Skip to main content

C. Cybersecurity – other Legal and Regulatory Obligations

1. VASPs must ensure that their technology governance and risk assessment framework complies with, to the extent applicable, cybersecurity laws, regulatory requirements and guidelines, including but not limited to—
 
  a. the electronic security requirements and standards adopted by the Dubai Electronic Security Center per Law No. [9] of 2022 Regulating the Provision of Digital Services Provided in the Emirate of Dubai;
  b. the Federal-Decree Law No. [45] of 2021 on the Protection of Personal Data, its executive regulations and any other cybersecurity regulatory requirements as may be imposed by the UAE Data Office from time to time; and
  c. the Consumer Protection Regulation issued pursuant to Central Bank Notice No. [444] of 2021 and any other cybersecurity regulatory requirements as may be imposed by the CBUAE from time to time.