Virtual Asset Regulation in the UAE: A New Phase of Market Maturity

Transcript

SPEAKER_00 0:00

In the first half of 2026, UAE regulators introduced important legal and regulatory reforms that are expected to shape the next phase of the UAE's virtual asset, VA, sector. The recent regulatory developments demonstrate the continued evolution and increasing sophistication of the UAE's VA regulatory framework, with regulators responding to rapid sectoral growth and the emergence of increasingly complex and novel VA business models. Before examining the key regulatory developments introduced in 2026, it is important to briefly outline the UAE's broader VA regulatory landscape. The UAE currently maintains one of the most comprehensive VA regulatory ecosystems globally. In the mainland UAE, at the federal level, VA activities are regulated by the Capital Market Authority, CMA. Within the Emirate of Dubai, excluding the Dubai International Financial Center, DIFC, VA activities fall under the jurisdiction of the Virtual Assets Regulatory Authority, VARA. In parallel, the Central Bank of the UAE, CBUI, regulates payment-related activities involving virtual assets, including activities relating to stable, the Financial Free Zones, E, the Abu Dhabi Global Market, ADGM, and DIFC, also have comprehensive and bespoke regulatory frameworks to govern VA activities. Overall, all three jurisdictions, that is, mainland UE, DIFC, and ADGN, offer bespoke licensing options which must be assessed in light of the proposed business model and target market. In this article, we discuss the key regulatory developments shaping the UAE's VA sector in 2026. Mainland UAE, the CMA's new regulatory framework for VA activities. The CMA has issued Decision No. 04 RM2026 concerning the regulation of virtual asset service providers, VASPs, and alternative trading systems, ATS. Replacing its previous VA framework introduced in 2023, the new framework significantly expands the scope of regulated activities from three to eight activities, namely, dealing in virtual assets as principal, dealing in virtual assets as agent, providing custody, arranging custody, arranging investment deals, providing investment advice, portfolio management, and operating a multilateral trading F. These activities are mapped to six license categories from a prudential perspective with minimum capital requirements and an expense-based capital test. The regulatory framework is split into three modules. The General Framework Module, GEN, which sets out certain important definitions, the scope of various licenses, and the prudential categories. The business regulation module, which sets out conduct and operational compliance requirements, and the ATS module, which sets out the core regime for alternative trading systems and multilateral trading facility, MTF, operators G. Crypto Exchanges. The GEN module prescribes seven key approved positions for virtual asset service providers, VASPs, and establishes UAE residency requirements for certain roles and permitted role combinations. Under the ATS module, ATS operators are required to maintain eight key person functions and impose residency requirements for specified roles. For firms that have relied on offshore management or heavily outsourced control functions, this will require restructuring. Further, AML slash CFT compliance is treated as a core compliance requirement rather than a bolt-on. The CMA regulation emphasizes a permission distributed ledger technology, DLT, requirement for venues. DLT used by an ATS must operate on a permission basis, with the licensed entity maintaining control over access and record updates. Token restrictions and product perimeter. A VAMTF operator must register each VA with the CMA before listing and enabling trading. Privacy tokens and algorithmic tokens are prohibited outright, while utility tokens and non-fungible tokens, NFTs, are restricted to limited approval-based exceptions. Market structure, trading venues. At the venue level, the ATS module draws a line. VA trading and settlement cannot be conducted through an organized trading facility, OTF. The ATS module expressly prohibits using an OTF for trading and settling VAs. In other words, VA trading must not occur on venues such as OTFs where the operator has broad discretion over trade matching or execution mechanics. Instead, VA trading must occur through a MTF model, which operates with transparent and predetermined trading rules. This reflects a policy preference for greater market transparency, consistency, and reduced manipulation/slash conflict risks in VA markets. A VAMTF may, however, conduct negotiated transactions, thereby permitting certain pre-arranged or bilaterally negotiated trades to be executed within the MTF framework, subject to the rules, oversight, and transparency requirements applicable to the venue. VARA's dedicated framework for VA Exchange Traded Derivatives. Dubai's VARA recently updated its Exchange Services Rulebook to introduce a dedicated framework for offering services in relation to VA Exchange Traded Derivatives. A new part 5 has been added to the rulebook which sets out various conditions for offering ETD services. The term ETD services is defined as matching orders between buyers and sellers and conducting the purchase, sale, or any other transaction between ETDs and VAs, and maintaining an order book in furtherance thereof. Matching orders between buyers and sellers and conducting the purchase, sale or any other transaction between ETDs and fiat currency is not permitted. Only VASPs already licensed for exchange services may offer ETD services, and only where that permission is explicitly reflected in their VARA license. Therefore, ETD services authorization is a separate application process, not a consequence of holding an exchange services license. The term exchange traded derivatives covers derivatives whose value derives from or fluctuates based on the price of one or more underlying VA or other approved assets, and whose price and slash or settlement is denominated in a VA. Covered instruments include contracts for difference, CFDs, futures, options, and any other instrument designated by VARA from time to time. Certain other key requirements are as follows: Client Suitability. ETD services providers must conduct a suitability assessment prior to onboarding any ETD client to ensure that only approved and assessed clients are permitted to access ETD products. Retail investor protections. Retail investors are subject to a maximum leverage cap of 5.1. Corresponding to a minimum initial margin requirement of 20% of the notional position value. Institutional and qualified investors are afforded greater flexibility, subject to VARA's supervisory discretion. Strict account segregation. ETD trading accounts must be segregated from all other client accounts, and non-ETD clients must not be exposed to any loss mutualization arising from ETD activities. Price feed integrity. ETD services providers are required to validate price feeds using multiple independent and diversified sources, and reliance on a single price source is expressly prohibited. Perpetual ETDs. Derivatives without a fixed expiry date are subject to additional requirements, including minimum funding rate calculations of at least three times daily and periodic funding exchanges between clients throughout the trading day. The amendments are a clear signal that VARA is systematically building out its regulatory architecture for more sophisticated VA products. Exchanges considering ETD services will need to apply to VARA for specific authorization, which will require demonstrating, among other things, appropriate systems and controls, draft client agreements, risk disclosures, product terms, and details of their insurance fund and close-out procedures. VARA's new guidance on VA issuance. In April 2026, VARA issued guidance on the Virtual Assets Issance Rulebook, Rulebook, which provides practical guidance on how VARA's issuance regime applies across different types of VAs and issuers. The guidance reiterates that all entities in the Emirate of Dubai issuing VAs in the course of business must comply with the rulebook, and that there are three main issuance pathways. Category 1 issuances, which include fiat referenced VAs, that is, stablecoins in general, and asset-referenced virtual assets, ARVA, that is, real-world asset-backed tokens, and require a VARA license. Category 2 issuances, g. VAs such as Ethereum, which do not require the issuer to be licensed, but such VAEs must be placed and distributed through a VARA license distributor, and exempt VAs, G. Utility tokens, which are subject to limited requirements because of their restricted functionality. The guidance also includes illustrative examples covering Category 1 issuances, Category 2 issuances, license distributor arrangements, exempt VAs, white paper requirements, and risk disclosure statements, thereby providing market participants with greater clarity regarding VARA's expected application of the framework in the context of actual token issuance and distribution structures. In relation to asset-referenced virtual assets, ARVAS, the guidance provides additional practical clarification regarding underlying reference assets, reserve asset arrangements, redemption rights, and related structural features. It therefore offers useful interpretative guidance for real-world asset tokenization structures, the DIFC. The DFSA's Enhanced VA regulatory framework. In the last quarter of 2025, the DFSA issued consultation paper No. 168, proposing a series of enhancements to its regulatory framework for VA activities, with a view to strengthening the DIFC's position as a progressive and business-friendly jurisdiction for VAs. The proposed amendments to the DFSA's regulatory regime came into effect in January 2026 and reflect a significant evolution in the DFSA's regulatory approach. One of the key developments is the transition from the previous recognized crypto token RCT framework to a more flexible, suitable crypto token framework. Under the former RCT regime, persons seeking to carry out certain financial services, including financial promotion, in or from the DIFC in relation to crypto tokens, such as Bitcoin or Ethereum, or crypto token derivatives could only do so where the relevant token had been formally designated by the DFSA as an RCT. The DFSA accordingly maintained a public list of approved tokens that could be used in the DIFC. Under the new framework, the responsibility for assessing whether a crypto token is suitable has shifted to the relevant persons proposing to undertake the regulated activity. This represents a notable move toward a more principles-based and industry-led regime, empowering firms to undertake their own suitability assessments in accordance with DFSA requirements, while promoting greater agility within the DIFC ecosystem. The revised approach reflects the DFSA's increasing confidence in the maturity of market participants and aligns the DIFC more closely with evolving regulatory practices in other jurisdictions. It is important to note, however, that the DFSA has retained a different approach in relation to fiat crypto tokens, i.e., e-stable coins in general. A fiat crypto token may only be used in or from the DIFC if it has been formally recognized by the DFSA as suitable for such use. As of May 2026, the fiat crypto tokens assessed to be suitable in the DIFC are Circle EuroCoin, EURC, Circle USD Coin, USDC, and Ripple USD, R List. The other key area of development is in VA collective investment funds. In particular, the DFSA has removed several thresholds and restrictions that previously applied to funds investing directly or indirectly in crypto tokens. Under the earlier framework, crypto-focused funds were required to satisfy specific eligibility criteria before they could be promoted or offered in the DIFC. The revised regime introduces greater flexibility regarding the types of crypto-related funds that may be established, promoted or offered, thereby broadening investment opportunities in the fund sector. The DFSA has also supplemented its regulatory framework with detailed FAQs, a policy statement on fiat crypto tokens, and supervisory guidelines on assessment suitability of crypto tokens, all of which provide valuable clarity and practical insight into the interpretation and application of the regime. The ADGN. The FSRA's amended regulatory framework for VA staking and crypto mining. The ADGN recently advanced its VA framework in two important areas. VA staking and crypto mining. VA staking activities. The Financial Services Regulatory Authority, FSRA, introduced amendments to its regulations to permit limited staking activities in relation to VAs. Entities licensed by the FSRA to provide custody in relation to VAs, VA custodians, or manage assets in relation to VAs, VA asset managers are permitted to conduct staking activities using clients' VAs that they hold or control by way of business. While a VA asset manager is permitted to stake its clients' VAs on a discretionary basis by selecting the staking service provider and the specific staking opportunity, as well as to execute a client's instructions to stake its VA. A VA custodian is permitted to stake client VAs on specific client instructions. The FSRA has clarified that solo staking would not be regulated as participants carry out staking on their own account. And staking as a service would not be regulated where the service provider is only offering technical services to facilitate, set up, operate, or maintain the staking infrastructure without holding or controlling a client's VAs. Crypto mining activities. The ADGM Registration Authority, RA, issued a discussion paper setting out its proposed policy considerations and regulatory approach. The discussion paper describes crypto mining as verifying transactions on a decentralized ledger or infrastructure network, in return for rewards in the form of digital assets generated by a consensus. Key features of the RA proposals include the following technology neutral approach. The proposed framework would apply across different consensus mechanisms, including proof of work, POW, proof of stake, POES, and other emerging validation technologies. Commercial licensing framework. Crypto mining would be regulated as a licensed commercial activity under the RA framework, rather than as a regulated financial service under the FSRA regime. Governance and transparency expectations. The proposals contemplate requirements relating to corporate transparency, beneficial ownership disclosures, and operational integrity. Risk-based supervision. Supervisory oversight would be calibrated based on the scale, complexity, and nature of the mining activities undertaken. Global Headquarters Oversight. The framework contemplates permitting ADGM incorporated entities to oversee and manage overseas crypto mining operations from within the ADGM.