In the digital age, the United Arab Emirates has established strict regulations to protect its citizens and maintain online security. The country's Cybercrimes Law (Decree-Law No. 34 of 2021) addresses a wide range of online offenses, from sharing illegal content to hacking and cyber extortion. This series of questions and answers explore the various facets of the UAE's Cybercrimes Law, detailing the penalties for illegal online activities such as sharing harmful links, sending threatening messages, distributing malicious software, and engaging in financial fraud. By outlining key legal principles and penalties, the article aims to inform readers of the potential consequences of cybercrimes and the importance of adhering to the country's digital regulations.
Definition of Cyber Extortion According to the Cybercrimes Law in the UAE and the Penalties Imposed:
According to the Cybercrimes Law in the UAE (Decree-Law No. 34 of 2021), cyber extortion and threats are considered crimes when a person extorts or threatens another to force them to act or refrain from doing something, using an information network or any means of information technology.
Punishment: The offender is liable to imprisonment for a term not exceeding two years and a fine of no less than AED 250,000 (two hundred fifty thousand dirhams) and no more than AED 500,000 (five hundred thousand dirhams), or either of these penalties, if they extort or threaten someone to act or refrain from acting using an information network or any means of information technology.
In cases where the threat involves committing a crime or making defamatory statements that harm a person's honour or reputation, and this is accompanied by a direct or indirect request to do or refrain from doing something, the penalty is temporary imprisonment for a term not exceeding 10 years.
Can sharing a link to illegal content be considered a cybercrime?
In the United Arab Emirates, sharing a link to illegal content can indeed be considered a cybercrime. The UAE has strict laws regarding internet usage and online content, especially with the enactment of the "Cybercrime Law" (Decree-Law No. 34 of 2021), which penalizes a wide range of illegal online activities.
According to this law, sharing a link that leads to content violating the law can include:
Illegal pornography
Defamation, slander, and libel
Incitement to violence or terrorism
Posting content that harms public safety or the public order
Posting content harmful to children or involving their exploitation
Content that promotes racism or hatred
Even if you are merely sharing a link and not creating the content yourself, it can still be considered promoting illegal content, which can expose the individual to legal action and penalties, which may include fines or imprisonment.
Therefore, it is always advised to exercise caution when sharing any links online in the UAE and to ensure that the content of the link complies with local laws.
Punishment for Sending Threatening or Aggressive Messages via Apps like WhatsApp or Other Messaging Platforms under the UAE Cybercrimes Law:
A person can be penalized if they send threatening or abusive messages via messaging apps such as WhatsApp or other platforms. According to the UAE's Cybercrime Law, crimes that occur through chat applications like WhatsApp and other instant messaging apps are covered. The law regulates and punishes any illegal activities conducted using technology and the internet, including communication apps.
The penalty for threatening through messages in UAE law is found in two laws:
Penal Code (Federal Law No. 31 of 2021):
If the threat is made through written or electronic messages delivered by hand to the victim, the punishment is as follows:
Article 402 of the Penal Code specifies that anyone who threatens another person in writing or verbally, with the intention of committing a felony against their life, property, or reputation, and accompanied by a demand to perform or refrain from performing an act, will be sentenced to temporary imprisonment for up to seven years.
If no demand is made for an act or omission, the punishment will be imprisonment for up to one year and a fine of at least 10,000 AED.
Anti-Rumors and Cybercrimes Law (Federal Law No. 34 of 2021):
If the threat occurs via an electronic message, such as through email or social media platforms, it falls under Article 42 of the Cybercrime Law related to extortion and online threats, which stipulates:
Punishment with imprisonment for up to two years and a fine ranging from 250,000 AED to 500,000 AED, or one of these penalties.
If the threat involves committing a crime or tarnishing someone's honor or reputation, with an explicit or implicit request to act or refrain from acting, the punishment is increased to temporary imprisonment for up to ten years.
What is he punishment for the use of Spyware or Malicious Software under the UAE Cybercrimes Law?
The UAE Cybercrimes Law imposes penalties on any actions that cause harm, destruction, interruption, or disabling of a website, electronic information system, information network, or technology. This also includes actions like cancelling, deleting, destroying, disclosing, altering, copying, publishing, republishing, or obtaining any data or information that compromises its confidentiality.
According to Article 12 of Federal Decree-Law No. 34 of 2021 concerning the fight against rumours and cybercrimes, the following penalties apply:
Imprisonment and a fine of no less than AED 150,000 and no more than AED 500,000, or one of these penalties, will be imposed on anyone who obstructs or intercepts access to an information network, website, electronic information system, or any electronic communication or data.
If the perpetrator discloses or leaks the information or data obtained through the interception, the penalty increases to imprisonment for at least one year and a fine of up to AED 1,000,000.
If the interception involves the communications, data, or information of a government institution, the penalty is temporary imprisonment.
These penalties are designed to deter the illegal use of malicious software or spyware, as well as unauthorized interception and disclosure of sensitive information.
Are Individuals Allowed to Conduct Penetration Testing on Electronic Systems in the UAE?
In the United Arab Emirates, conducting penetration tests on electronic systems is considered illegal unless authorized by the relevant authorities. Unauthorized penetration testing or hacking into websites, electronic information systems, networks, or technology systems is a criminal offense under the UAE Cybercrimes Law.
Penalties for such offenses are as follows:
Basic Hacking Penalty:
Imprisonment and a fine of no less than AED 100,000 and no more than AED 300,000, or one of these penalties, for anyone who hacks into a website, electronic information system, information network, or technological system.
Penalty for Causing Damage or Disruption:
Imprisonment for no less than 6 months and a fine of no less than AED 150,000 and no more than AED 500,000, or one of these penalties, if the hacking causes damage, destruction, disruption, or interruption of an electronic system, website, information network, or technological system. This also includes actions like deleting, destroying, disclosing, altering, copying, publishing, republishing, or obtaining any data or information or compromising its confidentiality.
Penalty for Hacking to Obtain Data for Unlawful Purposes:
Imprisonment for no less than 1 year and a fine of no less than AED 200,000 and no more than AED 500,000, or one of these penalties, if the hacking is done to obtain data or information for illegal purposes.
Given the severity of the penalties, it is crucial to obtain proper authorization before engaging in any penetration testing or security assessments of electronic systems in the UAE. Unauthorized activities are strictly prohibited and can lead to significant legal consequences.
Penalties for Hacking Government Information Systems in the UAE
The UAE law places great emphasis on protecting government information systems from unauthorized access due to their critical role in facilitating the transactions and activities of residents in the country. This focus on cybersecurity is part of the broader effort to maintain the UAE's standing as a leading nation in technological advancement.
According to the UAE Cybercrimes Law (Federal Decree-Law No. 34 of 2021), the penalties for hacking into government-owned electronic systems are as follows:
General Penalty for Hacking Government Systems:
Imprisonment for a temporary period and a fine ranging from AED 200,000 to AED 500,000, for anyone who hacks into a government website, electronic information system, information network, or any technological system belonging to state institutions.
Penalty for Causing Damage or Disruption:
Imprisonment for no less than 5 years and a fine of no less than AED 250,000 and no more than AED 1,500,000, if the hack causes damage, destruction, disruption, or suspension of an electronic system, website, information network, or technological system. This also includes actions such as deleting, destroying, disclosing, altering, copying, publishing, republishing, or compromising the confidentiality of any data or information, or if the crime results from a cyber-attack.
Penalty for Hacking to Obtain Data or Information:
Imprisonment for no less than 7 years and a fine of no less than AED 250,000 and no more than AED 1,500,000, if the hacking is done to obtain data or information from any government entity or institution, as specified in the law.
These strict penalties underscore the UAE's commitment to safeguarding its government infrastructure and protecting sensitive data from malicious activities.
What to Do if You Fall Victim to Financial Fraud Online in the UAE and How to File a Complaint
If you become a victim of online financial fraud in the UAE, it is crucial to take immediate action to report the incident and protect your assets. Here's what you can do:
Report to the Central Bank of the UAE:
You can directly report the fraud via the UAE Central Bank's official website or by contacting their hotline. They handle complaints related to financial fraud and can assist in the investigation process.
Dubai Police e-Crime Service:
For financial fraud, you can file an electronic report through the Dubai Police e-Crime platform. This service allows you to report financial crimes such as online fraud, scams, and other cybercrimes.
Telecommunications Regulatory Authority (TRA):
The TRA receives complaints related to suspicious communications, such as fraudulent phone calls or emails. If you receive scam messages or phone calls, you can file a report with the TRA.
Preventative Measures and Awareness:
As fraud techniques continue to evolve, it is vital to stay aware of potential scams. Always be cautious about sharing sensitive information, especially banking details, over the internet. Here are some tips:
Never share your banking or personal details with unknown individuals or organizations.
Verify the legitimacy of websites and emails before making financial transactions.
Report any suspicious activity immediately to the appropriate authorities.
By following these steps, residents of the UAE can better protect themselves from financial fraud and ensure the security of their assets.
What are the Penalties for Distributing Viruses or Malicious Software in the UAE?
The UAE law ensures the protection of individuals from malicious software and viruses sent through various means, such as text messages, which can cause significant financial loss. These malicious programs can harm data, websites, networks, or information systems, leading to disruptions, deletions, or alterations. According to Article 6 of the Cybercrimes Law, the penalties for distributing such harmful software are as follows:
General Penalties:
A person who obtains, modifies, destroys, discloses, leaks, cancels, deletes, copies, publishes, or republishes personal data or information without authorization, using information technology or electronic means, will face:
Imprisonment for a period not less than 6 months and a fine ranging from AED 20,000 to AED 100,000, or one of these penalties.
In Case of Sensitive Data:
If the data or information in question relates to medical records, bank accounts, electronic payment data, or personal data (such as health records, payment details, or diagnostic information), it is considered an aggravating circumstance, leading to more severe penalties.
Penalties for Receiving and Retaining Illegally Obtained Data:
If an individual receives, retains, stores, or uses such illegally obtained data despite knowing its unlawful nature, they will be subject to the same penalties, which include imprisonment and fines.
The law takes a strict stance against the misuse of technology to harm individuals or institutions, and such acts of distributing harmful software or data are treated with seriousness, ensuring the safety of personal and sensitive information.
What is The Role of the Telecommunications Regulatory Authority in Combating Cybercrime and Monitoring Illegal Online Activities in the UAE?
The Telecommunications and Digital Government Regulatory Authority (TDRA) is the legal body responsible for regulating the telecommunications sector in the UAE. This authority operates in accordance with the Telecommunications Law – Federal Decree-Law No. (3) of 2003 concerning the regulation of telecommunications and its amendments, in line with the country's policies.
The TDRA plays a significant role in combating cybercrime and monitoring illegal activities on the internet by:
Establishing Regulatory Frameworks:
The authority designs and implements regulations that help protect
the country from cybercrime. This includes monitoring internet
traffic, online communications, and ensuring that online platforms
comply with national cybersecurity laws and regulations.
Promoting Safe and Secure Communication
Services:
The TDRA ensures the provision of secure communication services by
regulating internet service providers and overseeing the delivery
of these services to citizens and businesses. This includes working
on protecting users from malicious cyber activities like fraud,
phishing, and hacking.
Regulating the Use of Digital Platforms:
As part of its mandate, the TDRA monitors the use of digital
platforms to prevent harmful activities. This includes controlling
online content that violates national laws, such as content related
to hate speech, extremism, and cyberbullying. The authority
cooperates with other agencies to take action against illegal
online activities.
Raising Awareness and Educating the
Public:
The TDRA plays a role in educating the public on the importance of
cybersecurity and safe internet usage. This includes initiatives
aimed at raising awareness about the risks of cybercrimes and
providing guidance on how to protect personal data online.
Collaboration with Law Enforcement
Agencies:
The TDRA works closely with law enforcement bodies, such as the UAE
Police and other cybersecurity agencies, to investigate and take
legal action against cybercriminals. It provides the necessary
tools, infrastructure, and expertise to support these efforts.
Ensuring Consumer Rights and Fair
Competition:
While regulating the telecommunications sector, the TDRA ensures
that consumers' rights are protected, and fair competition is
maintained. This helps prevent monopolistic practices and ensures
that service providers act responsibly, reducing opportunities for
cybercrime.
In summary, the TDRA's role in combatting cybercrime is critical in maintaining a safe and secure digital environment for individuals and businesses in the UAE. Through its regulatory actions, partnerships, and consumer protection efforts, the authority contributes to safeguarding the country against the growing threat of cybercrime.
Is Publishing Content that Contradicts Religion or Social Values Considered a Cybercrime in the UAE, and What Is the Penalty?
In the UAE, publishing content that contradicts religion or social values is considered a cybercrime. The country's Cybercrimes Law aims to protect digital security and uphold the social and moral values of the nation. The law criminalizes any online activity that threatens these values, including the dissemination of content that may harm public order, religious sensibilities, or societal ethics.
According to Article 19 of the Cybercrimes Law, the penalty for publishing content that contradicts religious beliefs or social values is as follows:
Imprisonment for up to one year and/or a fine ranging from 30,000 AED to 300,000 AED, or one of these penalties individually.
This applies specifically to individuals responsible for managing websites or electronic accounts who publish content that violates the standards set by the relevant regulatory authorities.
This law serves as a means to maintain the moral fabric of society and ensures that digital platforms are not used to spread content that could lead to social harm or unrest. The authorities are particularly vigilant about content that challenges or disrespects the dominant religious, cultural, and societal norms in the UAE.
What is "Electronic Fraud" According to the UAE Cybercrime Law and Its Main Forms?
Electronic fraud is a crime committed through digital networks such as the internet, satellite networks, computers, or mobile devices. This form of fraud involves the unauthorized access to specific information, cyber extortion, harassment, or the theft of sensitive data, including state security information. It also includes various illegal activities conducted using cyberspace. According to the UAE Cybercrimes Law, electronic fraud is considered a serious offense, and its key forms include:
Control of Mobile SIM Cards: Fraudsters gain control over someone's mobile number or SIM card to carry out fraudulent activities such as identity theft or unauthorized transactions.
Credit Card Fraud or Identity Theft: This includes the theft or misuse of credit card information or personal identity cards to conduct illegal financial transactions.
Financial Fraud: Fraud involving hacking into banking systems, transferring or withdrawing funds between accounts without authorization, or creating unauthorized digital currencies for illegal trading.
Gambling and Promoting Drugs: Using digital platforms for illegal activities like online gambling or promoting drug use through electronic means.
Illegal Promotion of National Currency Exchange Rates: Engaging in or promoting illegal activities related to the trading or manipulation of national currency exchange rates.
Fake Job Offers: Fraudulent schemes that involve sending fake job offers or scams that promise employment but aim to collect personal data or extort money from victims.
Fake Anti-Fraud Agencies: Fraudsters set up fake agencies or organizations that claim to help individuals avoid fraud, but instead, they exploit and scam people for money.
Real Estate Investment Scams: Fraudulent schemes involving fake advertisements or offers for real estate investment opportunities that do not exist, targeting potential victims seeking to invest in properties.
Legal Consequences:
Under the UAE Cybercrimes Law (Federal Law No. 34 of 2021), those involved in electronic fraud can face severe penalties, including imprisonment, hefty fines, and the confiscation of any fraudulent gains. The penalties are determined based on the severity of the fraud, the financial losses caused, and whether the crime was committed against individuals, organizations, or the state.
The UAE takes electronic fraud very seriously, and the law provides strict measures to combat and deter such crimes to protect citizens, institutions, and the country's economy from online threats.
What are the Penalties for the Exploitation of Children in Cybercrimes (Such as Cyber Extortion or Child Pornography) According to UAE Cybercrime Law?
The UAE Cybercrimes Law places significant emphasis on the protection of children from online exploitation, considering it a critical matter. The law specifically targets activities that involve the abuse or exploitation of children through digital means, aiming to prevent child pornography, cyber extortion, or any other criminal activity involving children online.
Under the UAE Cybercrimes Law, particularly Article 35, individuals found guilty of exploiting children for the creation, distribution, or promotion of obscene materials or harmful content online face severe penalties. This includes any activity involving the exploitation of children in inappropriate images or videos.
Key Provisions:
Punishment for Exploiting Children in Pornographic Activities:
Anyone who incites, persuades, or assists a child in broadcasting, creating, or distributing pornographic material using any information network or technological means is subject to imprisonment for a term not less than 2 years and a fine ranging from AED 250,000 to AED 1,000,000 or one of these penalties.
Punishment for Distribution of Child Pornography:
If the material being created or distributed is related to child pornography, the punishment can escalate to temporary imprisonment and a fine of up to AED 1,000,000.
No Criminal Liability for the Child Victim:
The law clarifies that a child victim involved in such activities due to incitement or coercion is not criminally liable for any actions they may have been forced to participate in.
Key Points:
The law is designed to protect minors from online predators and criminal activities that exploit them for pornographic or abusive purposes.
Severe penalties reflect the seriousness with which the UAE addresses such crimes, aiming to deter offenders and provide justice for child victims.
The legal system ensures that victimized children are treated with care, without holding them accountable for the crimes they were coerced into participating in.
The UAE's Cybercrimes Law makes it clear that any involvement of children in online exploitation will be met with strict legal consequences, reflecting the country's commitment to protecting minors from harm in the digital space.
What are the rules and procedures individuals or organizations should follow to avoid violating the Cybercrimes Law?
The rules and procedures individuals should follow:
Full respect for the rights of others.
Caution when handling personal data.
Ensuring system security.
Refraining from using the internet to promote illegal activities.
The rules and procedures organizations should follow:
Implement security and data protection measures.
Ensure compliance with local and international laws.
Develop an internet usage policy.
Establish procedures for dealing with cyber incidents.
Provide training courses for employees on cybersecurity, data protection, and preventing electronic violations.
Raise awareness on how to handle online content and avoid publishing or engaging with illegal material.
What is the penalty for using work computers or networks to commit cybercrimes?
Under the UAE's Cybercrime Law, using work computers or networks to commit cybercrimes is punishable. It is considered a crime to use work resources, whether computers or networks, to engage in any illegal or unlawful activity.
The penalty includes:
Imprisonment for a period of no less than 6 months, and a fine ranging from 200,000 AED to 1,000,000 AED, or either of these penalties.
Any individual who discloses confidential information obtained in the course of their work, profession, or craft, using any form of information technology, without authorization or the consent of the concerned party, is liable for this penalty.
If the offender uses that information for personal gain or the benefit of another person, this will be considered an aggravating circumstance.
What is Forgery of Electronic Documents and Its Penalty According to the Law?
Forgery of electronic documents refers to any individual who falsifies an electronic document, including those issued by federal or local government entities, in order to protect the integrity of the community. The law imposes a penalty under Article 14 of the Cybercrime Law as follows:
Imprisonment and a fine of no less than 150,000 AED and no more than 750,000 AED, for anyone who forges an electronic document of federal or local government documents, or documents from federal or local public authorities or institutions.
Imprisonment and a fine of no less than 100,000 AED and no more than 300,000 AED, or either of these penalties, if the forgery occurs in documents from entities other than those mentioned in the first paragraph.
The same penalties apply to anyone who uses the forged electronic document with the knowledge that it has been forged.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
