Internet & Online Safety · UAE
Online safety & content laws in UAE (2026)
UAE shaded by its internet & online safety status
The UAE regulates online content and safety through a layered but fragmented set of federal laws and administrative regimes rather than a single comprehensive online-safety act. The Telecommunications and Digital Government Regulatory Authority (TDRA) mandates ISP-level filtering of broadly defined prohibited content — including unlicensed VoIP, gambling, pornography, LGBTQ+ material, and content deemed contrary to public morality or national security — with criminal liability for circumvention via VPNs. A landmark Child Digital Safety Law (Federal Decree-Law No. 26 of 2025), effective 1 January 2026, introduces DSA-adjacent obligations on platforms and ISPs including risk-proportionate age verification, default privacy for children, and parental-consent requirements for under-13 data processing, with a one-year compliance window.
Key points
The TDRA defines categories of prohibited content — including illegal VoIP, gambling, pornography, proxy/VPN services enabling prohibited-content access, and material offensive to Islam or national security — and requires all licensed ISPs (Etisalat/e&, du) to block such content at network level using DNS filtering, IP blocking, URL filtering, and deep-packet inspection.
Federal Decree-Law No. 34 of 2021, in force from 2 January 2022, criminalises a wide range of online conduct including spreading false information damaging to national security or public order, hacking, identity theft, and using VPNs to access prohibited content; penalties reach AED 2 million in fines and custodial sentences.
Federal Decree-Law No. 26 of 2025, issued 1 October 2025 and in force 1 January 2026, imposes risk-proportionate age-verification obligations on digital platforms and ISPs, prohibits collection or processing of children's (under 13) data without verifiable parental consent, mandates default privacy settings and parental controls, and bans targeted advertising to children. It has extraterritorial reach covering foreign platforms targeting UAE users.
Federal Decree-Law No. 55 of 2023 and Cabinet Resolution No. 42 of 2025 require all content creators and advertisers — paid or unpaid — to hold a UAE Media Council Advertiser Permit (mandatory from 1 February 2026) and a commercial licence; 20 published content standards govern what media organisations and influencers may publish, with fines up to AED 1 million for violations.
Consumer VoIP services (WhatsApp calls, FaceTime, Skype) remain blocked unless licensed by TDRA; approved licensed alternatives include Zoom, Microsoft Teams, Botim, and Cisco Webex. UAE law treats digital intermediaries as liable custodians responsible for proactive prevention of prohibited content, with no broad safe-harbour equivalent to EU e-Commerce Directive Article 14.
Unlike the EU Digital Services Act or UK Online Safety Act, the UAE has no single cross-cutting platform-accountability law covering algorithmic transparency, risk assessments, or systemic-harm duties for general-purpose platforms; regulation remains distributed across sector-specific instruments (cybercrime, child safety, media, telecoms) administered by different authorities (TDRA, UAE Media Council, courts).
Timeline - major decisions & events
The UAE enacted its first dedicated child online-safety law requiring digital platforms and ISPs operating in or targeting UAE users to implement age verification, parental-consent mechanisms for under-13s, default privacy settings, and commercial-gaming blocks for minors. The law entered into force on 1 January 2026, with a full compliance deadline of January 2027.
UAE Legislation Portal ↗The Cabinet endorsed a refreshed five-pillar National Cybersecurity Strategy covering governance, protection, innovation, capacity-building, and partnership, alongside an API-First Policy for digital government services — supporting the UAE's fifth-place ranking in the ITU Global Cybersecurity Index 2024.
UAE Cabinet ↗Implementing regulations for the 2023 Media Law came into force, requiring all influencers, social-media agencies, bloggers, and digital publishers in the UAE to hold an Emirates Media Council licence, with fines up to AED 1 million — doubled for repeat violations — and potential permanent closure for unlicensed operators.
UAE Government Portal ↗A comprehensive media law extended regulation beyond traditional broadcasters to online content creators, influencers, streaming services, and digital advertising agencies, establishing the Emirates Media Council and a permanent violations committee with power to impose administrative penalties and suspend platforms.
UAE Legislation Portal ↗The UAE's first federal personal-data protection law established consent-based processing requirements, data-subject rights (access, rectification, erasure, portability), and mandated creation of the UAE Data Office as the national supervisory authority, aligning the framework broadly with GDPR principles.
UAE Government Portal ↗The replacement for the 2012 Cybercrime Law broadened offences to include geolocation tracking without consent, spreading false information harmful to national interests, and attacks on government systems, with penalties up to life imprisonment and extraterritorial reach over acts directed against UAE interests.
UAE Legislation Portal ↗The Telecommunications Regulatory Authority published the first dedicated National Cybersecurity Strategy, built on 5 pillars and 60 initiatives including a national cyber-incident response plan and protection of nine critical-infrastructure sectors, setting the strategic baseline for subsequent legislative and enforcement activity.
TDRA ↗This decree replaced the 2006 law and significantly expanded the cybercrime framework to cover hacking, online fraud, defamation, threats to state security, insults to religion, and social-media misuse, with fines of AED 50,000–3 million and potential life imprisonment for the most serious offences.
TDRA ↗The Telecommunications Regulatory Authority formally classified unlicensed VoIP as prohibited content under the Internet Access Management framework, requiring Etisalat and du to block non-licensed internet-calling services via deep packet inspection — a regime that still restricts consumer VoIP calls on WhatsApp, FaceTime, and Skype.
TDRA ↗The UAE became the first Arab country to enact a dedicated IT-crimes statute, criminalising unauthorised system access, electronic fraud, and data interference with imprisonment of at least one year and fines from AED 10,000, laying the legislative foundation for all subsequent UAE online-safety regulation.
WIPO Lex ↗UAE - other topics
Last verified 5/24/2026 · Orientation, not legal advice - verify against the primary sources linked above. Explore the full world map →