firm new logo

UAE Cabinet Resolution No. 55 of 2025: A New Regulatory Framework for “Know Your Customer” Reports in the UAE

by | May 18, 2026 | Uncategorized | 0 comments

Introduction

The United Arab Emirates continues to strengthen its regulatory and compliance infrastructure through the issuance of Cabinet Resolution No. 55 of 2025 concerning the Executive Regulations of Federal Decree Law No. 30 of 2024 regarding “Know Your Customer” (“KYC”) Reports. The Resolution was officially published in the UAE Official Gazette on 20 April 2026 and introduces a comprehensive legal framework governing the issuance, regulation, processing, storage, and exchange of KYC data and reports within the UAE.

The Resolution represents a major regulatory development in the UAE’s financial and compliance ecosystem and reflects the country’s ongoing commitment to combating money laundering, terrorist financing, identity fraud, and financial crime while simultaneously improving digital governance and customer verification mechanisms.

Legislative Background

Cabinet Resolution No. 55 of 2025 was issued pursuant to Federal Decree Law No. 30 of 2024 concerning “Know Your Customer” Reports. The Resolution further aligns with several important UAE legislative instruments, including:

  • Federal Law No. 1 of 1972 concerning the competencies of ministries and powers of ministers;
  • Federal Decree Law No. 14 of 2018 concerning the Central Bank and organization of financial institutions and activities;
  • Federal Decree Law No. 20 of 2018 concerning Anti-Money Laundering and Combating Financing of Terrorism and Illegal Organizations.

The Resolution establishes detailed executive mechanisms governing the creation and operation of KYC reporting systems and defines the obligations of companies, users, data providers, and supervisory authorities.

Scope of Application

The Resolution applies broadly to all activities involving the collection, storage, analysis, exchange, organization, issuance, or protection of KYC reports and related customer information within the UAE.

The framework is intended to regulate entities operating KYC platforms and to ensure consistency in identity verification procedures, customer due diligence practices, and data-sharing arrangements.

Importantly, the Resolution applies not only to financial institutions but also to data providers, government entities, service operators, and companies involved in the digital management and issuance of KYC reports.

Required Customer Information

One of the most important aspects of the Resolution is the detailed specification of information required for the issuance of KYC reports.

For Individual Customers

The Resolution requires collection of comprehensive personal information including:

  • Full name in Arabic and English;
  • Nationality;
  • Date and place of birth;
  • Passport and Emirates ID details;
  • Residential and work addresses;
  • Contact details;
  • Source of income and financial information;
  • Tax registration details where applicable.

For Corporate Entities and Legal Persons

The Resolution mandates collection of:

  • Trade license information;
  • Legal form and ownership structure;
  • Registered office details;
  • Constitutional documents;
  • Beneficial ownership information;
  • Commercial activity details;
  • Financial and operational information;
  • Tax registration information;
  • Details relating to ultimate beneficial owners (“UBOs”).

The Resolution specifically emphasizes identification and verification of beneficial owners in line with UAE AML and transparency regulations.

Regulation of KYC Reports

The Resolution introduces detailed rules governing the issuance and use of KYC reports.

KYC reports may only be issued after obtaining customer consent and after verifying the legality and accuracy of the underlying information.

Companies operating KYC platforms are required to:

  • Verify customer identities;
  • Ensure data integrity and reliability;
  • Maintain agreements with data providers;
  • Implement controls required by the UAE Central Bank;
  • Maintain records and audit trails;
  • Protect customer confidentiality.

The Resolution also permits issuance of KYC reports for legally authorized persons acting on behalf of users, subject to strict verification requirements and supporting documentation.

Customer Rights to Access and Amend KYC Reports

A particularly important feature of the Resolution is the recognition of customer rights concerning KYC reports.

Customers are granted the right to:

  • Request copies of their KYC reports;
  • Review information contained within reports;
  • Request corrections or amendments to inaccurate or incomplete data;
  • Submit complaints concerning KYC information.

Companies operating KYC systems are required to establish procedures for handling amendment requests and complaints within prescribed regulatory timelines.

This reflects the UAE’s broader movement toward enhanced data governance and customer protection.

Data Providers and Information Sharing

The Resolution establishes a regulated framework governing data providers and information exchange mechanisms.

Authorized data providers may include:

  • Federal and local government authorities;
  • Government-owned or government-affiliated companies;
  • Financial institutions;
  • Licensed entities approved by the Central Bank.

The Resolution requires implementation of secure technological systems for transferring, storing, and verifying customer information and mandates traceability and auditability of data transactions.

The Resolution also imposes obligations on data providers to ensure:

  • Accuracy of submitted information;
  • Ongoing updating of records;
  • Protection against unauthorized disclosure;
  • Compliance with cybersecurity requirements.

Data Protection and Cybersecurity Obligations

The Resolution imposes extensive technical and organizational requirements concerning cybersecurity and data protection.

Companies operating KYC systems must implement mechanisms ensuring:

  • Encryption and secure storage of data;
  • Access control systems;
  • Monitoring and logging capabilities;
  • Protection against unauthorized access;
  • Business continuity measures;
  • Incident detection and reporting procedures.

The framework specifically requires governance policies regulating data processing and ensuring compliance with applicable cybersecurity and financial regulatory standards.

The Resolution further mandates maintenance of electronic records and audit logs for at least five years in many instances.

Complaint Handling Mechanisms

The Resolution also establishes a structured complaint-handling process relating to KYC reports and customer data.

Users and customers may file complaints concerning:

  • Incorrect information;
  • Failure to update records;
  • Refusal to amend data;
  • Improper use of customer information;
  • Delays in issuance of KYC reports.

Companies are required to investigate complaints, coordinate with data providers where necessary, and implement corrective measures.

Legal and Commercial Impact

The issuance of Cabinet Resolution No. 55 of 2025 is expected to have substantial implications across multiple sectors within the UAE.

Financial Institutions

Banks and financial institutions will need to align onboarding and due diligence procedures with the new framework and ensure integration with approved KYC systems.

Corporate Service Providers

Corporate service providers, free zone consultants, fintech operators, and compliance firms must review customer onboarding policies and data management procedures to ensure compliance.

Technology and Data Operators

Companies involved in digital identity verification, regtech, and data processing will likely face increased compliance obligations regarding cybersecurity, storage infrastructure, and audit capabilities.

AML and Compliance Functions

The Resolution significantly strengthens the UAE’s AML and CFT compliance architecture by improving transparency, verification standards, and beneficial ownership oversight.

Effective Date

Article 16 of the Resolution provides that Cabinet Resolution No. 55 of 2025 entered into force from the date of its publication in the Official Gazette, namely 20 April 2026.

Conclusion

Cabinet Resolution No. 55 of 2025 marks a significant development in the UAE’s regulatory and compliance landscape. The Resolution establishes a sophisticated legal framework governing the issuance and management of KYC reports and introduces enhanced obligations concerning customer verification, beneficial ownership transparency, cybersecurity, and data governance.

The framework reflects the UAE’s continued efforts to position itself as a leading global financial and business hub with robust compliance standards aligned with international best practices.

Businesses operating in the UAE should promptly review their internal compliance procedures, onboarding frameworks, data governance systems, and cybersecurity controls to ensure full compliance with the new regulatory regime.

If you require further clarification or legal assistance concerning the matters discussed in this article, please do not hesitate to contact Kh legal Advocates & Legal Consultants LLC. Our lawyers would be happy to assist you.

Authors:

Lawyer card                

Submit a Comment

Your email address will not be published. Required fields are marked *