Detailed overview
The United Arab Emirates does not currently have one comprehensive horizontal AI Act equivalent to the EU AI Act. Its AI framework is based on national AI strategy, official AI ethics resources, digital-government policy, data-protection rules, cybersecurity, sectoral regulation and existing civil or criminal law.
National AI Strategy 2031
The UAE's National Strategy for Artificial Intelligence 2031 sets the country's policy direction for AI. It aims to position the UAE as a global AI leader, integrate AI into priority sectors and government services, build AI talent and support AI infrastructure and adoption. The strategy is a national policy framework, not a general AI licence or an EU-style high-risk AI statute.
Ethics guidance
The UAE Government also publishes official AI resources, including AI ethics guidance and materials on deepfakes and responsible AI use. These resources support transparency, accountability, responsible deployment, risk awareness and ethical use of AI, especially in government and digital services.
Dubai has also issued AI ethics guidance through Digital Dubai. These materials provide practical principles for organisations designing, procuring or using AI systems, including fairness, transparency, accountability, privacy, security, human oversight and responsible innovation.
Existing-law overlays
AI systems in the UAE may be regulated under existing legal regimes. AI that processes personal data may trigger data-protection obligations. AI used in finance, healthcare, transport, government services, telecoms, advertising, online platforms, cybersecurity or consumer services may be subject to sector-specific rules. AI-generated impersonation, fraud, unlawful content, cyber abuse or misuse of personal data may also trigger civil, administrative or criminal liability.
Penalties
The UAE does not currently have one AI-specific penalty table applicable to all AI systems. Penalties depend on the underlying law breached, such as data protection, cybersecurity, cybercrime, consumer protection, financial regulation, healthcare regulation, media regulation or sector-specific licensing law.
Practical requirements & details
Sourced from the UAE National Strategy for AI 2031, Federal Decree-Law No. 45/2021 on personal data protection (PDPL), Federal Decree-Law No. 34/2021 on combating rumours and cybercrime, Digital Dubai AI ethics guidance, and sectoral rules (CBUAE, DHA/DoH).
National AI Strategy 2031
- Eight objectives: build AI reputation; AI in priority sectors; data hub; talent; research ecosystem; infrastructure; world-class governance; ethical AI.
- Policy framework, not a licensing law.
Federal AI Ethics Principles
- Fairness; transparency; accountability; explainability; robustness; safety; privacy; human-centric design.
- Apply across government and private digital services.
Digital Dubai AI principles + ethics guidelines
- Principles: ethics, security, humanity, inclusiveness.
- Ethics guidelines provide an assessment tool for AI projects (toolkit + self-assessment).
Personal Data Protection Law (PDPL)
- Lawful basis, consent, purpose limitation, data-minimisation, security, individual rights.
- Automated decision-making with legal effect requires human review and meaningful information about logic.
- Cross-border transfers require adequacy or appropriate safeguards.
Sector overlays
- DHA/DoH AI-in-healthcare guidance and SaMD registration.
- CBUAE on AI in financial services — governance, model risk, third-party risk, consumer protection.
- DIFC + ADGM have their own data-protection regimes that apply to AI in those free zones.
Cybercrime Law overlay
- AI-generated impersonation, fraud, unlawful content and cyber abuse can trigger criminal liability under Federal Decree-Law 34/2021.