Last review date: 10 December 2025

The main UAE federal laws are:

• Federal Decree-Law No. 45 of 2021 on Personal Data Protection ("PDPL")
• Federal Decree-Law No. 44 of 2021 establishing the Emirates Data Office
• Federal Decree-Law No. 31 of 2021 on Crimes and Penalties ("Penal Code")
• Federal Decree-Law No. 34 of 2021 on Combatting Rumours and Cybercrimes ("Cybercrimes Law")
• Federal Law. No 2 of 2019 on the Use of Information and Communications Technology in Healthcare ("Healthcare ICT Law")
• Federal Decree-Law No. 33 of 2021 on the Regulation of the Employment Relationship ("The Labour Law")

Further laws and regulatory requirements apply in particular contexts and to specific types of technology.

Last review date: 10 December 2025

There is no federal law on cybersecurity. Instead, cybersecurity issues are regulated at a sector level and by a range of policies, standards and guidelines. Not all of these requirements are routinely made publicly available.

Last review date: 10 December 2025

There is no general regulation of non-personal data.

Sectoral rules, such as those in telecoms, healthcare or financial services, may regulate categories of data that could include personal and non-personal data. The PDPL excludes from its scope government data and (to the extent that they are covered by separate legislation) financial and healthcare data.

In the Emirate of Dubai, the Dubai Data Law mandates the sharing, use and reuse of data relating to the Emirate.

Separate regulation on government data is anticipated, while the Central Bank of the UAE has issued various rules and standards imposing requirements on financial institutions regarding the protection of banking information and the Healthcare ICT Law includes provisions relating to the protection of health information.