The United Arab Emirates (UAE) has one of the strongest cybersecurity infrastructures globally. However, individuals, businesses, and even the government still suffer from cyber attacks. Online financial scams and cybercrimes like identity theft are common, and the government has responded by supporting the cybersecurity job market, adjusting visa requirements to attract and retain top talent from around the globe, and improving digital safety in the UAE.
Here’s the Remitly guide to the practices you can undertake as an individual, or as part of an organisation, to keep you safe.
Understanding digital safety and security
If you move to the UAE, you’ll likely spend a lot of time online, using the internet to connect with friends and family, find and rent a property, send money back home, do your banking, book a taxi, order food, consult a doctor, and more. In the UAE, the list of what you can get done online is a long one.
Unfortunately, your internet activities can expose you to malicious people who may steal your information, try to gain unauthorised access to your accounts, and damage your finances and your reputation.
Digital safety focuses on your awareness and ability to implement safe online practices and reduce your risk of falling victim to these attacks. But you’ll also need secure software and devices to stay safe. That’s what digital security is about; using techniques—like encrypting personal data—and technology to protect digital infrastructure and systems.
Importance of digital safety in the UAE
The world is increasingly digital, and the UAE is no exception. The country has undergone, and is still going through, rapid digital transformation and this will only increase your reliance on the internet over time.
Government initiatives like Smart Dubai, the digital national identity UAE PASS, the Federal Network (FedNet), the expansion of the 5G network, and the National Innovation Strategy have contributed to making the UAE a global tech leader.
Unfortunately, such growth means more chances for cyber crime, so strong cybersecurity measures are needed to protect everyone—immigrants, citizens, businesses, and the government alike—and critical infrastructure from malicious attempts to do digital harm.
UAE cyber laws and regulations
Cybersecurity in the UAE takes the form of a series of cyber laws and regulations to ensure your digital safety:
Federal Law by Decree No. 3 of 2003
This law established the Telecommunications and Digital Government Regulatory Authority (TDRA) as the body responsible for overseeing the telecommunications sector in the UAE and issuing licences, among their other responsibilities.
The TDRA ensures that service providers comply with government regulations. For example, it has restricted WhatsApp’s voice and video calling features for digital security reasons.
Federal Decree Law No. 34 of 2021
This law on combating rumours and cybercrime protects against misuse and abuse of the internet. It protects against spreading damaging or false rumours, fake news, and electronic fraud. It also maintains your privacy and personal rights.
The law highlights these offences specifically:
- Spreading false data by creating or modifying robots, doctoring electronic documents (like medical documents), and false advertising.
- Online bullying activities include invasion of privacy, blackmail, extortion, insult, slander, and offending a country or religion.
- Begging online.
- Not following published media rules, such as creating illegal content, promoting human trafficking, and raising funds or running surveys without a licence.
- Money laundering, transferring, possessing, and using illegal money.
- Promoting explosives and firearms.
Federal Decree by Law No. 46 of 2021
The UAE uses this decree to lay down its guidance on electronic transactions and trust services. It protects you, the consumer, by managing how the businesses you’re dealing with guard your rights and privacy. It also ensures the legal validity and security of electronic signatures and documents.
Federal Decree Law No. 2 of 2019
This law has been around for a while to help fight against cybercrime with strict penalties for unauthorised access to IT systems. That means trying to steal or misuse data, online fraud, identity theft, blackmail, and phishing—posing as somebody else in emails, text messages, or websites to trick people into revealing sensitive information like passwords or credit card details.
National Cloud Security Policy 2023
This policy enhances cloud security in the UAE. The cloud is a hacker’s gold mine—a network of remote servers storing data, all accessed through the internet. Businesses like banks, which handle sensitive customer information, must use secure cloud services under the National Cloud Security Policy.
Article 10
Article 10 comes from a law in 2021 that prohibits getting round IP address security—the unique number assigned to each device that connects to the internet—to commit cybercrime or prevent detection of the crime. Anybody caught doing this in the UAE may be imprisoned and/or asked to pay a fine of at least 500,000 AED. It may even get as high as 2,000,000 AED.
Data protection and privacy laws
The UAE’s laws also protect your personal data to keep businesses and organisations accountable, strengthen data security, and enhance your data security. It means customers should be able to trust most businesses operating legally within the country.
Some important UAE data protection laws
Federal Decree by Law No. 45 of 2021
This is known as the Personal Data Protection law. It applies to anyone who controls or processes data located in the UAE, or anybody outside the UAE who’s processing UAE residents’ data.
Under this law, you have several rights:
- To find out what personal data of yours is being processed, and why.
- Know who your personal data is being shared with.
- Have your data sent to you in a readable format.
- Edit or delete it.
- Restrict or stop people processing it.
- You can complain to the UAE data office if your rights have been infringed.
Law No. 26 of 2015
This older law regulates the exchange of data in Dubai, especially as it transforms into a smart city. It requires data providers to protect your confidentiality and privacy.
Cybersecurity measures in the UAE to ensure compliance for digital users and businesses
The law is one thing, but action is what actually matters, and the UAE’s government does its part to support digital users and businesses:
United Arab Emirates Computer Emergency Response Team (aeCERT)
This TDRA initiative aims to improve cybersecurity standards and protect infrastructure. The team publishes information about new cybersecurity threats, vulnerabilities, and recent incidents so everybody knows what to look out for.
Cyber Pulse initiative
Cyber Pulse encourages UAE residents—locals and immigrants alike—to participate in cybersecurity efforts and initiatives. It helps to improve digital literacy and promote best practices even among individuals.
Cyber Sniper Initiative
In businesses and other large organisations, sometimes the cyber threats, whether from inside or outside, can be unintentional. Mistakes like opening malicious emails, accidentally sharing data or writing down things like passwords can open the door to cyberattacks. So, this initiative focuses on making sure UAE government employees are up to date with the latest cybersecurity skills—like ethical hacking—to protect critical infrastructure.
National Cybersecurity Strategy
This was developed by the UAE’s Cybersecurity Council to help the public sector, academia, the private sector, and international groups create safe and resilient cyber infrastructure.
Cybersecurity is an ‘arms race’, so this initiative encourages organisations to do regular risk assessments, implement strong security controls, train employees, monitor systems regularly, maintain comprehensive documentation, and stay updated on evolving regulations and industry standards.
This also means:
- Protecting people and infrastructure from cyber threats.
- Creating and strengthening a safe and strong cyber infrastructure.
- Promoting cybersecurity awareness.
- Sharing information and supporting collaboration with government bodies, private organisations, individuals, and other stakeholders.
- Developing laws and regulations to ensure digital safety.
- Establishing the UAE as a leader in cybersecurity.
- Responding to cyber attacks.
Legal implications of cyber threats
We’ve already seen from the size of the fines for Article 10 violations that the UAE takes these things very seriously. And it’s not just Article 10 that carries some very serious punishments:
| Incident/offense | Potential punishment |
| Hacking | Up to seven years in prison
Between 100,000 and 1,500,000 AED fine |
| Causing harm to information systems, including government and critical facilities | One year in prison
Between 500,000 and 3 million AED fine |
| Handling personal data without consent | Six months in prison
Between 20,000 and 100,000 AED fine |
| Handling government data and information without permission | Seven years in prison
Between 500,000 and 5 million AED fine |
| Creating fake emails, websites, and electronic accounts | Five years in prison
Between 50,000 and 2 million AED fine |
| Collecting and processing personal information for UAE residents and citizens in violation of the law | Between 50,000 and 500,000 AED fine |
| Offending a foreign country | One year in prison
Between 500,000 and 1 million AED fine |
Reporting cybercrime in the UAE
The government provides quick and easy ways to report cybercrime, too. If you’re a victim of one of these crimes, you can:
- Head to the nearest police station.
- Report to the police through legitimate websites—e-crime for Dubai police and Aman service for Abu Dhabi police, for example.
- Call 999 for help.
- Use the eCrimes platform set up by the UAE’s Ministry of Interior.
- Install the ‘My Safe Society’ app, launched by the UAE’s Federal Public Prosecution, on your Android or iOS device, then use it make the report.
Addressing specific cybersecurity threats in the UAE
So, the UAE does its bit to protect you from cyber attacks as much as possible. But there’s more you can do for yourself. Understanding and identifying common threats is your first line of defence:
- Phishing
Attackers impersonate trusted sources to trick you into revealing personal information. - Malware
Malicious software designed to harm your computer, usually disguised as a legitimate file you’re asked to open. - Ransomware
A type of malware that restricts you from using your computer and accessing files until you pay the attacker some money. - Distributed Denial of Service (DDoS) attack
A malicious attack that forces your computer or website to go offline. These are usually directed at companies to try to extort money from them. - Brute force attack
Attackers guess many different passwords, hoping they’ll get the right one to gain access to your account. - Data breach
This happens when someone accesses data without authorisation. - Business email compromise
Attackers impersonate people you trust, like suppliers or bosses, hoping that you’ll share sensitive information.
Implementing safe online practices
As we’ve mentioned, simple mistakes could expose you and your company to cyber threats. So, it’s best to learn and implement safe online practices on your own and your work’s computers.
For individuals and families:
- Use strong passwords.
- Don’t publish things like your address or date of birth on social media.
- Turn on multi-factor authentication wherever it’s available.
- Don’t log in to sensitive websites like your bank account on public Wi-Fi. Avoid unsecured public networks completely if you can.
- Keep your software up to date.
- If you’re using shared computers, log out of your account when you’re finished.
- Restrict access to sensitive information to authorised people only.
- Don’t write passwords in accessible places like your work notebook.
- Avoid clicking on any suspicious links.
- Confirm that the email is from legitimate senders. Attackers use copycat emails to trick you into thinking the email is authentic.
- Never share your password and One-Time-PINs.
- Don’t share personal details like credit card details.
- Monitor your statements for unusual activities to flag transactions you don’t understand on websites such as shopping sites.
Tips for professionals and organisations
- Secure company mobile devices.
- Regularly back up data.
- Encrypt data so only people with the secret key can decrypt the information and read it.
- Use a privacy screen if you sit in a shared space and handle sensitive data.
- Install the latest antivirus and malware protection.
- Be cautious about suspicious emails. Flag and report them to the IT department.
- Only store data for as long as you need it. If you have employees, train them on how to delete data securely.
- Hire a specialist to wipe data off old equipment and delete personal data before getting rid of any old equipment like laptops.
The UAE’s laws and regulations are a strong foundation for protecting you from cybercrime, but you have to do your bit as well. We hope this guide will help you keep you and your data safe.
FAQs
What’s Article 10 of the UAE cyber law?
It prohibits circumventing an IP address to commit cybercrime or prevent crime detection. Offenders may be imprisoned and/or asked to pay a fine between 500,000 and 2 million AED.
What’s the difference between digital safety and digital security?
Digital safety focuses on your awareness and ability to implement safe online practices. Digital security is about the tools and technology you can use to protect your infrastructure and systems, like encrypting data.
What’s the UAE’s cloud security policy?
It’s a cyber security policy that guides how to safeguard data held in the cloud.
What is the UAE Cybersecurity Council?
It’s a department within the UAE’s government set up to lead the way in strengthening the Emirates’ cybersecurity landscape through cybersecurity strategies, strong cyber infrastructure, and a working National Cyber Incident Response Plan.