Communications policyRegulatory and institutional structure
Summarise the regulatory framework for the communications sector. Do any foreign ownership restrictions apply to communications services?
The United Arab Emirates (UAE) consists of seven emirates, each of which operates as its own legal jurisdiction, and laws are made at both a federal and an emirate level. Some emirates have defined areas within them that have been designated as free zones, which typically have separate civil and commercial laws for businesses and individuals in the relevant free zone, although they all remain subject to the UAE federal criminal law. Examples of free zones in the UAE include Dubai International Financial Centre, Dubai Creative Clusters Authority and Abu Dhabi Global Markets. For the purposes of this chapter, unless otherwise specified, we focus on the laws and regulations applying at a federal level.
The principal law in the UAE that relates to the communications sector is Federal Law No. 3 of 2003 Regarding the Organisation of the Telecommunications Sector (the Telecoms Law).
The Telecoms Law establishes the Telecoms and Digital Government Regulatory Authority (TDRA) as the regulator of the telecommunications and information technology sector in the UAE. The Telecoms Law establishes a licensing-based regulatory framework for the supply of telecommunications services to customers in the UAE. Article 37 of the Telecoms Law, for instance, provides that individuals and corporate entities may not provide ‘telecommunications services’ through ‘public telecommunications networks’ to customers and ‘subscribers’ without obtaining a licence. Article 37 of the Telecoms Law is complemented by the TDRA’s Resolution No. (6) of 2008 regarding the Licensing Framework (the Licensing Framework). The Licensing Framework provides that ‘regulated activities in the state are licensable’ by the TDRA. Here, ‘regulated activities’ means the operation of a ‘public telecommunications network’ or the provision of ‘telecommunication services’.
Telecommunications services are defined in the Telecoms Law as delivering, broadcasting, converting or receiving, through a telecommunications network:
- wire and wireless communications;
- voice, music and other audio material;
- viewable images;
- signals used or transmission (other than public broadcasts);
- signals used to operate and control machinery or equipment;
- activities relating to the interconnection of equipment with a public telecommunications network;
- operating data transmission services, including the internet; and
- any other services approved by the High Committee appointed under the Telecoms Law.
Foreign ownership restrictions that previously applied to onshore companies in the UAE have been eased following amendments under Federal Decree-Law No. 26/2020 to the UAE’s Commercial Companies Law (Federal Law No. 2/2015). The new amendments will now allow foreign investors to own 100 per cent of the shares in an onshore company. This will, however, be subject to the UAE Cabinet Committee releasing a list of commercial activities considered to have a strategic impact on the UAE’s economy (Strategic Impact List). Companies that perform these activities will be subject to unspecified minimum UAE ownership or UAE board representation requirements.
Although the list is yet to be published, it is expected that many or all of the sectors listed on the Negative List in the Foreign Direct Investment Law will be listed on the Strategic Impact List.
The amendments relating to foreign ownership will take effect only after six months from the date of publication in the Official Gazette. The future of free zones in the UAE following these amendments is yet to be decided.
Companies established in free zones are exempted from these foreign shareholder restrictions and can be wholly foreign-owned, and several international communications operators have established wholly owned entities in such free zones; however, they cannot offer public telecommunications services in the UAE, which, since 2006, has been a closed duopoly market.
The two providers of public telecommunications services (du and Etisalat) are licensees of the TDRA. The eligibility element of each licence refers to the licensee being a ‘UAE juridical entity established and in good standing under the laws of the UAE’.
Other than public telecommunications services, there is scope for non-UAE businesses to actively participate in the broader communications sector, although even international businesses that have procured a specific licence from the TDRA have largely done so through a UAE-incorporated entity as the licensee. Beyond the provision of public telecommunications services in the UAE, there many businesses offering products and services as part of the wider communications eco-system, and many of these are not subject to foreign ownership restrictions.Authorisation/licensing regime
Describe the authorisation or licensing regime.
Under the Telecoms Law, the provision, operation or sale of any telecommunications services through a public telecommunications network in the UAE requires a licence from the TDRA.
Currently, only two operators are licensed for public telecommunications in the UAE: du and Etisalat. This follows government policy on the operation of a duopoly in the telecommunications field. We understand the TDRA is not currently considering further licences to break the duopoly.
The licences granted to du and Etisalat have various features; for example, each is required to filter the content that flows through its networks in line with the priorities of the state. Notable content filtering takes place concerning matters concerning the state, foreign policy and morality issues. The decision as to which content should be filtered is essentially made through private discussions between the TDRA and the mobile operators (regarding TDRA policies on internet access), but there is no practice of publishing details on specific content-level filtering rationale.
In addition to the duopoly policy on fixed and mobile public telecommunications services, the TDRA has issued licences to other UAE entities for specific purposes, such as broadcast satellite transmission, public access mobile radio, mobile satellite and satellite services.
All such licences are issued individually to entities meeting various requirements under the Telecoms Law and under a decision made by the TDRA board. A licence can be categorised as either a class licence or an individual licence. Individual licences refer to whether scarce resources are requested such as spectrum or frequencies; class licences are issued where non-scarce resources are required and where the activities are insignificant enough that less regulatory supervision is required.
The TDRA requires an application form to be completed by a potential licensee, which includes relevant information such as management and shareholding structures, their business operations, including the type of networks and services they intend to provide and funding sources for these business operations. There is a fixed licence application fee, which is currently set at 20,000 UAE dirhams.Flexibility in spectrum use
Do spectrum licences generally specify the permitted use or is permitted use (fully or partly) unrestricted? Is licensed spectrum tradable or assignable?
The Telecoms Law gives the TDRA responsibility for managing and regulating radio spectrum in the UAE. There is no established spectrum trading or leasing practice. The TDRA grants temporary authorisations on application for up to 90 days and such authorisations are specific to the applicant.
In common with many other jurisdictions, the UAE has its National Spectrum Plan. This is issued by the TDRA and provides that certain services can only be provided within certain spectrum bands. In practice, the TDRA is known to have shown some flexibility in certain cases where this would not cause interference. All of the 800, 900 and 1,800MHz spectrum has been divided between the two mobile operators, which means higher bandwidths can be supported in all frequency bands. Not all the 2,100MHz band is currently licensed and the 3,500MHz band is licenced for fixed wireless access.Ex-ante regulatory obligations
Which communications markets and segments are subject to ex-ante regulation? What remedies may be imposed?
Under the Telecoms Law, the TDRA does have the power to issue ex-ante regulations and decisions concerning practices, as well as to conduct ex-post investigations. Until 2012, it was not uncommon for the TDRA to publish determinations and decisions concerning telecommunications services publicly, including on their website. Since 2012, it appears the regulator has taken the decision not to publish such determinations and decisions publicly but communicate them only to the relevant entities instead.
The TDRA has a short regulatory policy on ex-ante competition safeguards, which details the various factors it may take into account in assessing competition and dominance in the UAE. The policy provides wide discretion to the TDRA on the factors to be considered and the remedies to be imposed depending on the outcome of an assessment of the level of competition in the relevant market.Structural or functional separation
Is there a legal basis for requiring structural or functional separation between an operator’s network and service activities? Has structural or functional separation been introduced or is it being contemplated?
There is currently no directive that imposes structural or functional separation between an operator’s network and its services in the UAE.Universal service obligations and financing
Outline any universal service obligations. How is provision of these services financed?
It is the responsibility of the TDRA to oversee the provision of telecommunications services throughout each emirate of the UAE and ensure that they are sufficient to meet public demand across the UAE; however, this has not taken the form of a hard universal service obligation. The TDRA fulfils this obligation via its relationships with the state-backed public telecoms companies who each have references in their licences to financial obligations around universal service obligations; however, these provisions are typically only references back to the general regulatory framework rather than a specific, hard obligation. Etisalat’s TDRA licence differs from that of du on the issue of universal service and has a harder obligation that extends to certain services such as dial-up internet services.
The two public telecoms operators, du and Etisalat, have a significant government-ownership interest and have invested heavily in infrastructure and broadband. Given the nature of the duopoly, there are no direct government subsidies.Number allocation and portability
Describe the number allocation scheme and number portability regime in your jurisdiction.
Under the Telecoms Law, the TDRA has the authority to control the allocation of telephone numbers and numbering plans. To this end, the TDRA has released a National Numbering Plan that sets out this approach to number allocation. This includes the numbering regimes used to indicate which emirate the call arose from, as well as reserving certain numbers for the emergency service and premium paid-for calls.
The licensed operators can apply to the TDRA for allocation of a batch of numbers, which is granted based on capacity, future demand, utilisation by the licensee and administrative effort. The TDRA allocates rights to use numbers in continuous blocks of up to 100,000 numbers. The licensed operators are then responsible for allocating the numbers to their subscribers.
At the end of 2013, the UAE implemented a mobile number portability programme. Notwithstanding the mobile virtual network operator or independent branded services, there are only two mobile network operators in the UAE and so the only number portability is between the two. Both networks offer a number porting application form that can be submitted to request a number transfer.Customer terms and conditions
Are customer terms and conditions in the communications sector subject to specific rules?
The TDRA is empowered by the Telecoms Law to represent customer interests in the UAE. This encompasses issuing rules or regulations relating to the terms of supply to the customer and includes consumer protection regulations, such as key terms that must be included in contracts with customers (eg, restrictions on usage and rights to terminate) and detailed information that must be provided to the customer before the purchase of a service. The TDRA has also issued a consumer protection guide that sets out a customer’s rights concerning their service contract, the privacy of information, access to services and several others.Net neutrality
Are there limits on an internet service provider’s freedom to control or prioritise the type or source of data that it delivers? Are there any other specific regulations or guidelines on net neutrality?
No specific regulations require net neutrality in the UAE. Both of the public telecoms operators have offered plans with zero rating on certain social media applications.
Bandwidth throttling by internet service providers is common. Network traffic that relates to Voice over Internet Protocol (VoIP) services is often blocked or has its capacity reduced to give partial effect to the TDRA’s policy on VoIP services, whereby such services (where there is network breakout) are not permitted unless provided by one of either du or Etisalat.Platform regulation
Is there specific legislation or regulation in place, and have there been any enforcement initiatives relating to digital platforms?
There is no specific legislation or regulation concerning digital platforms.Next-Generation-Access (NGA) networks
Are there specific regulatory obligations applicable to NGA networks? Is there a government financial scheme to promote basic broadband or NGA broadband penetration?
There are no specific regulations concerning NGA networks. Du and Etisalat are both committed to providing high-speed networks across the UAE, and the UAE has a very high penetration of fibre-to-home connectivity. Given the nature of the public telecommunications duopoly in the UAE, there are no direct government subsidies or financial schemes available.Data protection
Is there a specific data protection regime applicable to the communications sector?
No, the communications sector-specific data protection principles come from general consumer protection guidance issued by the TDRA rather than through a data protection regime covering the communications sector. The UAE does not currently have a stand-alone data protection law in place although this is felt to be on the horizon (with the TDRA playing a role in the development of the law), so privacy is protected by a variety of different laws such as the Penal Code (Federal Law No. 3 of 1987) restrictions on publishing information that relates to private or family life. Also, the UAE Ministry of Human Resources and Emiratisation passed Resolution No. 281 of 2020, which requires employers to maintain adequate IT safety by implementing policies that ensure data protection and privacy of information with regards to remote working as a result of the covid-19 pandemic.
Certain free zones, such as the Dubai International Finance Centre, Abu Dhabi Global Market and Dubai Healthcare City have enacted data protection laws that ensure that all personal data in the free zone is treated lawfully and securely when it is stored, processed, used, disseminated or disclosed. These include certain formalities before personal data may be transferred outside their respective jurisdictions (eg, obtaining the consent of relevant individuals). There are also pockets of data regulation seen in certain specific verticals, for example, in the healthcare and consumer payments verticals.Cybersecurity
Is there specific legislation or regulation in place concerning cybersecurity or network security in your jurisdiction?
Key primary legislation relating to cybercrime includes Federal Decree-Law No. 5 of 2012 on Combating Information Technology Crimes (the Cybercrime Law) and the Penal Code.
The Cybercrime Law specifically deals with activities that would variously be described as hacking, identity theft and fraud, crimes that involve computers, networks and electronic information. The Penal Code consists of general provisions prohibiting various criminal acts, some of which will apply to cybercrime.
The Cybercrime Law applies across all sectors, with no exceptions. In practice, it will be of particular relevance to the telecommunications and financial services sectors, as these are typically entrusted with critical data and therefore more likely to be targets of cybercrime.
The National Electronic Security Authority (NESA) is the UAE federal authority responsible for the cybersecurity of the UAE. NESA operates under the direction of the UAE Supreme Council for National Security. Government organisations, semi-government organisations and business organisations that are identified as critical infrastructure in the UAE are required to follow NESA compliance guidelines. The primary standard to follow for NESA compliance is the UAE Information Assurance Standards.
The TDRA has also established the UAE’s Computer Emergency Response Team, which was established by statute and has published a wide-ranging information security policy.Big data
Is there specific legislation or regulation in place, and have there been any enforcement initiatives in your jurisdiction, addressing the legal challenges raised by big data?
There is no specific federal legislation or regulation in place; however, the emirate of Dubai has introduced the Dubai Law No. 26/2015 (the Dubai Data Law), which provides for local government and private entities to contribute certain non-confidential information relating to the emirate, known as Dubai Data, to a knowledge and database from which such entities can benefit. The intention is to improve integration, harmonisation and efficiency between services and encourage the development of a smart economy.Data localisation
Are there any laws or regulations that require data to be stored locally in the jurisdiction?
There are no general laws or regulations that prevent data from being exported from the UAE.
Certain key sectors, including telecommunications, have been given guidance by their regulators on data domiciliation within the UAE, but this does not come in the form of hard law or publicly available guidance. State-owned entities are also expected to abide by certain data domiciliation rules, which are not set out in hard primary legislation. The financial services sector has specific laws in this regard (particularly entities registered in the Dubai International Financial Centre or Abu Dhabi Global Market where there is a specific regime around transfers of personal data that impacts those businesses’ freedom to outsource or offshore certain functions). Other financial services requirements can impact the communications and ICT sector; for example, digital payment service providers have recently been required through UAE Central Bank regulation to store transaction data within the UAE for at least five years. One of the latest laws that creates data domiciliation requirements in a specific vertical is UAE Federal Law No. 2 of 2019 concerning the use of Information and Communication Technology in Healthcare.Key trends and expected changes
Summarise the key emerging trends and hot topics in communications regulation in your jurisdiction.
As there is no expectation that the TDRA will permit any additional public telecommunications service providers to enter the UAE market in the near future, key changes in the market dynamics and regulation are likely to result from increased competition between the two operators. The TDRA has stated previously that the intention behind introducing a second licensed operator was that ‘Competition is the drive for development, where it leads to higher quality services, lower prices and the adoption of latest technologies. It is a race that pumps innovation and progress into the veins of the sector.’ There is an expectation going forwards that the TDRA will be keen to ensure that as much real competition as possible emerges between the operators.
Being considerably newer in its establishment, du has been playing catch-up around the infrastructure and expertise to compete on a truly level playing field with Etisalat. The two providers have often divided regions up geographically rather than compete directly for the same customers, so customers are effectively faced with a service provider with a de facto monopoly. From 2015, the two providers started bitstream access, a method by which the one network could be shared by the two operators, permitting customers more flexibility to choose a provider where the infrastructure previously restricted their choice. Greater ability for customers to switch between the providers has also been encouraged. It is likely that the TDRA will continue to encourage this competition.
The marked perception of increased competition in the mobile market was increased in 2017 when each of du and Etisalat launched mobile services under new brands: du acquired rights to launch a Virgin mobile branded service and shortly after, Etisalat launched a prepaid service branded as ‘SWYP’. Neither the Virgin Mobile nor the SWYP services are regulated independently of their respective MNOs.
Enterprise-focused ICT services growth through operator divisions or subsidiaries is a key area to watch, particularly as these divisions will compete with a large pool of non-operator affiliated entities. As regards the ICT services growth being experienced by the operators, enterprise adoption of emerging technology will continue to require regulatory guidance from the TDRA, as well as other concerned regulatory bodies in the UAE, to ensure the balance between advancement in technology and risk management is addressed.
The TDRA has been active in terms of regulatory and policy output covering a range of communications areas including Earth Station Regulations, Space Service Regulations and a new Information Assurance Regulation. One of the most significant developments in light of the various Smart City ambitions in the UAE is the IoT Regulatory Policy, which remains largely untested and has a seemingly broad ambit covering IoT services.
Law stated dateCorrect on
Give the date on which the information above is accurate.
31 May 2020