DIFC Regulation 10 establishes an accreditation and certification framework for autonomous and semi-autonomous systems that process personal data within the Dubai International Financial Centre (DIFC). It outlines the criteria for accrediting certification bodies and the requirements for certifying systems used in high-risk processing activities, ensuring compliance with the Data Protection Law and Regulations.
Key requirements
- Accredited Certification Bodies must demonstrate independence and expertise in the subject matter of certification.
- Accredited Certification Bodies must establish transparent procedures for complaints handling and dispute resolution.
- Deployers, operators, and providers of systems must adhere to principles outlined in the Systems Certification Program Requirements.
- Systems must meet audit criteria as defined within the framework.
Applies to: Any person to whom the Data Protection Law, DIFC Law No. 5 of 2020, and the DIFC Data Protection Regulations 2020 applies, specifically those involved with autonomous and semi-autonomous systems processing personal data.