Our thinking

AI Watch: Global regulatory tracker

What's inside

Keeping track of AI regulatory developments around the world.

The global dash to regulate AI

Artificial intelligence (AI) has made enormous strides in recent years and has increasingly moved into the public consciousness.

Increases in computational power, coupled with advances in machine learning, have fueled the rapid rise of AI. This has brought enormous opportunities, as new AI applications have given rise to new ways of doing business. It has also brought potential risks, from unintended impacts on individuals (e.g., AI errors harming an individual's credit score or public reputation) to the risk of misuse of AI by malicious third parties (e.g., by manipulating AI systems to produce inaccurate or misleading output, or by using AI to create deepfakes).

Governments and regulatory bodies around the world have had to act quickly to try to ensure that their regulatory frameworks do not become obsolete. In addition, international organizations such as the G7, the UN, the Council of Europe and the OECD have responded to this technological shift by issuing their own AI frameworks. But they are all scrambling to stay abreast of technological developments, and already there are signs that emerging efforts to regulate AI will struggle to keep pace. In an effort to introduce some degree of international consensus, the UK government organized the first global AI Safety Summit in November 2023, with the aim of encouraging the safe and responsible development of AI around the world. 

Most jurisdictions have sought to strike a balance between encouraging AI innovation and investment, while at the same time attempting to create rules to protect against possible harms. However, jurisdictions around the world have taken substantially different approaches to achieving these goals, which has in turn increased the risk that businesses face from a fragmented and inconsistent AI regulatory environment. Nevertheless, certain trends are becoming clearer at this stage:

  1. "AI" means different things in different jurisdictions: One of the foundational challenges that any international business faces when designing an AI regulatory compliance strategy is figuring out what constitutes "AI." Unfortunately, the definition of AI varies from one jurisdiction to the next. For example, the draft text of the EU AI Act adopts a definition of "AI systems" that is based on (but is not identical to) the OECD's definition, and which leaves room for substantial doubt due to its uncertain wording. Canada has proposed a similar, though more concise, definition. Various US states have proposed their own definitions, which differ from one another. And many jurisdictions (e.g., the UK, Israel, China, and Japan) do not currently provide a comprehensive definition of AI. Because several of the proposed AI regulations have extraterritorial effect (meaning more than one AI regulation may apply simultaneously), international businesses may be forced to adopt a "highest common denominator" approach to identifying AI based on the strictest applicable standard.
  2. Emerging AI regulations come in different forms: The various emerging AI regulations have no consistent legal form – some are statutes, some are executive orders, some are expansions of existing regulatory frameworks, and so on. The EU AI Act is a "Regulation" (which means that most of it will apply directly in all EU Member States, without the need for national implementation in most cases). The UK has taken a different approach, declining to legislate at this early stage in the development of AI, and instead choosing to task existing UK regulators with the responsibility of interpreting and applying five AI principles in their respective spheres. In the US, there is a mix of White House Executive Orders, federal and state initiatives, and actions by existing regulatory agencies, such as the Federal Trade Commission. As a result, the types of compliance obligations that international businesses face are likely to be materially different from one jurisdiction to the next. Many other jurisdictions have yet to decide whether they will issue sector-specific or generally applicable rules and have yet to decide between creating new regulators or expanding the roles of existing regulators, making it challenging for businesses to anticipate what form their AI regulatory relationships will take in the long term.
  3. Emerging AI regulations have different conceptual approaches: The next difficulty is the lack of a consistent conceptual approach among emerging AI regulations around the world – some are legally binding while others are not, some are sector-specific while others apply across all sectors, some will be enforced by regulators while others are merely guidelines or recommendations, and so on. As noted above, the UK approach is to use existing regulators to implement five AI principles, but with no new explicit legal obligations. This has the advantage of meaning that businesses will deal with AI regulators with whom they are already familiar but has the disadvantage that different UK regulators may interpret these principles differently in their respective spheres. The EU AI Act is cross-sectoral and creates new regulatory and enforcement powers for existing bodies, including the European Commission, and also creates entirely new bodies such as the AI Board and the AI Office, while leaving EU Member States to appoint their own AI regulators tasked with enforcing the AI Act. In the US, the Federal Trade Commission, Equal Employment Opportunity Commission, Consumer Financial Protection Bureau, and Department of Justice issued a joint statement clarifying that their existing authority covers AI, while various state regulators are also likely to have competence to regulate AI. International organizations including the OECD, the UN, and the G7 have issued AI principles, but these impose no legal obligations on businesses. In principle, these initiatives encourage consistency across members of each organization, but in practice this does not seem to have worked.
  4. Flexibility is a double-edged sword: In an effort to create AI regulations that can adapt to technological advances that have not yet been anticipated, many jurisdictions have sought to include substantial flexibility in those regulations, either by using deliberately high-level wording and policies, or by allowing for future interpretation and application by courts and regulators. This has the obvious advantage of prolonging the lifespan of such regulations by allowing them to be adapted to future technologies. However, it also creates the disadvantage of uncertainty because it leaves businesses uncertain of how their compliance obligations will be interpreted in the future. This is likely to mean that it is harder for businesses to know whether their planned implementations of AI will be lawful in the medium-to-long term and may make it harder to attract long-term AI investment in those jurisdictions.
  5. The overlap between AI regulation and other areas of law is complex: A substantial number of laws that are not directly focused on AI nevertheless apply to AI by association within their respective spheres, meaning that any use of AI will often trigger compliance issues and legal challenges even where there is not (yet) any enforceable AI-specific law. These areas of overlap include: IP (e.g., IP infringement issues with respect to AI model training data, and questions about copyright and patentability of AI-assisted inventions); antitrust; data protection (which adds restrictions to processing of personal data, and in some cases imposes special compliance obligations for processing carried out by automated means, including by AI); M&A (where AI innovation is driving dealmaking in many markets); financial regulation (where financial regulatory requirements may limit the ways in which AI can lawfully be deployed); litigation; digital infrastructure; securities; global trade; foreign direct investment; mining & metals; and so on. This overlap will mean that many businesses need to understand not just AI regulations in general, but also any rules that affect the use of AI in the context of the relevant sector or business activity.

Businesses in almost all sectors need to keep a close eye on these developments to ensure that they are aware of the AI regulations and forthcoming trends, in order to identify new opportunities and new potential business risks. But even at this early stage, the inconsistent approaches each jurisdiction has taken to the core questions of how to regulate AI is clear. As a result, it appears that international businesses may face substantially different AI regulatory compliance challenges in different parts of the world. To that end, this AI Tracker is designed to provide businesses with an understanding of the state of play of AI regulations in the core markets in which they operate. It provides analysis of the approach that each jurisdiction has taken to AI regulation and provides helpful commentary on the likely direction of travel.

Because global AI regulations remain in a constant state of flux, this AI Tracker will develop over time, adding updates and new jurisdictions when appropriate. Stay tuned, as we continue to provide insights to help businesses navigate these ever-evolving issues.

Articles

Australia

Voluntary AI Ethics Principles guide responsible AI development in Australia, with potential reforms under consideration.

Read 7 min. article
Australia

Brazil

The enactment of Brazil's proposed AI Regulation remains uncertain with compliance requirements pending review.

Read 8 min. article
Sao Paulo

Canada

AIDA expected to regulate AI at the federal level in Canada but provincial legislatures have yet to be introduced.

Read 14 min. article
Canada

China

The Interim AI Measures is China's first specific, administrative regulation on the management of generative AI services.

Read 11 min. article
China

Council of Europe

The Council of Europe is developing a new Convention on AI to safeguard human rights, democracy, and the rule of law in the digital space covering governance, accountability and risk assessment.

Read 7 min. article
European Union

European Union

The EU introduces the pioneering EU AI Act, aiming to become a global hub for human-centric, trustworthy AI.

 

Read 11 min. article
European Union

France

France actively participates in international efforts and the EU AI Act negotiations, and proposes sector-specific laws.

Read 10 min. article
Paris

G7

The G7's AI regulations mandate Member States' compliance with international human rights law and relevant international frameworks.

Read 11 min. article
G7 flags

Germany

Germany evaluates AI-specific legislation needs and actively engages in international initiatives.

Read 8 min. article
Germany

India

National frameworks inform India’s approach to AI regulation, with sector-specific initiatives in finance and health sectors.

Read 5 min. article
India

Israel

Israel promotes responsible AI innovation through policy and sector-specific guidelines to address core issues and ethical principles.

Read 9 min. article
Israel

Italy

Italy plays a prominent role in EU AI Act negotiations and engages in political discussions for future laws.

Read 6 min. article
Milan

Japan

Japan adopts a soft law approach to AI governance but lawmakers advance proposal for a hard law approach for certain harms.

Read 9 min. article
Tokyo

Kenya

Kenya's National AI Strategy and Code of Practice expected to set foundation of AI regulation once finalized.

Read 6 min. article
Kenya
Kenya

Nigeria

Nigeria's draft National AI Policy underway and will pave the way for a comprehensive national AI strategy.

Read 6 min. article
Nigeria
Nigeria

Norway

Position paper informs Norwegian approach to AI, with sector-specific legislative amendments to regulate developments in AI.

Read 8 min. article
Norway

OECD

The OECD's AI recommendations encourage Member States to uphold principles of trustworthy AI.

Read 9 min. article
country flags

Saudi Arabia

Saudi Arabia is yet to enact AI Regulations, relying on guidelines to establish practice standards and general principles.

Read 6 min. article
Riyadh_Hero_1600x600 Saudi Arabia

Singapore

Singapore's AI frameworks guide AI ethical and governance principles, with existing sector-specific regulations addressing AI risks.

Read 7 min. article
Singapore

South Africa

South Africa is yet to announce any AI regulation proposals but is in the process of obtaining inputs for a draft National AI plan.

Read 5 min. article
Johannesburg

South Korea

South Korea's AI Act to act as a consolidated body of law governing AI once approved by the National Assembly.

Read 6 min. article
Korea

Spain

Spain creates Europe's first AI supervisory agency and actively participates in EU AI Act negotiations.

Read 10 min. article
Madrid

Switzerland

Switzerland's National AI Strategy sets out guidelines for the use of AI, and aims to finalize an AI regulatory proposal in 2025.

Read 8 min. article
Switzerland

Taiwan

Draft laws and guidelines are under consideration in Taiwan, with sector-specific initiatives already in place.

Read 6 min. article
Taiwan city

Turkey

Turkey has published multiple guidelines on the use of AI in various sectors, with a bill for AI regulation now in the legislative process.

Read 11 min. article
Türkiye

United Arab Emirates

Mainland UAE has published an array of decrees and guidelines regarding regulation of AI, while the ADGM and DIFC free zones each rely on amendments to existing data protection laws to regulate AI.

Read 14 min. article
UAE

United Kingdom

The UK prioritizes a flexible framework over comprehensive regulation and emphasizes sector-specific laws.

Read 10 min. article
London hero image

United Nations

The UN's new draft resolution on AI encourages Member States to implement national regulatory and governance approaches for a global consensus on safe, secure and trustworthy AI systems.

Read 7 min. article
United Nations

United States

The US relies on existing federal laws and guidelines to regulate AI but aims to introduce AI legislation and a federal regulation authority.

Read 14 min. article
New York city photo

Contacts

Tim Hickman
Tim Hickman
Partner
London
Erin Hanson
Erin Hanson
Partner
New York
Dr. Sylvia Lorenz
Dr. Sylvia Lorenz
Partner
Berlin

Service areas

UAE

AI Watch: Global regulatory tracker - United Arab Emirates

Mainland UAE has published an array of decrees and guidelines regarding regulation of AI, while the ADGM and DIFC free zones each rely on amendments to existing data protection laws to regulate AI.

Insight
14 min read

Laws/Regulations directly regulating AI (the “AI Regulations”)

When considering applicable regulatory regimes and legal frameworks in the United Arab Emirates (UAE), it is important to keep in mind that the UAE comprises multiple jurisdictions which each have their own rules, regulations and, in some cases, regulators. For the purpose of this overview, the various jurisdictions within the UAE can be categorized as follows:

  • The Financial Free Zones – The Dubai International Financial Centre (DIFC) and the Abu Dhabi Global Market (ADGM)
  • Mainland UAE – The remainder of the UAE outside the Financial Free Zones

Mainland UAE is then technically divided into two further categories: first, there are approximately three dozen non-financial free zones; and second, there is onshore UAE "proper", being all the land which falls outside of the Financial Free Zones and the non-financial free zones

To complicate matters further, the UAE is also a federal state comprising seven emirates (Dubai, Abu Dhabi, Sharjah, Fujairah, Ras Al Khaimah, Ajman, and Umm Al-Quwain). Each Emirate has authority with respect to all matters that are not reserved by the Constitution to the Federation.

Mainland UAE

There is no single law or regulation that directly regulates artificial intelligence (AI) in Mainland UAE but rather a patchwork of decrees and guidelines issued over time that demonstrate the UAE's focus on being a global leader in the AI space. Some key developments and AI-related legislation in the UAE include:

  • In 2017, the UAE Minister of State for Artificial Intelligence Office (the "AI Office") appointed a Minister of State for AI, Digital Economy and Remote Work Applications (the "Minister of AI") highlighting the UAE's recognition of the need for oversight and strategic direction in relation to AI at a federal level.1 In 2018, the AI Office unveiled the UAE National Strategy for Artificial Intelligence 20312 and later, in 2021, the AI Office declared its ambition for the UAE to become "the world leader in AI by 2031"3
  • Federal Decree Law No. 25 on the Project of Future Nature ("Law 25 of 2018")4 was issued in 2018. It provides the Cabinet with the authority to grant interim licenses and to establish a licensing regime for the implementation of any innovative projects being rolled out in the UAE with respect to modern technologies or the use of AI, where no existing legislation is already in place to regulate it
  • In 2024, Law No. (3) of 2024 Establishing the Artificial Intelligence and Advanced Technology Council (AIATC) was issued. Under Law No. (3) of 2024, the AIATC is to be established for the purposes of regulating projects, investments and research related to artificial intelligence and advanced technology in the emirate of Abu Dhabi

In addition to the key developments and AI-related legislation set out above, various government bodies and regulators have also issued guidelines to support the development of best practices in the AI space. For example, the AI Office has published a series of non-binding national guidelines relating to AI, including:

  • The Deepfake Guide (2021)5 – sets out information on deepfakes, and provides advice on measures to protect against deepfakes and guidance on how to report deepfakes to the appropriate authorities
  • The AI Ethics Guide (2022)6 – sets out non-mandatory guidelines with respect to the ethical design and deployment of AI systems in both the public and private sectors
  • The AI Adoption Guideline in Government Services (2023)7 – aims to create awareness, accelerate AI impact and to provide a continuously updated repository of clear use cases with respect to the deployment of AI in government services
  • The Responsible Metaverse Self-Governance Framework (2023)8 – a whitepaper which seeks to establish common minimum self-regulatory principles with respect to responsible use in the metaverse

In November 2021, the financial services regulators in the Financial Free Zones and in Mainland UAE, the UAE Central Bank (CBUAE), the Securities and Commodities Authority (SCA), the Dubai Financial Services Authority (DFSA), and the Financial Services Regulatory Authority (FSRA), jointly issued the Guidelines for Financial Institutions adopting Enabling Technologies (the "Enabling Technologies Guidelines").9

The Enabling Technologies Guidelines include suggested governance frameworks for areas, including:

  • Application Programming for All Enabling Technologies
  • Cloud Computing
  • Biometrics
  • Distributed Ledger Technology
  • Big Data Analytics and Artificial Intelligence10

Certain emirates, including Abu Dhabi and Dubai, have also recently announced the establishment of government bodies responsible for developing AI use in their respective emirates and integrated plans for advancing AI adoption. In Dubai, His Highness Sheikh Hamdan bin Mohammad bin Rashid Al Maktoum (as Chairman of the Board of Trustees of the Dubai Future Foundation) has also announced the "AI Retreat" at Dubai's Museum of the Future. The AI Retreat is an event under the Dubai Universal Blueprint for AI (DUB.AI) and is expected to host AI experts from the government, the private sector as well as global industry leaders with respect to the adoption of AI in the UAE.11

The Financial Free Zones

The ADGM and the DIFC have not any issued laws or regulations explicitly regulating AI. However, amendments have been made to existing data protection legislation that applies in the DIFC for the purpose of capturing AI-related developments, including a recent amendment to Article 10 of the DIFC Data Protection Regulations (the "DP Regulations").12

Article 10 of the DP Regulations governs "Personal Data Processed Through Autonomous and Semi-Autonomous Systems" whereby Autonomous and Semi-Autonomous Systems are defined as:

"Any machine-based system that can:

  • Process personal data for human-defined purposes or purposes that the system itself defines, or both
  • Generate output as a result of or on the basis of such processing"

Article 10 of the DP Regulations also imposes obligations on deployers and operators of systems of autonomous and semi-autonomous systems.

In 2023, the ADGM and Mohamed bin Zayed University of Artificial Intelligence (MBZUAI) signed a Memorandum of Understanding, focused on advancing the role of AI to better achieve regulatory outcomes within the financial services sector.13

Status of the AI Regulations

Mainland UAE

As set out above, the UAE has been actively issuing numerous AI-related regulations and guidelines, demonstrating its commitment to establishing a robust framework for AI. Given the UAE's proactive stance and ambition to lead in the AI sector, the introduction of further regulations and guidelines is expected, reinforcing the UAE's determination to be a global leader in AI governance and innovation.

The Financial Free Zones

As noted above in the section titled “Laws/Regulations directly regulating AI”, save for the recent amendment to Article 10 of the DP Regulations, neither the DIFC nor the ADGM have issued any AI-focused regulations.

Other laws affecting AI

Mainland UAE

The following federal UAE laws have not been issued for the specific purpose of regulating AI, but should nonetheless be considered when deploying AI systems in the UAE:

  • Federal Decree-Law No. 38 of 2021 on Copyright and Neighboring Rights (the "UAE Copyright Law") – the broad definition of "work" may include AI-generated content, provided it meets the innovation criterion14
  • Federal Law No. 11 of 2021 on the Regulation and Protection of Industrial Property Rights (the "UAE Patent Law") – a patent can be granted to each new innovation; however, software has been explicitly excluded from patent protection and although "software" is not specifically defined, generally we expect that all AI platforms or applications would constitute "software" and therefore might not receive protection under the UAE Patent Law15
  • The UAE is a signatory to the agreement on Trade-Related Aspects of Intellectual Property Rights (the "TRIPS Agreement") – the general provisions for the protection of trade secrets are set out across other legislation, including the following:
    • Article 432 of the Penal Code provides for imprisonment and financial penalty on anyone who discloses a trade secret, other than as permitted by law
    • Article 905 of the Civil Transactions Law places an obligation on employees to keep industrial or trade secrets of their employer, including after termination of their employment agreement
    • Articles 16, 55 and 59 of the UAE Labor Law impose similar obligations to those mentioned above
  • The UAE's legal framework, despite lacking a specific law for trade secret protection, could potentially safeguard AI-related trade secrets through a combination of provisions in various legislation, underpinned by its commitment to the TRIPS Agreement

The Financial Free Zones

Some existing DIFC and ADGM laws will apply to AI developments, most notably the DP Regulations (noted above in the section titled "Laws/Regulations directly regulating AI") have been amended to include developments with respect to AI.

Additional laws that should be kept in mind include:

  • DIFC Law No. 4 of 2019 (as amended) (the "DIFC IP Law"), just like the UAE Copyright Law, does not specifically mention AI and therefore AI software or algorithms would face similar challenges as faced under the UAE Copyright Law
  • The DIFC Intellectual Property Law provides comparable protection for patents as provided under the UAE Patent Law and therefore an AI software would not be patentable under the DIFC IP Law
  • Article 432 of the Penal Code provides for sanction over the unauthorized disclosure of trade secrets (UAE law applies in both the DIFC and ADGM)

Definition of “AI”

Mainland UAE

Notwithstanding various AI-related laws and guidelines having been published, we are yet to see a single definition of AI used in Mainland UAE. However, the AI Office has, in the 2023 AI Adoption Guideline in Government Services, defined AI as "systems or machines that mimic human intelligence to perform tasks and can iteratively improve themselves based on the data they collect".16

The Financial Free Zones

The ADGM has not yet set out a definition of AI.

The DIFC's legislative framework does not explicitly provide a definition for AI, the recent amendment to Article 10 of the DP Regulations defines "Autonomous and Semi-Autonomous systems" as "any machine-based system operating in an autonomous or semi-autonomous manner" which can "process personal data for human-defined purposes or purposes that the system itself defines, or both; and generate output as a result of or on the basis of such Processing".

Territorial scope

Mainland UAE

Generally speaking, other than criminal laws, regulations issued in Mainland UAE typically apply exclusively to goods and services provided or deployed in or from Mainland UAE, and not within Financial Free Zones. The Financial Free Zones operate under their own legal frameworks and regulatory bodies, tailored to their specific economic and business environments. However, as AI technology continues to evolve and its applications expand, there may be increasing efforts to harmonize regulations across Mainland UAE and the Financial Free Zones, to ensure a cohesive and comprehensive approach to governance, promoting consistency and fostering innovation across all jurisdictions within the UAE.

The Financial Free Zones

As noted above, there are currently no specific laws or regulation that directly regulate AI in the Financial Free Zones. However, the DP Regulations apply to all entities that process Personal Data from the DIFC and of persons in the DIFC.

Sectoral scope

Mainland UAE

The AI Office has taken a particular interest in the application of AI in government-related services such as healthcare, public safety and transportation as well as current UAE government priority sectors, including resources and energy, logistics and transport, tourism and hospitality, healthcare, and cybersecurity.17 As a result, many UAE government entities have begun implementing industry/sector-specific regulations. These include, among others, the Abu Dhabi Department of Health's Policy on the Use of Artificial Intelligence in the Healthcare Sector, and the Central Bank of the UAE's Guidelines for Financial Institutions adopting Enabling Technologies.

The Financial Free Zones

There are currently no specific laws or regulations that directly regulate AI in the ADGM. The DP Regulations apply across all sectors in the DIFC.

Compliance roles

Mainland UAE

At present, there are no specific legally binding obligations imposed on developers, users, operators and/or deployers of AI systems. However, as mentioned above, the UAE government has created various non-binding guidelines, including the Enabling Technologies Guidelines, that provide guidance on the implementation of "approved and documented governance frameworks for effective decision-making and proper management and control of risks arising from the use of AI".18

The Financial Free Zones

Although the DIFC and ADGM have issued the Enabling Technologies Guidelines with the regulators in Onshore UAE, the DIFC has also introduced more stringent requirements in Section 10.2.2 of the DP Regulations for "deployers and operators" of "autonomous and semi-autonomous systems" (including AI), including an obligation for "deployers and operators" to provide clear notice of the use of AI and a description of the AI system's purposes and principles to users.

Core issues that the AI Regulations seek to address

Mainland UAE

At present, the guidelines that have been issued in the UAE predominantly aim to establish best practices with respect to the use of AI technology and the laws provide powers to UAE government and other ministry bodies to establish regulatory frameworks governing the use and deployment of AI in the UAE. We expect that in the coming years, certain best practices and principles will develop which will shape a more robust regulatory framework to govern the use and deployment of AI in the UAE.

In addition, although we have started to see AI-related laws and regulations being issued in Mainland UAE, there is a risk that longstanding existing laws (such as those set out in the section title "Other laws affecting AI" above), which now apply to the use of AI, may not be fit for purpose. These existing laws were not originally intended to govern AI-related products and services, and their objectives may not align with the specific requirements and challenges posed by AI technology. This misalignment highlights the need for more targeted and updated regulations to effectively oversee the deployment and impact of AI systems.

The Financial Free Zones

As noted above, there are currently no specific laws or regulations directly regulating AI in the ADGM.
The DIFC's approach thus far has been centered around the risk that AI poses to data protection, particularly given the recent proliferation of machine-learning tools and generative AI that may actively collate and train themselves on user data.

Risk categorization

Mainland UAE

There is no risk classification matrix in force; the focus of the UAE's deployment of AI has been to support specific high priority sectors – as noted in the section title "Sectoral Scope" above – rather than to categorize risks posed by AI itself.

The Financial Free Zones

Through the Data Protection Law No. 5 of 2020, the use of AI in data processing could constitute "High Risk Processing Activities" if it "creates a materially increased risk to the security or rights of a Data Subject or renders it more difficult for a Data Subject to exercise his rights". However, this risk categorization does not apply to AI alone and also applies to other data processing.

Key compliance requirements

Mainland UAE

While various guidelines have been issued in the UAE, including the Enabling Technologies, generally speaking, we have not seen the issuance of binding standards or regulations. Such guidelines appear to set out best practices and principles that "institutions are expected to consider the application of" AI to their businesses.

The Financial Free Zones

The DP Regulations require operators to give explicit notice to users accessing systems that incorporate AI technology about the role of AI in both data collection and processing. The DP Regulations also outline "General Requirements for Autonomous Systems", including a binding set of principles in respect of which AI "deployers and operators" must ensure systems are designed to comply.

Regulators

Mainland UAE

As mentioned above, the UAE has created the AI Office, and appointed a Minister of AI and the AIATC, for the purpose of regulating projects, investments and research related to artificial intelligence and advanced technology in the emirate of Abu Dhabi.

The UAE government has also established the UAE Council for Artificial Intelligence and Blockchain to oversee the integration of AI throughout the UAE government and "review national approaches to issues such as data management, ethics and cybersecurity".19

The Financial Free Zones

The Innovation Team at the DFSA and Financial Technology and Innovation Unit of the FSRA jointly published the Enabling Technologies Guidelines that specifically address AI with the CBUAE and SCA. Therefore, it is likely that these bodies will play a role in the future regulation of AI. From a data protection perspective, the DIFC Commissioner of Data Protection is responsible for overseeing enforcement of the DP Regulations.

Enforcement powers and penalties

Mainland UAE

We are yet to see enforcement action being taken against operators in the UAE AI space. This is because the regulatory framework and best practices are still under development. As AI deployment is still in its early stages, it appears that the focus is on establishing comprehensive guidelines and regulations that can effectively govern the technology rather than taking enforcement action and issuing penalties.

The Financial Free Zones

The absence of any laws, rules or regulations relating to AI specifically in the Financial Free Zones means that no AI-specific enforcement powers exist. Existing DIFC and ADGM enforcement powers and penalties continue to apply, however.

1 Please see here
2 Please see here
3 Please see here
4 Please see here
5 Please see here
6 Please see here
7 Please see here
8 Please see here
9 Please see here
10 Please see here, p. 11
11 Please see here
12 Please see here
13 Please see here
14 Please see here, Article 1
15 Please see here, Article 5 and 7(d)
16 Please see here, p. 8
17 Please see here and here
18 Please see here, para 2.6
19 Please see here, p. 22

Gabrielle Margerison (Associate, White & Case, Dubai) and Jeffrey Shin (Trainee Solicitor, White & Case, London) contributed to this publication.

White & Case means the international legal practice comprising White & Case LLP, a New York State registered limited liability partnership, White & Case LLP, a limited liability partnership incorporated under English law and all other affiliated partnerships, companies and entities.

This article is prepared for the general information of interested persons. It is not, and does not attempt to be, comprehensive in nature. Due to the general nature of its content, it should not be regarded as legal advice.

© 2024 White & Case LLP

Contacts

Stefan Mrozinski
Stefan Mrozinski
Partner|Dubai
Services
Mergers & Acquisitions, Private Equity, Technology, Fintech, Financial Services Regulatory

Service areas

Top