Digital Platform Compliance: Key Considerations for UAE Platforms

In Brief:

The UAE has implemented a comprehensive framework to enhance consumer rights. Key legislation introduced in recent years includes:

• Data Protection Legislation: Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data.
• Consumer Protection Legislation: Federal Law No. (15) of 2020 on Consumer Protection and Cabinet Resolution No. 66 of 2023 concerning the Executive Regulations of Federal Law No. (15) of 2020.
• Digital Commerce Legislation: Federal Decree-Law No. 14/2023 on Trading by Modern Technological Means and Cabinet Resolution No. (200) of 2025 together the “Digital Commerce Law”.
• Child Digital Safety Legislation: Federal Decree-Law No. 26/2025 On Child Digital Safety (“Child Digital Safety Law”).

In this article, we focus on the Digital Commerce Law and the new Child Digital Safety Law, specifically in the context of obligations imposed by these laws which may impact the design and architecture of digital platforms.

Please see the conclusion of this article for links to further articles discussing the other UAE legislation mentioned above.

Digital Commerce Law

Understanding “Trading by Modern Technological Means”

The Digital Commerce Law imposes a number of obligations on digital merchants who are “Trading by Modern Technological Means”.

“Modern Technological Means” is broadly defined to encompass all types of digital commerce. This definition includes trading through electronic, digital, and biometric methods, as well as artificial intelligence, blockchain, and any other forms of “technical media.” As a consequence, it covers e-commerce (traditionally defined as the buying and selling of goods or services over an electronic network), digital trading, and any other technology-driven trading methods. Both physical and intangible goods and services are included, ensuring that transactions in virtual spaces, such as the metaverse, also come under the jurisdiction of the Digital Commerce Law.

Merchants subject to the Digital Commerce Law who utilise digital platforms such as websites, mobile apps, social media, online marketplaces, blockchain platforms, or messaging apps facilitating commerce must ensure that both they and their platforms comply with the requirements of the Digital Commerce Law.

Who Must Comply with the Digital Commerce Law

The Digital Commerce Law applies to any natural person or corporate entity conducting “Trading by Modern Technological Means”. Unlike the UAE Consumer Protection regime, its application is not limited to merchants registered in the UAE. The law applies both to commercial activity using Modern Technological Means inside the UAE and commercial activity that is “received in the state”.

Notably, the “commercial activity” needs only to be received inside the UAE. This indicates that transactions for products and services delivered by digital merchants based outside the UAE will be subject to the Digital Commerce Law. For example, a travel website selling tours to UAE residents for holiday packages outside the UAE may be subject to the Digital Commerce Law, even if the digital merchant has no physical presence in the UAE and the ultimate services (the holiday) are received by the consumer outside of the UAE.

Platform Requirements under the Digital Commerce Law

The Digital Commerce Law imposes a number of requirements that may impact platform UI/UX design, and digital merchants must ensure that their platforms comply with the Digital Commerce Law.

Items which must be present on the “website, application, or other Modern Technological Means”:

• The terms, conditions, and details of the various stages of the sale of the goods and services.
• The price of the goods or services.
• The delivery fees associated with any delivery of the purchased goods or services.
• The fees associated with any payment processing.
• The digital contract, or where there is no digital contract, the purchase terms and conditions relating to the purchase.

Failure to specify terms, conditions, or details of the sale stages may attract a fine of up to AED 100,000 and temporary closure for 40 days. Items which must be made “publicly available”:

• Details of any associated website.
• Physical and digital address.
• Contact numbers.
• Digital merchant trade license.

Items which must be provided to the customer:

• A method of submitting and tracking complaints. Failure to provide this functionality may attract a fine of up to AED 20,000 and temporary closure of the digital merchant for 20 days.
• Feedback functionality to allow customers to rate their experience of the sales transaction, the payment service and any associated logistic services.
• A method of selecting communication preferences.

In addition to the above, digital merchants must:

• ensure they provide a technically secure environment that meets any e-security, cyber safety, and cyber attack mitigation standards issued by the Ministry of Economy. Failure to do so may result in a fine of up to AED 100,000 and permanent closure of the digital merchant;
• provide invoices through the modern technological means. This means that the platform must have e-invoicing capacity. Failure to provide an invoice may attract a fine of up to AED 30,000 and temporary closure of the digital merchant for a period of not exceeding 90 days.

Dispute Resolution and Complaints

The Digital Commerce Law establishes a process for consumers with complaints (related to the Digital Commerce Law) to follow, and provides the Ministry of Economy with the right to prepare a list of violations and administrative penalties (now codified under Cabinet Resolution No. (200) of 2025, see here for our more detailed discussed). To seek to mitigate the risk of complaints (and, indeed, penalties), it is imperative for digital merchants to be aware of their obligations to consumers in the UAE.

In addition, digital merchants should be mindful of the convenience offered to consumers under the consumer complaints process of the Dubai Corporation for Consumer Protection and Fair Trade (the DCCPFT, which is part of the Dubai Department of Economy and Tourism (DET)). Set to officially roll out its enhanced AI-powered WhatsApp service in early Q2 2026, this  process enables consumers to file formal complaints against businesses quickly and easily, simply by messaging on WhatsApp. We expect that complaints capable of being launched by consumers in this way will include complaints under the Digital Commerce Law, such as complaints relating to websites that do not include terms and conditions or a clear indication of price for goods or services. A Dubai resident could simply interact with the AI-driven system via WhatsApp, upload documents related to their grievance (such as invoices and contracts), and  quickly receive an official ‘resolution letter’ bearing the DET letterhead from the DCCPFT. Consumers  would then be able to present this official letter to the relevant business for execution and the swift resolution of their complaint.  If a digital merchant refused to accept and act upon the resolution prescribed by the DCCPFT, they would face potential penalties.

Digital merchants would be well advised to become familiar, therefore, not only with the Digital Commerce Law dispute resolution process and potential penalties , but also with the mechanisms that are being established in the UAE to aid consumers in exercising their rights.

Additional Obligations under the Digital Commerce Law

In the context of the focus of this article, being compliance obligations which may impact platform design, in addition to those discussed above, the Digital Commerce Law contains its own obligations, including (amongst others) the following:

• Licensing and Legal Capacity: digital merchants must be appropriately licensed and have legal capacity.
• Marketing and Advertising: digital merchants must ensure that advertising and marketing campaigns and the exchange of data comply with applicable laws. These will include the UAE’s consumer protection law and applicable data protection law (see our articles here and here for more details on these particular UAE laws).
• Transparent Pricing and Fees: digital merchants are strictly prohibited from imposing additional fees for logistics or digital payment services that contradict their declared terms. Violations can result in fines of up to AED 10,000 for logistics fee breaches, and up to AED 20,000 alongside a 20-day platform closure for payment infringements.
• Returns and Exchanges: digital merchants must not obstruct a consumer's statutory right to return or replace goods and services. Hindering this process can attract fines of up to AED 20,000 and a 20-day temporary closure.
• Regulatory Cooperation: digital merchants must provide requested information to the Ministry of Economy and cooperate fully with judicial officers. Non-compliance carries penalties of up to AED 20,000 and a 30-day closure.
• Insurance Requirements: where mandated by a Cabinet Resolution, digital merchants must provide insurance coverage for their services, parties, or platforms. Failure to do so can result in fines of up to AED 30,000 and a 40-day closure.

Platform Requirements under the Child Digital Safety Law

The introduction of the Child Digital Safety Law adds a significant new layer of compliance for providers of digital platforms operating in or targeting users in the UAE. The law aims to protect children (defined as anyone under the age of 18) from digital risks and harmful content. It imposes several direct obligations on digital platforms that will fundamentally impact their design, functionality, and user experience, particularly for younger users.

The law came into force on 1 January 2026, and those who fall within its scope have a period of one year to achieve compliance. The law anticipates the publication of a set of executive regulations. The Child Digital Safety Council held its inaugural meeting in early 2026, marking a foundational step in establishing a coordinated national effort to protect children in the digital world.

Who must Comply with the Child Digital Safety Law

Internet service providers and digital platforms operating within the UAE or targeting users in the UAE (whether such users are individuals or legal persons) must comply with the Child Digital Safety Law, where children may use or be exposed to the platforms’ content or services. It is noteworthy that the scope of the law is not limited to platforms that target children; it covers platforms to which children may be exposed. In our view, this significantly widens the potential scope of the law to any publicly available platform which could be visited by children, noting that many children have devices that enable them to access the internet.

Digital platforms are widely defined in the law as “electronic means that enable interaction and communication among users in the digital space and provide digital services or content”, with specific reference being made to websites, electronic search engines, smart applications, messaging apps, forums, electronic games' platforms, social media platforms, live streaming platforms, podcast platforms, streaming services and on-demand online video content platforms, and e-commerce platforms.

Key platform design considerations under the Child Digital Safety Law include:

• Mandatory Age Verification: All digital platforms operating in or targeting users in the UAE must implement "effective and reasonable" age verification mechanisms. The strength of these mechanisms must be proportionate to the level of risk the platform's content poses to children.
• Restrictions on Commercial Games: Online commercial games are games whose primary purpose is to generate direct or indirect financial gain for its operator and include activities involving betting or wagering. Platforms must take technical and administrative measures to prevent children from accessing or creating accounts for online commercial games.
• Enhanced Data Protection for Children: For children under the age of 13, platforms are prohibited from collecting, processing, or sharing their personal data without obtaining explicit, documented, and verifiable consent from a parent or guardian. This data cannot be used for commercial purposes, or for delivering targeted electronic advertisements. Where the data of children under 13 is processed with guardian consent, access to such data must only be available to authorised persons who are required to have access to provide the related service. Data privacy policies must be disclosed to both the child and the caregiver and be drafted in a manner understandable to both. Certain educational and health platforms may be exempt, subject to a Cabinet Decision and approval from the Council for Education, Human Development and Society.
• "Safety by Design" - Enhanced Protection Measures: Platforms are required to develop and implement a range of "enhanced child protection measures", including:
  • High-Privacy by Default: Children's accounts must have initial and default privacy settings that ensure the highest levels of privacy and protection.
  • Age Verification Tools: Platforms must provide tools to enforce age restrictions and limits on use.
  • Parental Control Tools: Platforms must provide tools that allow caregivers to monitor and manage a child's activity, such as setting daily usage limits and mandatory break times.
  • Content Moderation and Filtering: Platforms must provide tools for age-based content classification, filtering, and blocking, as well as controls to disable features that encourage excessive interaction.
  • Reporting Mechanisms: Platforms must offer clear, user-friendly tools for the immediate reporting of harmful content and must use their technical capabilities (including AI) to proactively detect and remove such content.
• Policy Disclosure: Platforms must periodically and publicly disclose their policies regarding how they deal with users and content.
• Operational Child Safety Compliance: Beyond platform architecture, the Child Digital Safety Law requires active operational compliance. Platforms must not only provide reporting tools but proactively utilise technical capabilities to detect and remove harmful content. Furthermore, platforms must strictly enforce the prohibition on using the personal data of children under 13 for commercial purposes or targeted advertising, and must regularly publish their content management policies.

The introduction of The Digital Commerce Law and the Child Digital Safety Law signals a clear regulatory focus on user protection in the UAE's digital economy. This necessitates a proactive, 'compliance-by-design' approach. Platforms must be architected from the ground up with these obligations in mind, from age verification and data privacy defaults to transparent pricing and robust complaint mechanisms. A thorough review of existing platforms against the requirements set out in The Digital Commerce Law and the Child Digital Safety Law is a critical first step to mitigating regulatory risk and building consumer trust in this evolving legal landscape.

It should also be borne in mind that the Digital Commerce Law and the Child Digital Safety Law also contain a wide range of other obligations, however this article focuses only on those that may impact platform design.

In addition , both digital and non-digital merchants should be aware of the UAE’s Consumer Protection Law in relation to general trading and for digital merchants in the context of platform design. You can read our article on this here.

See also our article here on compliance with the UAE Data Protection Legislation.

For more information, please contact a member of the Hadef Commercial Team (Victoria Woods, Partner -v.woods@hadefpartners.com, Diana Froyland, Senior Counsel - d.froyland@hadefpartners.com, Julie Beeton, Senior Counsel - j.beeton@hadefpartners.com or Rachael Scourfield – Senior Associate r.scourfield@hadefpartners.com).

This article is intended for general informational purposes only and does not constitute legal advice. Readers should seek independent legal counsel in relation to their specific circumstances.