Our Team

STA's Team of Lawyers in Abu Dhabi, Bahrain, Doha, UAE, Luxembourg, Moscow, RAK, Sharjah, and Singapore. Find a Lawyer. ..

Read more information

The new cybercrime law of UAE was enacted in January 2022

The new cybercrime law of UAE was enacted in January 2022

The long-awaited UAE Personal Data Protection Law, Federal Law 45 of 2021 on Personal Data Protection ("Law"), was issued on 27 November 2021. The Emirates Data Office ("Data Office"), constituted under Federal Law 44 of 2021, will serve as the new data regulator. The Data Officer will be in charge of executing the law and releasing enabling statutes and instructions, among other things. The law took its effect on 2 January 2022, and its Executive Regulations, which elaborated on essential themes, will be published within six months after that date (currently 28 May 2022). Controllers and processors will have six months to comply with the law from the date the Executive Regulations are released, though the Data Office has the authority to extend this term if required.

The law is strongly influenced by the EU General Data Protection Regulation (GDPR), and most of its core ideas, such as the data protection principles, are reflected in the legislation (i.e., the core principles that underpin all personal data processing such as a need to ensure that processing is fair, transparent and lawful; that the personal data processed is adequate and relevant for the purpose; and that the personal data is kept secure and protected against unauthorized processing using appropriate organizational and technical measures). The legislation aims to safeguard the public from online crimes committed through social media networks and information technology platforms and secure government websites and databases, and prevent the spread of rumors and false or misleading information.

Per the legislature, taking pictures of others in any public or private place, spreading, replicating, or storing the images electronically, as well as publishing news, photographs, scenes, comments, data, or information, even if they are true, with the intent of harming the person the photographs are taken of, is a crime punishable under the law amendment. Given the significance of these bodies, the Cybercrimes Law went even farther by referring to and mentioning those specific institutions to provide for a more severe penalty. Anyone who intentionally malfunctions, halts, damages/destroys an electronic system, website, or tool as specified in the Cybercrimes Law faces a term of imprisonment (not less than a year) and a fine ranging from AED 500,000 to AED 3 Million.

As of now, the effectiveness of legislation aimed at combating cybercrime has shown few, if any, of the expected flaws. However, it is widely acknowledged that a law is only as flawed as the authorities' methods for enforcing it. The UAE has demonstrated that its rapid response to the evolving nature of cybercrime will aid in maintaining the integrity of the cybercrime law's punishments and penalties.