Cybercrimes: Regulatory Framework and Corporate and Directors Liability

Copyright © 2025 LexisNexis. All rights reserved.

Overview

The increase in digitisation brought with it a heightened risk of cybercrimes. This Practice Note will address the threat of cybercrimes in the United Arab Emirates (UAE), the regulatory framework surrounding it and its impact on companies operating in the region.

Definitions

  • ADDA: Abu Dhabi Digital Authority.

  • CIIP Policy: Critical Information Infrastructure Protection Policy.

  • DESC: Dubai Electronic Security Center.

  • FIU: Financial Intelligence Unit.

  • IAR: UAE Information Assurance Regulation.

  • IAS: UAE Information Assurance Standards.

  • NESA: National Electronic Security Authority.

  • NIAF: National Information Assurance Framework.

  • SIA: Signals Intelligence Agency.

  • TDRA: Telecommunications and Digital Government Regulatory Authority.

Practical Guidance

Cybercrimes in the Middle East

The threat of cybercrime is a global issue everyone is being forced to deal with. Nevertheless, circumstances in the Middle East make this region more susceptible to cybercrime. The geopolitical instability in the Middle East, coupled with a concentration of wealth among certain public and private institutions, makes it an attractive target. Moreover, industry reports indicate elevated targeting and rising malware detections in parts of the Middle East compared with other regions.