Recognizing new realities in decentralization, the regulations aim to provide market players with governance flexibility within distributed ledger technology foundations.

By Stuart Davis, Brian Meenagh, Andrew Moyle, and Ksenia Koroleva

On October 2, 2023, the Board of Directors of Abu Dhabi Global Market (ADGM), a financial free zone in the United Arab Emirates (UAE), enacted the Distributed Ledger Technology Foundations Regulations 2023 (Regulations). The Regulations were published on November 1, 2023.

Latham & Watkins has advised ADGM in drafting the Regulations. The Regulations were developed following extensive benchmarking across a number of peer jurisdictions and incorporate stakeholder feedback from ADGM’s April 2023 consultation paper. The adoption of the Regulations is part of the strategy to promote ADGM as a global center for digital assets.

The Regulations recognize the suitability of common law foundation structures for projects related to digital assets, and aim to allow maximum flexibility for the sector with respect to governance.

The guidance is part of the rapidly evolving rules on anti-money laundering and aims to promote UAE as a jurisdiction compliant with best practices.

By Brian Meenagh, Ksenia Koroleva, and Matthew Rodwell

On August 1, 2022, the UAE Central Bank (CBUAE) issued the Guidance for Licensed Financial Institutions on the Risks Relating to Payments.[1]

The guidance was issued to implement the requirements of Federal Decree Law No. 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations. It sets out the CBUAE’s expectations as to the appropriate compliance measures to be adopted within payments ecosystems. The guidance is not intended to amend or replace existing CBUAE requirements and should be read in conjunction with the CBUAE’s existing rules[2] and guidance materials[3].

Organisations subject to the law should carry out a gap analysis of their current compliance position against the new requirements.

By Brian A. Meenagh, Alexander Hendry, and Lucy Tucker

The United Arab Emirates (UAE) has issued its first federal data protection law (Federal Decree Law No. 45/2021 on the Protection of Personal Data) (the Data Protection Law), alongside a law establishing the new UAE Data Office (Federal Decree Law No. 44/2021 on Establishing the UAE Data Office).

The issuance of the Data Protection Law follows a trend of new data protection laws in the Middle East, including a data protection law in Saudi Arabia that will come into force on 23 March 2022.

The new legislation extends both the protections available to consumers, as well as the obligations applicable to e-commerce retailers.

By Brian A. Meenagh and Avinash Balendran

With its recent implementation of a new consumer protection law, the United Arab Emirates has taken a significant step forward in protecting the rights of consumers. The new legislation — Federal Law No. (15) of 2020 (the New CPL) — entered into force on 16 November 2020, repealing Federal Law No. (24) of 2006. In particular, the New CPL extends both the protections available to consumers, as well as the obligations applicable to e-commerce retailers.

One stand-out provision in the New CPL is Article 4(5), which places an obligation on Entities (as defined below) to protect “consumers’ privacy and data security”. Article 4(5) also implies that Entities should not use consumer data for “the purposes of promotion or marketing”.

The updates are part of SAMA’s efforts to promote an innovation-based financial technology ecosystem in the KSA.

By Salman Al-Sudairi, Brian A. Meenagh, and Homam Khoshaim

Last month, the Saudi Arabian Monetary Authority (SAMA) issued an update to the recently implemented Payment Services Provider Regulations (PSPR), which was introduced in January 2020 to regulate Payment Services Providers (PSPs) operating in the Kingdom of Saudi Arabia (KSA). The PSPR provides a clear path for PSPs to obtain SAMA-issued licenses to provide payment services in the KSA. Notably, the PSPR applies concepts implemented by the European Union’s Payment Services Directive (PSD2). This should remove some of the friction involved in international PSPs launching operations in the KSA by allowing them to apply the same business models and operating processes already applied in the jurisdictions in which they operate.

The use of “unmanned aerial systems” or “drones” for commercial, government and consumer purposes has significantly increased in recent years across the globe. In the UAE, the office of H.H.Drones_002_sngleColClr Sheikh Mohammed Bin Rashid Al Maktoum, Prime Minister and Ruler of Dubai, introduced the Drones for Good Award at the Government Summit held in Dubai in February 2014 to promote the development of drone technology in the consumer market in the UAE.

This post explores the applicable federal and emirate-specific regulations, as well as the various concerns surrounding the use of drones (for commercial, government and consumer purposes).

Regulation at the Federal Level

At the federal level, the main pieces of legislation applicable to the use of drones in the UAE are Federal Resolution No. 2 of 2015 regarding Light Air Sports Practice Regulations (Federal Law) and the Civil Aviation Regulation (CAR) Part VIII Subpart 10 on the Operation of Unmanned Aerial Systems within the UAE (UAS Regulations), and at the emirate level, the Dubai Law No. 7 of 2015 on Airspace Security and Safety in the Emirate of Dubai (Dubai Law).

Bitcoin_002_sngleColClr

This is the first in a series of articles considering legal issues relating to bitcoin, cryptocurrencies and blockchain in the UAE. In this article we focus on the legal status of bitcoin and address the question of whether bitcoin is banned in the UAE. In part two we will consider the case for regulating bitcoin and cryptocurrencies and in part three we will consider legal issues relating to the adoption of blockchain technology by public and private entities in the

Riyadh Building_dreamstime_12712018Saudi Arabia’s recently announced plans to privatise several key industries in the Kingdom has once again brought the Kingdom’s privatisation agenda back into the spotlight. The announcements form part of the countries transformational initiatives as part of The 2016-2020 National Transformation Plan (NTP) to improve public sector efficiency and boost non-oil revenues in the region, and will reportedly include airports, municipalities, hospitals and education.

Privatisation covers many types of transactions but typically includes the divestiture, whether by sale or lease,

By Brian Meenagh

On October 26, 2015, Raja Al Mazrouei, the Commissioner for Data Protection for the Dubai International Financial Centre (the DIFC), issued guidance on the adequacy of US Safe Harbor for the purpose of exporting personal data from the DIFC. The guidance is significant for organisations that transfer personal data from the DIFC to the US and such organisations should urgently review the basis upon which they transfer personal data from the DIFC to the US to ensure that they continue to comply with the DIFC Data Protection Law (No 1 of 2007).

The guidance follows the decision of the European Court of Justice (the ECJ) in Case C-362/14 – Maximillian Schrems v Data Protection Commissioner that Decision 2000/520 of the European Commission, which stated that Safe Harbor-certified US companies provide adequate protection for personal data transferred to them from the EU (the Safe Harbor Adequacy Decision), is invalid.

The key message from the guidance is that:

“the invalidation of the Adequacy Decision by the ECJ provides cause for the Commissioner to reconsider the adequacy status previously afforded under the Law to US Safe Harbor Recipients. However, the Commissioner also understands that there are ongoing negotiations between Europe and US authorities towards an improved Safe Harbor framework and that these negotiations are well advanced.