In an increasingly interconnected digital world, information moves at extraordinary speed, sometimes faster than the truth can keep up. The United Arab Emirates (UAE), recognising the growing risks posed by misinformation, has enacted one of the region’s most robust legal frameworks to curb the spread of rumours and false content online. Central to this framework is Federal Decree-Law No. 34 of 2021 on Combating Rumours and Cybercrimes, strengthened further through amendments introduced under Federal Law No. 5 of 2024 (together “Cybercrime Law”), which collectively impose strict duties on individuals and organisations to share only verified and officially sourced information
What the Cybercrime Law Targets
The Cybercrime Law draws a hard line between verified information and anything that departs from the State’s official narrative. Article 52 criminalises the divulgence, publication, re-publication, circulation, or recirculation of:
- Fake news or data
- False, misleading, malicious or incorrect reports
- Rumors that contradict officially announced news
- Promotions capable of provoking public opinion or disturbing public peace
The statutory wording is deliberately broad: “re-publication” means forwarding, sharing, reposting, or amplifying content created by others still triggers liability. The offence is content-based, not intention-based.
Penalties: A Two-Tier System
Article 52 establishes a baseline offence that carries no less than one (01) year’s detention and a minimum AED 100,000.00 (UAE Dirhams One Hundred Thousand only) financial penalty, capturing all forms of false or misleading digital dissemination.
However, when misinformation shifts from being merely inaccurate to capable of eroding institutional confidence, the Cybercrime Law hardens. Conduct that stirs public opinion against a state authority, or occurs at times when the public’s reliance on official information is heightened, specifically, epidemics, crises, emergencies, or disasters, elevates the punishment to a minimum two (02) year detention term and a minimum AED 200,000.00 (UAE Dirhams Two Hundred Thousand only) fine.
These escalations reflect a legislative assessment that misinformation is most destabilising when public reliance on official channels is high.
Beyond Words: When Content Must Come Down
Article 53 introduces mandatory removal obligations. Anyone using a website or account who stores or publishes illegal content, including false data, must remove or block access within the period specified by competent authorities.
Non-compliance carries the Cybercrime Law’s heaviest financial exposure, with fines ranging from AED 300,000.00 (UAE Dirhams Three Hundred Thousand only) upto AED 10,000,000.00 (UAE Dirhams Ten Million only).
This makes prompt internal escalation, content management protocols, and legally-aligned platform governance essential for businesses.
Automation: E-Robots and Amplification Risks
Article 54 recognises that false information today is often industrialised, not organic. The Cybercrime Law criminalises:
- Creating or modifying e-robots to publish or circulate fake data
- Enabling others to operate such tools
Penalties include up to two (02) years detention and fines between AED 100,000.00 (UAE Dirhams One Hundred Thousand only) and AED 1,000,000.00 (UAE Dirhams One Million only), with aggravated liability where multiple offenders are involved. The scope easily captures botnets, automated mass-messaging, artificially boosted posts, and coordinated dissemination systems.
Commercialisation: Paying for Dissemination is a Crime
Article 55 outlaws soliciting, accepting, or offering any tangible or intangible benefit to publish or republish fake data or illegal content, penalties include:
- Provisional imprisonment
- Fines up to AED 2,000,000.00 (UAE Dirhams Two Million only)
- Mandatory confiscation of any associated benefit
This provision is broad enough to catch covert promotional arrangements, incentivised rumor-spreading, and sponsored posts masquerading as organic content. It also applies to those operating “abusive electronic accounts” used repeatedly for such publications.
What This Means for Individuals and Businesses
For individuals:
- The Cybercrime Law makes verification a legal duty, not a best practice.
- Sharing “unconfirmed” posts, screenshots, voice notes, crowd-sourced alerts, or speculative commentary can independently trigger liability.
- Intent is not required — the falsehood itself is enough.
For corporations:
- Social-media governance, content approval workflows, and employee guidelines must be tightened.
- Group chats, marketing teams, and brand channels must default to official-source confirmation.
- Monitoring, takedown capability, and compliance alignment with government removal orders are now operational necessities.
The broader intention behind the UAE’s cybercrime framework is to foster responsible digital behaviour. By encouraging reliance on official government announcements, verified media outlets, and trusted institutional sources, the Cybercrime Law aims to cultivate an online environment where accuracy prevails over sensationalism.
Note: This Legal Update / Newsletter is intended for general informational purposes only and should not be construed as legal advice. It is based on laws and legal interpretations in effect as of the date of publication. Laws and regulations may change over time, and their application can vary depending on individual circumstances. Readers are strongly encouraged to seek specific legal counsel before acting on any of the information provided herein.rian and religious purpose in accordance with the law.