In March 2022, the Dubai Government, under the guidance of His Highness Sheikh Mohammed bin Rashid Al Maktoum, issued Law No. 9 of 2022 Regulating the Provision of Digital Services in the Emirate of Dubai (“the Law”), with the objective of enhancing the Digital Services provided in the Emirate by incorporating strategic plans for achieving digital transformation and concurrently, encouraging the Public and Private Sector to implement those strategic initiatives and plans for the purpose of digitizing all aspects of life in the Emirate.
Primarily, the Law does not create a distinction between the entities it is applicable to, with the law covering all zones in the Emirate, including various Free Zones and the Dubai International Financial Centre. The applicable entities have been categorized as: Government Entities; Judicial Authorities; Non-Government Entities; and Customers. In addition to these categories, the Chairman of the Executive Council can determine whether to include any other category, on the basis of a recommendation from the Dubai Digital Authority.
According to the Law (Article 5), the applicable entities must provide current and future Digital Services to customers, with the services being provided in line with the provisions of the Law and any other resolutions issued. Furthermore, Article 6 states that when the applicable entities provide Digital Services, they must adhere to certain regulations and standards, including but not limited to:
– Plans adopted by the Dubai Digital Authority;
– Adopt the usage of Digital Identity for accessing Digital Services that require Electronic Registration ;
– Electronic security requirements and standards adopted by the Dubai Electronic Security Centre;
– Financial systems and e-Payment Methods adopted by the Department of Finance for Government Entities and Judicial Authorities;
– Classification of data related to the provision of Digital Services and exchanging such Data with other entities in accordance with Law No. 26 of 2015 on the Regulation of Data Dissemination and Exchange in the Emirate of Dubai;
– Providing Digital Services in the Emirate through the shared Digital Channels approved by the Competent Entity (otherwise known as the General Secretariat, the Dubai Digital Authority or the Dubai Electronic Security Centre);
– Providing Digital Services in Arabic and English and in any other language determined by the entity providing the service (after taking into account the available language preferred by the target Customers);
– Requiring employees and staff of applicable entities to comply with the privacy protection standards, with a view to ensuring that the Information and Data of Customers are made accessible only in accordance with applicable legislation, and to the employees and staff concerned with providing Digital Services;
Customers have certain obligations (as set out in Article 7) that are required to be followed, wherein they must comply with the rules, regulations and any other obligations as determined by the entity providing the Digital Service and the Competent Entity. In the event the Customer has failed to comply with the obligations under the Law, the entity providing Digital Service will not be held liable towards a Customer or third party for any damage that has been sustained by them as a result of their failure to comply with the obligations under the Law. Moreover, it will be the Customer who will be the sole bearer of all civil, penal and administrative liability for any damage incurred due to the Customer’s failure.
Other key takeaways from the Law include:
– All digital transactions done by Customers through Digital Channels for availing Digital Services will be deemed to be transactions done in person. (Article 8)
– All correspondences, documents, records, Electronic Documents, and Electronic Signatures related to the Digital Services provided through Digital Channels under the Law and resolutions issued in pursuance hereof will possess the same evidentiary value as prescribed in Federal Law No. 10 of 1992, Federal Law No. 11 of 1992, Federal Law No. 35 of 1992 and Federal Law by Decree No. 46 of 2021. (Article 9)
– Government Entities and Judicial Authorities may outsource the provision of Digital Services to any public or private entity, subject to obtaining approval from the Competent Entity and the Department of Finance. (Article 10)
From the outset, the comprehensive applicability of the Law on various entities and the services provided by them highlights the fact that the groundwork for large-scale digital transformation in the Emirate has been laid. While the implementing regulations of the Law are yet to be issued, once issued, it will provide greater clarity on how various entities will have to adapt to the provide the latest technological developments with the aim of achieving digital transformation.
[1] As per Article 2 of the Law, Electronic Registration has been defined as, “A process adopted by the DDA to enable Persons to avail of the Digital Services that require a certain level of security and credibility, and in which the Digital Identity is used.”
[2]Federal Law No. 10 of 1992 On Evidence in Civil and Commercial Transactions;
[3]Federal Law No. 11 of 1992 Concerning Issuance of the Civil Procedures Code;
[4]Federal Law No. 35 of 1992 Concerning the Criminal Procedural Law;[5]Federal Law by Decree No. 46 of 2021 on Electronic Transactions and Trust Services;