On 29 March 2026, the Board of the Kuwait Competition Protection Agency (CPA) issued Decision 33/2026, establishing a comprehensive formal framework governing confidential treatment of information submitted to the CPA in competition proceedings. The Decision applies to information on all parties—including parties to the relevant activities or transactions, complainants, and affected third parties—that provide information to the CPA, and introduces defined procedures for requesting, assessing, and maintaining confidential information. With this Decision the CPA for the first time introduced a formal regulation for treatment of confidential information. One key aspect parties engaging with the CPA must be aware of and consider going forward, is that not all information provided to the CPA will by default be treated as confidential and must be explicitly labeled as confidential by the party submitting it as confidential to benefit from confidentiality protection.
What information is protected
The Decision establishes two categories of protected information, which differ in both their scope and the mechanism through which protection is conferred.
The first category is trade secrets. These are protected by default. No request is required and no approval from the CPA is needed for protection to apply. Trade secrets are defined broadly as commercially valuable information relating to an undertaking’s commercial activities, where disclosure to the public or transfer to a third party would cause competitive harm. The definition is generally understood to include financial data, pricing structures, marketing strategies, customer and distributor identity, technical know-how, cost assessment methodologies, production processes, and sources of supply. The common thread is that the information must be non-public and must confer a competitive advantage on its owner. Where information falls within this category, the CPA is required to treat it as confidential in all circumstances.
The second category covers other competitively sensitive information that does not automatically qualify as a trade secret but in respect of which a party seeks confidential treatment. Unlike trade secrets, protection in this category is not automatic. It requires the submitting party to make a specific request for confidential treatment, which is subject to approval by the CPA's Executive Director. The Executive Director will assess whether disclosure of the information would cause competitive harm before granting protection, and the decision to do so rests on the criteria and review procedure set out in the Decision.
The practical distinction matters. Parties submitting trade secrets to the CPA can rely on default protection, while parties seeking to protect other categories of sensitive commercial information must actively peruse protection and obtain the Executive Director's approval.
Obligation of the parties
One of the most operationally significant aspects of the Decision is the default treatment of some information as non-confidential. Where a party submits information other than trade secrets to the CPA without including a confidentiality request, the Decision treats the party as having no objections to the disclosure of the information for the purposes for which it was provided. This is a substantial shift. Until now the CPA without any formal framework to rely on treated all information as confidential. With the changes introduced with the Decision parties can no longer assume that commercially sensitive data submitted in the context of a merger filing or investigation will be treated as confidential, unless they actively invoke confidentiality. And even then, confidential treatment remains subject to a decision of the CPA’s Executive Director.
The Decision also makes clear that the obligation to request confidential treatment rests with each submitting party individually. Hence, for instance in a merger filing, all parties must make requests for confidential treatment on information relating to them separately.
Finally, parties are well advised to draft requests for confidential treatment broadly. The Decisions includes a definition of trade secrets which will by default be treated as confidential. Still, the definition leaves room for interpretation and without practice from the CPA, their position on how broadly or narrowly the category of trade secrets should be defined, remains unclear. Also, the Decisions makes clear that the CPA will not flag information they deem not to constitute trade secrets as such. Hence, parties should consider to submit extensive confidentiality requests including also information that should be considered trade secrets. It remains to be seen how the CPA will treat such broad requests.
Process for requesting confidential treatment
Requests for confidential treatment must be submitted using the CPA's designated form. The request must identify the specific information for which protection is sought and must be accompanied by two versions of the submission: a full confidential version and a redacted non-confidential version from which the protected content has been removed. This dual-version requirement is a common feature of competition regimes in more mature jurisdictions and its introduction in Kuwait aligns the CPA's procedures more closely with international practice.
Beyond the formal requirements, the request must include a substantiated explanation of why the information qualifies for protection. This is more than a box-ticking exercise. The Decision requires parties to articulate the harm that disclosure would cause. The justification must be sufficiently detailed to withstand scrutiny. Vague or formulaic confidentiality claims are unlikely to be accepted.
How the CPA will evaluate requests
The Executive Director is required to apply a set of defined criteria when assessing whether a request for confidential treatment should be granted. These include the importance of the information and its disclosure to the CPA's assessment—in particular, whether it is indispensable for determining whether a violation has occurred—whether the information is known only to a limited and defined group of people, whether it could be inferred from publicly available sources, and the potential harm that disclosure would cause, including whether such harm would only be temporary.
The criteria introduces a degree of proportionality assessment into the process. Information that is itself highly relevant to the CPA's substantive assessment and where disclosure would greatly aid their assessment may be more likely deemed as not deserving of protection, even if it would otherwise qualify. However, where harm caused by disclosure would be potentially substantial, confidential treatment is more likely.
The review mechanism and timeline
Where the Executive Director initially determines that a confidentiality request is unsubstantiated, the Decision requires the CPA to notify the relevant party in writing, setting out the reasons for their assessment. The party then has 15 days to respond and provide further supporting arguments for why confidential treatment should nonetheless be granted.
If the party does submit sufficient additional arguments, the Executive Director has discretion to revisit the decision and grant the confidential treatment. The Executive Director may review confidentiality designations at any point during the proceedings—not just at the time of the initial request. If the Executive Director subsequently concludes that information previously designated as confidential no longer warrants protection, the same review and notification procedure applies.
Once confidential treatment is granted, the confidential version of the submission is maintained in a separate file, accessible only to the CPA team members directly involved in reviewing the matter. The non-confidential version is placed in the main case file. This internal segregation is designed to limit the risk that confidential information does not leak to other parties in the proceedings or the public.
Practical implications
Going forward parties involved in regulatory processes with the CPA—whether as parties to merger filings, respondents in investigations, or third parties providing information to support investigations or investments of the CPA—must pay close attention to confidentiality. In the merger control context, this means identifying potentially sensitive information at the outset of the filing preparation process and preparing a properly substantiated confidentiality request at the time of submission. Waiting for the CPA to reach out to request waiver of confidentiality is no longer a viable approach. Under the default rule, the absence of a request is treated as consent to disclosure for information, except for information considered trade secretes by the CPA. Also, to avoid leakage of information the parties consider trade secrets requests for confidential treatment should be drafted broadly and include information they deem trade secrets.
In the context of investigation, the same logic applies. Parties responding to CPA information requests or submitting documents during an investigation should review those materials carefully and accompany any submission of sensitive information with a properly formatted confidentiality request and a corresponding redacted version.
The dual-version submission requirement also has practical implications for document preparation. Parties will need to prepare both a confidential and a non-confidential version of their submissions from the outset, which adds a layer of work to the preparation process but ensures compliance with the new procedure.
Finally, the ongoing review risk should not be overlooked. Confidentiality designations are not permanent and may be revisited by the Executive Director at any point during the proceedings. Parties should monitor the status of their designations throughout the process and be prepared to respond promptly if the CPA queries an existing designation.
AUTHOR
Sarah Sheira
Ms. Asmaa ElDesoky
