Global menu

Our global pages


Provision of Digital Services Law in the Emirate of Dubai

  • UAE
  • Technology


On 14 March 2022, in his capacity as the Ruler of Dubai, His Highness Sheikh Mohammed bin Rashid Al Maktoum, Vice President and Prime Minister of the UAE, has issued Law No. (9) of 2022 regulating the provision of digital services in Dubai (the “Law”) which came into force on 24 March 2022.

The Objectives of the Law

The Law highlights the ambitions of the Emirate in as far as there is a general objective to digitally transform all sectors of the Emirate, from government down to private suppliers.

The Law provides a blueprint to support Dubai’s strategic plans towards digital transformation by implementing policies that will be issued in accordance with the Law, the aim of which is to build trust in the Emirate’s digital services. The Law stipulates that this shall be done by utilizing available technical developments to enhance and promote the quality of digital services, while concurrently simplifying procedures for obtaining such developments.

The Application and Remit of the Law

The Law is extremely broad in this context. It applies to:

  • Government Entities (the Law defines a “Government Entity” as “Government departments, bodies, public institutions, councils and government authorities, including those supervising private development zones and free zones, including the Dubai International Financial Centre, and any other public entity affiliated with the government.”)
  • Judicial Authorities (the Law states that this “Includes Dubai Courts and the Public Prosecution”)
  • Non-government actors (this term is undefined in the Law but we can presume that it casts the net of application if the Law to the private sector)
  • Customers (defined as “A person who applies to the Government Entity, the judiciary or the non-government entity through digital channels, to benefit from digital services.”)
  • Any other category determined by the Chairman of the Executive Board on the recommendation of the Dubai Digital Authority

The Envisioned Outcomes of the Law

The above-mentioned entities, which presumably include nearly all government and non-government entities in Dubai (the “Applicable Entities”), must provide current and future digital services to their Customers, in accordance with any resolutions to be issued under the Law. If and when the Applicable Entities provide digital services, they must make them accessible to Customers, including persons of determination, through digital channels or otherwise, and provide the technical support required by Customers in furtherance of the same, with cost and undue burden to the Customer.

The Applicable Entities must follow the plans approved and adopted by the Dubai Digital Authority1 for digital service delivery, as well as adhere to the electronic security requirements and standards adopted by the Dubai Electronic Security Centre (“DESC”).

In addition, government and judicial authorities must adhere to the financial systems and e-payments adopted by the Finance Department, and all Applicable Entities must adhere to any issued information security and business continuity policies referenced under the Law or it’s implementing regulations.

The Law provides that Government entities or the judicial authority may, after obtaining the approval of the competent authority and the Financial Department, outsource digital services to any public or private entity on its behalf, or to provide the necessary systems, software and digital channels necessary for the provision of their digital services or the management and operation of such systems and software.

The Privacy Principles to be Considered

Applicable Entities must ensure classification of data relating to the provision and exchange of digital services, in accordance with the Dubai Law No. 26/2015 on the Regulation of Data Dissemination and Exchange in the Emirate of Dubai. Law No. 26/2015 requires, at a high level, that data be classified as either open data or shared data, or otherwise in accordance with the Dubai Data Directory, which is a document that comprises a set of rules, criteria, forms and mechanisms for regulating data dissemination, exchange and protection.

All employees and staff of the Applicable Entities are bound by the criteria for privacy protection, so that information and data of Customers are only accessible in accordance with the legislation in force (including the Personal Data Protection Law of 2021) and only by the employees and staff concerned with the provision of digital services. All controls and mechanisms should be implemented in accordance with DESC requirements, along with any other legal controls and mechanisms relevant to the Applicable Entities.

The Customers’ Obligations and Responsibilities under the Law

Customers must update their data held by any of the Applicable Entities (acting as a digital service provider to the Customer) as required, and must abide by the controls and requirements specified by the digital service provider.

In fact, the Law provides that the digital service provider shall not bear any liability to the Customer or third parties for any damages, whether civil, penal, or administrative, that may be caused to them as a result of the Customer’s non-compliance with, or breach of, any of its obligations under the Law or associated regulations. he Customer will bear sole liability for incurred as a result of such a breach.


It is clear that this Law has the general intention of reshaping Dubai digital offering on the entire Emirate level. This is evidenced by the fact that the Law is not directed at one specific sector or otherwise limited in scope, but is rather applied in blanket form. How exactly this digital transformation will be executed, however, remains to be seen in the implementing regulations to be issued in due course.

To that end, it was announced by the Dubai Media Office that the Chairman of The Executive Council of Dubai will issue a decision on the various stages of implementing the Law, in line with the recommendations of the Digital Dubai Authority. We eagerly await this decision and look forward to the clarify that it will bring to the Law’s implementation phase.



1 The authority was established by His Highness Sheikh Mohammed Bin Rashid Al Maktoum, in June 2021 to develop and oversee the implementation of policies and strategies that govern all matters related to Dubai’s information technology, data, digital transformation, and cyber-security. It brings together the expertise of four entities – Dubai Electronic Security Center, Dubai Statistics Center, Dubai Data Establishment, Smart Dubai Government Establishment - to ensure the city collaboratively achieves the vision of the city’s leadership to make Dubai a globally leading digital economy.