The regime introduces rules on various crypto tokens, including cryptocurrencies and stablecoins, in the Dubai International Financial Centre.

By Brian A. Meenagh, Matthew Rodwell, and Ksenia Koroleva

On November 1, 2022, the Dubai Financial Services Authority (DFSA) crypto token regulatory regime came into effect.

The rules expand upon the DFSA framework for regulating investment tokens established in 2021 (the 2021 Rules). The Dubai International Financial Centre (DIFC) regime defines a token as a cryptographically secured digital representation of value, rights, or obligations which may be issued, transferred, and stored electronically, using distributed ledger technology (DLT) or other similar technology. The 2021 Rules only regulated investment tokens, which comprised security tokens and derivative tokens (in essence, tokenized equivalents of conventional securities and derivatives, respectively) (the Investment Tokens). Pursuant to the 2021 Rules, persons carrying out certain activities with Investment Tokens (e.g., issuing, offering, holding, promoting, dealing, advising, brokering) need to obtain approval from the DFSA and comply with certain obligations.

On March 8, 2022, the DFSA published its Consultation Paper 143 (the Consultation Paper), setting forth regulatory proposals for other types of tokens, in particular cryptocurrencies, payment tokens, and hybrid utility tokens (e.g., which provide additional rights to token-holders, such as discounts).

The Consultation Paper invited the market to provide comments on the anticipated regime by May 6, 2022 and, on October 18, 2022, issued a feedback statement regarding the comments received (the Statement). The Statement did not anticipate major amendments to the proposals outlined in the Consultation Paper.

Key Definitions in the DFSA Regime

A Crypto Token is a token if it: (a) is used, or is intended to be used, as a medium of exchange or for payment of investment purposes; or (b) confers a right or interest in another token that meets the requirements in clause (a) above.

The regime defines a Fiat Crypto Token (e.g., stablecoin) as a type of a Crypto Token in which price and volatility are determined, in whole or in part, by reference to a fiat currency or a combination of fiat currencies.

A token is not a Crypto Token (and falls outside of the scope of the new regime) if it is (i) an Investment Token (or any other type of investment) or (ii) an Excluded Token. The former type of token is regulated by the 2021 Rules.

Excluded Tokens

  • Non-Fungible Tokens (NFTs) are tokens which are unique and not fungible. They relate to identified assets and prove ownership or provenance of such assets. In the DFSA’s view, no financial services are provided via NFTs and therefore these tokens should be outside of the scope of the new rules.
  • Utility Tokens are tokens which can be used by the holder only to pay for, receive a discount on, or access a product or service provided by the issuer or an entity from its group. The DFSA suggested that it will continue monitoring developments around these tokens to determine whether they should be regulated.
  • CBDC refers to digital currency issued by any government, government agency, central bank, or other monetary authority. The DFSA considered those tokens to be similar to fiat currencies.

Excluded Tokens generally fall outside the scope of the new regime. However, the DFSA noted that some issuers and service providers of NFTs or Utility Tokens must be registered as Designated Non-Financial Businesses and Professions (DNFBP) in order to comply with the anti-money laundering rules, and submit suspicious transaction reports to the UAE authorities.

Prohibited Tokens

  • Algorithmic Tokens are Crypto Tokens using an algorithm of increase or decrease in the supply of Crypto Tokens to stabilize the price or reduce its volatility.
  • Privacy Tokens are Crypto Tokens which are intended to allow the holder to hide, anonymize, obscure, or prevent the tracing of:
    • cryptographic keys;
    • underlying transactions;
    • transaction value;
    • parties’ identity;
    • holders; or
    • beneficial owners.

Prohibited Tokens cannot be used in the DIFC. The DFSA banned them due to a lack of transparency in respect of the algorithms employed by and transactions conducted with the use of such tokens.

Regulated Activities Within the Regime

Persons need authorization from the DFSA to engage in dealing (as principal or agent), arrangement, management, advising, trading, clearing, providing custody services, and conducting certain other activities in respect of Crypto Tokens (the Authorized Persons). Some activities are expressly prohibited:

  • An Authorized Person is not allowed to carry on any activity related to a Utility Token or an NFT (to separate activities with respect to regulated and non-regulated tokens).
  • Use of Crypto Tokens by money service providers is generally not allowed, except when these tokens are Fiat Crypto Tokens used only for the purpose of money transmission or executing a payment transaction, and provided that these tokens are in the name of the money service provider (not its client).
  • Crowdfunding operators are not allowed to operate platforms facilitating investments in Crypto Tokens. It is also prohibited to organize trading facilities related to Crypto Tokens.

Authorized Persons need to comply with a number of requirements, depending on the exact scope of their activities. These requirements may include obligations in respect of reporting, disclosures, ensuring information security, or setting forth certain mandatory conditions in client agreements.

Recognition of Crypto Tokens

Regulated activities cannot take place in the DIFC with Crypto Tokens, unless the DFSA recognizes the tokens (Recognized Crypto Tokens).

Token recognition by the DFSA is based on a number of criteria (which the DFSA assesses cumulatively), including regulatory status in other jurisdictions, adequacy of transparency and technology used, mitigation of risks and size, as well as liquidity and volatility of the market.

The DFSA determined the initial list of Recognized Crypto Tokens, namely recognized Bitcoin (BTC), Ethereum (ETH), and Litecoin (LTC). An Authorized Person, an applicant for the relevant DFSA approval, or an issuer or developer of the Crypto Token may file an application with the DFSA for recognition of specific Crypto Tokens.

The DFSA may revoke the Recognized Crypto Token status if the relevant Crypto Token becomes unsuitable for use in the DIFC. Authorized Persons need to notify the DFSA of significant events or developments which reasonably suggest that the Crypto Token no longer meets the criteria.


The new regime represents a step forward by the DFSA in regulating tokens in the DIFC-free zone. It aims to establish the DIFC as a hub for virtual asset service providers (VASPs), similar to the Abu Dhabi Global Market (ADGM) (which, since its introduction in 2018, has operated its own regulatory framework for virtual assets) and the recently established Dubai Virtual Asset Regulatory Authority (DVARA), which regulates the activities of VASPs in the Emirate of Dubai outside of the geographic area of the DIFC.

The regulatory approach taken is generally in line with that of the ADGM and the approach taken at the federal UAE and Emirati levels. (Read this Latham blog post for more information.)

Questions remain around what other steps the DFSA will take in regulating the crypto industry and how the DIFC regime will interplay with rules enacted outside of the DIFC at an individual Emirati and federal level. The DFSA announcements set expectations for further consultation on Crypto Tokens, which will focus, inter alia, on decentralized finance (DeFi).

Latham & Watkins will continue to monitor developments related to virtual assets in the Middle East, including the forthcoming additional rules and regulations.