この記事は現在英語でのみご利用いただけます。
AI Governance in the UAE: National AI Strategy, DIFC, and the Gulf's Leading AI Jurisdiction
The UAE has positioned itself as the Arab world's AI hub — with a National AI Strategy, the world's first AI ministry, AI-specific regulation in DIFC, and a growing body of sector guidance. The complete 2026 guide for organisations operating in the UAE.
Key Takeaways
The UAE has the world's first dedicated Ministry of AI (established 2017) and a National AI Strategy 2031 that targets AI contribution of AED 335 billion (~USD 91 billion) to the UAE economy by 2031.
The Dubai International Financial Centre (DIFC) has developed AI-specific data protection guidance that applies to organisations operating within the DIFC — one of the most sophisticated AI-specific frameworks in the Middle East.
The UAE's Personal Data Protection Law (PDPL, Federal Decree-Law No. 45 of 2021) creates data protection obligations relevant to AI — including requirements for lawful basis, purpose limitation, and data subject rights that parallel GDPR.
The Abu Dhabi Global Market (ADGM) has developed its own AI governance framework and has been active in positioning Abu Dhabi as a centre for responsible AI development.
Saudi Arabia's neighbouring National AI Strategy creates a regional AI governance landscape — organisations with Gulf operations need to navigate both UAE and Saudi frameworks, which are aligned in aspiration but differ in specific requirements.
"情報提供のみを目的としています。この記事は法律、規制、財務または専門的なアドバイスを構成するものではありません。具体的なアドバイスについては、資格を持つ専門家にご相談ください。"
UAE AI governance in 2026 — strategy, regulation, and free zones
The UAE has positioned itself as one of the global leaders in AI governance through a layered approach: national strategy at the federal level, binding regulation in financial free zones (DIFC and ADGM), and ethical guidance through the AI Office. The UAE appointed the world's first Minister of State for Artificial Intelligence in 2017, signalling the strategic importance of AI to the country's development agenda.
Federal framework
The UAE Strategy for Artificial Intelligence 2031 provides the national roadmap for integrating AI across healthcare, mobility, education, energy, and government services. The UAE Personal Data Protection Law (PDPL — Federal Decree-Law No. 45 of 2021, effective 2 January 2022) governs personal data processing including AI. Federal Decree-Law No. 26 of 2025 classifies e-commerce platforms as digital platforms subject to data restrictions. The AI, Digital Economy and Remote Work Applications Office (AI Office) under the Prime Minister's Office oversees national AI strategy implementation.
The UAE National AI Charter provides ethical principles for responsible AI development — human-centric, transparent, accountable. While non-binding, the Charter principles are expected to influence procurement standards and sectoral regulation.
Free zone regulation — DIFC and ADGM
DIFC (Dubai International Financial Centre). The DIFC operates its own legal system modelled on common law. DIFC Data Protection Law No. 5 of 2020, Regulation 10 specifically addresses automated decision-making and profiling — requiring data subjects to be informed about automated processing, with rights to request human intervention, express their point of view, and contest decisions. The DIFC has also launched a specific AI licence for developers and entrepreneurs. The DIFC has introduced data protection regulation specifically targeting AI systems with additional obligations for transparency, accountability, and risk assessments.
ADGM (Abu Dhabi Global Market). ADGM Data Protection Regulations 2021, Section 20 contains similar automated decision-making provisions to DIFC. Both free zones operate data protection regimes closely modelled on the EU's GDPR.
Free zone regulation matters because these are where many international businesses operating in the UAE are domiciled. DIFC and ADGM binding requirements often influence broader market practice.
Financial services AI
The Guidelines for Financial Institutions Adopting Enabling Technologies are jointly published by the UAE Central Bank (CBUAE), Securities and Commodities Authority (SCA), DFSA (DIFC), and FSRA (ADGM). These non-binding guidelines emphasise governance, accountability, and consumer protection for AI in financial services. The UAE's AI and Technology Council (AIATC) and the financial free zones regulate AI use in finance.
What companies operating in the UAE should do
Determine which legal regime applies to your operations (mainland PDPL, DIFC, or ADGM). Implement DPIA processes covering AI bias, explainability, and profiling risks. Establish governance structures with senior management accountability and board reporting on AI risk. Ensure vendor and cloud contracts include robust data processing clauses, security obligations, audit rights, and liability provisions. Monitor the AI Office, TDRA, DIFC, and ADGM for regulatory updates. The direction of travel is toward binding AI requirements expanding from free zones into broader market practice.
Primary sources: UAE AI Office · DIFC · ADGM