Law
No. (11) of 2014
Establishing
the
Dubai
Centre for Electronic Security[1]
ــــــــــــــــــــــــــــــــــــــــــــــ
We, Mohammed bin Rashid Al
Maktoum, Ruler of Dubai,
After
perusal of:
Federal Law No. (3) of 1987 Issuing the Penal
Code and its amendments;
Federal Law No. (7) of 2002 Concerning
Copyright and Related Rights and its amendments;
Federal Law No. (1) of 2006 Concerning
Electronic Transactions and e-Commerce;
Federal Law by Decree No. (5) of 2012
Concerning Combating Information Technology Crime;
Law No. (2) of 2002 Concerning Electronic
Transactions and e-Commerce;
Law
No. (27) of 2006 Concerning Management of the Government of Dubai Human
Resources and its amendments;
Law No. (7) of 2009 Establishing the Dubai
Smart Government and its amendments;
Law No. (8) of 2010 Concerning the Financial
Audit Department and its amendments; and
Executive Council Resolution No. (13) of 2012
Concerning Information Security at the Government of Dubai,
Do hereby issue this Law.
The following words and
expressions, wherever mentioned in this Law, will have the meaning indicated
opposite each of them unless the context implies otherwise:
Emirate: |
The Emirate
of Dubai. |
Government: |
The
Government of Dubai. |
Government
Entities: |
Government
departments, agencies, public corporations, councils, and authorities, including
free zone authorities, and any other entity affiliated to the Government. |
DCES: |
The Dubai
Centre for Electronic Security established pursuant to this Law. |
Board
of Directors: |
The
board of directors of the DCES. |
Executive
Director: |
The
executive director of the DCES. |
Government
Information: |
The Government Information, data, documents, and Information
resources whether printed, written on paper, Electronically saved, processed,
sent by post or Electronic media, appearing in video or audio recordings, or
disclosed during face to face conversations or through any other means of communication. |
Information
System: |
A
physical or virtual implement or set of interrelated or independent implements
that are used to store, sort, organise, retrieve, process, develop, and
exchange Information in accordance with saved commands and instructions. This
includes all inputs, outputs, and infrastructure related to the Information
System. Information Systems are used by Government Entities to manage and
process Information. |
Pursuant to this Law, a public
corporation named the “Dubai Centre for Electronic Security” is established and will have legal personality,
financial and administrative autonomy, and the legal capacity required to undertake
all acts and dispositions that ensure the achievement of its objectives.
The
head office of the DCES will be located in the Emirate.
The
DCES aims to:
1. protect Government Information,
telecommunication networks, and Information Systems in the Emirate;
2. develop, modify, and use the necessary
means of Electronic security; and
3. enhance, through Information Systems
or any other Electronic means, the efficiency of Information storage and
exchange in all Government Entities in the Emirate.
The DCES is the Government Entity responsible for maintaining Government Information Security in the Emirate. For this purpose, the DCES may:
1. set and implement the Government Information Security policy of the Emirate;
2. set, and supervise the implementation of, standards for ensuring Electronic security in the Emirate;
3. prepare, in coordination with concerned Government Entities, a strategic plan to manage any risks, threats, or attacks on Government Information;
4. verify the efficiency of the telecommunication network security systems and Information Systems of Government Entities;
5. monitor compliance by Government Entities with the Information Security requirements issued by the DCES, and follow up implementation of these requirements;
6. combat various cybercrimes and Information technology crimes;
7. coordinate with Government, regional, and international entities with respect to the work of the DCES;
8. provide technical and advisory support to all Government Entities in the Emirate;
9. receive complaints and suggestions related to Government Information Security;
10. prepare and finance the studies and research required to develop Electronic security in the Emirate in coordination with Government Entities;
11. set, in coordination with Government Entities in the Emirate, the necessary rules for authorising the import, export, and use of encryption and jamming software and devices, and provide telecommunication network and Information System penetration testing services;
12. propose legislation concerning Electronic security;
13. raise awareness, in coordination with Government Entities, of the importance of Electronic security; and
14. hold, and participate in, conferences and seminars, and cooperate with regional and international organisations in relation to the work of the DCES.
1.
The DCES will have a Board of Directors comprised of a chairman, vice
chairman, and a number of experienced and competent members appointed pursuant
to a resolution of the Ruler. The term of membership of the Board of Directors
will be three (3) years, renewable upon expiry.
2.
The Board of Directors will be
convened at the invitation of its chairman, or vice chairman where the chairman
is absent, at least once every two (2) months, or where necessary. Meetings of
the Board of Directors will be valid if attended by the majority of its members
provided that the chairman or vice chairman is in attendance.
3.
The
Board of Directors will pass its resolutions by majority vote, and in the event
of a tie, the chair of the meeting will have a casting vote. Resolutions of the
Board of Directors will be recorded in minutes of meetings signed by the chair
of the meeting and attending members.
a.
The Board of Directors is the highest authority in charge of managing
the affairs of the DCES, and will be responsible for achieving the objectives
and implementing the policies for which the DCES is established. The Board of
Directors will exercise the authorities and powers required to achieve the
objectives of the DCES, and, in particular, may:
1. set, and oversee the
implementation of, the general policy of the DCES;
2. approve and review the work plans
and programmes of the DCES, and assess their applicability on annual basis;
3. set the strategic goals of the DCES
and the procedures required to oversee the implementation of the same, provided
that these goals are reviewed, and compliance with them is assessed, on annual
basis;
4. take the necessary action to
ensure compliance by the DCES with the laws, the resolutions and regulations
issued in pursuance of these laws, and any legislation related to the work and
activities of the DCES;
5. assess and follow up the
executive management of the DCES, and ensure that it achieves the objectives of
the DCES;
6. approve the organisational
structure of the DCES;
7. approve the annual budget and
final accounts of the DCES;
8. form permanent and temporary
committees and specialised work teams, and determine their duties and powers in
order to achieve the objectives of the DCES;
9. determine the duties of each
member of the Board of Directors in a manner that ensures integration of their
roles to achieve the objectives of the DCES;
10. review, and make the necessary
comments on, the performance reports submitted by the Executive Director; and
11. perform any other duties related
to the objectives of the DCES.
b.
The Board of Directors may delegate any of the powers stipulated in
paragraph (a) of this Article to the chairman or any member of the Board of Directors,
or to the Executive Director.
1.
The executive body of the DCES will be comprised of the Executive
Director and a number of administrative, financial, and technical employees.
2.
The rights and duties of the DCES employees, and the rules governing
their selection and appointment will be determined pursuant to employment
regulations approved by the Board of Directors for this purpose.
1.
An Executive Director will be appointed to the DCES pursuant to a resolution
of the Board of Directors.
2.
The Executive Director will be directly responsible to the Board of
Directors for performing his duties pursuant to this Law and the resolutions
issued in pursuance hereof, and for performing any duties assigned by the
chairman of the Board of Directors.
The
Executive Director will supervise the daily work, and manage and regulate the business,
of the DCES, and represent it in its relations with third parties and before
judicial authorities. In particular, the Executive Director will have the
duties and powers to:
1.
propose the policies, strategic, development, and operational plans,
initiatives, and programmes that will achieve the objectives of the DCES, and
submit these to the Board of Directors;
2.
prepare work plans and programmes, and projects related to these plans
and programmes, and submit these to the Board of Directors for approval;
3.
prepare the organisational structure, administrative, financial, and
human resources bylaws, and contracting, project, and auction regulations, and
submit these to the Board of Directors for approval;
4.
prepare, and submit to the Board of Directors, the draft annual budget
and final accounts of the DCES;
5.
appoint the technical and administrative staff required to perform the
work of the DCES in accordance with its internal regulations and bylaws;
6.
submit to the Board of Directors annual reports on the performance of
the DCES;
7.
implement and follow up the resolutions passed, and the policies, plans,
and programmes set by the Board of Directors;
8.
approve financial transactions subject to the rules stipulated by the
financial regulations and bylaws applicable in the DCES;
9.
sign, in the name of the DCES and on its behalf, on contracts, agreements, and memoranda
of understanding in accordance with the relevant powers granted to the Executive
Director by the Board of Directors;
10.
supervise
the directorates and organisational units of the DCES, prepare periodic and
annual reports on the progress of its work, and submit these reports to the Board
of Directors;
11.
contract
with experts and advisers, and determine and pay their remuneration, in
accordance with the bylaws applicable in the DCES; and
12.
perform
any other duties assigned by the Board of Directors.
Government Entities and persons must abide by
the regulations, standards, and rules issued by the DCES in relation to the field
of Electronic Information, and must provide all data and Information required
by the DCES to perform its duties. These entities must also meet Electronic
security requirements in accordance with the provisions of this Law and the
resolutions issued in implementation hereof.
Government
Entities may
issue and implement bylaws, regulations, and plans to achieve Information Security
in accordance with the nature of their work, provided that these bylaws,
regulations, and plans do not contradict the provisions of this Law and the
resolutions issued in implementation hereof.
The DCES
may take any action required to monitor telecommunication networks and
Information Systems in the Emirate to protect them from unauthorised access.
The DCES may identify the flaws in telecommunication network and Information
Systems to avoid any breach of the provisions of this Law.
1.
The DCES will set the rules required to prevent any attempt to
interrupt, disrupt, vandalise, or alter telecommunication networks or contents
of Information Systems. It may take any action to prevent any such acts or
attempts within and outside of the Emirate.
2.
In emergency and urgent situations, the DCES will be authorised to
monitor, penetrate, tackle, cancel, disrupt, or block the telecommunication
networks and devices, Information Systems, or Electronic Mail of any person or
entity where it is proved to the satisfaction of the DCES that this person or
entity participates in any act that may compromise the security, beliefs, economy,
heritage, culture, or public order of the Emirate, its relations with others,
the vital
establishments and public and private entities in the Emirate, or the life or
property of any person. In these circumstances, the competent public prosecution
authority must be notified, within one (1) week, of the measure taken by the DCES,
in order to take the necessary action in respect of that measure.
The
financial resources of the DCES will consist of:
1.
support allocated to the DCES in the general budget of the Government;
2.
grants and gifts received by the DCES and accepted by the Board of
Directors;
3.
fees and
charges for the services provided by the DCES; and
4.
any
other resources approved by the Board of Directors.
1.
In regulating its accounts and
records, the DCES will apply the rules and principles of government accounting.
2.
The financial year of the DCES will
commence on 1 January and will end on 31 December of each year, except that the
first financial year will commence as of the date this Law comes into force and
will end on 31 December of the following year.
The
employees of the DCES nominated by the Board of Directors will have the
capacity of law enforcement officers to record the acts committed in breach of
the provisions of this Law
and the instructions issued in pursuance hereof, and to issue the necessary violation
reports.
The
chairman of the Board of Directors will issue the resolutions and bylaws required
for the implementation of this Law.
All
powers, duties, and obligations of the Dubai Smart Government Department pursuant to Executive
Council Resolution No. (13) of 2012 Concerning Information Security at the
Government of Dubai will be transferred to the DCES.
The
Information Security Committee formed pursuant to Executive
Council Resolution No. (13) of 2012 Concerning Information Security at the
Government of Dubai will be dissolved, and the Board of Directors will perform
all functions assigned to it.
Any
provision in any other legislation
will be repealed to
the extent that it contradicts the provisions of this Law.
This
Law comes into force on the day on which it is issued, and will be published in
the Official Gazette.
Mohammed bin Rashid Al Maktoum
Ruler
of Dubai
Issued in Dubai on 4 June 2014
Corresponding
to 6 Shaban 1435 A.H.
© 2014 The Supreme Legislation Committee in the
Emirate of Dubai
[1]Every effort has been made to produce an
accurate and complete English version of this legislation. However, for the
purpose of its interpretation and application, reference must be made to the
original Arabic text. In case of conflict the Arabic text will prevail.