Uae Cbuae Technology Risk Compliance Requirements 2026

Key Insights

• CBUAE requires financial institutions to conduct risk assessments prior to obtaining regulatory approval before launching or deploying new technologies, products, or services, establishing a mandatory pre-launch compliance gate for technology innovation.
• CBUAE regulations explicitly state that outsourcing technology functions does not transfer accountability, meaning financial institutions remain fully responsible for third-party technology risks, cybersecurity incidents, and regulatory compliance regardless of vendor involvement.
• CBUAE SVF cybersecurity requirements mandate role-based access control implemented on a need-to-have basis with privileged access management protocols, establishing minimum technical standards for technology risk governance in the UAE financial sector.
• CBUAE has issued formal guidance on Artificial Intelligence and Machine Learning systems governance, indicating that AI/ML deployment in financial services is subject to specific regulatory principals and guidelines rather than general technology rules.
• Third-party cyber risk management is a distinct compliance requirement under CBUAE technology regulations, with ADGM and FSRA applying aligned principles, creating a unified regulatory framework across UAE financial centers for managing outsourced technology dependencies.

Source

[Entire Section | CBUAE Rulebook](https://rulebook.centralbank.ae/en/entiresection/6958) *Market: AE*