The United Arab Emirates has introduced a comprehensive federal framework for child protection in the digital environment through Federal Decree-Law No. 26 of 2025 on Child Digital Safety (the “Child Safety Law”).
The law entered into force on 1 January 2026 and establishes a risk-based regulatory regime aimed at:
- Reducing children’s exposure to harmful online content
- Strengthening privacy protections
- Requiring age-based safeguards
Businesses have a one-year transitional period, with full enforcement beginning in January 2027.[i]
Scope and Extraterritorial Reach
The Child Safety Law applies broadly to digital platforms and service providers operating in, or targeting users in, the UAE.
Covered entities include:
- Websites
- Social media platforms
- Streaming services
- Gaming platforms
- Online marketplaces
- Smart applications
- Other providers of digital content or services
The law has extraterritorial effect, so foreign companies with users in the UAE may be subject to its requirements.
Risk Classification Framework
A central feature of the regime is a risk classification system, to be established by Cabinet decision.
Under this system:
- Platforms will be categorised according to content risk, user demographics and service type
- Compliance obligations will vary based on assigned risk level
- Higher-risk platforms will face stricter age assurance and safety requirements
Age verification measures must be:
- Proportionate to platform risk
- Appropriate to the nature of the service
- Technically and operationally effective
Definition of “Child” and Gambling Restrictions
For regulatory purposes, a child is defined as any person under 18.
Platforms must:
- Prevent children from accessing inappropriate or harmful material
- Prohibit access to online commercial games involving:
- Gambling
- Betting
- Similar high-risk activities
Required safeguards include:
- Age verification mechanisms
- Technical blocking tools
- Administrative enforcement controls
Children’s Personal Data Protections
The law introduces strict rules governing children’s personal data. For children under 13 years old, platforms may not:
- Collect
- Process
- Publish
- Share personal data without explicit, documented and verifiable parental consent.
Additional restrictions include:
- Clear communication of privacy practices
- Prohibition on behavioural profiling and targeted advertising directed at children
- Ban on commercial exploitation of children’s data
Limited Cabinet-approved exemptions apply, including certain educational or health-related services with enhanced safeguards.
Content Moderation and Platform Duties
Platforms must implement systems to reduce children’s exposure to harmful content, including:
- Blocking and filtering mechanisms
- Content classification systems
- Advertising controls
Platforms are also required to provide custodians (parents or legal guardians) with tools to manage children’s digital activity, such as:
- Supervision features
- Account management controls
- Usage limits
These tools are intended to support caregiver responsibilities under the law.
Internet Service Provider (ISP) Obligations
Licensed internet service providers in the UAE must implement complementary safeguards, including:
- Network-level content filtering
- Parental control tools
- Reporting mechanisms for harmful content, including child sexual abuse material
Both platforms and ISPs are subject to mandatory reporting and cooperation obligations.
Regulator and Governance Structure
The Telecommunications and Digital Government Regulatory Authority (TDRA) oversees compliance and enforcement.
The law also establishes a national Child Digital Safety Council, chaired by the Minister of Family, to:
- Guide policy
- Coordinate national child online safety efforts
- Advise on standards and regulatory measures
Enforcement and Sanctions
Non-compliance may result in administrative measures, including:
- Blocking of digital services
- Suspension of operations
- Closure orders
Specific penalties and detailed enforcement mechanisms are expected to be set out in implementing regulations.
[i] https://www.clydeco.com/en/insights/2026/01/uae-issues-landmark-child-digital-safety-law#:~:text=In%20a%20significant%20move%20to,compliance%20required%20by%20January%202027.