Cookies Policy

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we’ll assume that you are happy to accept these cookies.To get more information about these cookies and the processing of your personal data, check our Cookies Policy.


Ince Gordon Dadds Emergency Response +442072836999

Cyber Security: UAE

There are number of laws in the UAE, both on federal level and in individual Emirates (as well as in some free zones), that deal with certain aspects of data protection and cyber security regulations.

The UAE Penal Code issued in 1987 does not address cyber security offences. Most of the cyber security offences were criminalised by a separate piece of legislation in 2006, which was updated in 2012 by UAE Federal Decree implementing Law No. 5 Concerning Combating Information Technology Crimes (Cyber Crimes Law). 

What are the offences?

The majority of the offences under the Cyber Crimes Law relate to breaches of IT security, such as unauthorized access to IT systems, disabling access to IT systems, fraudulently redirecting IP addresses, introducing malware into IT systems, intercepting communications via IT systems and the unauthorized disclosure of certain confidential information via IT systems. In addition there are specific provisions dealing with the use of IT systems to commit offences against state security, religion, morality and financial security.

There is also a provision that makes the use of IT systems an aggravating factor when committing any crime, even if it is not specifically covered by the Cyber Crimes Law.

What are the defences?

The Cyber Crimes Law allows the court to reduce or disapply any punishment against offenders who have provided the judicial or administrative authorities with information in respect of any of the crimes under the Cyber Crimes Law which relate to state security, where their actions have resulted in the discovery of the crime, proving the case against the offenders or arresting any of them. 

What are the sanctions?

The Cyber Crimes Law provides for various fines and imprisonment periods depending on the gravity of the offence, with the maximum fine being AED 3,000,000 (which is the maximum liability for the unauthorised use of software causing a crash or alteration of information on an IT system) and a life imprisonment sentence (which is the maximum sentence for calling to overthrow or change the regime of the state or to obstruct the provisions of the Constitution or the laws applicable in the UAE). In addition, foreign citizens can be deported following conviction and execution of the sentence. The equipment used in committing the crime shall be confiscated.

Your key contacts

Partner Brian Boahene is a specialist disputes lawyer and works across the firm’s insurance transportation, trade, and aviation practices. He has extensive experience advising clients on cyber and (GDPR-related) compliance issues.

He is assisted in the insurance department at Ince & Co’s Dubai office by cyber expert Justin Whelan, Managing Associate, who has spoken widely and delivered training about cyber security from an insurance perspective and a GCC legal perspective to a number of audiences including Allianz and Asia Capital Re in the DIFC; Oman Insurance Company, Union Insurance Company, Kuehne+Nagel and Dry Dock World in Dubai; Trust Re in Bahrain; and ADNIC in Abu Dhabi. Justin has also delivered sector specific presentations at leading industry conferences (including for example at the leading maritime event in the UAE, InMarest) and advised on issues of cyber security and data protection.

Together Brian and Justin have a comprehensive knowledge of cyber and data protection legislation within the various laws of the UAE. The team in Dubai works together with our other offices across the network and can rely on their extensive resources if and when required.

Key contact