United Arab Emirates
Cryptoassets
1 . Are cryptoassets (including, for example, cryptocurrencies, stablecoins and non-fungible tokens) defined and, if so, what are the major elements?
The United Arab Emirates (UAE) has federal level, Emirate level and free-zone level legislation with regards to cryptoassets, with varying cryptoasset definitions.
Onshore
Federal
At a federal level “virtual assets” (VA) are defined as a “digital representation of the value that can be traded or digitally transferred, can be used for investment purposes, and does not include digital representations of paper currencies, securities or other funds.”
The 2022 Decision (defined under Question 2 below) defines “virtual asset activities” as:
- providing services for the operation and management of “virtual asset platforms”, which are defined as “a digital platform for listing, trading and transferring ownership of virtual assets, conducting related clearing and settlement processes, and storing and saving information and data through distributed ledger technology or any other similar technology”;
- providing services for the exchange between one or more forms of virtual assets;
- providing services for the transfer of virtual assets;
- providing brokerage services in virtual asset trading;
- providing services for the custody and management of virtual assets and enabling control over them; and
- providing financial services in connection with an issuer’s offer and/or sale of virtual assets or participating in the provision of such services.
Dubai
At a local-Emirate level in Dubai:
- A “virtual asset” means “a digital representation of value that may be digitally traded, transferred, or used as an exchange or payment tool, or for investment purposes, including Virtual Tokens and any digital representation of any other value determined by [VARA]”.
- A “virtual token” is defined as “a digital representation of a set of rights that can be digitally offered and traded through a Virtual Asset Platform.” A "Virtual Asset Platform" means a centralised or decentralised digital platform which is managed by a Virtual Asset Service Provider; on which Virtual Assets are sold, purchased, traded, offered, issued, and safekept; and through which the clearing and settlement of traded Virtual Assets are made, using the Distributed Ledger Technology.
The issuance of “anonymity-enhanced cryptocurrencies” (i.e., those which prevent the tracing of transactions or record of ownership through distributed ledgers), and all VA activities related to them, are prohibited in Dubai.
Offshore
Abu Dhabi — Abu Dhabi Global Market (ADGM)
In the ADGM, “virtual assets” are defined as a digital representation of value that can be digitally traded and functions as:
- a medium of exchange; and/or
- a unit of account; and/or
- a store of value;
but does not have legal tender status in any jurisdiction, in each case that is:
- neither issued nor guaranteed by any jurisdiction and fulfils the above functions only by agreement within the community of users of the virtual asset; and
- distinguished from fiat currency and e-money.
“Digital securities” are digital/virtual tokens that have the features and characteristics of a “security” under the Financial Services and Markets Regulations (FSMR) (such as shares, debentures and units in a collective investment fund). All financial services activities in relation to digital securities, such as operating primary/secondary markets, or dealing/trading/managing investments in or advising on digital securities, are subject to the relevant regulatory requirements under the FSMR. (Note: FSMR applies to Virtual Assets as well.)
“Fiat tokens” (e.g., stablecoins), whose values are fully backed by underlying fiat currencies, are treated as a form of digital representation of fiat currency. Where used as a payment instrument for the purposes of money transmission as defined under the FSMR, the activity will be licensed and regulated as “providing money services”.
Dubai — Dubai International Financial Centre (DIFC)
In the DIFC, “investment tokens,” either security tokens or derivative tokens, are cryptoassets that are the same as, or substantially similar in purpose or effect to, pre-existing categories of conventional, regulated securities and derivatives (respectively).
Cryptocurrencies and other digital assets that do not confer rights and obligations substantially similar in nature to those conferred by a security or derivative do not fall under the Investment Tokens regime.
A “crypto token” is “a token that is used, or is intended to be used, as a medium of exchange or for payment or investment purposes” but excluding an investment token, or any other type of investment, utility tokens, non-fungible tokens (NFTs), and central bank digital currencies.
2 . What are the major laws/regulations specifically related to cryptoassets?
The UAE is a civil law jurisdiction, with federal level laws and regulations that govern all of the mainland UAE, and Emirate-level local laws that govern each respective Emirate onshore. However, there also exist 46 multidisciplinary free zones and the two most prominent of those free zones, the ADGM in Abu Dhabi and the DIFC in Dubai, independently administer through an established court system their own commercial, employment, and financial services laws and regulations.
Federal level
The Securities & Commodities Authority (SCA) is the federal-level financial services regulator with respect to securities, commodities, and Virtual Assets Service Providers (VASPs).
In April 2023, the SCA repealed Decision No. 23 of 2020 Concerning Crypto Assets Activities Regulation and introduced the following new regulations:
- Decision No. (26/RM) of 2023 in relation to Virtual Assets Platform Operators (the “VA Exchange Regulations”); and
- Decision No. (27/RM) of 2023 amending SCA Chairman of the Board of Directors Decision No. (13/RM) of 2021 in relation to the SCA Rulebook (the “SCA Rulebook Amendments Regulations”).
In addition to the above regulations, the UAE Cabinet has also issued Cabinet Decision No. 111/2022 Concerning the Regulation of Virtual Assets and their Service Providers (the “2022 Decision”) and Cabinet Decision No. (112) of 2022 on Delegating Certain Competencies related to the Regulation of Virtual Assets. The latter regulation is designed to coordinate the relationship between the SCA and the Dubai onshore Virtual Assets Regulatory Authority (VARA), and states, “[VARA] shall cooperate and coordinate with [SCA] with the aim of establishing a unified and appropriate work mechanism for them to regulate the process of supervision and control over virtual asset service providers licensed by [VARA], and the mechanism for sharing fees, commissions and fines, in a manner that contributes to achieving the objectives of the 2022 Decision and proper implementation to its provisions.”
The abovementioned regulations apply to persons conducting virtual asset activities onshore in the UAE and in the multidisciplinary free zones that are not financial free zones (i.e., not the DIFC and ADGM, such as the Dubai Multi Commodities Centre, Dubai Silicon Oasis, Dubai Internet City, Dubai World Trade Centre, and the newly established RAK Digital Oasis in Ras Al Khaimah).
Emirate level — Dubai
The Dubai Law No. 4 of 2022 on the Regulation of Virtual Assets (RVA) laid the groundwork for virtual asset regulation in Dubai and established VARA. The implementing regulations (the Virtual Assets and Related Activities Regulations 2023 (the “VARA Regulations”)) were published in February 2023 and set out the regulatory framework governing virtual assets (defined in Question 1 above) and all related activities in the Emirate of Dubai, including the general and specific supervision and enforcement powers of VARA.
VARA is responsible for licensing and regulating the virtual asset sector in Dubai and its free zone territories, save for the DIFC (which has its own digital assets regulatory regime, discussed below).
Offshore
Abu Dhabi — ADGM
The Financial Services Regulatory Authority (FSRA) oversees the ADGM financial free zone and has regulated digital assets and related activities in the ADGM since 2018.
The FSRA regulates: (i) virtual assets; (ii) digital securities; (iii) derivates of digital assets and funds investing in regulated digital assets; and (iv) fiat tokens (each of the foregoing is defined/discussed below).
Dubai — DIFC
The Dubai Financial Services Authority (DFSA) is the regulatory authority for the DIFC financial free zone, and it has implemented a regulatory framework for investment tokens and crypto tokens (as defined in Question 1 above), which, similar to the approach taken by the ADGM and SCA, extends the DFSA’s existing regulatory regime for traditional financial instruments to these digital assets, subject to certain modifications to take account of the digital nature of these assets (e.g., IT and distributed ledger technology audit requirements for entities whose services rely on distributed ledger technology or similar applications). The primary law is the Markets Law – DIFC Law No. 1 of 2012 (“Markets Law”).
Ras Al Khaimah — RAK Digital Assets Oasis
In February 2023, Ras Al Khaimah announced its intention to launch RAK Digital Assets Oasis (RAK DAO), the world’s first free zone dedicated to digital and virtual asset companies. RAK DAO will be “a purpose-built, true innovation-enabling free zone for non-regulated activities in the virtual assets sector.” The RAK DAO laws and regulations are still being prepared, but we understand that the following are the permitted sectors for entities wishing to operate within the RAK DAO:
- blockchain;
- gaming;
- NFTs;
- DApps;
- artificial intelligence;
- Web3-related activities; and
- Web3 supporting activities.
The expected date for the RAK DAO laws and regulations has not yet been announced.
3 . How are different types of cryptoassets regulated?
Onshore
The SCA Rulebook Amendments Regulations amend certain provisions of the SCA Rulebook in relation to virtual assets, including adding virtual assets to the list of products that may be dealt or brokered by SCA-regulated financial institutions.
The VA Exchange Regulations have introduced the concept of an “accepted virtual asset” list such that no virtual assets may be traded on a virtual assets platform unless approved on the SCA’s official list of virtual assets.
Emirate level — Dubai
Under the RVA definitions as outlined in Question 1 above, fungible tokens such as cryptocurrencies as well as NFTs are captured even if not expressly provided for.
The RVA does not currently distinguish between “security” and “commodity” virtual assets.
The issuance of “anonymity-enhanced cryptocurrencies” (i.e., those which prevent the tracing of transactions or record of ownership through distributed ledgers), and all VA activities related to them, are prohibited in Dubai.
Offshore
Abu Dhabi – ADGM
From a regulatory policy perspective, virtual assets in the ADGM are treated as commodities rather than securities (as defined in the FSMR). Market intermediaries (e.g., broker dealers, custodians, or asset managers) dealing in or managing virtual assets, and multilateral trading facilities using virtual assets, need to be licensed/approved by the FSRA.
“Digital securities” are digital/virtual tokens that have the features and characteristics of a “security” under the FSMR (such as shares, debentures and units in a collective investment fund). All financial services activities in relation to digital securities, such as operating primary/secondary markets, or dealing/trading/managing investments in or advising on digital securities, are subject to the relevant regulatory requirements under the FSMR. (Virtual Assets are also captured under FSMR, see above.)
Derivatives and collective investment funds of virtual assets, digital securities, and utility tokens are regulated as “specified investments” under the FSMR. As such, persons dealing in such derivatives will need to be licensed by the FSRA consistent with the particular activities that such persons undertake.
“Fiat tokens” (e.g., stablecoins), whose values are fully backed by underlying fiat currencies, are treated as a form of digital representation of fiat currency. Where used as a payment instrument for the purposes of money transmission as defined under the FSMR, the activity will be licensed and regulated as “providing money services”.
Dubai — DIFC
Consistent with the approach taken onshore by VARA, the DFSA prohibits activities in and from the DIFC involving “prohibited tokens,” being (at this time): (i) “privacy tokens and devices,” which are used, or have features that are intended to be used, to hide, anonymise, obscure, or prevent the tracing of the holder of a token, a transaction relating to a token, or the parties to a transaction; and (ii) “algorithmic tokens,” designed to achieve price stability through balancing the circulating supply of the token.
The DFSA does not currently regulate the use of NFTs, utility tokens or digital currencies issued by governments, save for (i) some issuers or service providers of NFTs and Utility Tokens who must be registered as a “Designated Non-Financial Business or Profession” for AML purposes and (ii) a restriction on authorised persons carrying on both Crypto Token business and business relating to NFTs and Utility Tokens (unless providing custody).
4 . Is there an authorisation/licensing regime applicable to cryptoasset issuers/providers/exchanges and, if so, what are the requirements?
Onshore
Federal level
The 2022 Decision provides that it is prohibited for any person to engage in virtual asset activities in the UAE without obtaining approval and a license from the SCA or the local licensing authorities (e.g., VARA), as the case may be.
The 2022 Decision also confirms that a person who wishes to engage in virtual asset activities in the UAE must be incorporated in the UAE, or (if approved by the SCA) be in a financial free zone within the UAE, or be a branch of a foreign company in the UAE.
The VA Exchange Regulations outline a number of duties and obligations for licensees, including compliance with the UAE’s Federal Law No. (20) of 2018 on Anti-money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organisations (the “Federal AML Law”), stress-testing of systems and controls, relevant disclosures, technology-related governance, and short selling and trading-related controls.
An entity already licensed by the SCA for a traditional financial service will need to seek additional permission prior to conducting the same service with respect to virtual assets.
Emirate level — Dubai
Pursuant to the VARA Regulations, unless exempted (discussed below), entities that issue a virtual asset (as defined in Question 1 above) or carry out the following activities (each a “VA activity” and each as further defined in the VARA Regulations) with respect to virtual assets in Dubai require a license from VARA:
- Advisory services.
- Broker-dealer services.
- Custody services.
- Exchange services.
- Lending and borrowing services.
- Management and Investment services.
- Transfer and settlement services.
The RVA provides that VARA may further classify and define these activities, and we expect that any activities that would be regulated if performed in relation to traditional financial instruments will be regulated if performed in relation to virtual assets. The UAE federal licensing requirements for traditional financial services apply in Dubai, which does not have a separate financial services regulatory regime (but has a separate virtual assets regulatory regime). The 2022 Decision has also helpfully clarified that an entity performing virtual asset activities must be authorised/licensed by the SCA or an emirate-level licensing authority, so a license from VARA will be sufficient to provide virtual asset activities in Dubai (i.e., a virtual asset license from the SCA will not also be required). However, it should be noted that SCA retains exclusive authority for onshore securities and commodities regulation, meaning that activities involving tokenised securities or commodities remain subject to SCA regulations and licensing requirements.
An entity wishing to carry out a VA activity in Dubai must have the headquarters of its business in onshore Dubai. The law is currently silent on whether an offshore company is subject to the VARA licensing/registration requirements. What is regulated is the carrying out of the specified activities in Dubai and is a question of fact.
The RVA provides for a “professional exemption” whereby duly registered lawyers, accountants, or any other professionally licensed business consultants, who carry out any VA activity in a manner that is wholly incidental to their professional practice, do not need to apply to VARA for a license (subject to certain requirements). VARA also reserves the right to declare an entity as an “exempt entity” meaning such entity would also be exempt from the licensing requirements.
Of note is the requirement in the VARA Regulations that any entity in Dubai that actively invests its own portfolio in virtual assets at or above USD 250,000,000 equivalent value of virtual assets during any rolling 30-calendar-day period must register with VARA prior to investing at, or in no event later than three business days of having invested at, such volume.
Offshore
Abu Dhabi — ADGM
Where an entity uses virtual assets (as defined in Question 1 above) in an ancillary manner (e.g., as a means to enable or facilitate the carrying on of any financial services businesses), it does not necessarily mean that the entity needs to seek approvals from the FSRA in order to use virtual assets as part of its regulated activities (as defined in the FSMR).
Any entity that wishes to conduct a regulated activity with respect to virtual assets, digital securities, fiat tokens, and derivatives, in or from the ADGM, must first apply for a financial services permission from the FSRA and then incorporate or register as an ADGM entity. The FSRA license is applied for first, and once the in-principle approval is received, the ADGM entity can be formed. In addition, with regard to virtual assets, persons in the ADGM are permitted to conduct activities in relation to “accepted virtual assets” only. The FSRA has the power to determine whether a virtual asset is an accepted virtual asset. in addition, only activities in virtual assets that have been specifically reviewed and approved by the FSRA are permitted, so each application will have to detail both the virtual asset and the proposed activities.
Dubai — DIFC
“Investment tokens,” either security tokens or derivative tokens, are cryptoassets that are the same as, or substantially similar in purpose or effect to, pre-existing categories of conventional, regulated securities and derivatives (respectively). Cryptocurrencies and other digital assets that do not confer rights and obligations substantially similar in nature to those conferred by a security or derivative do not fall under the Investment Tokens regime.
Investment tokens, and certain regulated activities in connection therewith, are subject to the DFSA regulatory requirements applicable to carrying on such regulated activities with respect to conventional financial products in the DIFC (discussed further below).
A “crypto token” is “a token that is used, or is intended to be used, as a medium of exchange or for payment or investment purposes” but excluding an investment token, or any other type of investment, utility tokens, NFTs, and central bank digital currencies.
With respect to crypto tokens, a person must not engage in any of the following activities in or from the DIFC in relation to a crypto token unless it is a “recognised crypto token” (discussed below). They must not:
carry on a financial service relating to the crypto token;
make or approve a financial promotion relating to the crypto token;
offer to the public the crypto token;
carry on an activity referred to in (1), (2) or (3) in relation to a fund that invests in the crypto token; or
carry on an activity referred to in (1), (2) or (3) in respect of a derivative or instrument relating to the crypto token.
Accordingly, any entity that wishes to conduct financial services, financial promotion, or make an offer to the public with respect to investment tokens or any of the above-listed activities with respect to crypto tokens in or from the DIFC must first apply for financial services permission from the DFSA and then incorporate or register a DIFC entity (save in very limited circumstances). In addition, with respect to crypto tokens, only activities that have been specifically reviewed and approved by the DFSA are permitted, so each application will have to detail both the crypto token(s) and the proposed activities.
The DFSA does not allow the issuance of new crypto tokens in or from the DIFC at this stage but has said it will keep this policy position under review as the industry evolves.
Similar to the approach taken by the ADGM and the SCA, only crypto tokens approved as “recognised crypto tokens” (i.e., a crypto token which (i) is included on the Initial List published by the DFA or (ii) the DFSA subsequently recognises) are permitted for use in the provision of financial services in or from the DIFC. A creator/developer of a crypto token will have to submit an assessment of the crypto token against specified criteria for the DFSA to then consider whether to designate it as “recognised.” Once a crypto token is designated as “recognised,” it will be added to a centralised register, maintained by the DFSA, and it will be open to anyone with the required permissions to provide regulated services in respect of that crypto token. At the date hereof, the only crypto tokens accepted for use by the DFSA are Bitcoin, Ethereum, Litecoin, Toncoin, and Ripple.
5 . Is the promotion of cryptoassets to consumers or investors regulated and, if so, how?
Promotion of cryptoassets to consumers or investors would be deemed a virtual asset activity at a UAE federal level, local Emirate level and in both the ADGM and DIFC. Therefore, the regulations and licensing requirements and restrictions discussed above would apply, noting further that there are additional restrictions with respect to dealings with retail investors that are outside the scope of this chapter.
6 . What anti-money laundering requirements apply to cryptoassets?
Onshore
Federal level
Throughout recent years, the UAE has brought into force anti-corruption and anti-fraud legislation in line with international standards, such as the Financial Action Task Force’s (FATF’s) Anti-Money Laundering/Combating the Financing of Terrorism (AML/CTF) requirements, most recently enacting legislation to ensure that the compliance and enforcement are strengthened through the Emirates at a federal level. The relevant federal laws, which apply generally, including with respect to virtual assets, are:
Federal Decree No. (8) of 2006 Concerning the United Nations Convention Against Corruption;
Federal AML Law amended by the AML Decree;
Federal Decree Law No. (26) of 2021 Amending Money Laundering Crimes and Financing Terrorism (the “AML Decree”);
Federal Decree Law No. (31) of 2021 regarding Crimes and Penal Code, amended by Federal Decree Law No. (36) of 2022 (the “UAE Penal Code”);
Federal Decree Law No. (49) of 2022 on Human Resources at the Federal Government; and
Cabinet Decisions No. (48) of 2023 on the Implementation Regulation of Federal Decree-Law No. (49) of 2022 on Human Resources in Federal Government.
The Federal AML Law imposes a general requirement on all financial institutions and designated non-financial businesses and professions to report suspected incidents of money laundering offences to the Financial Intelligence Unit (an independent unit of the UAE Central Bank). The Federal AML Law protects persons who make such suspicious transaction reports and contains some more general protections for whistleblowers.
The UAE Penal Code strongly criminalises and sanctions acts of fraud, bribery, embezzlement and abuse of position.
As of April 2021, the UAE’s National Anti-Money Laundering and Combating Financing of Terrorism and Financing of Illegal Organizations Committee (NAMLCFTC) adopted guidelines for financial institutions and designated non-financial businesses and professions. The NAMLCFTC also introduced and approved several risk assessment reports related to anti-money laundering and terrorist financing relating to non-profit organisations and lawyers, among others.
In June 2021, the UAE Central Bank issued guidance on AML and CFT for licensed financial institutions and the implementation of targeted financial sanctions regimes.
On February 20, 2023, the Central Bank of the UAE issued ‘Guidance for Licensed Financial Institutions On Risks Related to Virtual Assets and Virtual Asset Service Providers’. The guidance is intended to assist licensed financial institutions, including banks, finance companies, exchange houses, payment service providers, insurance companies, agents and brokers, in understanding the risks and effective implementation of their statutory Anti-Money Laundering/Combatting the Financing of Terrorism (AML/CFT) obligations, and takes FATF standards into account. The guidance discusses the risks arising from dealing with virtual assets and VASPs.
Emirate level — Abu Dhabi
There are no virtual asset-specific Emirate-level AML regulations in Abu Dhabi. However, as with the federal laws, such laws will apply with respect to virtual assets onshore in Abu Dhabi. The Abu Dhabi Accountability Authority (ADAA), established through Abu Dhabi Law No. (14) of 2008, is responsible for overseeing public sector body finances, including investigating any financial or administrative irregularities. In accordance with AD Law No. (19) of 2020, ADAA has responsibility for financial monitoring and accountability and monitoring various entities, including local departments, municipalities, authorities, corporations, councils, general secretariats, courts, police and security entities, centres, offices, universities, institutes, funds, markets, public incorporated bodies, companies either directly or indirectly fully owned by government entities or government companies, or companies where the government or government entities own 25% of their capital.
AD Administrative Decision No. (34) of 2021 on the Issuance of the Anti-Corruption Procedures Regulation organises the provisions and rules for the application of the ADAA’s powers on combating financial and administrative corruption, confirms reporting procedures from the public and government entities, sets out the administrative investigation rules for the ADAA, provides for the prosecution of financial and administrative corruption violations, and provides for the protection of whistleblowers and witnesses.
Emirate level — Dubai
In line with the RVA, VARA issued a detailed compliance and risk management rulebook (the “Rulebook”) to be adhered to by VASPs. The AML/CFT section of the Rulebook requires that VASPs establish and implement policies and procedures to comply with all AML/CFT requirements and existing applicable laws, regulatory requirements and guidelines, including but not limited to:
- the Federal AML/CFT Laws;
- the FATF 12-Month Review of the Revised FATF Standards on Virtual Assets and Virtual Asset Service Providers (June 2020);
- FATF’s Second 12-Month Review of the Revised FATF Standards on Virtual Assets and Virtual Asset Service Providers (July 2021);
- FATF’s Updated Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers (October 2021);
- the International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation, The FATF Recommendations (March 2022);
- Cabinet Resolution No. 74 of 2020 regarding the Terrorist List System and The Implementation of Security Council Resolutions Related to Preventing and Suppressing Terrorism and its Financing, Counter of Proliferation and its Financing, and the Relevant Resolutions;
- the UAE Executive Office for Control & Non-Proliferation (EOCN) Guidance on Counter Proliferation Financing for FIs, DNFPBs, and VASPs (March 2022); and
- the EOCN’s Local Terrorist List, as may be amended from time to time.
In addition, VASPs are required to establish adequate risk rules to screen clients, ultimate beneficial owners, virtual asset transactions and wallet addresses to:
- identify potential illicit activities, potentially adverse information in higher-risk situations and applicability of targeted or other international financial sanctions; and
- alert operation and compliance teams to impose relevant restriction and conduct further investigation.
In addition to the above, Dubai has formed a specialist court that will focus on fighting money laundering and other financial crimes.
Offshore
Abu Dhabi — ADGM
The ADGM has robust AML/CFT rules, and the FSRA mandates the application of such rules to the VA operators in the ADGM. The FSRA’s “Guiding Principles for the Financial Services Regulatory Authority’s Approach to Virtual Asset Regulation and Supervision,” dated September 2022, provide that those conducting regulated activities with respect to virtual assets are assigned the same regulatory status within the ADGM as any other licensed entity. The FSRA requires that the AML/CFT rules are equally applicable to VA Activities, in addition to UAE-wide Federal Laws and Cabinet Resolutions on AML/CFT (see above). Importantly, the FSRA also expects full compliance with FATF Guidance and Recommendations in this area; however, in the event of any conflict between the AML/CFT rules and the FATF Guidance and Recommendations, the AML/CFT rules take precedence.
The AML/CFT rules, in addition to other requirements, require relevant persons to establish and maintain effective AML/TFS policies, procedures, systems and controls to prevent opportunities for money laundering, in relation to the relevant person and its activities. A relevant person’s AML/TFS policies, procedures, systems and controls must:
ensure compliance with Federal AML legislation;
enable suspicious persons and transactions to be detected and reported;
ensure that the relevant person is able to provide an appropriate audit trail of a transaction; and
ensure compliance with any other obligation in the AML/CFT rules.
A relevant person must review the effectiveness of its AML/TFS policies, procedures, systems and controls at least annually.
Lastly, the UAE criminal law applies in the ADGM and, therefore, persons in the ADGM must be aware of their obligations in respect of the criminal law (e.g., the UAE Penal Code) as well as the AML/CFT rules.
Dubai — DIFC
Similar to the ADGM, the DFSA requires relevant persons engaging in token-related activities to comply with the DFSA’s Anti-Money Laundering, Counter-Terrorist Financing and Sanctions Module (AML Module).
The AML Module provides that the DIFC is governed by two separate and complementary regimes in relation to AML regulation, both administered by the DFSA:
- The Federal regime – pursuant to Article 3 of Federal Law No. 8 of 2004, the provision of Federal AML Law and Federal Law No. 7 of 2014 on Combating Terrorism Offences and the implementing regulations under those laws apply in the DIFC. The DFSA is obliged to supervise and monitor relevant persons for compliance with provisions of the Federal laws and regulations.
- The DIFC regime – under Article 70(3) of the DIFC Regulatory Law 2004 (the “Regulatory Law”), the DFSA has jurisdiction for the regulation of anti-money laundering in the DIFC relating to relevant persons and their officers, employees and agents. The DIFC-specific regime is contained in Chapter 2 of Part 4 of the Regulatory Law and any DFSA rules made in connection with anti-money laundering measures, policies and procedures. Under Article 71(1) of the Regulatory Law, the DIFC regime requires compliance with the Federal regime.
The United Nations Security Council obligations, sanctions and resolutions apply in the DIFC. The DFSA expects relevant persons to consider and take positive steps to ensure compliance with unilateral sanctions imposed in specific jurisdictions such as the European Union, the United Kingdom and the United States.
The AML Module, in addition to other requirements, requires a relevant person to assess and address its AML risks by reviewing the risks to which the person is exposed as a result of the nature of its business, customers, products, services and any other matters which are relevant in the context of money laundering and then adopting a proportionate approach to mitigate those risks (the “risk-based approach”). After the risk assessment, the relevant person is expected to monitor, manage and mitigate the risks in a way that is proportionate to the relevant person’s exposure to those money laundering risks. Where there are higher risks of money laundering, a relevant person is required to take enhanced measures to manage and mitigate those risks, and, conversely, when the risks are lower, simplified measures are permitted.
7 . How is the ownership of cryptoassets defined or regulated?
Federal level
The VA Exchange Regulations require the virtual asset platform operator to keep the final ownership record related to the virtual asset — wherever possible — through an electronic or digital network or a (dematerialised) database and refraining from issuing paper or written ownership certificates used for trading purposes.
Emirate level — Dubai
The RVA provides that a beneficiary of a virtual asset is the person who acquires the ownership of a virtual asset as it is transferred to such person’s “virtual asset wallet” (as defined in the RVA) and is recorded and validated through the distributed ledger technology.
Offshore
Abu Dhabi — ADGM
The FSMR are silent with respect to the ownership of virtual assets.
Dubai — DIFC
The Markets Law is silent with respect to the ownership of crypto tokens.
8 . How are Decentralised Autonomous Organisations (DAOs) treated?
Onshore
Federal level
There are no specific regulations governing DAOs at the Federal level.
Emirate level
The VARA Company Rulebook defines a DAO as “any organisation autonomously governed or otherwise managed by a decentralised network, group or collection of Entities, by way of public or private voting mechanisms, whether utilising Distributed Ledger Technology or other means.”
If a VASP adopts a complex company structure including, but not limited to, structures involving DAOs or other organisational forms with decentralised governance, then it is required to furnish information to VARA relating to the following, during the licensing process and at any time on request from VARA:
- the reason[s] for the adoption of such complex company structure and/or decentralised governance;
- the relationship between the VASP and relevant DAOs and/or entities with decentralised governance;
- whether the inclusion of DAOs and/or entities with decentralised governance in the group or the VASP’s affiliation with such entities may adversely impact the VASP’s ability to ensure compliance with regulations, rules and directives (including what procedures are in place to ensure that effective compliance decisions can be made by way of decentralised governance or voting mechanisms); and
- whether the relevant DAOs and/or entities with decentralised governance are registered or otherwise legally recognised as, or have within its structure, an entity in any jurisdictions other than Dubai.
Offshore
Abu Dhabi — ADGM
In November 2023, the ADGM issued the world’s first legal framework for blockchain foundations and DAOs — the Distributed Ledger Technology (DLT) Foundations Regulations 2023 (DLT Regulations). The ADGM noted that the framework “fully acknowledges Virtual Assets, enabling the issuance of tokens as well as facilitating token governance” and “it allows entities to set up with no bylaws, thereby enabling a variety of governance methods, including token voting and the use of smart contracts”.
The DLT Regulations refer to a “DLT Foundation,” which is defined as “a separate Legal Person established to use, deploy, develop, facilitate or support DLT or to issue Tokens.”
Dubai — DIFC
The Market Rules are silent with respect to DAOs.
9 . Are there any particular laws or rules which apply in the event of the crypto bankruptcy or insolvency?
There is no particular regime governing crypto insolvency in the UAE to date. As such, Federal Law No. 9 of 2016, as amended is generally applicable, but it is expected to be replaced in 2024.
10 . Is a smart contract enforceable as a legal contract?
Yes. Pursuant to Federal Decree Law No. 46/2021 on Electronic Transactions and Trust Services, a contract may be made between automated electronic media (defined as electronic information systems that operate automatically, in whole or in part, without the intervention of any physical person at the time of work or response thereto) that includes one electronic information system (defined as technical and organisational procedures that use a person’s data to verify their identity and capacity for the purpose of issuing electronic identification tools) or more that are prepared and programmed in advance to do so. The contract shall be valid, enforceable and legally effective even in the absence of personal or direct interference by any physical person in the process of concluding the contract. The Electronic Transactions Law further provides that a contract may be concluded between an automated Electronic Information System possessed by a person and another person if the latter knows or is supposed to know that that system will conclude or implement the contract automatically.
11 . What recourse does a victim of crypto fraud have?
Onshore
Whilst there are no specific courts or arbitration centres dedicated to virtual assets cases onshore in the UAE, the Federal- and Emirate-level courts would have the authority necessary to hear all civil, commercial, and administrative cases relating to virtual assets.
In 2021, a specific Digital Assets Crime Section of Dubai Police was created to help mitigate and solve crimes relating to cryptocurrency. Furthermore, specific cybercrime teams are available throughout police stations in the UAE.
Offshore
Abu Dhabi — ADGM
There is no dedicated virtual assets division of the ADGM Courts. However, the ADGM rules and regulations with respect to virtual assets confirm that the ADGM Courts have jurisdiction with respect to enforcement of such rules and regulations.
Dubai — DIFC
In the DIFC, the DIFC Courts formed a Digital Economy Court Division in 2022, which has a set of industry-first specialised rules. A claim may be brought as a “DEC Claim” if it involves issues relating to the digital economy. The DIFC Court Rules include a non-exhaustive list of claims that are suitable for the Digital Economy Court, including:
- fintech;
- digital assets, including the digital environment, platform or system in which a digital asset exists or may exist;
- distributed ledger technology and blockchains including applications based on blockchain technology;
- substantial or complex databases;
- artificial intelligence and any devices or components of devices whether integrated or not that are dependent on or controlled by artificial intelligence;
- data stored digitally including on cloud or other remote platforms, including distributed ledger technology;
- e-commerce, online intermediaries, digital payment platforms or marketplaces which include virtual asset service providers in relation to:
- exchange between virtual currencies;
- exchange between virtual and fiat currencies;
- the safe-keeping or administration of virtual assets; or
- enabling participation in financial services connected to the offer or sale of virtual assets;
- exchange between virtual currencies;
- interactions and transactions within virtual reality and the Web3 economy, including digital peer-to-peer transactions;
- the application of automatic dispute resolution processes;
- DAOs, decentralised finance vehicles and decentralised applications;
- the validity of digital signatures and digital identification and verification systems; and
- the design, supply and/or installation of computers, computer software and related network and information technology systems and services.
12 . Are there any other ongoing legal or regulatory consultations or other legal frameworks in the pipeline relating to cryptoassets?
The DIFC has formerly commenced a consultation process pursuant to Consultation Paper No. 153 – Updates on the Regulation of Crypto Tokens, thus demonstrating its commitment to fostering innovation and transparency with respect to cryptocurrencies and blockchain technologies. The primary focus of the DIFC’s consultation paper is to move away from enforcement-related sanctions and to instead emphasise the benefits brought about by blockchain technology and digital assets. Importantly, the paper only relates to crypto tokens and not investment tokens.
As noted above, Ras Al Khaimah announced its intention last year to launch RAK DAO, the world’s first free zone dedicated to digital and virtual asset companies. The RAK DAO laws and regulations are still being prepared and the expected date for the publication has not yet been announced.
3-6 PQE Corporate M&A Associate
Job location: London
Projects/Energy Associate
Job location: London
3 PQE Banking and Finance Associate, Jersey
Job location: Jersey