🇦🇪 United Arab Emirates

Cyber compliance in United Arab Emirates

Everything about cybersecurity obligations applicable in United Arab Emirates. Mandatory frameworks, recommended standards, competent authorities, and penalties.

Legal obligations

Mandatory frameworks

Compliance frameworks mandated by regulation in United Arab Emirates.

Mandatory188 controles

NESA Standards

SIA (ex-NESA)

SIA (formerly NESA) electronic security standards. Mandatory for government entities and critical sectors in the UAE.

MandatoryMultiple lois

Lois sur la protection des donnees

TRA / ADGM / DIFC

Composite legal framework including the federal data protection decree-law and free zone regulations (ADGM, DIFC).

Recommended standards

The most relevant international standards for the United Arab Emirates market.

Recommended93 controles

ISO 27001:2022

ISO/IEC

Information security management system. Certification highly sought by Emirati organizations and free zones.

View details

Recommended6 fonctions

NIST CSF 2.0

NIST

Structured cybersecurity framework. Widely adopted in the UAE private sector.

Recommended5 criteres

SOC 2 Type II

AICPA

Trust Services Criteria. Required by international clients in the UAE, especially in free zones.

View details

Recommended108 controles

NCA ECC

NCA Saudi

Saudi Essential Cybersecurity Controls. Relevant for Emirati companies with operations in Saudi Arabia.

Useful frameworks

Methodological frameworks

Complementary frameworks to structure your security approach.

Framework18 controles

CIS Controls v8

CIS

Prioritized critical security controls. Solid foundation for UAE SMEs and startups.

Framework1000+ controles

NIST 800-53

NIST

Exhaustive controls catalog. Reference for the UAE financial and oil sectors.

Local specifics

United Arab Emirates regulatory context

Competent authority

SIA (Signals Intelligence Agency, formerly NESA) for cybersecurity. TRA (Telecommunications and Digital Government Regulatory Authority) for telecommunications.

Penalties

The federal data protection decree-law provides administrative fines. Cybersecurity violations can lead to criminal sanctions under the cybercrime law.

Free zones

ADGM (Abu Dhabi) and DIFC (Dubai) have their own data protection regulations, aligned with international standards (close to GDPR).

National strategy

The UAE has launched the National Cybersecurity Strategy. SIA (Signals Intelligence Agency, formerly NESA) coordinates critical infrastructure protection.

MENA Pack

Zaxyr offers a pre-configured pack covering all applicable obligations in United Arab Emirates. Automatic cross-mapping between frameworks.

Ready to secure your compliance in United Arab Emirates?

AI gap analysis, automatic cross-mapping, continuous monitoring. Request a personalized demo.