Dubai – 18 June 2026
Dubai International Financial Centre (DIFC), the leading global financial centre in the Middle East, Africa and South Asia (MEASA) region, has launched a public consultation on proposed amendments to its Data Protection Regulations (DP Regulations), introducing measures aimed at strengthening safeguards for personal data processing in an increasingly AI-driven economy.
The proposed reforms seek to enhance regulatory requirements for systems processing personal data, reinforce privacy and safety standards, and provide greater clarity around compliance obligations as the adoption of artificial intelligence and autonomous technologies accelerates across industries.
The amendments would strengthen existing provisions governing the development and deployment of AI-enabled systems, clarify certification requirements, and further define the responsibilities of the Autonomous Systems Officer (ASO). They also introduce new powers enabling the Commissioner to recognise accreditation and certification schemes, supporting greater regulatory certainty and accountability.
Jacques Visser, Chief Legal Officer at DIFC Authority, said the proposed changes are intended to ensure the regulatory framework keeps pace with rapid technological advances while maintaining high standards of governance.
“As AI and data-driven technologies continue to evolve, it is essential that the regulatory framework remains practical, transparent, and responsive to emerging developments. These amendments are designed to provide greater clarity while reinforcing accountability, governance, and responsible innovation across DIFC,” he said.
The consultation builds on DIFC’s 2023 reforms, which introduced pioneering safeguards for the use of personal data in advanced AI-enabled systems. The latest proposals aim to further strengthen Regulation 10 by embedding enhanced expectations around safe, ethical and privacy-by-design practices within an AI-native jurisdiction.
In addition, the proposed Regulation 11 would establish a framework for recognising accreditation and certification programmes, helping organisations demonstrate compliance with evolving data protection requirements while supporting trust in digital and AI-driven services.
The proposed amendments form part of DIFC’s ongoing efforts to maintain a future-ready regulatory environment that supports innovation while safeguarding personal data and reinforcing confidence in the Centre’s digital ecosystem.
The consultation is open for 30 days, with stakeholders invited to submit feedback on Consultation Paper No. 3 of 2026 by 18 July 2026.
