In Brief:
This article explores the newly published enforcement framework under Cabinet Resolution No. (200) of 2025, which activates penalties for violations of the UAE's Digital Commerce Law (effective in late 2023) and introduces a graduated penalty system ranging from warnings, to fines up to AED 100,000 and permanent closure.
In this article we highlight the critical compliance requirements for digital platforms operating in the UAE, including secure identity verification, transparent pricing disclosure, detailed invoicing, and formalized complaint mechanisms, with severe penalties for non-compliance.
This article also sets out the practical steps digital merchants must take, including platform audits, UI/UX reviews, and T&C updates, to mitigate regulatory risk under the new enforcement regime that came into force on 28 November 2025.
The New Cabinet Resolution
Federal Decree-Law No. 14/2023 on Trading by Modern Technological Means (“Digital Commerce Law”), which came into effect on 5 September 2023, imposes a number of obligations on digital merchants who are “Trading by Modern Technological Means”. For a more detailed discussion on the Digital Commerce Law, including the meaning of ‘trading by modern technological means’ and the law’s impact on digital merchants, please see our article here.
Cabinet Resolution No. (200) of 2025 Regarding the Schedule of Administrative Violations and Penalties (the "Resolution") now brings into force the Digital Commerce Law’s awaited enforcement framework. The Resolution came into force on 28 November 2025, and marks a critical shift from the law’s regulatory guidance to active enforcement.
Digital merchants operating in or targeting consumers in the UAE should analyse their platform architecture, user interfaces, and operational processes in light of the Digital Commerce Law to mitigate the risk of substantial fines and business interruptions, which may now be capable of being imposed under the Resolution.
The Graduated Penalty System
The Resolution applies to any person committing acts that violate the provisions of the Digital Commerce Law. It introduces a strict, graduated penalty system designed to penalize repeat offenders. Depending on the frequency and severity of the violation, penalties can escalate across four stages of commission, ranging from formal written warnings (with a 15-day rectification period) to fines of up to AED 100,000, temporary closures, and, ultimately, permanent closure of the establishment/platform. It is notable that the Ministry is empowered to impose one or more administrative penalties on an offender.
Under Article 3(3) of the Resolution, the Ministry is not strictly bound by the graduated penalties approach. In cases of "serious violations", the Ministry may bypass the warning stage and impose the most severe administrative penalty immediately. Furthermore, if a violation continues after a warning period expires, or if a fine payment period lapses without settlement, a new violation is deemed to have been committed, justifying further penalties.
Critical Violations and Operational Impacts
The Schedule to the Resolution outlines 11 specific violation categories. Below is a summary of the most operationally significant penalties that will directly impact platform UI/UX and backend platform compliance. The summary below sets out the penalties for the first and forth violation commissions to illustrate how the graduated penalty system is designed to work, and to highlight the significant rise in fines and the potential for incurrence of non-financial penalties for repeat offences:
|
Statement of Violation |
Legal Reference |
First Commission |
Fourth Commission |
|
Failure to provide a secure technical environment to verify digital identity, digital capacity, or the offer/acceptance required for contract validity. |
Article 5(3); Article 13 (2)(a)(b) |
Fine of AED 2,000 to AED 10,000 |
Fine of AED 40,000 to AED 100,000 and permanent closure of the establishment. |
|
Failure to specify terms, conditions, or details of the sale stages, or violation of declared specifications, timeframes, or logistics costs. |
Article 6(1) |
Written warning (15 days to rectify) |
Fine of AED 20,000 to AED 100,000 and temporary closure for 40 days. |
|
Failure to provide a detailed invoice, whether in paper or non-paper form, for the purchase of Goods or Services through Modern Technology. |
Article 5 (8) |
Written warning (15 days to rectify) |
Fine of AED 10,000 to AED 30,000 and temporary closure for a period of not exceeding 90 days. |
|
Imposing additional fees for digital payment contrary to those specified and declared in the digital contract or terms. |
Article 15(3) |
Written warning (15 days to rectify) |
Fine of AED 10,000 to AED 20,000 and temporary closure for 20 days. |
|
Obstructing the right to return or replace goods/services in cases specified by the Digital Commerce Law. |
Article 7(1) |
Written warning (15 days to rectify) |
Fine of AED 10,000 to AED 20,000 and temporary closure for 20 days. |
|
Failure to allocate a mechanism for handling complaints. |
Article 6(6), (7), and (8) |
Written warning (15 days to rectify) |
Fine of AED 10,000 to AED 20,000 and temporary closure for 20 days. |
Grievance and Appeal Mechanism
If a penalty is imposed, the Ministry will notify the violator within 15 days of the issuance of the penalty decision, and fines must be paid within 30 days. Under Article 4 of the Resolution, digital merchants have a strict 30-day window from the date of notification of a penalty decision to submit a reasoned grievance/appeal (accompanied by all relevant supporting documents) to the Ministry in order to challenge a penalty.
Appeals submitted after this 30-day period will be deemed inadmissible. The Ministry has 30 days to decide on any appeal, however, if this period lapses without a decision, the appeal is considered rejected, and the decision originally issued by the Ministry in respect of the violation is considered final.
Investigation and Determination of Administrative Penalties
Article 3(2) of the Resolution envisages that the Ministry will issue a further Cabinet Resolution under the Digital Commerce Law setting out the mechanism for the investigation of violations, the determination of administrative penalties, and the criteria applied for the determination of such penalties in a manner that ensures proportionality between the penalty and the gravity of the violation. This Cabinet Resolution has not been published as of the date of this article.
Practical Steps for Digital Merchants
The introduction of the Resolution activates the enforcement framework for the Digital Commerce Law, making compliance increasingly important. To mitigate regulatory risk, digital platform providers should undertake the following:
- Audit Platform Architecture: Ensure that the platform has robust, secure mechanisms for verifying digital identity and capturing clear offer and acceptance (e-signatures or explicit consent mechanisms) to avoid the severe penalties associated with Article 5(3) violations.
- Review Pricing Transparency: Conduct a UI/UX review of the checkout process. Ensure that all logistics fees and payment processing fees are explicitly declared prior to purchase. Hidden fees or post-checkout surcharges may be penalized. Ensure customers are provided with an invoice.
- Formalize Complaint Channels: Verify that the platform features a clear, accessible, and trackable complaints mechanism, complete with dedicated contact numbers and physical/digital addresses, as mandated by Article 6.
- Update Terms & Conditions: Ensure digital contracts and T&Cs accurately reflect actual operational practices regarding delivery timeframes, product specifications, and return policies.
Digital platform providers should also be aware of Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the “PDPL”) and Federal Decree-Law No. 26/2025 on Child Digital Safety (the “Child Digital Safety Law”). The PDPL regulates how personal data is collected, used, shared, secured and transferred in the UAE, and non-compliance can create regulatory, contractual and reputational risk. The Child Digital Safety Law imposes additional obligations where platforms are accessed by, directed at, or likely to affect children, including around platform design, safety measures and the handling of children’s data. You can read our article on these laws here.
For more information, please contact a member of the Hadef Commercial Team (Victoria Woods, Partner -v.woods@hadefpartners.com, Diana Froyland, Senior Counsel - d.froyland@hadefpartners.com, Julie Beeton, Senior Counsel - j.beeton@hadefpartners.com or Rachael Scourfield – Senior Associate r.scourfield@hadefpartners.com).