Al-Mirsal

DIFC Proposes to Amend Data Protection Rules to Regulate Use of AI

Posted in United Arab Emirates

The Dubai International Financial Centre urges companies to protect personal data when using artificial intelligence.

By Brian A. MeenaghKsenia Koroleva, and Lucy Tucker 

On 18 April 2023, the Dubai International Financial Centre (DIFC), a financial free zone with its own data protection laws, published a consultation paper (the Consultation Paper) regarding amendments to DIFC Data Protection Regulations (the Regulations) for a 30-day public consultation.

The Consultation Paper acknowledges that AI systems are important and useful but carry risks to personal data processing. The DIFC’s proposed approach urges all companies using AI systems to adopt and reinforce technical and organisational means to protect personal data when using AI.

Continue Reading

Ready for Takeoff: A Look at the Space Sector in the Middle East

Posted in Kuwait, Project Development and Finance, Qatar, Saudi Arabia, Technology, United Arab Emirates

The Middle East’s rapidly advancing space sector has seen a slew of landmark achievements in the last few years.

By Alexander Hendry

In 2014, the UAE established the UAE Space Agency to oversee and grow its space sector, and it has since successfully completed numerous projects. In July 2020, it became the fifth country in the world to launch a probe to Mars, and in December 2022, the UAE-built Rashid Rover was launched on a path to the moon. Emirati astronaut Hazza Al Mansouri was the first person from the UAE in space, and Emirati astronaut Sultan Al Neyadi will soon embark on a six-month mission to the International Space Station. The Mohammed bin Rashid Space Centre has launched four satellites, and UAE-based satellite company Yahsat currently manages a fleet of five satellites and provides services in more than 150 countries. In 2022, the UAE established an US$817 million fund to support its space sector, including the development of a constellation of advanced radar imaging satellites.

Continue Reading

Dubai Virtual Assets Regulation Authority Enacts New Regime to Regulate Virtual Assets

Posted in Fintech

The new regime specifies licensing and reporting requirements for a range of activities related to virtual assets in the Emirate of Dubai.

By Brian A. Meenagh, Matthew Rodwell, and Ksenia Koroleva

On February 7, 2023, the Dubai Virtual Assets Regulation Authority (VARA) adopted the Virtual Assets and Related Activities Regulations 2023 (the Regulations) together with four compulsory and seven activity-specific rulebooks.

VARA adopted these Regulations further to Dubai Law No. 4 of March 11, 2022 on the Regulation of Virtual Assets in the Emirate of Dubai (the Law) (for more information, see Latham’s blog post).

The Law granted VARA powers to regulate activities relating to virtual assets in the Emirate of Dubai (excluding the Dubai International Financial Center (DIFC); DIFC has its own regime regulating virtual assets — see Latham’s blog post).

The Law laid down key definitions (such as the definitions of virtual assets (VAs) and distributed ledger technology (DLT)), and provided a broad list of activities requiring a license. The Law entitled VARA to adopt regulations for all relevant activities and VAs.

Continue Reading

Dubai Financial Services Authority Issues New Regime to Regulate Crypto Tokens

Posted in Fintech

The regime introduces rules on various crypto tokens, including cryptocurrencies and stablecoins, in the Dubai International Financial Centre.

By Brian A. Meenagh, Matthew Rodwell, and Ksenia Koroleva

On November 1, 2022, the Dubai Financial Services Authority (DFSA) crypto token regulatory regime came into effect.

The rules expand upon the DFSA framework for regulating investment tokens established in 2021 (the 2021 Rules). The Dubai International Financial Centre (DIFC) regime defines a token as a cryptographically secured digital representation of value, rights, or obligations which may be issued, transferred, and stored electronically, using distributed ledger technology (DLT) or other similar technology. The 2021 Rules only regulated investment tokens, which comprised security tokens and derivative tokens (in essence, tokenized equivalents of conventional securities and derivatives, respectively) (the Investment Tokens). Pursuant to the 2021 Rules, persons carrying out certain activities with Investment Tokens (e.g., issuing, offering, holding, promoting, dealing, advising, brokering) need to obtain approval from the DFSA and comply with certain obligations.

Continue Reading

UAE Central Bank Issues Guidance on Anti-Money Laundering Risks in the Payment Sector

Posted in Banking and Finance, Regulatory, United Arab Emirates

The guidance is part of the rapidly evolving rules on anti-money laundering and aims to promote UAE as a jurisdiction compliant with best practices.

By Brian Meenagh, Ksenia Koroleva, and Matthew Rodwell

On August 1, 2022, the UAE Central Bank (CBUAE) issued the Guidance for Licensed Financial Institutions on the Risks Relating to Payments.[1]

The guidance was issued to implement the requirements of Federal Decree Law No. 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations. It sets out the CBUAE’s expectations as to the appropriate compliance measures to be adopted within payments ecosystems. The guidance is not intended to amend or replace existing CBUAE requirements and should be read in conjunction with the CBUAE’s existing rules[2] and guidance materials[3]. Continue Reading

UAE Publishes First Federal Data Protection Law

Posted in Regulatory, United Arab Emirates

Organisations subject to the law should carry out a gap analysis of their current compliance position against the new requirements.

By Brian A. Meenagh, Alexander Hendry, and Lucy Tucker

The United Arab Emirates (UAE) has issued its first federal data protection law (Federal Decree Law No. 45/2021 on the Protection of Personal Data) (the Data Protection Law), alongside a law establishing the new UAE Data Office (Federal Decree Law No. 44/2021 on Establishing the UAE Data Office).

The issuance of the Data Protection Law follows a trend of new data protection laws in the Middle East, including a data protection law in Saudi Arabia that will come into force on 23 March 2022. Continue Reading

UAE Decision on Health Data Law Provides Clarity

Posted in Healthcare, United Arab Emirates

The decision will likely provide comfort to businesses operating in the healthcare sector both in the UAE and globally.

By Brian A. Meenagh and Avinash Balendran

On 28 April 2021 the United Arab Emirates (UAE) federal government issued Ministerial Decision No. 51 of 2021 (the Decision) to clarify when health information may be stored or transferred outside of the UAE. The Decision should pave the way for many domestic and overseas healthcare service providers to continue processing, storing, and transferring health information outside of the UAE.

The Decision reiterates the default position established in 2019 that health information must be kept within the UAE unless such activity has been approved by a decision of the health authority or the UAE Minister of Health and Prevention. Crucially, however, the Decision provides a series of exemptions to that default position.

To see a table of the exemptions, read Latham’s Client Alert.

UAE’s New Consumer Protection Law: An End to Direct Marketing?

Posted in Regulatory

The new legislation extends both the protections available to consumers, as well as the obligations applicable to e-commerce retailers.

By Brian A. Meenagh and Avinash Balendran

With its recent implementation of a new consumer protection law, the United Arab Emirates has taken a significant step forward in protecting the rights of consumers. The new legislation — Federal Law No. (15) of 2020 (the New CPL) — entered into force on 16 November 2020, repealing Federal Law No. (24) of 2006. In particular, the New CPL extends both the protections available to consumers, as well as the obligations applicable to e-commerce retailers.

One stand-out provision in the New CPL is Article 4(5), which places an obligation on Entities (as defined below) to protect “consumers’ privacy and data security”. Article 4(5) also implies that Entities should not use consumer data for “the purposes of promotion or marketing”. Continue Reading

SAMA Updates Payment Services Provider Licensing Regime in the KSA

Posted in Regulatory, Saudi Arabia

The updates are part of SAMA’s efforts to promote an innovation-based financial technology ecosystem in the KSA.

By Salman Al-Sudairi, Brian A. Meenagh, and Homam Khoshaim

Last month, the Saudi Arabian Monetary Authority (SAMA) issued an update to the recently implemented Payment Services Provider Regulations (PSPR), which was introduced in January 2020 to regulate Payment Services Providers (PSPs) operating in the Kingdom of Saudi Arabia (KSA). The PSPR provides a clear path for PSPs to obtain SAMA-issued licenses to provide payment services in the KSA. Notably, the PSPR applies concepts implemented by the European Union’s Payment Services Directive (PSD2). This should remove some of the friction involved in international PSPs launching operations in the KSA by allowing them to apply the same business models and operating processes already applied in the jurisdictions in which they operate. Continue Reading

The DIFC Prescribed Company: A Guide to Uses and Requirements

Posted in M&A/ Private Equity

By Christopher Lester and Connie Leung

The Prescribed Company Regulations offer a more flexible incorporation and permitted purposes regime than its predecessor, the Special Purpose Company Regulations.

Prescribed Companies are a type of corporate vehicle available in the Dubai International Financial Centre (DIFC), the financial free zone of the Emirate of Dubai, United Arab Emirates (UAE). Prescribed Companies are categorised as Private Companies under the DIFC Companies Law No. 5 of 2018 (the Companies Law), but are exempted from certain requirements otherwise applied to Private Companies under the Companies Law and the accompanying DIFC Companies Regulations 2018 (the Companies Regulations), such as the requirement to audit or file its accounts with the DIFC Registrar of Companies. Prescribed Companies are subject to lower DIFC incorporation and licensing fees, and are permitted to use, as their registered office, the DIFC registered office of their associated Qualifying Applicant or Registered Person, or to obtain a DIFC registered office through a corporate services provider.

These benefits make Prescribed Companies amenable for use as holding or interim holding entities within wider transaction, financing or asset holding structures, subject to requirements around the ownership and control of the Prescribed Company, and the permitted purposes of the Prescribed Company.

Read the full Client Alert.

 

LexBlog