Law No. (9) of 2022

Regulating the Provision of Digital

Services in the Emirate of Dubai[1]

ــــــــــــــــــــــــــــــــــــــــــــــــ

We, Mohammed bin Rashid Al Maktoum, Ruler of Dubai,

After perusal of:

Federal Law No. (5) of 1985 Issuing the Civil Code of the United Arab Emirates and its amendments;

Federal Law No. (10) of 1992 Issuing the Law of Evidence Governing Civil and Commercial Transactions and its amendments;

Federal Law No. (11) of 1992 Issuing the Civil Procedure Code, its Regulatory Bylaw, and their amendments;

Federal Law No. (35) of 1992 Issuing the Criminal Procedure Code and its amendments;

Federal Law by Decree No. (3) of 2003 Regulating the Telecommunications Sector and its amendments;

Federal Law No. (2) of 2019 Concerning the Use of Information and Communications Technology in Health-related Fields and its Implementing Bylaw;

Federal Law by Decree No. (14) of 2021 Establishing the Federal Authority for Identity, Citizenship, Customs, and Port Security;

Federal Law by Decree No. (31) of 2021 Issuing the Crime and Punishment Law;

Federal Law by Decree No. (34) of 2021 Concerning Combating Rumours and Cybercrime;

Federal Law by Decree No. (46) of 2021 Concerning Electronic Transactions and Thiqa Services;

Law No. (5) of 1995 Establishing the Department of Finance;

Law No. (3) of 2003 Establishing the Executive Council of the Emirate of Dubai;

Law No. (11) of 2014 Establishing the Dubai Electronic Security Centre;

Law No. (22) of 2015 Regulating Partnership between the Public Sector and the Private Sector in the Emirate of Dubai;

Law No. (26) of 2015 Regulating Data Dissemination and Exchange in the Emirate of Dubai;

Law No. (1) of 2016 Concerning the Financial Regulations of the Government of Dubai;

Law No. (13) of 2016 Concerning the Judicial Authorities in the Emirate of Dubai and its amendments;

Law No. (1) of 2021 Establishing the Dubai Digital Authority;

Law No. (5) of 2021 Concerning the Dubai International Financial Centre;

Decree No. (22) of 2009 Concerning Special Development Zones in the Emirate of Dubai;

Executive Council Resolution No. (13) of 2012 Concerning Information Security at the Government of Dubai and its amendments;

Resolution No. (2) of 2017 Approving the Policies Document on Classification, Dissemination, Exchange, and Protection of Data in the Emirate of Dubai; and

The Legislation establishing and regulating free zones in the Emirate of Dubai,

Do hereby issue this Law.

Title of the Law

Article (1)

This Law will be cited as "Law No. (9) of 2022 Regulating the Provision of Digital Services in the Emirate of Dubai".

Definitions

Article (2)

The following words and expressions, wherever mentioned in this Law, will have the meaning indicated opposite each of them unless the context implies otherwise:

Emirate:

The Emirate of Dubai.

Government:

The Government of Dubai.

Executive Council:

The Executive Council of the Emirate of Dubai.

General Secretariat:

The general secretariat of the Executive Council.

DDA:

The Dubai Digital Authority.

DESC:

The Dubai Electronic Security Centre.

Competent Entity:

The General Secretariat, the DDA, or the DESC.

Government Entity:

Any of the Government departments; public agencies and corporations; Government councils and authorities, including the authorities supervising Special Development Zones and free zones, such as the Dubai International Financial Centre; or other entities affiliated to the Government.

Judicial Authority:

The Dubai Courts or the Public Prosecution.

Digital Services:

Any of the Government, judicial, or non-government services provided to Customers through Digital Channels.

Digital Channels:

Websites, smart applications, and other media through which Digital Services are provided and made available.

Digital Identity:

A digital identifier approved by the DDA through which a Customer may avail of Digital Services and affix Digital Signatures to Electronic Documents.

Customer:

A Person who uses the Digital Channels of Government Entities, Judicial Authorities, or non-government entities to avail of Digital Services.

Electronic Document:

An electronic record, email, or other electronic representation of Information that is created, stored, extracted, copied, sent, or received through Digital Channels and that is retrievable in a perceivable form.

Electronic Signature:

A signature comprising alphabets, numbers, symbols, a sound, a fingerprint, or an electronic process attached to or logically associated with an Electronic Document to verify the identity of a signatory and ensure his approval and consent to the content of the Electronic Document.

Electronic Registration:

A process adopted by the DDA to enable Persons to avail of the Digital Services that require certain level of security and credibility, and in which the Digital Identity is used.

Person:

A natural or legal person.

Objectives of the Law

Article (3)

This Law aims to:

1.    support the strategic plans of the Emirate aiming at achieving digital transformation;

2.    support the general direction, and implement the policies, of the Government aiming at digitising all aspects of life in the Emirate;

3.    build trust in all types of Digital Services in the Emirate;

4.    keep abreast of the latest technological developments with a view to enhancing the quality and level of Digital Services, and facilitating the process of accessing these services from any place and at any time; and

5.    encourage the Public Sector and the Private Sector to implement the plans, programmes, and initiatives aiming at digitising all aspects of life in the Emirate.

Scope of Application

Article (4)

The provisions of this Law apply to all zones across the Emirate, including in Special Development Zones and free zones, such as the Dubai International Financial Centre. The Law applies to the following categories:

1.    Government Entities;

2.    Judicial Authorities;

3.    non-government entities;

4.    Customers; and

5.    any other category determined by the Chairman of the Executive Council based on a recommendation from the DDA.

Digital Services Mandatory Provision and

Implementation Phases

Article (5)

a.    All entities falling under the categories referred to in Article (4) of this Law, except for Customers, must provide their Customers with currently available and future Digital Services, in accordance with the provisions of this Law and the resolutions issued in pursuance hereof.

b.    The phases of application of this Law to the categories referred to in Article (4) hereof will be determined pursuant to a resolution issued by the Chairman of the Executive Council upon the recommendation of the DDA. This resolution must state:

1.    the commencement date for each phase;

2.    the Digital Services and the entities to be included in each phase; and

3.    the implementation rules and procedures for each phase.

Rules for Providing Digital Services

Article (6)

a.    In providing Digital Services, a Government Entity, a Judicial Authority, or a non-government entity in the Emirate, as the case may be, must observe the following regulations, rules, and standards:

1.    the conditions and procedures governing judicial affairs, civil and commercial transactions, and electronic commerce, as prescribed by the legislation in force in the Emirate;

2.    the plans adopted by the DDA for providing Digital Services;

3.    the conditions and procedures for providing Digital Services, depending on the type of service and the legislation regulating it;

4.    making Digital Services accessible to Customers through Digital Channels and providing the technical support required by Customers;

5.    adopting the use of Digital Identity for accessing the Digital Services that require Electronic Registration;

6.    the electronic security requirements and standards adopted by the DESC;

7.    the regulatory, technological, and technical requirements prescribed by the Competent Entity, in respect of providing Digital Services, in coordination with the entity providing these services;

8.    the financial systems and e-Payment Methods adopted by the Department of Finance for Government Entities and Judicial Authorities;

9.    implementing the strategies and policies adopted by the Competent Entity for the identification and classification of Digital Services, and having these services approved by the General Secretariat;

10.  developing a plan for providing Digital Services in accordance with the standards and rules adopted by the Competent Entity, and determining the implementation phases of this plan upon approval of the same by the DDA;

11.  implementing the policies related to Information Security and business continuity in case of interruption of its Digital Services;

12.  classifying the Data related to the provision of Digital Services and exchanging such Data with other entities, in accordance with the provisions of the above-mentioned Law No. (26) of 2015 and the resolutions and policies issued in implementation thereof;

13.  designing, in coordination with the Competent Entity, the administrative services, processes, and procedures related to providing Digital Services, in line with the relevant technological developments and Customer needs; and constantly developing and updating these services, processes, and procedures;

14.  adopting and implementing the electronic systems approved by the DDA for supporting the provision of Digital Services, and consistently developing these services across the Emirate;

15.  providing Digital Services in the Emirate through the shared Digital Channels approved by the Competent Entity;

16.  clearly and accurately determining the procedures and requirements for providing Digital Services, and communicating the same to Customers;

17.  enabling the public and Customers to provide their comments and suggestions regarding Digital Services and to give their satisfaction feedback on these services, in accordance with the processes adopted by the DDA and the General Secretariat;

18.  saving the Data and Documents related to the Digital Services governed by this Law, in accordance with the procedures, and for the periods, prescribed in the legislation in force; and subject to the requirements approved by the Competent Entity;

19.  providing Digital Services in Arabic and English and in any other language determined by the entity providing these services, taking into account the available language preferred by target Customers;

20.  ensuring that Digital Services are conveniently accessible to all segments of Customers, including persons with disabilities and those unable to use Digital Channels, by activating certain options that enable and help them to request and avail of these services without any additional fees or financial burdens;

21.  adopting Government linked Data as a basis for providing Digital Services, with a view to avoiding duplication and redundancy;

22.  establishing the standards and procedures that ensure that available Data is accurate, valid, complete, and up-to-date;

23.  requiring its employees and staff to comply with the privacy protection standards, with a view to ensuring that the Information and Data of Customers are made accessible only in accordance with applicable legislation and to the employees and staff concerned with providing Digital Services;

24.  developing the systems and programmes required for protecting its Information, Data, and Information Systems in accordance with the standards adopted by the DESC in this respect;

25.  developing the audit processes and procedures required for ensuring the integrity, security, and confidentiality of Electronic Documents, payments, charges, and fees it prescribes for providing Digital Services, in accordance with applicable legislation and the requirements approved by the Competent Entity;

26.  applying the quality standards adopted by the Competent Entity in respect of all matters related to the channels and processes used in providing Digital Services, and in respect of the Data and Information exchanged through these channels and processes; and

27.  any other relevant regulations, rules, or standards prescribed by the Competent Entity and related to the achievement of the objectives of this Law.

b.    The DDA may, upon the request of a Government Entity, a Judicial Authority, or a non-government entity providing Digital Services and in coordination with the General Secretariat and the DESC, exempt that entity or authority, permanently or temporarily, from compliance with any of the regulations, rules, or standards stipulated in paragraph (a) of this Article.

Obligations and Responsibilities of Customers

Article (7)

a.    In addition to the obligations stipulated in the applicable legislation and subject to liability, a Customer must:

1.    update his Data, as maintained by the entity providing Digital Services, where so required for providing these services and in accordance with the conditions and requirements prescribed by that entity for availing of its Digital Services and with the provisions of this Law and the resolutions issued in pursuance hereof;

2.    comply with the rules and requirements prescribed by the entity providing the Digital Services and approved by the Competent Entity; and

3.    comply with any other obligations determined by the Competent Entity.

b.    An entity providing Digital Services will not be held liable towards a Customer or third party for any damage sustained by him as a result of failure by the Customer to comply with his obligations under this Law, the resolutions issued in pursuance hereof, or other legislation in force in the Emirate. The Customer will solely bear the civil, penal, and administrative liability for any damage incurred as a result of that failure.

Processes Performed through Digital Channels

Article (8)

All processes performed by Customers through Digital Channels to avail of Digital Services under this Law will be deemed as have been made in person, including those related to the penal and civil applications, claims, and appeals required to be made in person pursuant to the legislation in force in the Emirate.

Evidentiary Value

Article (9)

All correspondence, documents, records, Electronic Documents, and Electronic Signatures related to the Digital Services provided through Digital Channels under this Law and the resolutions issued in pursuance hereof will have the same evidentiary value prescribed for them under the above-mentioned Federal Law No. (10) of 1992, Federal Law No. (11) of 1992, Federal Law No. (35) of 1992, and Federal Law by Decree No. (46) of 2021.

Outsourcing the Provision of Digital Services

Article (10)

Government Entities and Judicial Authorities may, subject to obtaining the approval of the Competent Entity and the Department of Finance, outsource to any public or private entity the provision of its Digital Services or the provision, management, or operation of the systems, electronic programmes, and Digital Channels required for providing these Digital Services, pursuant to an agreement concluded with the public or private entity for this purpose. The agreement will stipulate its term and the rights and obligations of both parties, including the standards for protecting the privacy and confidentiality of Data and the rules for providing Digital Services.

Issuing Implementing Resolutions and Technical Manuals

Article (11)

The Director General will, in coordination with the General Secretariat, issue the resolutions and technical manuals required for the implementation of the provisions of this Law. The resolutions must be published in the Official Gazette of the Government of Dubai, and the technical manuals must be published on the DDA official website.

Compliance

Article (12)

A provider of Digital Services must comply with the provisions of this Law within a period not exceeding one (1) year from the date of commencement of the phase in which this Law becomes applicable to him. The Chairman of the Executive Council may, where required, extend this grace period for the same period based on a recommendation from the DDA.

Applicable Supplementary Legislation

Article (13)

Except in the cases stipulated in this Law and the resolutions issued in pursuance hereof, the federal and local legislation governing Electronic Transactions and Electronic Signatures, inclusive of all the provisions, rules, conditions, requirements, standards, guidelines, and procedures set forth therein, will apply.

Repeals

Article (14)

Any provision in any other legislation is hereby repealed to the extent that it contradicts the provisions of this Law.

Publication and Commencement

Article (15)

This Law will be published in the Official Gazette and will come into force on the day on which it is published.

Mohammed bin Rashid Al Maktoum

Ruler of Dubai

Issued in Dubai on 14 March 2022

Corresponding to 11 Shaban 1443 A.H.

 



2022 The Supreme Legislation Committee in the Emirate of Dubai

[1]Every effort has been made to produce an accurate and complete English version of this legislation. However, for the purpose of its interpretation and application, reference must be made to the original Arabic text. In case of conflict, the Arabic text will prevail.