The Dubai International Financial Centre (DIFC) has taken another step forward in strengthening its Data Protection framework. On 1 September 2023, DIFC introduced Regulation 10 under the DIFC Data Protection Regulations, supplementing the DIFC Data Protection Law No. 5 of 2020.
This new regulation specifically addresses AI systems and sets out principles of ethics, fairness, transparency, security, and accountability. It also introduces requirements around clear notices, maintaining AI registers, certification of systems, and the appointment of an Autonomous Systems Officer (ASO) for entities engaged in high-risk processing activities.
Although enforceable today, full enforcement is planned from January 2026. This gives DIFC firms time to assess their AI systems, work towards compliance, and prepare for certification.
At VelthRad, we believe it is important to keep our clients, partners, and the wider community updated on regulatory developments in DIFC and ADGM. Sharing such updates not only enhances awareness but also ensures that businesses start early in preparing for compliance.
You can read the official DIFC publication for full details here:
DIFC Data Protection Regulation 10 PDF
Disclaimer:
This blog post is provided for informational purposes only and is based on the official publication of the DIFC Data Protection Regulation 10. It does not constitute legal, regulatory, or compliance advice. Readers are encouraged to review the official DIFC documents and seek independent professional advice before taking any action based on the information provided.
Zubin Muriya is a seasoned Governance, Risk, and Compliance (GRC) professional with over two decades of cross-jurisdictional experience in banking regulatory compliance, financial crime risk management, corporate governance framework, and audit advisory. His work across India and the GCC (UAE, Qatar, Bahrain) reflects a career rooted in regulatory rigor and operational integrity.
