Law Blog Categories


E-Commerce Regulations in the UAE

Published on : 14 Sep 2020

E-Commerce in the UAE

“We buy things we don't need, with money we don't have, to impress people we don't like.”

-Dave Ramsey

One of the most repeated lines from one of the most popular movies of the 20th century, one can see how the statement rings true in relation to a possession obsessed society. But while there might have been some truth to the statement, there is more to it than that, and that truth has evolved over the years. Our society thrives on possessions but also easiness in getting those possessions, and in this day and age, the convenience of the consumer is prime. The concept of caveat venditor being of primal importance in modern-day world trade combined with convenience and speed, the world has truly become a consumer's oyster. The drive for convenience has pushed the world to intertwine commerce with technology, and the concept of E-commerce is one we find harder to live without with every passing day, only to be fueled by the current state of the pandemic and heat. So, with the population moving towards digital platforms for their every need, what are the regulations of this market?

UAE, and in particular, Dubai, has one of the highest percentages of internet users in the world, clocking in at around 90 percent of the population actively engaged with the internet. The internet population of the UAE is the 4th highest in the Middle East region. Online retail sales have seen unprecedented growth in the last decade, with an estimated net value jump from 490 Million US Dollars to 1.6 Billion US Dollars in just a span of 5 years. The UAE also passed the Electronic Transaction and E-Commerce Law in January 2006. Although it is an act that covers matters of Electronic Records, documents, and signatures related to Electronic Transaction, it does not entirely cover the rest of related regulations and offences committed in the cyber world.

The offences committed on the internet are covered within various laws that are practiced in the UAE, as there is no specific act in place for the purpose. The cyberspace is monitored through a mixture of:

  1. UAE Regulatory Regime
  2. Publication and Publishing Law
  3. Cyber Crime Laws
  4. National Media Council Resolution Number 20
  5. TECOM Code of Guidance (For Dubai based tech companies)
  6. Media Zone Authority Content Code (For Abu Dhabi based tech companies)

As per Article 2 of the Act, any matter not mentioned under the E-Commerce Law of 2006 shall be covered as per International commercial laws affecting Electronic Transactions and Commerce.


To conduct activities of commerce in the country, a company is required to register through the Department of Economic Development of the concerned emirate or through the free zone, depending on the business module to be set up. Certain business types, like that of Uber and Careem, are operational only with permission certificates provided to them from the Tourism Department, even though their business module is heavily reliant on the internet.  


Businesses that are conducted on a B2C model will have to have specific contracts with their suppliers and partners, which shall be compliant with Civil and Commercial Codes. As is the requirement with every contract, there should be two consenting parties, a legal obligation, offer, acceptance, and consideration as can be seen with Article 130 of the Civil Code. The provisions of the contract acceptance and basis have been stated in Article 14, Chapter 4 of Electronic Transactions and Commerce Law. The regulations stated are as per:

2- Where the Originator has not agreed with the Addressee that the acknowledgment is given in a particular form or by a particular method, an acknowledgment may be given by:

a) any communication by the Addressee, electronic, automated or otherwise; or

b) any conduct of the Addressee, sufficient to indicate to the Originator that the Data Message has been received

3- Where the Originator has stated that the Data Message is conditional on receipt of the acknowledgment, the Data Message is treated as though it had never been sent until the acknowledgment is received

4- Where the Originator has asked for an acknowledgment but has not stated that the Data Message is conditional on receipt of the acknowledgment within the time specified or agreed, or if no time has been specified or agreed within a reasonable time, the Originator:

a) may give notice to the Addressee stating that no acknowledgment has been received and specifying a reasonable time by which the acknowledgment must be received; and

b) if the acknowledgement is not received within the time specified in para (a) of this subsection, may treat the Data Message as though it has never been sent, or exercise any other rights it may have

5- Where the Originator receives the Addressee's acknowledgment of receipt, it is presumed, unless evidence to the contrary is adduced, that the related Data Message was received by the Addressee, but that presumption does not imply that the content of the Data Message sent by the Originator corresponds to the content of the message received from the Addressee

6- Where the acknowledgment received by the Originator states that the related Data Message met technical requirements, either agreed upon or set forth in applicable standards, it is presumed, unless evidence to the contrary is adduced, that those requirements have been met

If the digital contract falls under above mentioned categories, then it is deemed to have been validated through acceptance and hence the parties shall be held compliant as per.

Electronic Signatures

In an attempt to regulate and malign contractual breaches occurring in the digital space, Federal Law Number 36 of 2006 was introduced legitimizing the value of electronic signatures as much as that of any other signatures recognized as per the Law of Evidence. The conditions prescribed for the validity of E-signatures can be seen in Article 17 of the Act, which states:

1- A signature shall be treated as a Secure Electronic Signature if, through the application of a prescribed Secure Authentication Procedure or a commercially reasonable Secure Authentication Procedure agreed to by the parties involved, it can be verified that an Electronic Signature was, at the time it was made:

a) unique to the person using it;

b) capable of identifying such person;

c) was, at the time of signing, under the sole control of the Signatory in terms of the creation data and the means used; and 

d) linked to the Electronic Record to which it relates in a manner which provides reliable assurance as to the integrity of the signature such that if the record was changed the Electronic Signature would be invalidated.


It is required of the parties to maintain the secrets told to them by the other party, in terms of trade, agreement, or any such type of information in relation to the trade. Although the Act does not provide for a penalty of any kind to those who violate the confidentiality clause, a party can be found guilty of the offence and punishable under Article 379 of the UAE Penal Code.

Confidentiality does not just extend to two contracting parties, but also to the end-users. If you own or run an app that collects sensitive user data, it is mandatory as per UAE Internet Guidelines that you protect the data from breach of any kind and in case such a breach is found, you shall be held liable and shall be asked to compensate and provide for the remuneration of the offence.

In the spirit of transparency, it is important of e-commerce businesses to state their privacy policy in a clear and legible manner to the layman, so that customer's scope to dispute is reduced. It has been noted that this scope to dispute is wide due to apps either tucking their T&C away or making it so complicated and lengthy that the customer would not be interested in reading it.

While there is still legislation to be brought on these terms, providing for Terms and Conditions upfront with a clickwrap method ensures that the user is aware of the terms he agrees to, as it is legible for a layman.


While the types of penalties that have been dictated in this Act is limited to digital documents (Articles 26-33), it is also important to note that Article 29 provides for punishment for any act committed through electronic means that may violate or constitutes an offence as per the laws in force in the country. Foreign nationals who are found violating the mentioned laws are also liable to be deported, if the courts may deem fit to do so, as per Article 32. So, while it is convenient to have deals and other transactions conducted online, and while it is not a space that is as rigidly regulated as the offline commercial world, it is worth noting that there is enough recognition by the country towards this side of the business and it is hence important to be cautious while conducting oneself on the World Wide Web. Overall, there is still an urgent requirement of stricter regulation of cyberspace as a consolidated law, as it is an impending need every passing day.

Related Publication

  • Company Formation in Luxembourg