The UAE's comprehensive cybersecurity framework — TDRA national standards, ADGM and DIFC free zone security requirements, CBUAE technology risk rules for financial institutions, and the UAE Cybersecurity Council.
Ask GCC LexAI about Cybersecurity →The UAE Cybersecurity Council (established 2020) sets national cybersecurity strategy and coordinates across agencies. TDRA enforces cybersecurity requirements for telecom and digital services. CBUAE, FSRA, and DFSA each impose sector-specific cybersecurity requirements on financial institutions in their jurisdictions.
CBUAE's Technology Risk Management (TRM) Standards require banks and payment service providers to implement information security governance, vulnerability management, incident response, and third-party risk controls. FSRA (ADGM) and DFSA (DIFC) have equivalent requirements under their respective technology risk frameworks.
Yes. UAE Federal Decree-Law No. 34 of 2021 on cybercrime provides criminal penalties for unauthorised system access, data breaches, and cyber fraud. The UAE National Cybersecurity Strategy (2019, updated) sets government-wide requirements for protecting critical information infrastructure across sectors including finance, energy, and healthcare.