Recognizing new realities in decentralization, the regulations aim to provide market players with governance flexibility within distributed ledger technology foundations.

By Stuart Davis, Brian Meenagh, Andrew Moyle, and Ksenia Koroleva

On October 2, 2023, the Board of Directors of Abu Dhabi Global Market (ADGM), a financial free zone in the United Arab Emirates (UAE), enacted the Distributed Ledger Technology Foundations Regulations 2023 (Regulations). The Regulations were published on November 1, 2023.

Latham & Watkins has advised ADGM in drafting the Regulations. The Regulations were developed following extensive benchmarking across a number of peer jurisdictions and incorporate stakeholder feedback from ADGM’s April 2023 consultation paper. The adoption of the Regulations is part of the strategy to promote ADGM as a global center for digital assets.

The Regulations recognize the suitability of common law foundation structures for projects related to digital assets, and aim to allow maximum flexibility for the sector with respect to governance.

The Dubai International Financial Centre urges companies to protect personal data when using artificial intelligence.

By Brian A. MeenaghKsenia Koroleva, and Lucy Tucker 

On 18 April 2023, the Dubai International Financial Centre (DIFC), a financial free zone with its own data protection laws, published a consultation paper (the Consultation Paper) regarding amendments to DIFC Data Protection Regulations (the Regulations) for a 30-day public consultation.

The Consultation Paper acknowledges that AI systems are important and useful but carry risks to personal data processing. The DIFC’s proposed approach urges all companies using AI systems to adopt and reinforce technical and organisational means to protect personal data when using AI.

The Middle East’s rapidly advancing space sector has seen a slew of landmark achievements in the last few years.

By Alexander Hendry

In 2014, the UAE established the UAE Space Agency to oversee and grow its space sector, and it has since successfully completed numerous projects. In July 2020, it became the fifth country in the world to launch a probe to Mars, and in December 2022, the UAE-built Rashid Rover was launched on a path to the moon. Emirati astronaut Hazza Al Mansouri was the first person from the UAE in space, and Emirati astronaut Sultan Al Neyadi will soon embark on a six-month mission to the International Space Station. The Mohammed bin Rashid Space Centre has launched four satellites, and UAE-based satellite company Yahsat currently manages a fleet of five satellites and provides services in more than 150 countries. In 2022, the UAE established an US$817 million fund to support its space sector, including the development of a constellation of advanced radar imaging satellites.

The guidance is part of the rapidly evolving rules on anti-money laundering and aims to promote UAE as a jurisdiction compliant with best practices.

By Brian Meenagh, Ksenia Koroleva, and Matthew Rodwell

On August 1, 2022, the UAE Central Bank (CBUAE) issued the Guidance for Licensed Financial Institutions on the Risks Relating to Payments.[1]

The guidance was issued to implement the requirements of Federal Decree Law No. 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations. It sets out the CBUAE’s expectations as to the appropriate compliance measures to be adopted within payments ecosystems. The guidance is not intended to amend or replace existing CBUAE requirements and should be read in conjunction with the CBUAE’s existing rules[2] and guidance materials[3].

Organisations subject to the law should carry out a gap analysis of their current compliance position against the new requirements.

By Brian A. Meenagh, Alexander Hendry, and Lucy Tucker

The United Arab Emirates (UAE) has issued its first federal data protection law (Federal Decree Law No. 45/2021 on the Protection of Personal Data) (the Data Protection Law), alongside a law establishing the new UAE Data Office (Federal Decree Law No. 44/2021 on Establishing the UAE Data Office).

The issuance of the Data Protection Law follows a trend of new data protection laws in the Middle East, including a data protection law in Saudi Arabia that will come into force on 23 March 2022.

The decision will likely provide comfort to businesses operating in the healthcare sector both in the UAE and globally.

By Brian A. Meenagh and Avinash Balendran

On 28 April 2021 the United Arab Emirates (UAE) federal government issued Ministerial Decision No. 51 of 2021 (the Decision) to clarify when health information may be stored or transferred outside of the UAE. The Decision should pave the way for many domestic and overseas healthcare service providers to continue processing, storing, and transferring

Healthcare entities should immediately assess whether Federal Law No. 2 of 2019 applies to their practices.

By Brian A. Meenagh

On 6 February 2019, the President of the United Arab Emirates (UAE) in conjunction with the UAE Minister of Health and Prevention (the Minister) issued a new law on the use of information and communications technology (ICT) in health fields in the UAE. Federal Law No. 2 of 2019 (the Law) entered into effect in May 2019 and will likely affect the activities of a number of entities operating in the healthcare sector in the UAE, including healthcare service providers, life sciences companies, cloud service providers, healthcare IT systems suppliers, and medical insurance providers.

The DIFC guidelines provide practical guidance for DIFC-registered entities engaging in electronic direct marketing, including useful “dos” and “don’ts”.

By Brian A. Meenagh, Fiona M. Maclean, and Laura Holden

What Do DIFC-Registered Entities Need to Know?

In January 2019, the Commissioner for Data Protection for the Dubai International Financial Centre (DIFC) issued new Direct Marketing and Electronic Communications Guidelines, aimed at DIFC-registered entities that collect and maintain personal data for electronic direct marketing purposes.

The document provides practical guidance on the rules relating to the collection, maintenance, and use of personal data for electronic direct marketing purposes set out in the Data Protection Law, DIFC Law No.1 of 2007 (DP Law), which is based on the (now superseded) UK Data Protection Act 1998 and EU Data Privacy Directive 1996. However, the guidelines also take into account the latest direct marketing requirements under the General Data Protection Regulation (GDPR) and the Privacy and Electronic Communications Directive 2002, providing practical examples of “do’s” and “don’ts” for entities to consider. The guidelines also appear to leverage provisions from the October 2018 draft of the EC’s new e-Privacy Regulation (ePR) which is currently anticipated to come into force in 2021.

United Arab Emirates (UAE) free zones are attractive jurisdictions for early and growth-stage companies. Free zones are designed to encourage startups and foreign investors through simpler processes and procedures, permiting 100% foreign ownership. However, the more than 45 free zones in the UAE each have their own  rules and regulations, so choosing the right free zone can be a complicated decision.

Latham & Watkins, in partnership with VentureSouq, has developed the UAE Free Zone Navigator, an innovative online resource to

Four of Latham & Watkins’ leading emerging company partners in Silicon Valley, Luke Bergstrom, Tad Freese, Jim Morrone and JD Marple, recently hosted a webinar titled “Achieving Successful Outcomes as a Non-US Company Investing in or Acquiring Technology Companies in Silicon Valley”. The webinar can be viewed here.

In this blog we have sought to draw out some of the key observations in the webinar that are relevant to Middle East entities considering investing in US technology companies.

Unique