The United Arab Emirates has issued a series of amendments to its Cybercrimes Law, including harsher penalties and sanctions for those who commit technology-related offences. Here is a summary of the changes and how they may impact your organisation.

Federal Decree-Law No. 2 of 2018 (the Amending Decree) has been issued to amend certain provisions of Federal Decree-Law No. 5 of 2012 on combatting IT crimes (the Cybercrimes Law).

Summary of changes

The changes introduced by the Amending Decree comprise the following:

  • The penalty for establishing, managing or running a website or publishing electronic information that promotes terrorist groups or unauthorised organisations is increased from a minimum five-year imprisonment and AED 2,000,000 fine to imprisonment for a period of between 10 and 25 years with a fine of up to AED 4,000,000. Uploading, retransmission or publication of content from such sites is now an offence punishable by up to five years' imprisonment and a fine of up to AED 1,000,000. In either case, the court may send the offender for counseling or put them under electronic surveillance to present them from using any IT media for a period decided by the court.
  • The offence under Article 28 relating to establishing, managing or running a website or using electronic information with intent to incite acts that may endanger national security, state interests or public security is widened to cover acts that may endanger judicial or law enforcement officers.
  • Without prejudice to provisions in the Penal Code, the UAE courts may deport any foreign party that is guilty of crimes relating to honour or specified in the Cybercrimes Law.

What does it mean?

The Amending Decree represents the latest in a series of updates to electronic and cyber legislation in the UAE. As cybercrimes become more widespread and increasingly harmful, the UAE government is seeking to extend the sanctions against cyber criminals and bring the legislation into line with the latest standards and technologies.

Organisations operating in the UAE are unlikely to see any substantial changes arising from the Amending Decree, but should continue to ensure that measures are in place to monitor cyber security and the compliance of staff and contractors with local cyber legislation.