The UAE’s collaborative approach to combat cybercrime: A closer look at the proactive strategy

The UAE Cyber Security Council, formed in November 2020, is responsible for developing and overseeing a cyber security strategy that promotes a secure and resilient cyber infrastructure in the United Arab Emirates.

The establishment of the Cyber Security Council was followed by legislations that developed to ensure effective cyber solutions were implemented. This article provides a brief overview of the essential articles of the Federal Decree Law No.34 of 2021 on Combatting Rumors and Cybercrimes which hold significant importance. , We will also discuss the role of the UAE Cyber Security Council in fostering collaboration between the public and private sectors to enhance cybersecurity across the UAE.

  • Article 2 of Federal Law no. 34 of 2021 on Combatting rumors and Cyber Crime (“The Law”) prohibits unauthorized access to electronic sites and imposes fines ranging from AED 100,000 to AED 300,000. The article also specifies a penalty of imprisonment for a period of at least six months and/or a fine ranging from AED 150,000 to AED 500,000 for modifying, copying, deleting, disclosing and publishing any data or information obtained through unauthorized access to an electronic site, which results in harmful consequences such as destruction of the accessed website or obstruction of its function. If the unauthorized access was intended to obtain information for illegal purposes, The fine shall not be less than AED 200,000 and not more than AED 500,000, and an imprisonment period not less than one year.
  • According to Article 4 of The Law, anyone who intentionally causes harm, destruction, suspension or disruption of a website, electronic information system, information network, or information technology will be punished with A minimum of one year’s imprisonment and a fine of at least AED 500,000, up to a maximum of AED 3 million. If the damage was inflicted on a banking, media, health, or a scientific institution, or if the crime was committed  as a result of an electronic attack to achieve illegal order, the penalty is temporary imprisonment and a fine ranging from AED 500,000 to AED 3 million.
  • According to Article 48, individuals who engaged in certain activities through an information network, IT tool or websites may face penalties.
    The penalties will include A minimum of AED 20,000 or a fine up to AED 500,000.  Alternatively, the penalty may be a fine of AED 50,000 or one of the penalties. The following activities are punishable under this article:
  1. Promoting a product or service using false information or deceptive methods.
  2. Advertising, promoting, facilitating, or engaging in any way with a virtual currency, digital currency, stored value unit or any payment unit that is not officially recognized in the country or without a license from the relevant authority.
  • The above law addresses a range of other offenses, including but not limited to creating fake emails and websites, spreading false information and rumors, instigating rebellion against the law and constitution, advertising or organizing unauthorized demonstrations, collecting donations without a license, trading antiquities without proper authorization promoting sectarianism and sedition, and creating websites for the purpose of human trafficking.

The enactment of this law was necessary to safeguard individuals and organizations from the rising cyber threats which have become a challenge in today’s world.  Criminals have an advantage in the borderless system of networks, allowing them to capitalize on anonymity and access.

Public-private partnerships involve cooperation between a government agency and a private-sector entity for the common good of the entire nation such as to finance, construction, and managing projects that aid in the country’s development in various domains.

To develop a cybersecurity strategy, the UAE Cybersecurity Council has formed multiple collaboration agreements with external service providers from the private sector over the last eight months.  One such agreement has been made with Deloitte, one of the big four leading auditing and tax consulting firms and offers and extensive range of management and assurance services. Given the fact Deloitte audits around 20% of all US Public Companies, this partnership aims to introduce international best practices within the Cyber Security Council and provide cyber training.

Another collaboration was established with Huawei, one of the largest telecommunications equipment manufacturers in the world, to focus on research and thought leadership in cybersecurity. Since telecommunication infrastructure is pivotal for protection, it is mandatory to invest in communications systems as a means of enabling security agencies to counter threats and safeguard society from harm.

Additionally, the UAE Cybersecurity Council signed an agreement with Amazon Web Services, a widely adopted cloud platform that offers several on-demand operations such as computing power, database storage, and content delivery to help companies scale and grow.  The aim of this partnership is to assist (semi-)government entities in accelerating their migration to the cloud.

Giving the growing need for cybersecurity system globally, it is evident that the UAE has adopted a proactive approach in developing legislations tailored to the nation’s needs and establishing collaborations to protect organizations and citizens from cyber threats. However, since cybercrime poses one of the greatest risks to prosperity and combat and exponential growth in recent times, we recommend expanding the protection layer worldwide by collaborating with Interpol through their Global Cybercrime Program, which will facilitate international action to combat and reduce cybercrime.

The authors of this article are Fadi Hassoun (Partner) and Hadeel Mohamed (Associate).

Fadi is a Partner in the Abu Dhabi office and has over 20 years of experience in corporate and commercial matters, litigation, and dispute resolution. He specialises in real estate, employment and labour, financial crime, and criminal crime. He has extensive experience in negotiating and advising across several jurisdictions for a diverse range of clients, including insurance companies, government entities, oil and gas companies, and advertising and publishing companies.

Hadeel’s experience in dispute resolution includes litigation and arbitration, covering various areas of law such as real estate, employment, criminal, family law, commercial and civil disputes. She also handles corporate and commercial matters such as insurance, banking and finance, M&A, and oil and gas. She has over seven years of experience in the region, focusing on high-profile construction projects, advising on technical aspects and drafting agreements.

Fadi and Hadeel will be attending the RESOLVE 2023 Abu Dhabi International Dispute Resolution Forum, on 6-7 March 2023 at the ADGM, Abu Dhabi, UAE.

Galadari Advocates & Legal Consultants’ market-leading Litigation team have lawyers dedicated to providing tailored and sensitive legal advice on cybercrime matters in the UAE. Our team of Emirati advocates have full rights of audience across all UAE Courts. We will be happy to discuss any queries you may have.

Fadi Hassoun
Hadeel Mohamed