| Term | Definition |
| “AML/CFT” | has the meaning ascribed to it in the Regulations. |
| “BCDR Plan” | has the meaning ascribed to it in Rule I.H.1 in this Technology and Information Rulebook. |
| “Board” | has the meaning ascribed to it in the Company Rulebook. |
| “CBUAE” | means the Central Bank of the United Arab Emirates. |
| “Chief Information Security Officer” or “CISO” | has the meaning ascribed to it in Rule I.I.1 of this Technology and Information Rulebook. |
| “Compliance and Risk Management Rulebook” | means the Compliance and Risk Management Rulebook issued by VARA pursuant to the Regulations, as may be amended from time to time. |
| “Compliance Officer” or “CO” | has the meaning ascribed to it in the Compliance and Risk Management Rulebook. |
| "Critical or Important Function" | has the meaning ascribed to it in the Company Rulebook. |
| “Cybersecurity Policy” | has the meaning ascribed to it in Rule I.B.1 in this Technology and Information Rulebook. |
| “Data Protection Officer” or “DPO” | has the meaning ascribed to it in Rule II.B.2 of this Technology and Information Rulebook. |
| “Data Subject” | has the meaning ascribed to it in the PDPL. |
| “Distributed Ledger Technology” or “DLT” | has the meaning ascribed to the term “Distributed Ledger Technology” in the Dubai VA Law. |
| “Dubai VA Law” | means Law No. (4) of 2022 Regulating Virtual Assets in the Emirate of Dubai, as may be amended from time to time. |
| “Emirate” | means all zones across the Emirate of Dubai, including Special Development Zones and Free Zones but excluding the Dubai International Financial Centre. |
| “Entity” | means any legal entity or individual. |
| “Function” | has the meaning ascribed to it in the Company Rulebook. |
| “Guidance” | has the meaning ascribed to it in the Regulations. |
| “HSM” | means a hardware security module. |
| “Licence” | has the meaning ascribed to it in the Regulations. |
| “Licensed” | means having a valid Licence. |
| “PDPL” | means the Federal Decree-Law No. (45) of 2021 on the Protection of Personal Data. |
| “Personal Data” | has the meaning ascribed to it in the PDPL. |
| “Regulations” | means the Virtual Assets and Related Activities Regulations 2023, as may be amended from time to time. |
| “Rule” | has the meaning ascribed to it in the Regulations. |
| “Rulebook” | has the meaning ascribed to it in the Regulations. |
| “Senior Management” | has the meaning ascribed to it in the Company Rulebook. |
| “Staff” | has the meaning ascribed to it in the Company Rulebook. |
| “Suspicious Transactions” | has the meaning ascribed to it in the Compliance and Risk Management Rulebook. |
| “Technology and Information Rulebook” | means this Technology and Information Rulebook issued by VARA pursuant to the Regulations, as may be amended from time to time. |
| “Technology Governance and Risk Assessment Framework” | has the meaning ascribed to it in Rule I.A.1 of this Technology and Information Rulebook. |
| “Threat Led Penetration Testing” or “TLPT” | means a framework that mimics the tactics, techniques and procedures of real- life threat actors perceived as posing a genuine cyber threat, that delivers a controlled, bespoke, intelligence-led (red team) test of the VASP's critical live production systems. |
| “UAE” | means the United Arab Emirates. |
| “UAE Data Office” | means the UAE Data Office established by virtue of Federal Decree-Law No. (44) of 2021 Establishing the UAE Data Office. |
| “VA Activity” | means the activities listed in Schedule 1 of the Regulations, as may be amended from time to time. |
| “VA Wallet” | has the meaning ascribed to the term “Virtual Asset Wallet” in the Dubai VA Law. |
| “VARA” | means the Dubai Virtual Assets Regulatory Authority. |
| “VASP” | means an Entity Licensed by VARA to conduct VA Activity(ies) in the Emirate. |
| “Virtual Asset” or “VA” | has the meaning ascribed to it in the Dubai VA Law. |