Contact Us

Legal Framework

United Arab Emirates

UAE Cybersecurity Compliance and Standards

In the UAE, the Federal Government has enacted a series of laws aimed at ensuring the safety and security of the nation. For detailed information on these laws, please refer to the official government resources.

More information can be found here.

At the forefront of cybersecurity compliance in the UAE is the National Electronic Security Authority (NESA), a federal entity established under the directive of His Highness Sheikh Khalifa bin Zayed Al Nahyan, the UAE President. NESA's primary mandate is to regulate and enhance cybersecurity measures, focusing on safeguarding communication networks and information systems. The overarching Cybercrime Law (Federal Law No. 5 of 2012) addresses a spectrum of cyber threats, such as unauthorized access, data breaches, and online fraud, imposing penalties for offenses related to the misuse of information technology.

In addition to federal regulations, individual emirates have their own local laws governing matters within their jurisdictions. The seven emirates, namely Abu Dhabi, Dubai, Sharjah, Ajman, Umm Al Quwain, Ras Al Khaimah, and Fujairah, each adhere to a legal framework tailored to address specific regional considerations.

For a comprehensive understanding of cybersecurity compliance and legal obligations, individuals and businesses are encouraged to consult official government sources, legal experts, or the National Electronic Security Authority.

Abu Dhabi

The Abu Dhabi Government relies on multiple entities to help safeguard the Emirate from the evolving Cyber Security threats it is facing every day. The Judicial Department and Abu Dhabi Police help to govern laws regulating cyber security.

Dubai

The Dubai Government has established the Dubai Electronic Security Center, an organization dedicated to fortifying the Emirate against the continually evolving threats in the realm of cybersecurity.

Key initiatives and standards orchestrated by this organization include:

  • Information Security Regulation (ISR)
  • Cloud Service Provider (CSP) Security Standard
  • Electronic Biomedical Devices (EBMD) Security Standard
  • DESC ICS Standard
  • Internet of Things (IoT) Security Standard

Sharjah

The Sharjah Government relies on multiple entities to help safeguard the Emirate from the evolving Cyber Security threats.

Ajman

The Ajman Government relies on multiple entities to help safeguard the Emirate from the evolving Cyber Security threats.

Umm Al Quwain

The Umm Al Quwain Government relies on multiple entities to help safeguard the Emirate from the evolving Cyber Security threats.

Ras Al Khaimah

The Ras Al Khaimah Government relies on multiple entities to help safeguard the Emirate from the evolving Cyber Security threats.

Fujairah

The Fujairah Government relies on multiple entities to help safeguard the Emirate from the evolving Cyber Security threats.

Cybersecurity Standards

Cybersecurity Standards

  • GDPR (General Data Protection Regulation)
  • DORA (Digital Operational Resilience Act)
  • IASME (Information Assurance for Small and Medium Enterprises)
  • Cyber Essentials
  • IEC 62443 (International Electrotechnical Commission Standards)
  • ISO (International Organization for Standardization)
  • NIST (National Institute of Standards and Technology)
  • COBIT (Control Objectives for Information and Related Technologies)
  • HIPAA (Health Insurance Portability and Accountability Act)
  • CAF (Cyber Assessment Framework)
  • PCI DSS (Payment Card Industry Data Security Standard)
  • SOC2 (Service Organization Control 2)
  • CMMC (Cybersecurity Maturity Model Certification)
  • NIS Directive (Network and Information Systems Directive)
  • CIS Controls (Center for Internet Security Controls)