Este artigo está disponível apenas em inglês no momento.
AI Governance in the UAE: National AI Strategy, DIFC, and the Gulf's Leading AI Jurisdiction
The UAE has positioned itself as the Arab world's AI hub — with a National AI Strategy, the world's first AI ministry, AI-specific regulation in DIFC, and a growing body of sector guidance. The complete 2026 guide for organisations operating in the UAE.
Key Takeaways
The UAE has the world's first dedicated Ministry of AI (established 2017) and a National AI Strategy 2031 that targets AI contribution of AED 335 billion (~USD 91 billion) to the UAE economy by 2031.
The Dubai International Financial Centre (DIFC) has developed AI-specific data protection guidance that applies to organisations operating within the DIFC — one of the most sophisticated AI-specific frameworks in the Middle East.
The UAE's Personal Data Protection Law (PDPL, Federal Decree-Law No. 45 of 2021) creates data protection obligations relevant to AI — including requirements for lawful basis, purpose limitation, and data subject rights that parallel GDPR.
The Abu Dhabi Global Market (ADGM) has developed its own AI governance framework and has been active in positioning Abu Dhabi as a centre for responsible AI development.
Saudi Arabia's neighbouring National AI Strategy creates a regional AI governance landscape — organisations with Gulf operations need to navigate both UAE and Saudi frameworks, which are aligned in aspiration but differ in specific requirements.
"Apenas para fins informativos. Este artigo não constitui aconselhamento jurídico, regulatório, financeiro ou profissional. Consulte um especialista qualificado para orientação específica."
UAE's AI governance architecture
The UAE's approach to AI governance is distinctive — it frames AI governance primarily through the lens of AI as a development opportunity and positions the UAE as a global AI leader, with governance designed to enable rather than constrain AI adoption. The Ministry of Artificial Intelligence, the UAE AI Office, and the National Programme for AI all reflect this orientation. This does not mean that the UAE has no AI governance requirements — it means that those requirements are designed to create a trustworthy environment for AI investment and deployment rather than primarily to protect against AI harms.
The practical implications for organisations operating in the UAE: AI governance is expected as a mark of organisational quality and as a requirement for government and enterprise procurement, rather than primarily as a compliance obligation. Organisations that demonstrate robust AI governance — documented processes, bias testing, explainability — are better positioned in the UAE market, both commercially and in regulatory engagement.
DIFC AI governance: the most developed framework
The Dubai International Financial Centre has developed AI-specific data protection and governance guidance that is among the most sophisticated AI regulatory frameworks in the Middle East. The DIFC Data Protection Law and its implementing regulations apply to organisations operating within the DIFC — approximately 5,000 registered companies including major financial services, professional services, and technology firms. DIFC's AI governance guidance builds on its data protection framework to address AI-specific concerns: automated decision-making rights, algorithmic transparency, and AI system documentation. For financial services firms operating within the DIFC, the guidance creates specific expectations for AI used in credit assessment, customer risk profiling, and compliance functions.
The UAE PDPL and AI
Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL) applies across the UAE (outside DIFC and ADGM which have their own regimes) and creates data protection obligations for AI systems processing personal data of UAE residents. Key PDPL provisions relevant to AI: lawful basis requirement for processing (consent, contract, legal obligation, legitimate interest, or public interest); purpose limitation (data collected for one purpose may not be used for AI training for a different purpose without additional lawful basis); data subject rights including access, correction, and objection to processing; and obligations around automated decision-making in contexts affecting individuals. The PDPL is enforced by the UAE Data Office, which has been progressively building its enforcement capability.