Man outdoors in traditional dress

Navigating your way to the Cloud
UAE

A Journey of Digital Transformation
An Interactive Guide for Legal and Compliance Professionals

INTRODUCTION TO CLOUD IN UAE

The United Arab Emirates (“UAE”)1 is taking a lead in digital transformation and has declared itself an "open global laboratory" to transform concepts of the fourth industrial revolution into reality.

Digital transformation is about reimagining how you bring together people, data, and processes to create value for your customers and maintain a competitive advantage in a digital-first world. It is the next industrial revolution and every company, from large multi-national corporations to small and medium sized businesses, needs to start thinking and operating like a digital company.

The UAE is experiencing digital transformation everywhere. Powered by improving connectivity, a rise in smartphone use and the global connection of devices, businesses and institutions across all sectors are reassessing their technology strategies to better engage their customers, empower their employees, optimize their operations and transform their products and services. The UAE government is an active participant in digital transformation and is increasingly moving towards Smart Government solutions. The National Plan for UAE Smart Government Goals was initiated in 2014 in alignment with the national direction embodied in UAE Vision 2021 which sets the key theme for socio-economic development of the UAE. Vision 20212 was launched in 2010 as a national charter aimed at transforming the UAE into 'one of the best countries in the world' by 2021, integrating efforts at federal and local levels. Key targets include enabling world-class healthcare, first rate education, a sustainable environment and infrastructure, and a competitive knowledge economy. The Government recognises that technology will play a key role in achieving these objectives.

Digital transformation is evident across multiple sectors. A good example is the financial services industry where we are seeing next generation personalization of client experiences, improved collaboration, productivity and mobility for employees and the delivery of next-gen, multi-asset risk analytics which reduce decision-making from days to minutes. Banks in the UAE are also realising the challenges and opportunities of the Fintech revolution. The financial free zones in both the Emirates of Abu Dhabi and Dubai have established regulatory Fintech sandboxes to encourage Fintech innovation, and the Dubai government is focused on achieving global leadership in the development and application of Blockchain networks.

At Microsoft, we recognize the unprecedented opportunity for digital transformation in the region and believe that hyper-scale cloud services, in particular, can play a pivotal role in helping the UAE unlock its key socio-economic objectives while ensuring a safer, more secure environment which adheres to accepted international technical standards.

Many have already realised the obvious benefits of cloud services, including efficiencies, cost savings, cyber-resilience and secure access. Increasingly, those looking to future-proof their business are also recognising that to fully harness the potential of technologies like Artificial Intelligence, Internet of Things, Blockchain and Augmented or Virtual Reality, they will likely need to rely on the hyper-scale cloud and the scalability it can offer. Use of cloud services can also provide a competitive edge.

That said, all clouds are not created equal. As UAE increasingly turns to cloud-driven technologies, the selection of a trusted Cloud Service Provider (CSP) with a long history of delivering on privacy and security commitments in a compliant and transparent manner, now more than ever, is a critical part of the cloud journey for any customer. In a time when technology is changing almost every aspect of our lives, and the change is also causing disruption and uncertainty, Microsoft continues to draw from its past as we seek the right answers to questions about how best to realize opportunities ahead and create a trusted, responsible, and inclusive cloud.

Microsoft plays a leading role in the cloud technology revolution in the UAE and provides its customers with state-of-the-art cloud services. Solutions such as Microsoft Azure, Office 365 and Microsoft Dynamics 365 already power many different customers across the Middle East and Africa region, including small medium enterprises, large global corporates, public sector and non-profit organisations. These are just some of the Microsoft cloud services driving the digital transformation across the globe.

In 2019, Microsoft will deliver the intelligent trusted Microsoft Cloud for the first time from data centres located in the UAE. The new cloud region will offer enterprise-grade reliability and performance combined with data residency to help enable the tremendous opportunity for economic growth, and increase access to cloud and internet services for organisations and people across the UAE, and the Middle East region. This new investment is a recognition of the enormous opportunity for digital transformation in the Middle East and is a major milestone in the company’s mission to empower every person and every organisation on the planet to achieve more in a safe, secure and legally compliant manner.

THE REGULATORY LANDSCAPE

  • Cloud adoption in the UAE has, as in many other countries, been accompanied by concerns about risks. These concerns typically focus on the ability of cloud service providers to ensure a high level of security and privacy compliance.

    As a result of greater cloud adoption in the region, we are now seeing how attitudes towards these concerns are changing as organisations are increasingly understanding how they can move to the cloud in a way that meets and often exceeds all their security and privacy requirements. Indeed, cloud solutions from leading providers such as Microsoft are now being recognised for their ability to offer levels of security and privacy compliance that can exceed those available via in-house solutions of even the most sophisticated organisations.

    At Microsoft, we welcome these positive developments. We are pleased to have already participated in many compliance conversations with customers and regulators across various sectors. Through these conversations, we have developed a broad range of materials to help our customers in the UAE move to the cloud in a way that meets their regulatory requirements and stay at the forefront of compliance. It is important to ensure that our customers can be confident that their use of Microsoft cloud services meets the necessary requirements.

  • The UAE does not currently have a uniform set of laws, regulations and/or official standards specifically relating to the adoption of cloud computing services. However, many industry sectors do have specific regulations that will apply to regulated entities. These include issues such as data protection, confidentiality, outsourcing and, in some instances, data residency requirements. Where these industry/sector specific regulations exist, they offer a helpful framework for regulatory compliance. For non-regulated sectors there are several general laws that will apply such as the Federal Law No. 3 of 1987 Promulgating the Penal Code ("UAE Penal Code") and Federal Decree by Law No. 5 of 2012 On Combating Cyber Crime ("Cyber Crimes Law"). These general laws will also apply to regulated entities in the absence of specific provisions to the contrary.

    • With the exception of some specific free zones (such as the Dubai International Financial Centre and Abu Dhabi Global Market) there is no comprehensive ‘European-style’ data protection legislation in the UAE. There are, however, provisions of general application in the context of data privacy and while these provisions are not entirely consistent with the approach to data privacy issues addressed in certain modern data protection laws, they must be considered when assessing the legal basis for processing personal information in the UAE.

      Of primary relevance (and representative example) are Articles 379 and 380(bis) of the UAE Penal Code. These provisions provide that it is illegal to disclose or use a secret to your advantage, or to distribute or provide data, save as permitted by law or with consent of the data subject.

    • The UAE takes a robust approach to cybercrimes and the Cybercrime Law3 provides for both penal and fiscal penalties for offences relating to hacking, identity theft and fraud. The Cybercrime Law also prohibits unauthorised access to websites or electronic information systems or networks. If the prohibited actions lead to the disclosure, alteration, copying, publication and republication of data then the penalty's severity may be increased. This also applies in circumstances where data is of a personal nature.

      The Cybercrime Law also protects individuals’ rights to privacy and prohibits disclosing confidential information obtained in the course of or because of work, by means of any computer network, website or information technology.

    • The Telecommunications Regulatory Authority (TRA) has jurisdiction to establish the general policy for the telecommunication sector and issue general directives, rules, regulations, and instructions regarding the implementation of Federal Law by Decree No. 3 of 2003 Regarding the Organization of the Telecommunication Sectors, as amended. Future developments may include cloud specific regulations.

    • Federal Law No. 1 of 2006 Concerning E-transactions and E-commerce has the objective of encouraging and facilitating electronic transactions and communications by means of reliable electronic records. Reliance on certain qualified digital signatures defined as “secure electronic signatures” is deemed reasonable, absent proof to the contrary. This law is commonly relied upon to collect, and record, proof of customer consent in relation to the processing of personal information.

    • The National Electronic Security Authority (“NESA”) is a federal authority, established in 2012, responsible for the advancement of the nation’s cybersecurity. NESA has developed the UAE Information Assurance Standards ("IAS") which include security controls for cloud computing. All UAE government entities and other entities identified as critical by NESA are encouraged to implement the IAS. Any business operating in the UAE should, at the very least, be aware of the IAS cloud computing controls, as NESA recommends that all entities in the UAE should adopt the IAS on a voluntary basis.

      In addition, the governments of each of the Emirates of Abu Dhabi and Dubai have also issued information security requirements.4

      As Microsoft brings the cloud to the UAE with in-country data centres, mapping the compliance of Microsoft’s Cloud to these local requirements will be a key priority.

  • This checklist provides a detailed look into the legal obligations that may affect your usage of Microsoft Cloud Services.

    Click here to download the checklist.


WE BUILD OUR TRUSTED CLOUD ON FOUR FOUNDATIONAL PRINCIPLES

Security

Security

We build our services from the ground up to help safeguard your data

Learn more
Privacy

Privacy

Our policies and processes help keep your data private and in your control

Learn more
Compliance

Compliance

We provide industry-verified conformity with global standards

Learn more
Transparency

Transparency

We make our policies and practices clear and accessible to everyone

Learn more

INDUSTRY RESOURCES

INDUSTRY RESOURCES

INDUSTRY RESOURCES

INDUSTRY RESOURCES

RECOMMENDED RESOURCES

CUSTOMER STORIES

 
 
SEE MORE STORIES

CUSTOMER STORIES

 
 
SEE MORE STORIES

CUSTOMER STORIES

 
 
SEE MORE STORIES
*EXPLANATORY NOTE AND DISCLAIMER: This website is intended to provide a summary of key legal obligations that may affect customers using Microsoft cloud services. It indicates Microsoft’s view of how its cloud services may facilitate a customer's compliance with such obligations. This website/document is intended for informational purposes only and does not constitute legal advice nor any assessment of a customer's specific legal obligations. You remain responsible for ensuring compliance with the law. As far as the law allows, use of this website/document is at your own risk and Microsoft disclaims all representations and warranties, implied or otherwise.