UAE enacts landmark Central Bank law

What you need to know

• Federal Decree-Law No. (6) of 2025 (CB Law 2025) overhauls and consolidates the UAE’s financial regulatory framework, repealing the 2018 Central Bank Law and the 2023 Insurance Decree-Law and unifying rules for banking, insurance, payments and financial market infrastructures.

• The law significantly expands the Central Bank of the UAE’s (CBUAE) remit to cover open finance, payment services using virtual assets, and technology providers that facilitate financial services, bringing broader ecosystem participants within scope.

• CBUAE’s supervisory toolkit is strengthened, including early intervention and resolution authority powers, with wide-ranging measures available for distressed institutions.

• Enforcement is tightened with substantially higher administrative penalties, immediate recovery powers, potential publication of decisions, and criminalisation of unlicensed financial activities.

• Robust consumer-protection mandates apply across sectors, including confidentiality and data safeguards, anti-fraud requirements, enhanced disclosures, fair lending restrictions (including a prohibition on compound interest on customer credit facilities), unified complaints handling and specialised committees for lower-value disputes.

• The Digital Dirham is expressly recognised as legal tender, enabling regulated digital payment use cases and cross-border settlement innovation under forthcoming guidance.

• ESG principles are integrated into the CBUAE’s statutory functions, signalling elevated expectations for sustainable finance, climate-related risk management and disclosures

• A one-year transitional period runs to 16 September 2026 for compliance, with CBUAE retaining discretion to extend.

What you need to do

• Conduct a comprehensive gap analysis against the new consolidated framework, confirming licensing status, regulatory classification and any cross-sector permissions now required across banking, insurance, payments and market infrastructures.

• Map activities involving virtual assets, open finance and enabling technologies to determine if they fall within scope and require authorisation, policy updates or new controls.

• Strengthen governance, board oversight and senior management accountability, and align risk, capital and liquidity management to reflect enhanced early-intervention and resolution powers.

• Upgrade conduct, transparency and consumer-protection frameworks, including fee and risk disclosures, fair lending practices, anti-fraud controls, complaints handling and dispute-resolution processes.

• Enhance data governance to comply with confidentiality rules, permitted data-sharing protocols and AML/CFT-related exchanges, and update incident response and breach notification playbooks.

• Establish a board-approved implementation plan for the transition period through 16 September 2026, with milestones, budget, training and regulatory engagement as needed.

The UAE has taken another major step in modernising its financial regulatory landscape with the issuance of Federal Decree-Law No. (6) of 2025  ("CB Law 2025"). CB Law 2025 was issued on September 8, 2025 and was published in the Official Gazette on September 15 2025, with affected entities being granted a one-year transitional period to ensure their operations are compliant with CB Law 2025 by 16 September 2026. The UAE Central Bank ("UAECB") retains the discretion to extend this period if it is deems appropriate.

CB Law 2025 marks one of the most significant overhauls of the UAE’s financial regulatory framework in over a decade. The CB Law 2025 focusses on modernising and consolidating the UAE's financial and insurance regulatory frameworks under the UAECB, expanding the scope of regulation to address emerging technologies and fintech, and strengthening the UAECB's supervisory and enforcement powers.

Below, we outline the key features of CB Law 2025 and what it means for businesses operating in the UAE’s banking, finance, fintech, and insurance sectors: 

Consolidated Regulation

One of the most important features of CB Law 2025 is its consolidation of prior legislation. The law repeals the previous Federal Law No. (14) of 2018 regarding the Central Bank and the Organisation of Financial Institutions and Activities and Federal Decree-Law No. (48) of 2023 Regulating Insurance Activities, replacing them with a single, unified legal framework for all banking, insurance, and other licensed financial institutions, as well as financial market infrastructures.

This consolidation adopts international best practice by harmonising prudential, conduct, governance, and market infrastructure rules across previously fragmented sectors and provides clearer, consistent obligations for firms that operate across banking, payments, and insurance industries. 

Expanded Regulatory Scope

As the UAE continues to position itself as a global fintech hub, CB Law 2025 significantly broadens the UAECB’s regulatory reach to new and rapidly developing areas of banking and finance, such as:

• Providing open finance services: CB Law 2025 moves beyond open banking to support full open finance, enabling regulated data-sharing frameworks across financial products. This may include wealth management, insurance, pensions, credit scoring and more.
• Payment services using virtual assets: Payment services “using Virtual Assets” are expressly licensable and subject to CBUAE oversight. The law distinguishes Virtual Assets from Currency issued in digital form (i.e. the Digital Dirham, which under CB Law 2025 is legal tender). For the purpose of CB Law 2025, where Virtual Assets and digital currencies (other than Currency issued in digital form) are used as a means or instrument of payment or exchange of a virtual assets for a currency, CB Law 2025 may apply. Where Virtual Assets are for investment purposes, are exchanged for another Virtual Asset or part of swap operations for trading purposes, such activities fall outside the remit of CB Law 2025.  
• Virtual Technology providers that facilitate financial services: The scope of CB Law 2025 extends to technology firms whose activities enable or facilitate financial activities, meaning that entities offering or operating platforms, decentralized applications (dApps), protocols, or technological infrastructure that facilitate, intermediate, or enable the provision of financial activities, such as payments, credit, deposits, money exchange, remittances, or investment services, may fall under UAECB oversight. This highlights a shift toward regulating the broader financial ecosystem rather than only licensed institutions. 

This expansion reflects the UAE’s commitment to responsible innovation, enabling growth while maintaining financial stability.

Increased UAECB Authority

CB Law 2025 reinforces the UAECB's position as the "Resolution Authority", granting the UAECB early intervention rights in distressed financial institutions to ensure systemic stability. Where a licensed institution is in distress or likely to breach prudential requirements, the CBUAE may (amongst other measures) impose remedial measures, require capital/liquidity changes, change business strategy and/or legal or operational structures, replace senior management and board members, facilitate mergers or transfers, impose moratoria on activities, or liquidate.

These powers strengthens the CBUAE's ability to safeguard the stability of the UAE’s financial system and are aligned with international standards designed to ensure timely, transparent, and equitable management of financial distress scenarios.

Stronger Enforcement and Penalties

 CB Law 2025 introduces significantly stricter penalties for violations:

• Administrative fines. The CBUAE may impose administrative monetary penalties up to AED 1,000,000,000 on licensed financial institutions, and up to AED 20,000,000 for specified financial market infrastructure violations. It may also impose significant fines on authorised individual of up to AED 5,000.000.
• Immediate recovery. The CBUAE is empowered to collect fines by direct debit from accounts and guarantees held with the CBUAE or any licensed financial institution. 
• Public transparency. The CBUAE may publish licensing, authorisation, merger, restructuring, liquidation and enforcement decisions, including the name of the violating person, promoting market discipline and accountability. 
• Criminal offences. Unlicensed conduct of licensed financial activities is criminalised and may result in imprisonment and substantial fines. Additional offences cover violation of licence conditions, obstruction or misleading of supervisors, breach of confidentiality, and contraventions of early intervention or resolution measures.

These changes underscore the UAE’s commitment to high regulatory standards and international credibility.

Mandated Consumer Protection

CB Law 2025 introduces stricter consumer protection measures applicable across banks, insurance companies, and other financial institutions, with emphasis on transparency, redress, and fraud mitigation. 

Measures include:

• Confidentiality and Data Safeguards: Customer information is deemed confidential, with limited, clearly defined statutory exceptions and CBUAE protocols for permitted data exchange, including to support AML/CFT and specified fraud prevention measures.
• Mandatory Anti-Fraud Mechanisms: Institutions must implement strong fraud-prevention and detection systems, aligned with modern digital security threats, including minimum security standards, strong authentication, transaction monitoring, breach notification, and reporting of patterns and mitigations.
• Protection of Customers: A new independent authority will manage unified complaints resolution across both the banking and insurance sectors. This centralisation aims to improve customer experience and ensure consistent dispute outcomes.
• Specialised Judicial Committees: Lower-value financial disputes of up to AED 100,000 will be escalated to specialised committees for quicker resolution, whose decisions may not be challenged where the value of the dispute does not exceed AED 100,000.
• Fair Lending and Transparency: Institutions must provide clear, accessible disclosures of fees, terms and risks; compound interest on customer credit facilities is prohibited, with detailed CBUAE rules to apply. For natural persons and sole proprietorships, adequate guarantees proportionate to income and facility size are mandatory; failure to obtain/maintain such guarantees renders related claims inadmissible before courts or arbitral tribunal.
• Financial Inclusion: CB Law 2025 codifies the right for each person to have access to all or part of the banking and financial services and products from licensed financial institutions suited to their needs. The UAECB, in collaboration with licensed financial institutions, proposes to design and implement nationwide financial literacy programs to enhance public understanding of reasonable and responsible borrowing, savings, investment risks, and digital financial services..

Together, these elements reflect an elevated regulatory focus on consumer trust and financial inclusion.

Legal Recognition of Digital Dirham:

In a foundational move supporting the UAE's digital transformation, the law provides explicit legal tender recognition for the Digital Dirham. This formal recognition:

• strengthens the legal framework for the UAECB's digital currency initiatives,
• paves the way for new digital payment ecosystems, and
• supports cross-border settlement innovation.

Businesses should expect new regulatory guidance on Digital Dirham use cases, custody requirements, and compliance obligations.

Integration of ESG Principles

For the first time, the UAECB's statutory functions now explicitly incorporate environmental, social, and corporate governance (ESG) principles across its business and operations. 

This sets the basis for supervisory expectations and the integration supports:

• sustainable finance initiatives,
• climate-aligned lending frameworks,
• green insurance products, andenhanced disclosures.

The move aligns the UAE with global developments and signalling increased expectations for ESG accountability in financial institutions.

CB Law 2025 will require financial institutions, insurers, fintech companies, and virtual-asset payment providers to conduct substantial internal reviews across:

• licensing and regulatory classification;

• risk management and compliance frameworks;

• board governance;

• digital transformation initiatives;

• consumer-protection processes, and

• ESG and sustainability reporting.

Given the transitional period ending 16 September 2026, impacted entities are strongly encouraged to begin early gap-assessments and engage with legal counsel to evaluate required compliance changes.

How We Can Help

Our team advises UAE-based and international financial institutions on compliance with Central Bank and Insurance regulatory frameworks. We support clients in:

• reviewing policies and operational structures under CB Law 2025;

• preparing submissions and applications to the UAECB;

• understanding impacts on fintech and virtual-asset business models;

• strengthening governance, consumer-protection, and anti-fraud systems, and

• interpreting Digital Dirham requirements and ESG-related obligations.

For further guidance or to discuss how CB Law 2025 may affect your business, please contact a member of our team.