Cyber safety and digital security are serious issues in the UAE. Read how the UAE is protecting its citizens and residents in this field and reinforcing digital trust.
Federal Decree Law No. 34 of 2021 on Combatting Rumours and Cybercrimes (available in Arabic only) took effect on 2 January 2022. It repeals Federal Law 5 of 2012 on Combatting Cybercrimes, as amended. The new law provides a comprehensive legal framework to address the concerns relating to the misuse and abuse of online technologies.
It aims to enhance the level of protection from online crimes committed through the use of information technology, networks and platforms. It further seeks to protect the UAE’s government websites and databases, combat the spread of rumours and fake news, safeguard against electronic fraud and maintain privacy and personal rights.
The law lists offences and penalties against any person who may create or use an electronic site or any information technology means for hacking, attacking or tampering with government information systems and data, disseminating false information, or information that harms the interest and the security of the UAE. Other cyber offences in the law include:
Read these articles from WAM, for more information:
Read about other cyber laws and regulations in the UAE.
You can report cybercrimes online through the following channels:
You can also report cybercrimes to the nearest police station in your area, or call 999 for help.
Related links:
In light of the rapidly evolving cyber threats, including hacktivists and organised cybercrime groups that challenge national security and compromise critical information assets, Telecommunications and Digital Government Regulatory Authority developed the ‘UAE Information Assurance Regulation’ to provide requirements to raise the minimum level of protection of information assets and supporting systems across all entities in the UAE. The regulation seeks a trusted digital environment throughout the UAE.
The IA Regulation provides management and technical information security controls for entities to establish, implement, maintain, and continuously improve information assurance. TDRA will designate the critical entities as per the UAE CIIP Policy to implement the IA Regulation and apply its requirements to the use, processing, storage and transmission of information or data, and the systems and processes used for those purposes. This includes information in physical or electronic form that may be owned, leased, or otherwise in the possession, custody, or control of the entities.
In particular, the IA Regulation provides:
Related links
80091 is the UAE Digital Wellbeing Support Line (content in Arabic), the first initiative of the Digital Wellbeing Council. The support line provides professional advice from dedicated experts for all members of the family on practical daily situations we face in the digital world.
The FedNet team is responsible for observing and monitoring the events and procedures of the FedNet round the clock, ensuring that the necessary actions are taken in case of errors or violations. A Security Information and Event Management (SIEM) system is operated by a dedicated 24/7/365 security operations centre (SOC) to manage all security events within FedNet.
The UAE is taking several other efforts to maintain and strengthen cybersecurity. Some of these efforts are mentioned below.
The UAE dedicated a Computer Emergency Response Team (aeCERT) to improve the standards of information security in the UAE and protect the IT infrastructure from potential risks and violations. aeCERT aims to support and ensure a safer cyberspace for the UAE nationals and residents and disseminate information about threats, vulnerabilities and cybersecurity incidents. Public may report any cybersecurity incidents through aeCERT.
Launching initiatives on cybersecurity
‘Cyber Pulse’ is an initiative that aims to encourage community members in the UAE to play a part in cybersecurity efforts. It seeks to enhance public awareness on suspicious online activities and the necessary steps to be taken from becoming a victim of ePhishing.
The initiative provides training courses, workshops and lectures about cybersecurity, and information on how community members could protect themselves in the digital world.
The first phase of the initiative targeted women and families. The second phase targeted students.
General tips
Web users should not:
Users should:
Signs of being a victim of electronic fraud (eFraud)
Signs include:
What should victims of eFraud do?
Victims of eFraud must not give in to any threats. They should report such incidents to official authorities immediately.
‘Cyber Pulse’ was launched by the UAE Cybersecurity Council, in collaboration with strategic partners.
The UAE Computer Emergency Response Team (aeCERT) jointly with Aqdar, launched the initiative Salim, an online cybersecurity advisor, with the slogan 'Towards a safe cyber culture'.
The goal of this initiative is to spread knowledge about cyber safety to the entire community and have a generation that has integrated knowledge about information security and is mindful when conducting activities online.
This initiative from TRA aims to train top UAE students to serve as ambassadors in promoting and spreading cybersecurity awareness across the UAE. Read about other cybersecurity initiatives in the UAE.
In 2016, the Dubai Police’s Al Ameen service in cooperation with the UAE's Telecommunications and Digital Government Regulatory Authority (TDRA) organised a cyber-blackmail awareness campaign. The campaign aims to protect victims from blackmailing by chasing all criminals in all parts of the world, in addition to issuing requests to the Interpol to hunt these criminals wherever they are. Read more on cyber blackmailing and how to stay safe.
The UAE’s National Cybersecurity strategy (PDF 18.7 MB) aims to create a safe and strong cyber infrastructure in the UAE that enables citizens to fulfill their aspirations and empowers businesses to thrive. The updated version of the strategy was launched in 2019 by Telecommunications and Digital Government Regulatory Authority (TDRA), the entity which is responsible for the ICT sector and digital transformation in the country. The strategy is based on 5 pillars and 60 initiatives aiming to mobilise the whole cybersecurity ecosystem in the UAE.
Read more on UAE' National Cybersecurity Strategy (NCSS).
The emirate of Dubai launched the Dubai Cyber Security Strategy (PDF, 2.67 MB) which aims to strengthen Dubai's position as a world leader in innovation, safety and security. One of the main domains of the plan is to build a secure cyber space by establishing controls to protect the confidentiality, credibility, availability and privacy of data. Read more on the Dubai Cyber Security Strategy.
The UAE maintains digital security of individuals through the UAE Pass app and Emirates ID.
The UAE Pass app
The UAE Pass app is the first national digital identity and signature solution that enables users to identify themselves to government service providers in all emirates through a smartphone-based authentication. It also enables users to sign documents digitally with a high level of security. The app is available on iTunes and Google Play.
Emirates ID
Federal Authority for Identity, Citizenship, Customs and Ports Security (ICP) succeeded in launching electronic identity cards for the whole population in the country including nationals and residents. The card carries biometric details of the holders an, in order to verify and confirm the identity of each individual through the personal number and the smart card related to the biological features of the individual.
What is an eSignature?
An eSignature is used in electronic messages to identify the signatory (the sender of the message) and distinguish them from everyone else. An eSignature also proves that the message received is the same message that was sent by the signatory and that nothing has been added, deleted or amended. It may consist of letters, marks, symbols, numbers, sounds or images.
An eSignature is as binding as a signature executed by hand. Federal Decree by Law No. 46 of 2021 on Electronic Transactions and Trust Services (PDF, 4.4 MB, available in Arabic only) approves the use of eSignatures in the UAE. To create an eSignature, you need an electronic signature creation device, and a digital certificate to be authorised to use this device. Certification services providers issue digital certificates. These certificates confirm the identity of the signature device holder.
What is a digital certificate?
A digital certificate is a certificate issued by a certification service provider, which confirms the identity of the person or entity holding an electronic signature creation device. An electronic signature creation device is a uniquely configured device or electronic information that enables a person to apply his e-signature in the form of electronic keys and symbols.
What is a digital certification service provider (DCSP)?
A digital certification service provider is an accredited or authorised natural person or legal entity that issues digital certificates and offers digital signature-related services.
How to apply for a DCSP license?
You can apply for a DCSP license through Telecommunications and Digital Government Regulatory Authority (TDRA). Obtaining a licence from TRA is required for all digital certificate service providers operating in the UAE with respect to eRecords, eDocuments and eSignatures related to eTransactions and/or eCommerce. To apply for a DCSP licence, you need to submit the following documents to TRA:
Digital signature and timestamp service
Federal Authority for Identity and Citizenship (ICA) offers digital signature and timestamp service. The service enables entities and individuals to sign documents and transactions digitally using their ID card, with a timestamp on the signature that shows the date and exact time of the signature. The timestamp cannot be changed or altered even by the owner of the digital signature which gives undisputed accuracy of document and transaction creation and updates.
ICA Validation Gateway-VG
To simplify the usage of the Emirates ID card and its certificates, Federal Authority for Identity and Citizenship (ICA) set up a Validation Gateway (VG). VG enables governments, organisations as well as individuals to make use of the Emirates ID card in an online scenario. The VG is a service available online that offers a wide variety of digital functionality related to the Emirates ID card. After approval from ICA, users can connect to the VG and perform online services using the Emirates ID cards for authentication and signing. Read more about ICA’s Validation Gateway.
Related eServices
Ministry of Interior and the National Programme for Happiness and Wellbeing launched the ‘Child Digital Safety’ initiative in March 2018, in a joint effort to raise awareness among children and school students about online threats and challenges, and promote a safe and constructive use of the internet.
The initiative also familiarises parents and educators with solutions they can use to address these challenges and ensure the safety of their children and students. It includes developing educational material on digital safety, facilitating children with global best practices in that domain, and providing advice to parents and teachers to enhance digital safety for their children at home and in the learning environment.
Four sub-initiatives to enhance digital safety of children
This initiative consists of four main sub-initiatives. They are:
Protection of children's data online
Article 29 of Federal Law No. 3 of 2016 Concerning Child Rights, also known as Wadeema's Law (PDF, 250 KB), states: The telecommunications companies and internet service providers shall notify the competent authorities or the concerned entities of any child pornography materials being circulated through the social media sites and on the Internet and shall provide necessary information and data on the persons, entities or sites that circulate such material or intend to mislead the children.
In addition, the Dubai Data Law (Law No. 26 of 2015 on the Organization of Dubai Data Publication and Sharing, PDF 250 KB) aims for data protection and privacy of all individuals including that of children.
The Sannif initiative was launched to enable parents to learn about eGames and assess their impact on their children.
The Digital Life Quality Knowledge Platform was launched to build the digital capacities of community members with focus on students, parents, teachers, people of determination and senior citizens.
ITU’s Child Online Protection (COP) Guidelines
ITU launched the 2020 Child Online Protection (COP) Guidelines to ensure that the rights of children are being respected when they are online. The guidelines are the product of the collaborative effort of 80 experts from different sectors including governments, international organisations, NGOs, academia and the private sector.
ITU has developed specific guidelines for:
In addition, ITU and its partners are in the process of launching training courses to educate everyone about children’s online safety. Discover and enrol for courses.
To support the implementation of the 2020 COP Guidelines globally, ITU further launched ‘Global Programme on Child Online Protection & Online Safety with Sango for Kids’.
Read more about the UAE’s Efforts Towards Child Online Protection (PDF, 6.30MB).
Watch this video
In November 2020, the UAE Cabinet agreed to establish the UAE Cybersecurity Council with the aim of developing a comprehensive cybersecurity strategy and creating a safe and strong cyber infrastructure in the UAE.
The council will be chaired by the Head of Cyber Security for the UAE Government and will contribute to creating a legal and regulatory framework that covers all types of cybercrimes, securing existing and emerging technologies and establishing a robust ‘National Cyber Incident Response Plan’ to enable swift and coordinated response to cyber incidents in the country.
Read related news coverage on WAM.
The UAE was ranked fifth globally for a robust cybersecurity infrastructure as per the Global Cybersecurity Index 2020 report, issued by International Telecommunication Union.
The report measured 193 countries for their cybersecurity infrastructure on the following five pillars:
Each pillar weighs 20 points. The UAE achieved a full score in the 3 pillars of legal measures, capacity development and cooperative measures. Its total score is 98.06 out of 100.
The UAE made a huge jump in its rank from 33rd in the 2019 report to 5th in 2020, where it shares its position jointly with Russia and Malaysia.
H. H. Sheikh Hamdan bin Mohammed bin Rashid Al Maktoum, Crown Prince of Dubai and Chairman of Executive Council of Dubai launched Dubai Cyber Index, an initiative aimed at supporting the efforts of Dubai Government entities to ensure the highest standards of cybersecurity. Being the first initiative of its kind in the world, the index seeks to establish Dubai as the city with the safest cyber space in the world.
The index is aligned with the goal of Dubai Cyber Security Strategy to protect Dubai from a range of cybersecurity risks and support the emirate’s economic growth. It is also part of the city’s efforts to drive rapid technological progress and digital transformation. Dubai Cyber Index seeks to promote healthy competition among government entities in the field of cybersecurity and encourage the development of capabilities and excellence in this area.
The index was developed by Dubai Electronic Security Center (DESC) as part of its mandate to implement a government information security policy that provides the highest benchmarks of cybersecurity in the emirate. DESC monitors government entities to ensure that they comply with the information security requirements in order to ensure effective and secure communication networks and information systems.
Watch video about Dubai Cyber Index.
Read related news coverage on WAM.
Popular searches
