The United Arab Emirates has introduced a sweeping new framework to protect children in digital environments through Federal Decree-Law No. 26 of 2025 on Child Digital Safety. The law entered into force on January 1, 2026, with a one-year transition period, meaning full enforcement begins in January 2027.
The legislation reflects the UAE’s growing focus on regulating online spaces increasingly accessed by children and on holding digital service providers accountable for risks tied to content, data processing, and online engagement. It introduces a proactive, risk-based model that reshapes how platforms, internet service providers, and custodians must operate.
At its core, the law seeks to shield children from harmful content, strengthen privacy and data protections, and establish a structured governance framework for digital platforms operating in or targeting the UAE. Age-based safeguards, content controls, reporting mechanisms, and parental responsibilities form the backbone of this new regime.
Key features
The law establishes a high-level, principles-based framework. Many technical and operational details will be clarified through forthcoming Cabinet decisions and implementing regulations, but binding obligations already apply.
Its scope is deliberately broad. It covers digital platforms, licensed internet service providers, and custodians of children. Crucially, it applies not only to entities operating inside the UAE, but also to foreign platforms that target users in the country. This extraterritorial reach means global platforms accessible to UAE children may fall under enforcement, even without a local presence.
A defining element is the risk-based classification of platforms. Digital services will be categorised based on content type, scale of use, user demographics, and potential impact on children. The level of regulatory obligation will vary by risk tier, shaping requirements for age verification, content moderation, reporting, and parental safeguards.
Together, these elements create substantial compliance implications. Platforms that fail to meet requirements may face enforcement measures, including blocking or closure in the UAE.
Scope of application
Digital platforms
The law defines platforms expansively, covering social media, streaming services, e-commerce, gaming platforms, smart applications, search engines, and websites. It applies both to entities operating in the UAE and to those “directing” services toward users in the country. While “directed” is not yet defined, the dual nexus suggests a broad interpretation. Further guidance is expected in implementing regulations.
Internet service providers
Licensed ISPs under UAE telecom law, including du and e&, are subject to infrastructure-level obligations. These include content filtering, parental control tools, and reporting harmful content. Oversight falls under the Telecommunications and Digital Government Regulatory Authority (TDRA), which will issue policies and enforce compliance.
Custodians of children
Parents and legal guardians are required to monitor children’s digital activity, use parental controls, and prevent access to age-inappropriate content. They must report harmful material, including child sexual abuse content. While obligations are clear, enforcement mechanisms and thresholds will be clarified through further regulation.
Risk classification framework
A Cabinet-issued platform classification system will underpin the regime. Platforms will be assessed on content, scale, user profiles, and potential harm to children. Higher-risk services, especially those with significant child engagement, will face stricter age verification, stronger moderation systems, and enhanced reporting duties.
Until the framework is issued, platforms should assume that child-facing or child-heavy services will be subject to heightened scrutiny and more demanding compliance expectations.
The UAE’s Child Digital Safety Law signals a decisive shift toward structured, enforceable online child protection. For global and regional digital providers alike, 2026 is a preparation year to reassess exposure, redesign safeguards, and align operations with a new regulatory reality
