The United Arab Emirates has introduced a landmark piece of legislation, Federal Decree-Law No. 26/2025 on Child Digital Safety (CDS Law), establishing a comprehensive framework to protect minors online. This significant regulatory update, which affects a wide range of digital businesses, is being closely watched by founders and operators across the MENA region, with enforcement managed by bodies like the Telecommunications and Digital Government Regulatory Authority (TDRA). The law officially came into effect on January 1, 2026, granting companies a one-year grace period to achieve full compliance.
A New Regulatory Framework for the Digital Age
The CDS Law signals a major shift in the UAE’s digital landscape, bringing it in line with global standards such as the EU’s Digital Services Act and the UK’s Online Safety Act. Its reach is extensive, applying to Internet Service Providers (ISPs) and digital platforms that operate within the UAE or target users in the country.
This includes websites, mobile applications, social media networks, e-commerce sites, and gaming and streaming services where individuals under the age of 18 may be exposed to content. The legislation also uniquely places defined responsibilities on parents and guardians, creating a shared accountability model for child safety.
The Child Digital Safety Council and Platform Classification
A core component of the new law is the establishment of a Child Digital Safety Council. This body will be responsible for overseeing the law’s implementation, recommending regulatory updates, and setting new standards for children’s digital privacy and security.
Furthermore, the UAE Cabinet is set to introduce a digital platform classification system. This will categorize platforms based on their content, usage patterns, and potential impact on children. Each category will have a corresponding set of compliance obligations, disclosure requirements, and verification mechanisms, creating a tiered approach to regulation.
Enhanced Data Protection and Age Verification Mandates
The CDS Law places a strong emphasis on protecting the personal data of children, with specific and stringent rules for those under the age of 13. The collection, processing, or sharing of a child’s data is now heavily restricted and is prohibited for commercial purposes like targeted advertising.
To proceed with data collection, platforms must obtain verified parental consent, maintain transparent privacy policies, and adhere to data minimization principles. Digital platforms are also now required to implement effective age-verification measures that are proportionate to the risk level of their content.
Compliance Obligations for Platform Operators
For many tech companies, especially those hosting user-generated content, the CDS Law will necessitate significant operational and technical adjustments. Platform operators must deploy robust privacy settings for children’s accounts by default and provide comprehensive parental controls, including content filtering and blocking tools.
The law mandates clear mechanisms for users to report harmful or illegal content. Platforms are also expected to use systems, potentially including AI-powered tools, to proactively detect and remove harmful material. Immediate reporting of any child exploitation material to the relevant authorities is mandatory, and companies must comply with official takedown orders and submit regular compliance reports.
About the Child Digital Safety Law
Federal Decree-Law No. 26/2025, the Child Digital Safety (CDS) Law, is a legislative initiative by the United Arab Emirates designed to create a safer digital environment for minors under the age of 18. The law imposes a set of obligations on digital platform operators, internet service providers, and caregivers to mitigate risks associated with children’s exposure to unsuitable online content and protect their personal data.
Source: MEA TechWatch
