removal of unjustified restrictions. The binding nature of the Authority’s decisions is what transforms it from a mere platform for recommendations into an institution capable of reorganizing the relationship between the state, society, and data on balanced and fair grounds, thereby granting it the real capacity to promote transparency and accountability.

2. Financial Independence and Expenditure Transparency

The Egyptian Data Governance Authority (EDGA) should enjoy full financial independence through an annual standalone budget that is incorporated into the state’s general budget yet disbursed directly from the treasury, without passing through any ministry or intermediary unit. This financial design ensures that the Authority can align its expenditures with the technical infrastructure requirements — such as developing the national data platform, managing APIs, and ensuring interoperability — while also meeting its recurring obligations related to updating high-value datasets and institutionally adopting them within the EDGA framework.

The expenditure framework of the Authority should be structured on a dual model that combines program- and results-based budgeting on one hand, and traditional input-based budgeting on the other. Financial allocations should therefore be linked to clearly defined programs with measurable objectives — such as operations and openness (proactive publication, management of the national data portal, and user support); standard-setting and interoperability assurance; privacy protection and anonymization mechanisms; enforcement and litigation; transparency in contracting and public expenditures; and innovation and capacity-building. At the same time, these programs should be itemized according to input categories, such as salaries, technical infrastructure, training, procurement, and logistical services.

Financial independence also requires an oversight system that ensures integrity and sustainability, through annual audits conducted by the relevant national authorities, along with the monthly publication of a dashboard displaying the budget, expenditures, and service performance indicators.

To safeguard financial independence, the financial framework should rest on four key principles: non-substitution, ensuring that grants do not replace public funding; critical continuity, guaranteeing coverage of expenditures for at least one full year in case of resource disruption; prohibition of privilege in exchange for funding, to prevent any special access or undue influence; and an early-warning mechanism for long-term commitments, subject to independent internal audit and public reporting.

3. Protected Positions and Personnel

The effectiveness and independence of the Authority rest on institutional safeguards that protect certain positions from arbitrary dismissal and vested interests. Senior posts—such as the Chairperson of the Authority, members of its Board, and key executive officers—must enjoy relative immunity to ensure the stability of regulatory decisions and to prevent the Authority from being captured by executive power or private interests.

The purpose of this protection is to provide an institutional environment grounded in clear standards for dismissal, applied only in serious cases such as fraud, breach of trust, or unresolved conflicts of interest. This ensures that decisions concerning officials are made according to transparent, publicly available criteria, with the right to judicial appeal.

In addition, a staggered term system for renewing board membership contributes to institutional stability, as it prevents the simultaneous replacement of all members and anchors the continuity of the Authority’s work in an accumulated institutional memory rather than shifting government cycles. Furthermore, the introduction of time-bound restrictions before and after service helps prevent conflicts of interest with entities under the Authority’s jurisdiction and limits the revolving-door movement between regulator and regulated parties.

These safeguards should be reinforced by obliging holders of protected positions to submit annual public declarations of assets and interests, along with immediate disclosure of any relationship that may compromise their independence. Additionally, refraining from participating in decisions involving conflicts of interest should become an institutional obligation, with summarized details made publicly available, thereby enhancing public trust in the integrity of decisions.

Finally, any breach of these rules should be treated as a substantive violation of the Authority’s legitimacy, entailing clear and publicly disclosed sanctions. This reinforces the principle that the protection granted to these positions aims to safeguard the public interest rather than shield individuals per se.

Secondly: Institutional Balance and Composition of the Board of Directors

Achieving institutional balance within the Egyptian Data Governance Authority (EDGA) requires the establishment of a board that ensures both competence and diversity, while avoiding bureaucratic bloat. This balance should be grounded in an anti-dominance composition reflecting a balanced presence of various stakeholders. The board should include representatives of civil society organizations concerned with freedom of information and digital rights, academics specializing in data science, public policy, or law, as well as representatives of labor and professional unions. It should also include members from the private sector, provided there are no contractual interests with the state, in addition to limited representation from government bodies—such as the Ministry of Communications and Information Technology (MCIT) or the Central Agency for Public Mobilization and Statistics (CAPMAS).

This institutional balance rests on binding rules governing the relationship among the various blocs. The combined representation of the government and the private sector shall not exceed one-fifth of the board, and neither may hold the positions of chair or vice-chair. Both positions shall be elected from among the independent members by a qualified majority, reflecting the primacy of structural independence.

The stability of this balance must also be safeguarded through a fixed rule stipulating that seats allocated to a particular bloc may not be filled by another in the event of vacancy; instead, each vacant seat shall be replenished through the same nomination mechanism.

Independence criteria shall be defined through a clear definition of what constitutes an “independent member” — namely, any individual who has not held an executive position in an entity under the Authority’s jurisdiction or with a major data provider during a specified prior period, and who has no direct or indirect financial interest that could compromise impartiality. Qualitative and geographical diversity must also be considered to ensure the representation of women and underrepresented groups, in addition to representation from governorates outside the capital.

To protect the board’s legitimacy, appointments should follow a multi-stage process that balances representational and procedural legitimacy. The process shall begin with an independent nominations committee, which may include a judge from the State Council, an academic, a representative from a professional association, and a civil society figure, supported by a technical secretariat that applies a publicly disclosed evaluation framework.

This is to be followed by open sectoral nomination channels within each bloc, with eligibility criteria and conflict-of-interest disclosures for each candidate. The final composition, then, is to be approved by a reinforced parliamentary majority, reflecting democratic legitimacy and minimizing the risk of capture.

Furthermore, the membership term should be set for a fixed duration, renewable only once. In the event of a vacancy, the seat should be filled through the same nomination mechanism within the relevant bloc. The legitimacy of appointments extends beyond selection through members’ obligation to annually update their conflict-of-interest disclosures, recusal from related deliberations, and periodic independent reviews to ensure compliance and prevent conflicts of interest. In all cases, the final rationale for appointments should be published in a concise report explaining how the selection criteria were applied to the candidates.

Third: Board Mandate and Binding Tools

The Board of Directors of the Egyptian Data Governance Authority should serve a normative and regulatory role, forming the backbone of the governance process, rather than functioning merely as an administrative body. It is the entity responsible for setting the general rules for data availability and establishing the frameworks that translate the principle of transparency into concrete practice, while the executive unit handles day-to-day technical follow-up. This distribution highlights the dual nature of the Authority: a normative dimension represented by the Board, and an executive dimension managed by the technical units and secretariat.

The board mandate should reflect a broader and more open vision of the role of independent regulatory bodies. This includes approving unified national open data policies and reference standards for metadata, defining high-value datasets based on clear criteria—such as social impact, market need, or transparency significance—and establishing binding update schedules and service-level agreements (SLAs) for the portal and APIs.

The Board should also have the authority to issue binding orders regarding publication, correction, and removal of unjustified restrictions, in a framework that balances the public interest with harm assessments and the right to appeal. Here, the rights-based dimension of the Board’s mandate is evident, as its decisions become a mechanism upholding the principle of equal access and preventing monopolization. Similarly, approving the pricing policy for public data based on a near-zero marginal cost principle reflects the Board’s role in ensuring that data remains a common resource.

Additionally, the Board’s role should extend to encompass privacy and the protection of individual rights, through adopting technical and legal standards for anonymization, privacy impact assessments, and securing research access pathways. This framework should be complemented by internal regulations establishing rules on disclosure, conflict of interest management, transparency in Board meeting, and publication of its decisions, ensuring that the Board’s own institutional practices remain subject to public oversight.

Fourth: Decision-Making Rules

The design of the Board’s decision-making rules should combine both participatory and procedural legitimacy, ensuring the impartiality and accountability of decisions while preventing their capture by any single bloc. This standard is built on three interrelated pillars.

First, the foundation rests on a consensus achieved through a mandatory participatory process. Every decision begins with a consultation paper and a publicly announced agenda, followed by public or virtual sessions, or a written comment period. An official summary of the feedback and its reflection in the final text is then published. No provision may be put to a vote before completing this process and issuing a reasoned decision that outlines the necessity, considered alternatives, and the decision’s impact on access, privacy, and fairness.

Second, the board shall employ a voting system that differentiates between routine and sensitive decisions. Routine operational decisions, such as quarterly publishing plans or updates to technical specifications, are approved by a simple majority, provided that a quorum is met and individual votes are recorded. Sensitive decisions—including changes to licensing policies, the imposition of new fees, or the removal of a senior official—require a reinforced majority of at least two-thirds of votes and are automatically referred back to a brief consultation session if substantive amendments are made between the first reading and the vote.

Third, procedural transparency is ensured through publicly available records published within specified deadlines. These include the final text of the decision and its rationale, a nominal voting matrix, dissenting opinions with explanations, records of abstentions with justifications, and any deviations from subcommittee recommendations. A searchable chronological record should also be maintained, showing the evolution of drafts, amendments, links to consultation materials, and commentary notes. These documents are to be made available in open formats with standardized metadata, enabling public oversight and supporting research reuse.

Fifth: The Executive Unit (The Permanent Administrative Body)

The Executive Unit represents the permanent administrative structure that translates the Board’s mandate into measurable daily operations, led by an Executive Director appointed under a publicly disclosed contract specifying annual performance objectives and subject to periodic evaluation. Specialized directorates branch out from the unit, each with clearly defined responsibilities covering areas such as access and openness, standards and interoperability, privacy and safeguards, legal affairs and enforcement, contractual transparency and public expenditures, auditing and appeals, innovation and participation, capacity building, as well as digital infrastructure and cybersecurity. Within each directorate, tasks are linked to specific performance indicators, ensuring that compliance is measurable and accountable.

The design of the Executive Unit (Permanent Administrative Body) should incorporate integrity safeguards, such as ensuring that the Audit and Appeals Secretariat reports administratively directly to the Board rather than the Executive Director, and granting the Privacy Committees or Directorates the right to issue reasoned objections to any publication that does not meet personal data protection standards.

The Executive Unit should also be granted a legal mandate to access information systems across various entities, including ministries, public authorities, and state-owned companies, through secure integration layers (APIs, data exchange portals, audit logs). This mandate should include the obligation of these entities to maintain an up-to-date inventory of their datasets according to defined standards and to designate an open data officer who maintains a dual reporting relationship with the Authority. Service-level agreements should specify indicators for data updating, accuracy, and response times, with monthly compliance dashboards published to enable public oversight.

The operational framework of the Executive Unit must also be built upon daily workflows. These begin with data acquisition, quality checks, and privacy reviews, followed by licensing, publication with a public change log, and subsequently, monitoring usage metrics and addressing user reports. A “right to correction” must be provided via a unified portal that issues reasoned decisions and publishes periodic statistics on requests and processing times. Furthermore, security risks must be managed through audit logs, internal committees, regular penetration testing, and business continuity plans, coupled with a commitment to publicly disclose significant incidents under a provisional policy that balances transparency and security.

Operational governance should also be complemented by policies ensuring equitable access, such as regulating API rates, granting fair access keys to researchers and journalists, providing fast-track approval paths for requests or projects serving the public interest, and guaranteeing inclusive access through multiple languages and accessible formats.

Institutional culture is reinforced through post-decision or post-incident reviews, the integration of lessons from appeals and court rulings into updated guidelines and standards, and the publication of semiannual bulletins summarizing improvements and impact. In this way, the relationship between normative decision-making and daily execution is embodied within a framework that links data availability with privacy and quality, ensuring a consistent and equitable flow of public data.

Sixth: Specialized Committees (Pluralistic Expertise with Guaranteed Independence)

Specialized committees should be established to support the board’s work and link its decisions to the participation of civil society and experts. They must operate under publicly declared terms of reference, regular work schedules, and concise public minutes. Their outputs should form a mandatory part of the decision-making process, such that any deviation requires a publicly justified explanation and approval by the board with a reinforced majority. This structure is embodied in three main committees:

• Technical Committee: This committee includes data experts, system architects, independent information security specialists, and representatives from the developer community. It is responsible for proposing and updating data and metadata standards, developing policies for dynamic datasets, and building the information security framework for the portal and APIs. It operates through open technical consultation papers, reproducible benchmark experiments, and issues clear measurement outputs such as numbered standard releases and compliance reports. Its independence is ensured through a non-governmental chair, mandatory disclosure of interests, and mandatory recusal in cases of conflict of interest.
• Legal Committee: Composed of former judges or legal advisors, information and privacy law experts, and specialists in digital rights and data ethics. Its mandate includes developing harm and public-interest assessments prior to any restriction or blocking, drafting narrow interpretive guidelines for exemptions, formulating equitable licensing policies, and establishing standards for anonymization and pre-implementation privacy impact assessments. The committee issues reasoned advisory opinions that accompany board decisions and are binding on the executive unit, and can only be overridden by a reasoned board decision with a reinforced majority.
• Civil Society and Users Committee: Comprising representatives from transparency and right-to-information organizations, professional and labor unions, journalists, developers, and representatives of persons with disabilities and marginalized groups. It is tasked with identifying high-value datasets, formulating the annual participation agenda, assessing usability, and reviewing the impact of fees on vulnerable groups. It employs tools such as surveys, public hearings, and participatory design workshops, and its recommendations are quarterly included on the Board’s agenda, accompanied by a reasoned response.

These committees are bound by a common set of rules, such as independent leadership free from government or private-sector influence; procedural transparency through the publication of agendas, minutes, and dissenting opinions; reciprocal referral mechanisms between committees to ensure integration; and measurability via a performance-indicator matrix and an annual compliance and adoption report. Conflicts of interest within these committees must be managed through public annual disclosures, immediate updates, and mandatory recusal when necessary, alongside independent periodic audits.

Seventh: Decision-Making Mechanisms and Democratic Participation

The Authority’s decision-making mechanisms should be built on two integrated tracks: a structured public participation track that ensures the incorporation of community knowledge and diverse expertise into regulatory texts, and a procedural track that guarantees the validity and accountability, ensuring its immunity toward being captured by any single bloc.

In the participation track, the process may begin with a public consultation paper outlining the regulatory issue, possible alternatives, and anticipated impacts, published alongside the agenda and the scheduled hearing. The hearing is held openly, either in person or via virtual means, with a brief official record prepared, while a written comment window is simultaneously opened for a defined period.

This is followed by an official summary of the comments, including a matrix linking each remark to a specific response (adoption, amendment, or justified rejection). No draft decision is put to a vote until this process is completed and a reasoned text is issued, explaining the rationale, considered alternatives, and the impact of the decision on accessibility, privacy, and fairness.

In the voting track, consensus after full participation is the default. If consensus cannot be reached, ordinary operational decisions—such as publication plans or non-substantive specification updates—are approved by a simple majority (half plus one).

Sensitive decisions—such as amending licensing policies, introducing new fees, restricting categories of data, or removing senior officials—require a supermajority of at least two-thirds of the votes. Quorum is met only if two-thirds of members are present, including at least one representative from each constituent bloc (civil society, labor/professional unions, academia, government, private sector). Abstentions due to conflicts of interest are excluded from both quorum and majority count

Furthermore, a “cross-bloc consensus” requirement is applied as a safeguard against dominance, meaning no reinforced majority is validated unless it includes at least one vote from each representative bloc, after excluding abstaining members. This ensures that passing sensitive decisions requires trans-bloc agreement, preventing any single bloc from imposing its preferences.

These rules are reinforced through transparency by publishing agendas well in advance and issuing concise minutes within a defined timeframe, including the final text of decisions, their rationale, the voting matrix, dissenting opinions, and declarations of abstention. Supporting materials—such as consultation papers, draft standards and impact assessments—are made available in open formats. Additionally, a searchable chronological decision log is maintained, showing the evolution of drafts, amendments, and version numbers.

An exceptional pathway should be available for urgent decisions when necessary, such as addressing security vulnerabilities or critical errors in high-value datasets. In such cases, a temporary decision with a limited scope may be issued along with a brief public justification, provided that it is subsequently submitted within a defined timeframe to the full participatory process for approval, amendment, or revocation.

Eighth: Review and Appeals System (Three Tiers, with an Electronic Portal and Alternative Channels)

The review and appeals system within the Authority should be structured around a three-tier framework that balances ease of access, prompt resolution, and the binding nature of decisions. Alternative channels must be provided to prevent digital exclusion, while ensuring transparent publication standards that do not compromise privacy or security. The system should be managed through a unified case registry, tracking numbers, and publicly announced performance indicators.

At the first tier, an internal an internal grievance mechanism should be made available through a dedicated unit within the Authority, accessible via multiple channels including the electronic portal, postal offices, and a hotline, while ensuring accessibility standards, alternative formats, and sign language interpretation when needed. The unit is obligated to notify the complainant within a specified and reasonable timeframe, providing a tracking number and a timeline, and to adjudicate the request within a set period that can be extended for justified reasons. This channel should accept complaints related to decisions on data publication, withholding, licensing, fees, data quality, delays, privacy, and the right to correction, whether from affected individuals or civil society organizations.

The entity against which the complaint is filed shall be given a specified timeframe to submit relevant documents. The outcomes may include upholding, amending, or revoking the decision, with defined implementation deadlines monitored through a compliance dashboard. The complaint does not suspend the enforcement of decisions, except through a temporary, reasoned order issued in cases of irreparable harm.

At the second tier, an independent appeals committee, formed under and reporting directly to the Board, assumes the responsibility for review. This committee should be quasi-judicial in nature, with its own sub-budget and separate secretariat. It should be chaired by a former administrative judge and include a legal expert in information and privacy, a technical expert, and a civil society representative. The committee may review cases on the papers or hold hearings when necessary, with authority to access confidential materials while providing redacted summaries to the parties involved, and may issue interim orders when required. Decisions must be reasoned and issued within a specified timeframe, accompanied by publicly available summaries and monthly statistics on appeals and their outcomes.

At the third and final tier lies litigation before the administrative judiciary, where decisions of the Appeals Committee or the Authority itself may be challenged before court. The Authority is obligated to submit the complete case file to the judge and must implement judicial rulings by amending its decisions and internal guidelines. It is also required to publish an executive summary explaining how the court’s reasoning has been integrated into its policies and procedures.

The system is further complemented by specialized redress pathways for data, such as correction within a defined timeframe while retaining archived versions; balancing openness with privacy through an expedited track; or conditional transparency via a publicly available monthly appeals register in open formats with anonymized identifiers. Furthermore, the principle of progressive escalation (internal complaint → independent appeals committee → administrative judiciary) is applied, with narrow exceptions for direct access in urgent cases.

The system’s effectiveness is measured through indicators such as notification and adjudication timelines, the proportion of reasoned decisions, compliance rates, the ratio of accepted or rejected appeals, and the outcomes of post-decision reviews integrated into regulations. With this design, the review and appeal process becomes an institutional tool for protecting rights, correcting errors, and accumulating organizational learning, without causing unjustified disruption to the flow of public data.

Ninth: Decision Correction, Remedies, and Institutional Learning

The institutional structure of the Authority should ensure measurable effectiveness through three integrated pillars: automatic review, effective remedies and compensation, and mandatory institutional learning.

First, under the review pillar, decisions to withhold data or restrict access are automatically reviewed annually through a “sunset clause” mechanism. This mechanism ensures that every restriction is bound to a specific review date, at which point the decision is re-evaluated based on an updated assessment that balances potential harm, public interest, and available alternatives.

Furthermore, the Authority is mandatorily required to conduct an expedited review upon the emergence of new evidence, a substantial change in the context or an arising public interest through investigative journalism, a judicial ruling, or a parliamentary request. A public register is published, detailing the restricted decisions, their rationale, their legal and normative bases, and their subsequent review dates.

The review process begins within fifteen days and is completed within a maximum of forty-five days, with a reasoned decision specifying the outcome of the restriction—whether confirmation, partial or full disclosure, or transfer to the secure research access pathway.

Second, under the redress and compensation pillar, affected individuals and entities should be able to claim remedies for decisions that are erroneous or delayed, such as unlawful denial of publication, missed update deadlines, noncompliant pricing, privacy violations, or impactful data errors.

The pathway is structured in two steps, starting with an administrative settlement within twenty days, which may include monetary compensation based on a published damage assessment guide, or corrective/apologetic remedies, or preventive measures to avoid recurrence. If the settlement fails, the case is escalated judicially through formal referral to the administrative courts.

A dedicated compensation fund is to be established within the core budget to ensure prompt settlement of claims. Quarterly statistics regarding the number of claims, their amounts, and their outcomes shall be published. Furthermore, accepting financial compensation does not preclude the right to resort to the judiciary for subsequent damages not covered by the settlement.

Third, under the institutional learning pillar, post-decision or post-incident reviews are conducted within thirty days of each accepted appeal, judicial ruling, or privacy incident, to identify root causes and gaps, and to develop a corrective plan with specific timelines and responsibilities.

The outcomes of appeals and rulings are integrated into regulations and operational manuals, with updated version numbers and a publicly accessible change log. Semiannual bulletins summarizing lessons learned, improvements, and indicators of reduced recurring errors are published. Upon these findings, training programs are conducted for staff to bridge the identified gaps.

Tenth: Additional Standards for Ensuring Effectiveness and Transparency

The effectiveness of the Authority relies on integrating principles of inclusive access, operational transparency, and institutionalized community participation into its organizational structure.

First, under the accessibility pillar, multiple channels should be provided for submitting requests and appeals, including the online portal, regional offices, mail, and a hotline. The design should ensure inclusivity according to clear standards, employing plain language and alternative formats such as audio files and Braille, with translation support in Arabic and English for both user interfaces and core metadata.

Cost fairness is guaranteed by refraining from imposing fees or requiring legal representation, while providing legal assistance through partnerships with bar associations and civil society organizations, along with clear exemptions for low-income individuals. Technical access equity is ensured by publishing API documentation and user guides in open, machine-readable formats, and by granting access credentials to researchers and journalists under fair and non-exclusionary terms.

Second, within the pillar of operational transparency, a monthly dashboard is published. It displays the number of requests and appeals, the average response time at each stage, the level of entity compliance with service agreements, privacy incidents and their outcomes, the availability of the portal and APIs, and data quality metrics regarding completeness, timeliness, and accuracy, alongside lists of deferred updates. Furthermore, annual reports are issued, including lists of high-value datasets made available or reviewed by the Authority, results of compliance with service agreements, the scale and nature of corrective actions taken, enforcement measures and fines imposed, the impact of pricing policies on users, and the outcomes of training and engagement programs.

All attachments should be published in open formats with standardized metadata. Transparency should also be reinforced by publishing tenders, contracts, and performance files according to OCDS and OC4IDS standards, linking them to the published datasets.

Third, regarding institutionalized community engagement, an annual participation plan should be adopted to organize institutional dialogue with civil society and users, set priorities and a schedule of sessions, and establish indicators to measure participation levels and mechanisms to track the implementation of recommendations. A reasoned response to these recommendations must be provided within a specified timeframe, with a publicly available matrix clarifying what has been accepted, modified, or rejected.

Furthermore, a public register should be established to document meetings between senior officials of the Authority and companies or government entities, accompanied by searchable brief summaries. Clear rules for recusal in cases of conflict of interest must be enforced. Decentralization should be promoted through public hearings held in various governorates and the provision of alternative paper-based and telephone channels. This ensures equitable geographical and demographic distribution, measured through a periodic performance indicator dashboard.