This update concerns data protection and AI governance in a financial centre, which is tangential to payments but does not directly regulate payment services, instruments, or infrastructure.
Data protection frameworks may indirectly affect third-party payment service providers handling personal data, but the update focuses on general data governance rather than payments-specific outsourcing or third-party risk management.
Specialism
The update concerns amendments to data protection regulations governing personal data processing, including AI-native systems and privacy-by-design requirements, which directly aligns with Data Protection regulatory frameworks.
Low confidence — requires human review. The amendments also address data governance aspects such as certification frameworks and internal controls (ASO role), but the primary focus is customer/user data protection rather than internal data handling.
2026-06-19 08:58:46·rghosh@vixio.com
Meta Id
3251746
Content ID
3260228
GUID
8c5d49816002e7e1d6ef2c91ed2f7e2a
DIFC has launched a public consultation on proposed amendments to its Data Protection Regulations, strengthening governance, AI-related safeguards and certification frameworks.
Pipeline Progress
🔄 Pipeline Journey
⏱
16s
total
✓
Queued08:58:30
+0s
✓
Metadata08:58:30
+3s
✓
S3 Content08:58:33
+1s
✓
Extracted08:58:34
+6s
✓
LLM Gen08:58:40
+6s
✓
Stored08:58:46
TITLE: Dubai International Financial Centre Launches Consultation on Amended Data Protection Regulations
BODY:
On June 18, 2026, the Dubai International Financial Centre (DIFC) launched a public consultation on proposed amendments to its Data Protection Regulations (DP Regulations). The amendments seek to strengthen the regulatory framework by enhancing requirements for systems processing personal data in an artificial intelligence (AI) native jurisdiction, while clarifying certification obligations and the role of the Autonomous Systems Officer (ASO).
Jacques Visser, Chief Legal Officer at DIFC Authority, said the amendments aim to ensure the regulatory framework remains practical and responsive to evolving AI and data-driven technologies. The DP Regulations were last updated in 2023 to introduce safeguards for advanced, AI-enabled systems. The proposed amendments build on this foundation by enhancing Regulation 10 to strengthen expectations around safe, ethical, and privacy-by-design development. The consultation also introduces a new Regulation 11 empowering the Commissioner to recognise accreditation and certification frameworks. The amendments provide greater clarity on certification requirements and the ASO role, alongside other consequential updates to support robust and future-ready data protection governance.
The consultation period runs for 30 days, with comments due by July 18, 2026. Stakeholders can access Consultation Paper No. 3 of 2026 for further details on the proposed amendments. Responses should be submitted through the DIFC's official consultation portal. The DIFC expects to publish feedback on responses following the consultation period's closure.
DIFC Announces Consultation of amended DIFC Data Protection Regulations DIFC Announces Consultation of amended DIFC Data Protection Regulations Published : 18/06/2026 “DIFC is pleased to launch this consultation on the proposed amendments to the DIFC Data Protection Regulations. As the use of AI and data-driven systems continues to develop, it is important that the regulatory framework remains practical, clear and able to respond to the way these technologies are being used. These amendments are intended to help provide that clarity, while supporting high standards of accountability and governance across DIFC.” – Jacques Visser, Chief Legal Officer at DIFC Authority Dubai, UAE; 18 June 2026 : Dubai International Financial Centre (DIFC), the leading global financial centre in the Middle East, Africa and South Asia (MEASA) region, proposes to amend its DIFC Data Protection Regulations (DP Regulations). The proposed amendments seek to strengthen and streamline the regulatory framework by enhancing requirements to embed safety in systems processing Personal Data in an AI native jurisdiction, while clarifying certification obligations and the role of the Autonomous Systems Officer (ASO), and introducing new powers for the Commissioner to recognise accreditation and certification schemes. Jacques Visser, Chief Legal Officer at DIFC Authority , said: “DIFC is pleased to launch this consultation on the proposed amendments to the DIFC Data Protection Regulations. As the use of AI and data-driven systems continues to develop, it is important that the regulatory framework remains practical, clear and able to respond to the way these technologies are being used. These amendments are intended to help provide that clarity, while supporting high standards of accountability and governance across DIFC.” The DP Regulations were updated in 2023 to introduce safeguards for the rapidly expanding use of Personal Data in advanced, AI enabled Systems, recognising both their transformative potential and the unprecedented scale of data processing they involve. Building on this foundation, the proposed amendments aim to enhance and refine Regulation 10 by strengthening expectations around safe, ethical, and privacy by design development in an AI native jurisdiction; and introduce a new Regulation 11 empowering the Commissioner to recognise accreditation and certification frameworks. Additionally, they will provide greater clarity on certification requirements and the role of the ASO, as well as introduce other consequential updates to support robust and future ready data protection governance. Further details about the proposed amendments can be found in Consultation Paper No. 3 of 2026, available here . The proposed regulations have been posted for a 30-day public consultation period with the deadline for providing comments ending on 18 July 2026. Download the Arabic Press Release: مركز دبي المالي العالمي يطرح مشاورات تعديل لوائحه التنظيمية لحماية البيانات Enter your email to get a document pack. Get document pack Get document pack