The United Arab Emirates has adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

Under Section 1 of the Telecommunications Equipment Type Approval Regime, the authorisation of telecommunications equipment is determined by its potential impact on safety, electromagnetic compatibility (EMC), and the efficient use of radio spectrum. Section 4.1 introduces a three-tier compliance framework based on risk and technical complexity. Level 1, applicable to low-risk devices such as short-range devices (SRDs), NFC, RFID, bluetooth, and Wi-Fi-only tablets, relies on a supplier’s declaration of conformity (SDoC) in accordance with ISO/IEC 17050-1:2004. Level 2, covering medium-risk equipment such as GPS trackers, SIM-based radios, and modems, requires proof of conformity through International Laboratory Accreditation Cooperation (ILAC)-accredited test reports or certificates from Telecommunications and Digital Government Regulatory Authority (TDRA)-recognised entities. Where such evidence is unavailable, TDRA may mandate additional testing at the applicant’s expense. Level 3, reserved for high-risk equipment such as mobile phones, demands test reports from recognised laboratories and supplementary testing at TDRA’s national laboratory, alongside submission of product samples.
Sections 4.15 and 4.16 outline the acceptance of external conformity evidence. Under Section 4.15, the TDRA recognises technical test reports from laboratories accredited to ISO/IEC 17025 by ILAC members and reports submitted under mutual recognition agreements (MRAs). Section 4.16 extends recognition to type approval certificates issued by certification bodies accredited to ISO/IEC 17065 by International Accreditation Forum (IAF) members or appointed under MRAs.

According to Section 7.11 of the Internet of Things (IoT) Regulatory Policy, IoT service providers are required to use an encryption standard that fulfills requirements of the competent UAE authorities. In instances where an IoT Service Provider uses or intends to use an encryption standard higher than the approved one, the loT Service Provider shall seek an explicit case-by-case approval from the Digital Government Regulatory Authority (TDRA).

According to Art. 5 of the Federal Decree-Law No. 14 of 2023 Concerning Modern Technology-Based Trade, one of the requirements for engaging in “modern technology-based trade”- defined as the sale and purchase of goods, services, and related data through technological platforms or modern technology, including websites, e-platforms, smart applications, electronic or digital commerce, and social media platforms - is the obligation to obtain the necessary approvals, permits, and licences from the competent authority.
As indicated on the UAE Government portal, establishing an online business on the UAE mainland requires an application to the Department of Economic Development (DED) in the relevant emirate. In addition, all eTrade licences must be approved by the Telecommunications and Digital Government Regulatory Authority (TDRA), which regulates the e-commerce framework and transactions at the federal level. The portal also highlights emirate-specific licensing schemes, including the eCommerce licence in Abu Dhabi (introduced in 2017), the eTrader licence in Dubai, and the Eitimad domestic licence in Sharjah.

It is reported that the de minimis threshold, that is the minimum value of goods below which customs do not charge duties, is AED 1,000 (approx. USD 270).

According to Section 7 of the Internet of Things (IoT) Regulatory Policy, IoT service providers are required to register with the Telecommunications and Digital Government Regulatory Authority (TDRA) and obtain an IoT Service Provider registration certificate. As a prerequisite, providers must establish a local presence in the UAE or appoint an authorised representative who is physically based in the country and responsible for liaising with the TDRA and other law enforcement agencies. The Regulatory Procedure for Internet of Things (IoT) further specifies the application and approval process.

Federal Law No. 15/2020 concerning Consumer Protection, its Executive Regulation, and Federal Decree-Law No. 14/2023 on Trading by Modern Technological Means provide a comprehensive framework for consumer protection that also applies to online transactions.

It is reported that, within the framework of import and export regulations in the United Arab Emirates (UAE), all DVDs and other media materials must be submitted to the National Media Council (NMC) for prior content approval. In addition, a licence issued by the NMC is required for the import and distribution of such media within the UAE. These provisions equally apply to digital content and media disseminated via local domains.

The United Arab Emirates has progressively adopted measures to enhance the participation of Emirati nationals in the workforce. Ministerial Resolution No. 279 introduced the first phase of mandatory Emiratisation quotas, requiring private sector companies with 50 or more employees to increase their share of skilled Emirati workers by 2% annually, with the objective of reaching 10% by 2026. Subsequently, Ministerial Resolution No. 455 of 2023 broadened the scope of these requirements to cover specific sectors, including ICT-related activities such as data processing, web hosting, and associated services. Under this framework, companies with a workforce of 20 to 49 employees are required to employ at least one UAE national from 2024, rising to a minimum of two by 2025.

According to the UAE Import and Export Guide, export activities require a valid trade licence issued by a competent UAE authority, as well as registration with the Customs Department. It has been reported that such licences are currently issued by the respective local customs authorities; however, efforts are ongoing to establish a unified, UAE-wide licensing system.

Art. 9 of Federal Decree-Law No. 43 of 2021 prohibits the export of items within its scope without prior authorisation. This provision applies to a range of goods listed in the schedule of controlled commodities adopted under Cabinet Resolution No. 50 of 2020. The latter includes electronics, computers, and telecom and information security.
In addition, the Lists of Prohibited and Restricted Goods in the States of the GCC establish categories of goods subject to trade restrictions. Telecommunications-related equipment, specifically base stations (HS code 8517.61.00) and transmission apparatus incorporating reception apparatus (HS code 8525.60.00), is included in the restricted list. The export of such items may require prior authorisation or the issuance of special licences by the competent authorities.

A basic legal framework on intermediary liability for copyright infringement is absent in the United Arab Emirates' law and jurisprudence.

A basic legal framework on intermediary liability beyond copyright infringement is absent in the United Arab Emirates' law and jurisprudence.

Pursuant to Section 8.1 of the Registration Requirements for Mobile Consumers, a licensee shall not activate mobile services on a SIM card for any new consumer until that consumer has been duly registered. In accordance with Section 5.4, licensees, acting exclusively through their authorised representatives, are obliged to obtain registration details from mobile consumers. For individual consumers, such details include the full name, a mailing address within the United Arab Emirates (or, where unavailable, an alternative contact address within the UAE), nationality, and an identification document as specified in Sections 1.1-1.3. Where the consumer is a business entity, the licensee must collect alternative registration particulars as prescribed by the policy. Section 6.1 further mandates that licensees verify the accuracy of the information submitted during the registration process. The term “licensee” is defined under the Federal Law by Decree No. 3 of 2003 as Etisalat Corporation and any other entity licensed by the Telecommunications and Digital Government Regulatory Authority (TDRA) in accordance with the Law and its Executive Order. It is also reported that the United Arab Emirates currently employs biometric verification measures, including the collection of consumers’ fingerprints, as part of the SIM card registration process.

According to Section 9.1 of the Internet Access Management (IAM) Regulatory Policy, telecom licensees are responsible for implementing and maintaining a technical system for classifying and detecting prohibited content, in compliance with the provisions published by the Telecommunications and Digital Government Regulatory Authority (TDRA). Section 9.2 further provides that all licensees must bear the direct setup and maintenance costs of implementing this policy and any related regulatory procedures. They are also responsible for covering the costs associated with enabling the TDRA to monitor compliance and ensuring that the TDRA has access to all complaints, observations, comments, and messages submitted by users in relation to the policy.