DIFC AI Regulation
DIFC Data Protection Regulation 10 of 2023 (AI Provisions)
First enacted AI-specific regulation in the Middle East, Africa, and South Asia (MEASA) region. Establishes risk-based framework for AI systems in the DIFC financial free zone, with requirements for transparency, human oversight, and accountability.
Jurisdiction
UAE - Dubai International Financial Centre
AE-DIFC
Enacted
Sep 1, 2023
Effective
Jul 1, 2025
Enforcement
DIFC Authority
Enacted September 1, 2023 (Regulation 10 of DIFC Data Protection Regulations). Full enforcement January 2026. First enacted AI-specific regulation in MEASA region.
What It Requires
Who Must Comply
Safety Provisions
- • Risk-based classification of AI systems
- • Mandatory registration of AI systems
- • Transparency requirements for AI decisions
- • Human oversight for high-risk applications
- • Accountability and governance requirements
Compliance Timeline
Jul 1, 2025
AI system registration requirements begin
Jan 1, 2026
Full enforcement of all requirements
Enforcement
Enforced by
DIFC Authority
Penalties
license revocation
Administrative fines and potential license revocation for non-compliance
Quick Facts
- Binding
- Yes
- Mental Health Focus
- No
- Child Safety Focus
- No
- Algorithmic Scope
- Yes
Why It Matters
First enacted AI regulation in MEASA region. Sets precedent for AI governance in UAE and broader Gulf region. Important for companies with Middle East operations.
Recent Developments
Registration phase began July 2025. Full enforcement commences January 2026.
What You Need to Comply
AI systems must be registered and comply with risk-appropriate governance, transparency, and human oversight requirements
NOPE can helpCite This
APA
UAE - Dubai International Financial Centre. (2023). DIFC Data Protection Regulation 10 of 2023 (AI Provisions). Retrieved from https://nope.net/regs/ae-difc-reg10
BibTeX
@misc{ae_difc_reg10,
title = {DIFC Data Protection Regulation 10 of 2023 (AI Provisions)},
author = {UAE - Dubai International Financial Centre},
year = {2023},
url = {https://nope.net/regs/ae-difc-reg10}
} Related Regulations
Turkey AI Law
Proposed comprehensive AI law establishing a risk-based classification system similar to the EU AI Act. Would prohibit high-risk AI practices including social scoring and real-time biometric surveillance, require transparency for AI-generated content, and establish AI regulatory authority.
Egypt AI Strategy 2025
Ambitious national strategy positioning Egypt as regional AI hub for Africa and Middle East. Targets 7.7% ICT sector GDP contribution by 2030, training 30,000 AI specialists, establishing 250 AI companies. Built on six strategic pillars: governance, infrastructure, technology, data, ecosystem, and talent. Accompanied by Egyptian Charter for Responsible AI (April 2023) with ethics principles.
Qatar QCB AI Guidelines
Binding AI governance requirements for Qatar's financial sector. Mandates board-level accountability, risk assessments, human-in-the-loop for high-impact decisions, and prior QCB approval for high-risk AI systems.
UAE Child Digital Safety Law
UAE federal law establishing comprehensive child digital safety requirements for digital platforms and internet service providers, with extraterritorial reach to foreign platforms targeting UAE users. Requires age verification, privacy-by-default, content filtering, and proactive AI-powered content detection.
Israel Privacy Amendment 13
Israel's most significant privacy reform in 40 years, explicitly covering AI systems. Requires Data Protection Officers (DPOs) for entities processing sensitive data at scale, mandates Data Protection Impact Assessments (DPIAs) before AI deployment, and enhances Protection of Privacy Authority enforcement powers. One of first data protection laws to explicitly require DPIAs before AI development or deployment.
Jordan PDPL
Jordan's data protection law with medical data processing exceptions, data portability rights, and oversight including security services.