LogoRegulatory Alerts
2025-05-07

VARA Technology and Information Rulebook

Dubai's Virtual Assets Regulatory Authority issued the Technology and Information Rulebook to mandate comprehensive technology governance, cybersecurity, and data protection standards for all licensed Virtual Asset Service Providers. The framework requires VASPs to implement robust risk assessment frameworks, appoint a Chief Information Security Officer, and maintain secure cryptographic key management alongside strict client data privacy controls. Additionally, licensed entities must conduct annual independent vulnerability assessments and Threat-led Penetration Testing while ensuring rigorous third-party vendor oversight and continuous operational monitoring.

Virtual Assets Regulatory Authority logo

United Arab Emirates

Virtual Assets Regulatory Authority

Click to view full text
Share