Follow Us

The UAE’s Internet of Things (IoT) regulatory framework

Internet of things uae


The Internet of Things is a significant part of the period of technology and innovation. The world is now moving at an accelerated pace toward it and affected by its benefits. it is a newly emerging technology in the tremendous and advancement world of Information Technology. The Internet is a technology more than the use of computers and other gadgets such as smartphones. In fact, the internet is used in many other aspects like processes and the environment.

IoT is a framework whose goal is to make a connection between computing devices, digital machines, mechanical apparatuses, animals, people, and objects that give one-of-a-kind identifiers and with limitless capacity voluminous information over a network that does not need to any more human-to-human and human-to-computer interaction.

  It is a new idea that is based on the utilization of the Internet to promote the way we live and the way we manage our work and business. In other words, IoT is an ecosystem that implies all of the devices we use in everyday life are connected to the internet and can be managed and monitored by mobile phones, computers, or other control devices.

This technology is based on the communication of devices with each other. so it facilitates exchanging data among companies and services therefore there is a correlation between data sources related services provided for user-connected devices. It provides great benefits for individuals, groups, companies, and organizations. it enhances human life and eliminates major problems but besides these benefits, there are negative points. there is a need to understand moral risks related to new technology and ethics policies related to the IoT issues. Now the world becomes more and more connected and because there are no system firewalls, hackers attract Internet users and gain access to their data.

so companies or organizations get forced to protect their data. This is just one of the negative points. In the sophisticated environment created by IoT, the legal environment must be changed in compliance with new technologies.  The UAE’s Telecommunications Regulatory Authority (TRA) has released a new IoT policy and procedures that its goal is successful regulating of  IoT “to expand in a coordinated, coherent, safe and secure manner” and securing the UAE’s position as a worldwide pioneer within the Internet of things space in UAE . its goals are as follows:

  • providing a secure IoT service that meets the needs of users, supports continued innovation, efficiently manages limited resources, keeps safe the rights and interests of IoT users, and gives clarity and a  definition for IoT market development.
  • The IoT Policy clearly permits the TRA to repeat and replace rules, procedures, when it sees fit, particularly concerning the nature of Internet roaming devices, according to the changing nature of the Application world.
  • Other than TRA, ministries and special industry regulators may develop articles dedicated to the Internet by coordination and consultation with the IoT Advisory Committee.

Who does it apply to?

IoT policy is applied and applicable to all persons or organizations involved in Internet of things in the UAE, including telecommunications providers, IoT service providers, and IoT services consumers such as individuals, businesses, and government. An internet service provider is a person who promotes operation and offers facilities to consumers in the UAE, which are objects/solutions associated with the Internet. Systems integrators, telecom equipment makers, and machine-to-machine connectivity providers are some examples of IoT service providers. These providers may not be present in the UAE ( onshore or in one of the free zones) but it must have An official representative who is in place and is responsible for all communications with the TRA and UAE law – enforcement agencies under the IoT policy.

What does it say?

there are a number of additional compliance considerations for IoT Service Providers set out by the IoT Policy as follows:


Before presenting any IoT services, all IoT service providers must register in their settings with the TRA under the IoT Policy. Some additional registration requirements needed for IoT Service Providers providing Mission Critical IoT Services include maintaining subscriber information (subscriber’s name, address, and ID, the device’s model and registration number, and any other information that the TRA may determine from time to time), and creating strong security measures.

Data protection

Another requirement that  IoT policy needs to comply with is data protection derived from the General Data Protection Regulation (GDPR), such as commitments to minimize the data; constraints in the target that the data can be used; and the requirement for minimum security requirements to protect recorded data.

Data localization

Some government agencies’ data must be stored in the geographical boundaries of the UAE (such as “confidential, sensitive and secret” data). if categories of data are transferred abroad, the least certain criteria must meet.

IoT connectivity

Any IoT service providers who want to provide the underlying connectivity for IoT Services over a wide area must inform the TRA  and get a separate license, then the TRA checks whether their activities are regulated under the IoT Policy. These items will be investigated by TRA on a case-by-case basis.

Type Approval

In addition to complying with the existing Type Approval framework, All Radio and Telecommunications Terminal Equipment (RTTE) that collect data and/or provide IoT Services need to comply with additional requirements under the IoT Policy like prescribed additional labeling and user documentation requirements.


Internet of things service providers have been permitted to use both physical SIMs and embedded/eSIMs. but for use of  Soft SIMs defined as A set of software and applications that perform all the functions of a SIM card, but do not have any safe storage in the memory and processor of the communication device,  requires prior approval from the TRA.

Encryption standards

Internet of things service providers should use an encryption standard that meets the requirements of the UAE authorities’ criteria. if a higher encryption standard is needed by the IoT Service Provider, TRA approval is necessary and will be checked on a case-by-case basis.

M2M (machine-to-machine  technology)

TRA has implemented a numbering scheme for the M2M services. The license holders should be able to distinguish between the numbers allocated for Mission Critical IoT Services. When it is impossible to make a clear distinction between numbers, the M2M may help holders of license by assigning the number of numbered blocks numbered in the M2M numbering.

Steps IoT Service Providers should take now

Although the IoT Policy and IoT Procedures have recently become available to the public by the TRA, in the absence of more deadlines, the time for adaptation is currently available. In this context, violations of the IoT Policy may lead to temporary or permanent suspension of relevant services, as well as a violation of the UAE communication law. Penalties set by the Telecommunications Law can include fines and/or imprisonment. Regarding the above-mentioned items, service providers operating on the Internet in the UAE should take the necessary steps to fully understand the requirements of registration and compliance as stated in IoT Policy and IoT Procedures, and evaluate whether their current or proposed activities result in any registration or license obligation. If there is any doubt, legal consultants should be able to help.

Leave a Comment

Your email address will not be published. Required fields are marked *