It is reported that the United Arab Emirates requires functional and accounting separation for telecommunications operators with significant market power (SMP). While the functional separation requirement has not been found in the legal texts, the accounting separation can be found in the Instructions Cost Accounting, Accounting Separation and LRIC Modelling.

In accordance with Art. 3 of the Council of Ministers Resolution No. 55 of 2021, foreign investors seeking to participate in any of the strategic activities listed in Art. 2, including the telecommunications sector, are required to submit a licence application to the competent authority. For the telecommunications sector, the Public Authority for the Regulation of the Telecommunications Sector and Digital Government must approve the FDI licence applications and determine: (i) the proportion of national and/or foreign participation in the company’s capital; and (ii) where applicable, the proportion of national and/or foreign representation on the board of directors.
Moreover, according to Art. 12 of the Resolution No. 9 of 2023, an entity is eligible to apply for a licence if is incorporated under the Commercial Companies Law, and foreign shareholding does not exceed 49%, with the remaining 51% held by one or more national citizen partners, unless otherwise approved by the board of directors of the Telecommunications and Digital Government Regulatory Authority (TDRA).
Moreover, according to Art. 2.6 of the Resolution No. 9 of 2023, the number and scope of any licences shall be determined by the Board, and may be restricted depending on:
- The level and state of competition in the telecommunications sector in the State; or
- The availability of the scarce resources (e.g. spectrum and numbers); or
- The implementation of any technical restrictions to regulate the use of scarce resources; or
- Any other reason determined by the board of directors of the Telecommunications and Digital Government Regulatory Authority (TDRA).
Under Art. 8 further states that a licence may be revoked if a competent authority determines that is in the national interest to do so.

The United Arab Emirates has not appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.

Art. 6 of the Federal Decree-Law No. 3 of 2003 establishes the Telecommunications and Digital Government Regulatory Authority (TDRA) as an independent regulatory body. The Authority is vested with a distinct legal personality and full capacity to perform legal acts under the Decree-Law and its implementing regulations, including the ability to contract, acquire and lease property, and initiate legal proceedings. According to Art. 7, the authority has financial and administrative independence in the management of its affairs, thereby ensuring autonomy in the exercise of its regulatory functions.

Art. 6.1.6.3 of the Consumer Protection Standards stipulates that all licensed financial institutions, including banks and other regulated entities, are required to retain and store all consumer and transaction data within the United Arab Emirates, in accordance with the directives issued by the Central Bank. In addition, as a minimum requirement, such institutions must establish a secure and reliable backup of all consumer data and transactional records at an alternative location, ensuring compliance with the retention period prescribed under Art. 6.1.6.

Pursuant to Arts. 14.22 and 1.71 of the Retail Payment Services and Card Schemes Regulation, legal entities authorised to provide one or more retail payment services are required to store and maintain personal and payment data within the United Arab Emirates. In addition, a secure and reliable backup of all such data must be established at an alternative location and retained for a mandatory period of five years.

Pursuant to Art. 10.6 of the Stored Value Facilities (SVF) Regulation, an SVF Licensee is required to ensure the adequate protection of customer data, including customer identification details and transaction records, which must be stored and maintained within the United Arab Emirates. The term Stored Value Facility refers to a facility, other than cash, in respect of which a customer, or another person acting on the customer’s behalf, remits a sum of money (including monetary equivalents such as value credits, reward points, crypto-assets, or virtual assets) to the issuer, whether directly or indirectly, in exchange for: (a) the storage of the value of that money (including monetary equivalents such as value credits, reward points, crypto-assets, or virtual assets), in whole or in part, on the facility; and (b) the performance of the "relevant undertaking". The definition of SVF encompasses both device-based stored value facilities and non-device-based stored value facilities.

Art. 13 of Federal Law No. 2 of 2019 establishes a general prohibition on the transfer, storage, generation, or processing of health data relating to health services provided within the United Arab Emirates outside its territory, save where authorised by a resolution issued by an Emirate-level health authority in coordination with the Ministry of Health and Prevention. Ministerial Decision No. 51 of 2021, under Art. 2, enumerates ten exceptions to this prohibition, including, inter alia, overseas treatment, medical diagnostic testing, scientific research (the Decision specifically requires prior approval from the competent health authority for the use of health data in scientific research), insurance claims and coverage, cooperation with governmental or international organisations, the use of wearable health monitoring devices, pharmacovigilance reporting, telemedicine, data expressly approved by a competent health authority, and transfers effected pursuant to a formal written request by the data subject or their legal representative. Arts. 3-5 of the Decision impose stringent conditions on most of these exceptions, such as obtaining the prior written consent of the patient or their representative where applicable, encrypting data prior to transmission, employing secure communication channels, and retaining a complete copy of the data within the State irrespective of any authorised cross-border transfer.

According to Section 7.8.2.2 of the Internet of Things Regulatory Policy, IoT service providers must ensure that all government data classified as secret, sensitive, or confidential is stored exclusively within the United Arab Emirates under all circumstances. Section 1.3 of the Policy further defines these classifications based on the potential harm resulting from a breach of confidentiality or uncontrolled disclosure: confidential data is that whose unrestricted disclosure could cause limited harm to individuals, businesses, or the government; sensitive data is that whose disclosure could result in significant harm to these entities; and secret data is that whose disclosure could severely compromise the supreme interests of the State and cause very substantial damage to individuals, businesses, and the government.

Pursuant to Arts. 22 and 23 of the Federal Decree by Law No. 45 of 2021 Concerning the Protection of Personal Data, the transfer of personal data outside the United Arab Emirates is permissible under specific conditions authorised by the UAE Data Office. Such transfers may occur where the recipient state or territory has enacted legislation ensuring an adequate level of personal data protection, encompassing essential provisions, safeguards, and enforcement mechanisms to uphold confidentiality, privacy, and the data subject’s legal rights, including the imposition of appropriate measures on controllers or processors by a judicial or regulatory authority. Transfers are also permitted where the UAE is party to bilateral or multilateral agreements concerning personal data protection with the destination state. In the absence of adequate protection in the recipient jurisdiction, cross-border transfers may proceed under a binding contractual arrangement obliging the foreign entity to adhere to the requirements of the UAE law and to submit to supervisory or judicial oversight as stipulated in the agreement. Additionally, transfers are allowed with the explicit consent of the data subject, provided such action does not contravene national security or public interest; where necessary for the establishment or defence of legal claims; for the conclusion or performance of a contract involving the data subject or a third party acting in their interest; for the execution of measures related to international judicial cooperation; or where required to safeguard the public interest.

The United Arab Emirates has ratified the World Intellectual Property Organization (WIPO) Copyright Treaty.

The United Arab Emirates has ratified the World Intellectual Property Organization (WIPO) Performances and Phonograms Treaty.

The United Arab Emirates lacks a comprehensive framework in place that provides effective protection of trade secrets, but there are limited measures addressing some issues related to them. Part 6 of the Federal Decree-Law No. 11 of 2021 is the primary instrument covering “undisclosed information” as a form of industrial property. It defines what constitutes undisclosed information and specifies the scope of protection, but does not provide penalties or remedies for infringement. Complementary provisions are included in the Federal Decree-Law No. 50 of 2022 (Commercial Transactions Law), which grants civil protection through unfair competition rules, including prohibitions on inducing employees to disclose a competitor’s trade secrets, with liability for damages in case of breach. In addition, the Federal Decree-Law No. 31 of 2021 (Crimes and Penalties Law) criminalises the unauthorised disclosure of secrets obtained in the course of professional duties.

The country imposes a requirement for infrastructure sharing in order to facilitate the provision of telecommunications services to end-users. Pursuant to Art. 41 of Federal Law by Decree No. 3 of 2003 regarding the Organisation of the Telecommunications Sector, Etisalat (one of the two telecom operators currently licensed to operate in the country) and its affiliated entities are required, upon request by the competent Authority, to provide connection to licensees seeking shared access to telecommunications infrastructure in a prompt, efficient, and cost-effective manner.
In addition, under Art. 14, the Telecommunications and Digital Government Regulatory Authority (TDRA) is vested with the authority to promulgate regulations, directives, decisions, and procedures governing the sharing of infrastructure among licensees, including the determination of terms, conditions, and pricing for such arrangements. The Interconnection Instructions impose obligations on licensed operators to enable passive infrastructure sharing. Sections 3.11-3.13 require operators to provide site sharing services, covering the joint use of mobile network sites such as towers, feeders, and associated rooms, and facility sharing services, which include passive elements like ducts, conduits, rights-of-way, poles, cabling, and power supply, supported by service level agreements to ensure operational reliability. Infrastructure sharing is also mandated under the prevailing regulatory framework. Complementing these requirements, Sections 4.6-4.8 establish procedural obligations for planning, forecasting, ordering, and maintaining shared sites, facilities, and infrastructure, ensuring that sharing arrangements are implemented systematically and in compliance with technical, environmental, and security standards.

The United Arab Emirates is not a party to the World Trade Organization (WTO) Agreement on Government Procurement (GPA).