United Arab Emirates

Not Free
30
100
A Obstacles to Access 14 25
B Limits on Content 9 35
C Violations of User Rights 7 40
Last Year's Score & Status
28 100 Not Free
Scores are based on a scale of 0 (least free) to 100 (most free). See the research methodology and report acknowledgements.

header1 Overview

Internet freedom in the United Arab Emirates (UAE) remains significantly restricted. Online censorship is rampant, and the online media environment lacks diversity. Government surveillance of online activists and journalists is pervasive and has forced internet users to extensively self-censor. Authorities and government supporters continue to use increasingly sophisticated technology to spread disinformation that advances pro-UAE domestic and international narratives on social media. During the coverage period, social media users were arrested or fined for their online posts.

The UAE is a federation of seven emirates led in practice by Abu Dhabi, the largest by area and the richest in natural resources. Limited elections are held for a federal advisory body, but political parties are banned, and all executive, legislative, and judicial authority ultimately rests with the seven hereditary rulers. The civil liberties of both citizens and noncitizens, who make up an overwhelming majority of the population, are subject to significant restrictions.

header2 Key Developments, June 1, 2022 - May 31, 2023

  • Authorities loosened restrictions on a number of communications platforms during the coverage period, and previously blocked platforms such as Microsoft Teams and Skype for Business are now available (see A3).
  • Automated social media accounts manipulated the online narrative by promoting pro-UAE policy positions around several regional events, such as the 2022 World Cup (see B5).
  • Authorities frequently use spyware to surveil activists and journalists, and in April 2023 a new report from Citizen Lab found evidence of QuaDream spyware servers operating in the UAE (see C5).

A Obstacles to Access

A1 1.00-6.00 pts0-6 pts
Do infrastructural limitations restrict access to the internet or the speed and quality of internet connections? 6.006 6.006

The UAE is one of the world’s most connected countries. As of January 2023, there were 9.38 million internet users in the UAE and internet penetration stood at 99 percent. The UAE’s mobile penetration rate of 200.9 percent is one of the highest in the region.1

Internet speeds are also reliable. As of May 2023, the median mobile and broadband download speeds stood at 181.79 megabits per second (Mbps) and 220.61 Mbps, respectively. The median mobile and broadband upload speeds stood at 23.09 Mbps and 99.48 Mbps, respectively.2 According to the International Institute for Management Development’s World Digital Competitiveness Ranking 2022, the UAE ranks first in the world in terms of wireless broadband and internet usage and third in terms of mobile broadband subscribers.3 The World Bank’s GovTech Maturity Index described the UAE as “one of the [region’s] most mature countries in citizen-centric online public services” and ranked near the top of the global index on the criterion of e-governance.4

The mobile service provider Etisalat became the first in the Middle East and North Africa region to launch fifth-generation (5G) services in May 2019, and Du followed suit a month later. Both companies partnered with the Chinese smartphone manufacturer ZTE to offer the service.5 In September 2020, Etisalat announced that it began rolling out 5G services on fixed-line networks. The Telecommunications and Digital Government Regulatory Authority (TDRA)—then known as the Telecommunications Regulatory Authority (TRA)—said that it was allocating a new frequency band to expand the scope of the 5G network that same month.6 In 2022, 5G coverage reached 94 percent of the population. As of March 2023, there are an estimated 3.5 million 5G subscribers in the UAE.7

In March 2023, Etisalat announced the first commercial deployment of a 5G standalone (SA) network for consumers and businesses in the Middle East and North Africa. The 5G SA network improves upon previous 5G non-standalone (NSA) networks and will better support machine-to-machine communication solutions and real-time device-to-device networking, among other services.8 In February 2023, Du and Huawei signed a memorandum of understanding to strengthen 5.5G network innovation and evolution, which is expected to make the UAE a global leader in 5.5G development.9

Damage to undersea cables occasionally disrupts connectivity. In June 2022, the Asia-Africa-Europe-1 (AAE-1) undersea cable, a 25,000-kilometer submarine cable that links Asia, the Middle East, Africa, and Europe and is owned by Etisalat and 18 other global telecommunications companies, was cut, leading to worldwide outages and network issues. The issue was mediated within hours, though issues persisted for some providers across Europe, Africa, and the Middle East.10 The AAE-1 cable is considered the largest global submarine cable system in the world. Etisalat additionally uses AAE-1's capacity to bolster service for 5G customers and internet of things (IoT) users.11

A2 1.00-3.00 pts0-3 pts
Is access to the internet prohibitively expensive or beyond the reach of certain segments of the population for geographical, social, or other reasons? 2.002 3.003

Score change: The score improved from 1 to 2 because broadband internet has become increasingly affordable in recent years.

While prices are among the highest in the region, broadband access is affordable for most users given the country’s high per capita income,1 which the World Bank estimated to be $87,300 in 2022.2

The 2023 annual survey by the UK telecommunications company Cable ranked the UAE 198th out of 220 countries for broadband affordability, which was an improvement from the previous year. According to the survey, broadband access costs $111.21 per month on average, down from an average of $156.66 in 2020.3

Mobile data has also become more affordable in recent years. An Etisalat postpaid mobile plan with a 2 gigabyte (GB) data allowance and 100 local minutes costs 100 dirhams ($27.22) per month,4 while a prepaid plan with an allowance of 1 GB costs 47 dirhams ($12.79) per month.5 In July 2019, the TDRA required Etisalat and Du to discontinue their pay-per-use data plans “in order to protect the subscribers from excessive charges.”6 Etisalat announced a 5 percent value-added tax (VAT) on all products and services beginning in January 2018.7 In January 2020, the TDRA lowered the cost of cancelling a mobile contract to one month’s rental fee; the previous cost was the price of one month multiplied by the number of months left over.8

During the coverage period, the TDRA launched the “Coverage” initiative, which analyzes the quality of operators' networks across the country to ensure nationwide connectivity and consistent high-quality internet and mobile phone coverage nationwide.9

Emirati schools are increasingly connected to the internet and equipped with e-learning facilities, and many offer tablets for student use.10 There are also programs for principals to enroll in international computer literacy training programs.11 Since April 2020, the Ministry of Education and Al Yah Satellite Communications Company (Yahsat) have provided high-speed satellite broadband services to students and teachers in areas where fixed-line broadband services were unavailable. Additionally, families who lacked an internet connection were provided with free internet packages through Du and Etisalat to enable online learning.12

A3 1.00-6.00 pts0-6 pts
Does the government exercise technical or legal control over internet infrastructure for the purposes of restricting connectivity? 4.004 6.006

Score Change: The score improved from 3 to 4 because multiple Voice over Internet Protocol (VoIP) services, which had previously been blocked, became available during the coverage period.

No orders to shut down information and communication technologies (ICT) networks were reported during the coverage period; however, internet infrastructure is centralized under the government, giving authorities the ability to block platforms or restrict internet access.

Many of the communications platforms and VoIP services that were blocked in the UAE have become accessible during the coverage period. In March 2023, the TDRA shared an update on its website listing 17 VoIP applications that are now available for use, including Microsoft Teams, Skype for Business, Zoom, Blackboard, Google Hangouts Meet, and Cisco Webex, among others.1 However, WhatsApp voice calls, Viber, and FaceTime remained blocked at the end of the coverage period.

Many popular VoIP services were previously restricted over mobile connections. Etisalat and Du are the only companies licensed to provide paid VoIP services, while the free or inexpensive over-the-top (OTT) voice-call services provided by WhatsApp, Skype, and others are only accessible through fixed-line or Wi-Fi connections.

In September 2021, authorities eased their restrictions on VoIP services for Expo 2020 Dubai visitors, who were able to use VoIP services, including WhatsApp voice calls and Skype, on the Expo site grounds.2

WhatsApp’s voice feature was blocked shortly after it was introduced in 2015,3 as was a similar feature offered by Facebook.4 Viber has been banned since 2013, along with FaceTime.5 Apple agreed to sell its iPhone products to UAE mobile service providers without the FaceTime app preinstalled, though the app can be used on phones purchased outside the country.6 The VoIP feature for Discord, a free voice and text chat app primarily used by video gamers, was blocked in 2016.7

Seeking to improve connectivity within the country, Etisalat and Du have launched their own carrier-neutral international internet exchange points (IXPs), called SmartHub and Datamena, respectively.8 Etisalat maintains a nationwide fiber-optic backbone. In 2015, the company selected TeliaSonera International Carrier (TSIC) as its preferred global internet backbone provider.9

A4 1.00-6.00 pts0-6 pts
Are there legal, regulatory, or economic obstacles that restrict the diversity of service providers? 2.002 6.006

Internet service providers (ISPs) in the UAE are either fully or partially owned by the state, allowing authorities to exert control over the flow of information.

The country’s two largest mobile service providers, Etisalat and Du, are both controlled by the state. The government maintains a 60 percent stake in Etisalat and a 50.1 percent stake in Du through its ownership in the Emirates Investment Company.1 Various state-owned companies maintain stakes in Du.2

Etisalat and Du hold an effective duopoly of the telecommunications industry. However, numerous foreign and local entities operating in the audiovisual media sector are licensed and regulated by the UAE government via the TDRA, which is the country’s sole ICT regulator. Entities may appeal TDRA decisions, but there is no standardized legal process for appeals, which are evaluated by TDRA committees (see B3).3

The TDRA issues internet guidelines for website owners and internet service providers that place a heavy priority on public order, morality, and data security. These guidelines are meant to ensure that companies comply with UAE regulations, and noncompliance could result in the blockage of the companies' services. Specifically, service providers and website owners must ensure that their content does not fall under one of the 19 “prohibited content categories,” which include impersonation, defamation, offenses against the UAE and public order, and contempt of religion, among others.4 Users and providers can be fined up to 10 million dirhams ($2.7 million) for storing and sharing illegal online content (see B6).5

Service providers and website owners must also publish a clear privacy policy that explains what information is collected and how it will be used. Furthermore, companies must ensure that the collection and processing of sensitive user data is carried out in a secure manner (see C6). 6 Infringement of data privacy can result in a fine of 500,000 dirhams ($136,147).7

The TDRA website makes explicit that service providers who violate these regulations risk having their content and services blocked.

A5 1.00-4.00 pts0-4 pts
Do national regulatory bodies that oversee service providers and digital technology fail to operate in a free, fair, and independent manner? 0.000 4.004

Regulatory bodies frequently fail to operate in a free and fair manner.

The TDRA—formerly known as the TRA—oversees service providers and makes executive decisions regarding monitoring, filtering, and banning services and websites, without any oversight or transparency (see B3). Providers must follow the laws and regulations set by the TDRA, which was established in 2003 to manage the UAE’s ICT sector. In April 2021, the authority’s name was changed to include “Digital Government” to reflect its digital governance services.1 Its objectives include ensuring quality of service and adherence to terms of licenses by licensees, encouraging ICT expansion within the UAE, resolving disputes between the licensed service providers, establishing and implementing a regulatory and policy framework, and promoting new technologies.2

The TDRA’s current chairperson is Major General Talal Hamid Belhoul, who was also appointed director general of the State Security Department in Dubai in 2017.3 In July 2021, Majed Sultan al-Mesmar was appointed director general of the TDRA.4 As per Decree No. 3 (2003) Regarding the Organisation of the Telecommunications Sector, the TDRA board rotates every four years. The authority’s director general is appointed by federal decree, and his functions and responsibilities are determined by the UAE Executive Order, thus limiting the body’s independence.5

B Limits on Content

B1 1.00-6.00 pts0-6 pts
Does the state block or filter, or compel service providers to block or filter, internet content, particularly material that is protected by international human rights standards? 1.001 6.006

While ISPs are required by the TDRA to block content related to terrorism, pornography, gambling, and political speech that threatens the ruling order (see B3), in practice authorities also commonly block websites that criticize the government or address social taboos.

Beginning in 2017, blocking emerged as a political tool through which authorities sought to isolate Qatar, which Bahrain, Egypt, Saudi Arabia, and the UAE had accused of supporting “terrorist” groups, notably the banned Muslim Brotherhood. In 2017, authorities blocked several Qatari media sites amid this dispute, including Al Jazeera Live.1 Despite officially ending the dispute with Qatar in January 2021, several Qatari websites, including Al Jazeera, remained blocked.2

The TDRA reported that it had blocked 3,766 websites via automatic filtering in the fourth quarter of 2022. Of the blocked websites, 27.1 percent were blocked for “pornography, nudity, and vice,” 46.8 percent for “impersonation, fraud, and phishing,” 3.3 percent for “drugs,” 3.1 percent for “promotion of or trading in prohibited commodities and services,” and 0.5 percent for “bypassing blocked content.” Additionally, the TDRA blocked eight websites for “offenses against the UAE and public order.”3

In August 2021, the Open Observatory of Network Interference (OONI) published a report examining the blocking of LGBT+ websites in six countries including the UAE. The report found that 51 unique URLs related to LGBT+ content, including some international sites, were inaccessible in the UAE; a news site that covered LGBT+ issues, asylum, and migration was among the unavailable sites.4

In recent years, the audio-only platform Clubhouse has become popular in the UAE. In March 2021, local media reported that UAE users had experienced poor sound and quality issues when accessing the app. UAE regulators denied reports that the app was blocked.5 As of June 2023, Clubhouse appears to still be blocked.6

As of June 2023, several political blogs,7 a number of atheist and secular websites,8 at least one site disseminating news on Emirati political detainees and prison conditions,9 and sites related to the Muslim Brotherhood and regional nongovernmental organizations (NGOs) were blocked.10 The website of the Islamic Human Rights Commission (IHRC) was also blocked.11 The Beirut-based Gulf Center for Human Rights is also blocked.12

Many other sites critical of the government have been blocked. The government has previously blocked UK-based, English-language news site Middle East Eye after it published articles exposing the country’s harsh surveillance practices and poor human rights record.13

According to a 2013 Citizen Lab report, ISPs use advanced tools such as SmartFilter, Netsweeper, and Blue Coat ProxySG to censor content.14 The organization has also documented websites that are blocked in the UAE because both SmartFilter (used by Etisalat) and NetSweeper (used by Du) have miscategorized them as pornographic.15 Citizen Lab again confirmed the use of NetSweeper in an April 2018 report.16

B2 1.00-4.00 pts0-4 pts
Do state or nonstate actors employ legal, administrative, or other means to force publishers, content hosts, or digital platforms to delete content, particularly material that is protected by international human rights standards? 1.001 4.004

The TDRA censors selected content on platforms such as YouTube, Facebook, and Twitter, according to local users. In the past, internet users have reported the removal of social media content related to political detainees.1

Content promoting same-sex relationships is often removed from streaming platforms. In June 2022, the UAE banned the film Lightyear from the streaming platform Disney+ because the film included a same-sex intimate scene. The UAE’s Media Regulatory Office stated that the film would be banned for violating “media content standards.”2 In September 2022, the UAE and Saudi Arabia asked Netflix to censor “culturally sensitive content,” specifically content aimed at children. The TDRA and the Media Regulatory Office issued a joint statement claiming that Netflix had violated “media content controls” and noting that the platform had been notified that it should remove content that “contradicts societal values.” The statement also noted that the TDRA and the Media Regulatory Office would ensure Netflix had complied with the UAE’s broadcasting regulations and would apply “necessary measures” if Netflix failed to remove the content as requested.3 In June 2022, Amazon began restricting items and search results for LGBT+ products in the UAE under pressure from the government.4

Facebook occasionally receives government requests to remove content. Between January and June 2022, Facebook reported that it restricted access to 902 pieces of content that the TDRA claimed were in violation of local laws.5 Twitter reported receiving 148 content removal requests from the UAE government between January and December 2021 and complied with 88.5 percent of them.6 According to Google, they have received requests to remove satirical content targeting the ruling family as well as a video that showed a member of the royal family torturing a farm worker.7

In July 2020, Twitter blocked the account of “Detained in Dubai,” a UK-based group which reports on detention issues in Dubai. The account of its founder, Radha Stirling, was also blocked. Twitter provided no justification for its actions,8 and a statement released on the Detained in Dubai website in February 2021 claimed that Twitter had suspended Stirling’s account and other organization-run accounts without warning. The statement also noted that Princess Latifa al-Maktoum, the daughter of Dubai ruler Sheikh Mohammed bin Rashid al-Maktoum, reached out to Stirling during her escape attempt from Dubai in 2018. Whether the suspension of the accounts is related to the group’s reporting on that incident is unclear.9

B3 1.00-4.00 pts0-4 pts
Do restrictions on the internet and digital content lack transparency, proportionality to the stated aims, or an independent appeals process? 1.001 4.004

Restrictions on digital content lack proportionality and fairness. The TDRA instructs ISPs to block content related to terrorism, pornography, gambling, and political speech considered threatening to the ruling order.

In April 2021, when Clubhouse users experienced connectivity, sound, and bandwidth issues on the app, the TDRA failed to provide any justification for the issues (see B1).1 Authorities from the TDRA also made no comment about the February 2021 suspension of the “Detained in Dubai” Twitter account (see B2).2

Using banned VoIP services through a virtual private network (VPN) is punishable under a law that bars the use of VPNs to commit a crime, as well as under cybercrime and telecommunications regulatory laws.3

Du details the criteria it uses to block sites in a document available on its website. Prohibited content includes information related to circumvention tools, the promotion of criminal activities, the sale or promotion of illegal drugs, dating networks, pornography, LGBT+ content, gambling sites, unlicensed VoIP services, terrorist content, and material that is offensive to religion.4 Etisalat has not made a similar list available, although the company invites users to request the blocking or unblocking of sites.5 Du also allows users to send unblocking requests to a designated email address and blocking requests through an online form.6 However, neither company provides information on whether sites have been unblocked as a result of requests it received.7 Twitter users sometimes monitor when sites are blocked to combat the lack of transparency,8 but the TDRA has also called on social media users to help report “suspicious” content for blocking.

Online content is often removed without transparency or judicial oversight. Under the cybercrime law, intermediaries, such as domain hosts or administrators, are liable if their websites are used to “prompt riot, hatred, racism, sectarianism, or damage the national unity or social peace or prejudice the public order and public morals.”9 Website owners and employees may also be held liable for defamatory material on their sites.10 Regulations instituted in October 2018 require social media influencers to identify content defined as advertisements (see B6) and allow the National Media Council (NMC) to remove content that violates their guidelines.11

B4 1.00-4.00 pts0-4 pts
Do online journalists, commentators, and ordinary users practice self-censorship? 0.000 4.004

Self-censorship online has worsened in recent years due to the risks of legal action or harassment in retaliation for online activities, as well as high levels of surveillance.

Virtually nobody in the country speaks out on political and other sensitive issues.1 Local news sites, many of which are owned by the state, exercise self-censorship in accordance with government regulations and unofficial red lines. Overall press freedom is poor, and foreign journalists and scholars are often denied entry or deported for expressing their views on political topics, further chilling the environment for online expression.2

According to OONI’s August 2021 report on LGBT+ online censorship, the UAE’s highly controlled online environment contributes to widespread self-censorship. Furthermore, members of the LGBT+ community in the UAE who were interviewed by OONI indicated that they believe they are being monitored by authorities.3

The UAE has an advanced surveillance system, which includes all online platforms as well as monitoring of public spaces (see C5). With the cybercrime law and latest regulations for social media, the state can potentially retaliate against any form of expression, leading users to self-censor online (see C2).

B5 1.00-4.00 pts0-4 pts
Are online sources of information controlled or manipulated by the government or other powerful actors to advance a particular political interest? 1.001 4.004

The government has allegedly manipulated the online information landscape to advance its interests both domestically and internationally. During the coverage period, automated social media accounts manipulated the online narrative around several regional events, often pushing pro-UAE positions.

According to a 2019 study, the UAE was identified to be among the most sophisticated countries globally in terms of “high cyber troops capacity.” Online disinformation tactics deployed by the UAE rely on government agencies, private companies, civil society organizations, and media influencers to lead social media disinformation operations. Furthermore, automated accounts and bots are used to mimic real people, spread progovernment propaganda, and suppress opposition and dissenting voices.1 According to Digital Authoritarianism in the Middle East: Deception, Disinformation and Social Media by researcher Marc Owen Jones, “up to 91 percent of Twitter accounts sharing posts by Emirati leader Mohammed bin Zayed are fake.”

Following the UAE’s decision to normalize relations with Israel, pro-Israel commentary was seen online, at times prompted by Emirati officials. In June 2023, after the coverage period, Marc Owen Jones published a Twitter thread exposing “sock puppet” accounts impersonating Israeli nationals residing in the UAE who were posting pro-UAE and pro-Israel content while criticizing Qatar and the Muslim Brotherhood. Jones found that the puppet accounts, some of which were “verified” on Twitter, had also penetrated other online media platforms such as Medium.2 In May 2021, the UAE government had reportedly licensed Emirati social media influencers to praise Israeli security forces’ raid on the al-Aqsa mosque during a crackdown on Palestinian worshippers earlier that month.3

Despite improved diplomatic relations between the UAE and Qatar in recent years, Twitter bots based in the UAE have also been used to manipulate domestic and international opinion of the Qatari royal family and government.4

Furthermore, automated accounts seek to spread disinformation abroad. In February 2023, Khartoum-based reporters published a report that analyzed Twitter trends using hashtags related to Sudanese politics and found coordinated efforts on social media to promote UAE interests in Sudan.5 These disinformation campaigns included tactics such as inciting the Sudanese public against several political figures associated with the Forces of Freedom and Change (FFC) coalition and promoting UAE investment in the Abu Amama port in Sudan, which has been heavily criticized by the Sudanese public. Other tactics included denouncing the Muslim Brotherhood and the Houthis in Yemen, which is in line with UAE interests.

Ahead of the World Cup, prominent UAE figures close to the government were active in painting Qatar in a negative light in the media.6 In October 2022, investigative journalism website Orient XXI published a report exposing UAE media lobbying efforts in France that portrayed Qatar as a funder of terrorism and linked Qatar to the Muslim Brotherhood. According to the article, the UAE utilized various lobbying techniques including advertising, media relays, and carefully managed leaks to spread disinformation.7

In July 2021, Al Jazeera reported on a social media propaganda campaign originating in the UAE: It portrayed Tunisian President Kais Saied’s decision to suspend Tunisia's parliament and dismiss its prime minister as popularly supported moves against Islamist parties like the Muslim Brotherhood. Al Jazeera also reported that Emirati influencers had disseminated anti-Muslim Brotherhood material in line with the government’s stance. These influencers are often retweeted by progovernment trolls and bots who spread propaganda and intimidate critics.8

Following Russia’s invasion of Ukraine, a group of online trolls originating in Saudi Arabia and the UAE spread Russian disinformation about the war. Specifically, these accounts—many of which display Saudi or Emirati flags in their profile pictures—attempted to draw attention and sympathy away from Ukraine by promoting a narrative about the “supposed evils of Western liberal democracies.”9

Government authorities frequently issue warnings to internet users about what content is considered unacceptable to post on social media.10

B6 1.00-3.00 pts0-3 pts
Are there economic or regulatory constraints that negatively affect users’ ability to publish content online? 1.001 3.003

Authorities impose economic and regulatory constraints that limit the ability of antigovernment websites to produce content online (see A4). For example, the government reportedly pressured the Dubai-based advertising agency Echo to end its advertising contract with the US-based news outlet Watan.1

The National Media Council (NMC) is the federal government body entrusted to oversee media affairs, including licensing and regulating all traditional and digital media platforms.2 In March 2018, the NMC announced new regulations for electronic media that would govern “all online activities, including e-commerce; publishing and selling of print, video, and audio material; as well as advertising.”3

Since May 2018, social media influencers who engage in commercial activities or promote products must apply for licenses, which are awarded based on several qualifications, such as age, criminal record, the applicant’s reputation, and a university degree.4 A one-year license costs 15,000 dirhams ($4,084), after which it must be renewed. The NMC warned social media influencers that not obtaining a license would result in a 5,000-dirham ($1,360) fine. An official stated that they “have a team dedicated to monitoring illegal activities on social media and other online platforms.”5

In October 2018, the NMC issued 19 rules for advertising, stating that “advertisements must be identified on social media clearly.” The rules also include “showing respect for the UAE’s systems and policies at an internal level and its relations with other countries, avoiding images that harm public morality, respecting intellectual property rights and a ban on tobacco advertising of any kind.” Violators could be subject to a 5,000-dirham ($1,360) fine, with additional fees if the fine is not paid within five days. Repeat violations could lead to fines of up to 20,000 dirhams ($5,400).6

B7 1.00-4.00 pts0-4 pts
Does the online information landscape lack diversity and reliability? 1.001 4.004

The blocking of antigovernment and other sensitive content and the criminalization of VPNs limit the diversity of the online information landscape. There is virtually no space for independent media online, and many local news sites and bloggers self-censor, further reducing the diversity of viewpoints online (see B4).

Many media outlets are directly or indirectly linked to government-owned umbrella groups.1 Traditional and online news appears in both Arabic and English, including the privately owned Al Khaleej and Gulf News websites.2 Due to extensive censorship, content about LGBT+ issues, Qatar, or the Muslim Brotherhood is difficult to access (see B1). Furthermore, many international news sites, such as Al Jazeera, are blocked, limiting the diversity of the political content available online.

In September 2022, the Al-Roeya print newspaper, which also publishes online, fired its employees following the publication of an article that discussed the impact of the increase in fuel prices on Emirati citizens. According to media reports, executives at the newspaper were interrogated after the publication of the story. The interrogations were then followed by dozens of layoffs, and the paper’s print edition was subsequently dissolved.3 Al-Roeya’s website seems to have been archived in January 2023 and is no longer active.

Strict media regulation in the UAE also limits online diversity. The regulatory framework sets national standards for media content and requires all media institutions operating in the UAE to abide by these standards. The list of prohibited content includes content that targets the UAE regime and political figures, as well as newsletters or advertisements that include expressions, photographs, or drawings that are deemed to violate public morals or offend Islamic beliefs. The regulations also prohibit content that is considered divisive, exclusionary, or disrespectful to religious minorities.4

While VPNs are not strictly prohibited, Article 1 of Federal Law No. 12 (2016) amending the cybercrime law states that a fine of 500,000 to 2 million dirhams ($136,000–$544,000) is imposed on those using a “fraudulent computer network protocol address.” This punishment is implemented if the VPN is used for the purpose of manipulating internet protocols to commit fraud or crime.5

B8 1.00-6.00 pts0-6 pts
Do conditions impede users’ ability to mobilize, form communities, and campaign, particularly on political and social issues? 3.003 6.006

Some Emiratis push back against government repression through online activism, but the repressive legal and regulatory environment limits their effectiveness. In the past, families of political prisoners frequently relied on Twitter to speak on behalf of detainees, document allegations of torture, and call for their release. However, the practice has become less frequent in recent years due to escalating arrests and prosecutions. With widespread arrests, intimidation, surveillance, and retaliation that users face for speaking out online, most voices critical of the regime today are based abroad.

Online mobilization around certain political or social issues is hamstrung by the government. In December 2022, authorities arrested and planned to deport Sherif Osman, an Egyptian-American activist who was residing in the UAE, after he called for protests on his YouTube channel during the COP27 climate conference in Egypt (see C3).1 In May 2022, the Pakistani embassy warned Pakistanis in the UAE against protesting or organizing “processions or protests,” including on social media, a month after former Pakistani prime minister Imran Khan was removed from office.2

While offline assembly is heavily restricted and strikes are illegal in the UAE, rare demonstrations were held in May 2022 when food delivery workers staged a strike to protest wage cuts and poor working conditions. Hundreds of drivers from the food delivery company Deliveroo organized the strike on Telegram and WhatsApp, seemingly without disruption from the authorities.3

In response to the 2017 blocking of Skype in the UAE, a user initiated an online petition to unblock it, which received thousands of signatures. The TDRA responded by blocking Change.org, the platform on which the petition was posted.4 Laws prohibit calling for, promoting, and collecting donations online without obtaining prior permission and licensing from authorities.5

C Violations of User Rights

C1 1.00-6.00 pts0-6 pts
Do the constitution or other laws fail to protect rights such as freedom of expression, access to information, and press freedom, including on the internet, and are they enforced by a judiciary that lacks independence? 0.000 6.006

Article 30 of the constitution states that freedom of opinion “shall be guaranteed within the limits of law.” However, many laws can effectively limit free speech online, and these rights are not respected in practice.1 Under a 1980 law, authorities can “censor local or foreign publications if they criticize domestic policies, the economy, the ruling families, religion, or the UAE’s relations with its allies.”2

The judiciary enjoys no independence in the UAE and is significantly influenced by the executive.3 Judicial bodies, judges, and lawyers have no public profiles and are especially not able to criticize the state. The only lawyer to represent political detainees, Mohammed al-Roken, continues to serve a prison sentence for his work.4 Smear campaigns against dissidents go without investigation. Online journalists and bloggers are not allowed anonymity and are required to register for permits, as per the social media law. With the cybercrime law and the hate crimes law, the regime has stifled freedom of expression in the country.

C2 1.00-4.00 pts0-4 pts
Are there laws that assign criminal penalties or civil liability for online activities, particularly those that are protected under international human rights standards? 0.000 4.004

There are several laws that assign criminal penalties for online activities. Since a series of regional mass uprisings in 2011, the UAE has followed countries of the Gulf Cooperation Council (GCC) in passing legislation to criminalize criticism of authorities online.1

The cybercrime law criminalizes a wide range of legitimate online activities. Hefty fines and jail sentences can be handed down for gambling online, disseminating pornographic material, or sharing content that is perceived to violate another person’s privacy.2 The cybercrime law also criminalizes offending the state, its rulers, or symbols and insulting religion. Calls to change the system of government are punishable by life imprisonment. Authorities have repeatedly warned foreign nationals that they must also follow the country’s restrictive laws.3 In 2017, the government expanded the cybercrime law to criminalize “sympathy for Qatar,” which can be punished with a 15-year prison sentence and a fine.4

In August 2018, the president amended three articles in the cybercrime law. Changes to Article 26 provide for 10 to 25 years’ imprisonment and a fine between 2 million ($544,000) and 4 million dirhams ($1.1 million) for enabling communication between terrorist groups or any other “unauthorized group.” They also prescribe up to five years in prison and a fine between 500,000 ($136,100) and 1 million dirhams ($272,000) for inciting hatred. The other two amendments are related to incitement, endangering national security and state interests (Article 28), and deporting foreigners (Article 42).5

In January 2019, an official from the Interior Ministry listed 10 types of social media activities considered illegal under the cybercrime law including: defaming or disrespecting others, spreading false news and rumors, establishing websites or accounts that violate local regulations, and inciting immoral acts.6

In January 2022, significant amendments to the 2012 cybercrime law took effect; the amended law penalizes those who share information via social media that is deemed false. Those who do face a minimum fine of 200,000 dirhams ($54,458) and a one-year prison term.7 The law was also expanded to include cybercrimes that are “prepared, planned, directed, supervised, or financed in the UAE, or otherwise considered to undermine the interests of the UAE or its citizens and residents.”8

In October 2020, the Federal Public Prosecution updated Federal Law No. 5 (2020) to combat cybercrimes, including by further penalizing online activities; specifically, citizens can face imprisonment and fines of up to 500,000 dirhams ($136,100) if they carry out “cybercrimes” or make “defamatory comments” online.9

Broadly worded provisions of a 2015 hate speech law criminalize insults to religion and open individuals up to criminal charges for expressing nonviolent opinions on religion. Penalties under the law range from prison terms between six months and 10 years and fines between 50,000 ($13,610) and 2 million dirhams ($544,000).10 Furthermore, while the law bans discrimination on the basis of “religion, caste, doctrine, race, color, or ethnic origin,” it does not protect those persecuted on the basis of gender or sexuality.11 The law specifically covers online and offline speech.

C3 1.00-6.00 pts0-6 pts
Are individuals penalized for online activities, particularly those that are protected under international human rights standards? 2.002 6.006

The government routinely jails individuals for posting political, social, or religious opinions online, and long prison sentences have been handed out on such charges in recent years.

Internet users have been arrested for online activism. In December 2022, authorities in Dubai detained Sherif Osman, an Egyptian-American activist who called for protests on his YouTube channel during the COP27 climate conference in Egypt (see B8). UAE officials informed Osman’s lawyers that his arrest was in response to a request by the Egyptian government.1

Online users face prison sentences for posting social media content that violates provisions in the cybercrime law (see C2). In October 2022, authorities arrested Dunchi Lar, a Nigerian citizen, after she tweeted a video of a UAE airport official. She was convicted for recording and circulating a video without the consent of the subject and was sentenced to a year in prison.2

In July 2022, authorities arrested seven people for circulating a video on social media that showed a group of men engaged in vandalism and fighting. Subsequently, the Dubai police issued a statement reminding the public of the prohibition on circulating videos of crime scenes and accidents online. Under the UAE’s cybercrime law, violators face at least one year in prison and a fine of up to $27,225 for these crimes.3 Also in July, a man was arrested by Sharjah police for posting footage from a security camera that showed details of a stabbing.4 In August 2022, authorities arrested five people who were subsequently jailed for one month for publishing a video that showed Dubai police arresting a group of women who were suspected to be sex workers.5

In October 2020, a court sentenced Ahmed Etoum, a Jordanian citizen living in the UAE, to 10 years in prison based on his Facebook posts criticizing the Jordanian royal family and government. The court convicted Etoum of using Facebook to commit “acts against a foreign state” that could “damage political relations” with that state and “endanger national security” inside the UAE.6 Etoum remains in prison as of March 2023.

Several prominent activists who were jailed in recent years for their online activity remain in prison. In December 2018, a court rejected activist Ahmed Mansour’s final appeal of a 10-year prison sentence and 1-million-dirham ($272,200) fine. Reports also suggested that he would be subject to three years of surveillance after his release.7 Mansour was sentenced in May 2018 on cybercrime charges following a series of closed proceedings8 and has been in detention since his 2017 arrest for “spreading sectarianism and hatred on social media,”9 after calling on Twitter for the release of human rights activist Osama al-Najjar.10

Nasser bin Ghaith, a human rights activist and former lecturer at the Abu Dhabi branch of the Paris-Sorbonne University, was sentenced to 10 years in prison in 2017 after being convicted on a range of charges primarily related to his nonviolent speech published online.11 He remains in prison as of March 2023.

Even after serving their sentences, many prisoners of conscience remain detained in “counselling centers.”12 For example, in 2017 Osama al-Najjar was detained in a counselling center despite having served a three-year sentence. Al-Najjar was originally imprisoned for alleging via Twitter that his father, who was imprisoned during the UAE 94 trial—in which 94 democracy activists were tried on trumped-up coup charges in 2013—was tortured by security forces.13 After his initial arrest in 2014, al-Najjar was found guilty of belonging to the banned political group al-Islah, spreading lies, and instigating hatred against the state through Twitter.14 He was finally released in 2019.15

C4 1.00-4.00 pts0-4 pts
Does the government place restrictions on anonymous communication or encryption? 1.001 4.004

Several laws limit anonymous communication online.

Amendments to the cybercrime law passed in 2016 state that hiding one’s identity “by using a false [internet protocol (IP)] address or a third-party address by any other means for the purpose of committing a crime or preventing its discovery” can result in a fine of between 500,000 ($136,100) and 2 million dirhams ($544,000), as well as prison time.1 The clause may refer to VPNs used to circumvent censorship, which help disguise the user’s location.2 The TDRA clarified that “companies, banks, and institutions are not prohibited from using VPNs,” adding that “the law can be breached only when internet protocols are manipulated to commit crime or fraud.”3 Also in 2016, authorities blocked the encrypted messaging app Signal, which reportedly remains inaccessible.4

In February 2021, Digital 14—a UAE-based cybersecurity firm chaired by Tahnoon bin Zayed al-Nahyan, the UAE’s national security advisor—announced the launch of KATIM, a mobile phone and messaging application with end-to-end encryption. KATIM was made available to businesses and government entities operating in the UAE.5 Tahnoon has been linked to the controversial ToTok app, which was removed from the Apple and Google app stores due to privacy concerns (see C5).6

In 2014, the Interior Ministry announced plans to link identification cards with internet and mobile service in order “to crack down on child abusers.”7 In order to retain service, mobile phone users were required to reregister personal information as part of the 2012 TRA campaign, “My Number, My Identity.”8

C5 1.00-6.00 pts0-6 pts
Does state surveillance of internet activities infringe on users’ right to privacy? 0.000 6.006

State surveillance is widespread and infringes on users’ right to privacy. The country is home to some of the most sophisticated surveillance technology, and authorities can monitor civilians’ activity both online and offline.1 The UAE is becoming one of the world's biggest spenders on artificial intelligence, which raises concerns about the misuse of the technology.2 The state’s ownership of and control over telecommunications companies have enabled authorities to closely monitor internet and social media sites.3 Whether there is any meaningful legal oversight of government surveillance operations is unclear.

The UAE government is a known client of the NSO Group, an Israeli company, and has used spyware technologies such as remote zero-click surveillance, a technique that could compromise a mobile device without any action by the target, to target anti-regime activists, journalists, foreign government officials, and royal family members.4 Leaked documents showed that the UAE government has been using Pegasus spyware since at least 2017, and a July 2021 investigation published by the Guardian further confirmed that the UAE had purchased Pegasus.5

In December 2021, the Washington Post reported that a UAE agency used Pegasus to infect the phone of Jamal Khashoggi’s wife months before his 2018 murder. In July 2021, Amnesty International reported that Princess Latifa was targeted with Pegasus,6 and the High Court of England and Wales found evidence that Sheikh Mohammed used the spyware to hack six phones belonging to Princess Haya bint al-Hussein, her lawyers, and her security team.7 The NSO Group subsequently terminated its contract with the UAE for misusing the "wiretap" function, which is only intended to harvest data from “major criminals or terrorists.”8

In June 2021, Alaa al-Siddiq, the executive director of ALQST, a UK-based human rights group focused on the UAE, died in a car collision in the United Kingdom. Alaa was the daughter of prominent activist Muhammed al-Siddiq, who has been detained by the UAE authorities since 2013. While there was no evidence of foul play related to her death, Citizen Lab found that al-Siddiq had been targeted by “a government client” of NSO Group, likely the UAE.9

An April 2023 report from the Canada-based cybersecurity watchdog Citizen Lab found that QuaDream spyware servers were located in, and operated out of, the UAE. Like NSO Group, QuaDream is an Israeli company that creates and sells “advanced digital offensive technology” to governments.10

In December 2021, Saudi activist Loujain al-Hathloul sued DarkMatter Group and three of its former executives for hacking her mobile phone before her 2018 arrest. Al-Hathloul claimed that her phone was hacked as part of a surveillance operation targeting dissidents in Saudi Arabia and the UAE, leading “to her arbitrary arrest by UAE's security services and extradition to Saudi Arabia, where she was detained, imprisoned, and tortured.”11

A Reuters investigation published in January 2019 revealed that a group of former US intelligence agents participated in Project Raven, a hacking project managed by UAE-based DarkMatter beginning in 201612 that was used for systematic surveillance. A tool used between 2016 to 2017 enabled DarkMatter to hack into targets’ iPhones and access their contents. In August 2018, Google said that its Chrome and Android browsers would mark all DarkMatter-certified websites as unsafe.13 About 80 percent of DarkMatter’s customers are UAE government agencies, including the Dubai police.14

In December 2019, the New York Times reported that the VoIP app ToTok gave Emirati spies access to users’ conversations, movements, and other personal data; ToTok was removed from both the Apple and Google app stores soon after. ToTok’s publisher, Breej Holding Ltd, is affiliated with DarkMatter, which was allegedly under investigation by the US Federal Bureau of Investigation when the New York Times reported on the app.15 In a January 2020 report, Citizen Lab found that three companies connected to ToTok are directly linked to UAE National Security Advisor Tahnoon bin Zayed al-Nahyan (see C4).16

In February 2021, the New York Times reported on the existence of a UAE-established “electronic spy network,” which included former US National Security Agency members. The network spied on Qatar with the aim of proving that Doha was financing terrorist groups through the Muslim Brotherhood.17 According to the New York Times, the UAE offered generous compensation to the network’s members.

The UAE also bought Karma, a hacking platform, from an unnamed vendor.18 The project operatives were ordered to monitor social media platforms and target individuals who, according to security forces, had insulted the government.19

C6 1.00-6.00 pts0-6 pts
Does monitoring and collection of user data by service providers and other technology companies infringe on users’ right to privacy? 0.000 6.006

ISPs and mobile service providers are not transparent about the procedures authorities use to access users’ information.

Service providers reportedly monitor content on behalf of the police and security forces. Etisalat is required, through its license, to store call logs and possess equipment that allows the TDRA to access data for “reasons of public interest, safety, and national security.”1 Metadata and call information from the VoIP services offered by Etisalat and Du can be obtained by the government.2

In December 2021, the UAE issued its first data protection law, Federal Decree Law No. 45 (2021) on the Protection of Personal Data. It was introduced alongside Federal Decree Law No. 44 (2021) on Establishing the UAE Data Office. The data protection law came into effect in January 2022 and aims to follow global data protection measures relating to users’ privacy rights while imposing obligations on those who collect, process, review, and transfer such data.3 Those who illegally collect and misuse data can be fined as much as 500,000 dirhams ($136,000).4 However, several exceptions and exemptions leave room for abuse. Specifically, the law does not apply to government data or government entities that control or process personal data, meaning a significant amount of personal data “will not be subject to privacy compliance.” Additionally, there is no timeline for controllers to respond to data requests laid out in the law.5 In May 2023, a new round of consultations on amendments to the law was opened.6

Amendments to the data protection law have broadened the focus to include media, banking, healthcare, and scientific institutions. Penalties for hacking these sectors’ systems include fines ranging from 500,000 dirhams ($136,147) to 3 million dirhams ($816,882), as well as imprisonment. The crime for unlawfully accessing or tampering with government data can result in prison sentences of no less than 10 years and fines of up to 5 million dirhams ($1,361,470). The new law criminalizes the collection, storage, and processing of personal data of UAE nationals or residents. The unlawful disclosure of personal data could lead to a six-month prison sentence and a fine ranging between 20,000 dirhams ($5,445) and 100,000 dirhams ($27,229).7

Though the UAE has joined a wave of countries enacting data protection policies, the government’s history of surveilling citizens and targeting dissidents raises questions about the legitimacy of the new data protection law. For example, the newly adopted IoT regulatory framework has serious privacy implications. The framework requires entities that offer IoT services, regardless of where they are headquartered, to register with the UAE government. The IoT regulatory policy paper maintains the government’s right to process “data within the purview of the legislative powers provided to them.” Further, any “secretive, sensitive and confidential” data for individuals and businesses would be stored within the UAE; no definition of secretive, sensitive, or confidential data is provided.8

Authorities at times request user data from international technology companies. Between July and December 2022, Meta recorded 33 government requests for user data. Meta complied with 51.5 percent of the requests.9 Between January and June 2022, Google received 14 emergency data disclosure requests and responded to 57 percent of them. One request was made to Twitter in 2021.10

C7 1.00-5.00 pts0-5 pts
Are individuals subject to extralegal intimidation or physical violence by state authorities or any other actor in relation to their online activities? 2.002 5.005

Some online activists face harassment and intimidation in retaliation for their activities.

Reports of mistreatment and torture while in detention are not uncommon.1 Matthew Hedges, a British student who was arrested in 2018 on charges of spying, accused the UAE of leaking a 19-page dossier that included his personal and medical information, as well as of releasing footage of him in solitary confinement during his six-month prison sentence. The dossier claims that Hedges was treated with “respect and dignity”; however, Hedges alleges that during his time in prison he was put in a windowless cell, force-fed medications, deprived of sleep, and repeatedly interrogated.2

Nasser bin Ghaith, who was sentenced to 10 years in prison in 2017, in part for his Twitter posts critical of the Egyptian government, reported that he was detained in poor conditions and subject to torture while on trial, including extended periods in solitary confinement.3 He has gone on several hunger strikes since 2017 and has been denied access to medical care.4

Activist Ahmed Mansour, who was detained in 2017 in connection with his social media activity and later sentenced to 10 years’ imprisonment in May 2018, began a hunger strike in March 2019 to bring attention to his case and to substandard detention conditions, including torture.5 He had been harassed for years by the government prior to his imprisonment: Authorities froze his bank accounts, put him under a travel ban, denied him a passport, and attempted to hack into his email accounts. When arresting him, security forces searched Mansour’s house and confiscated all electronic devices belonging to him and his family members.6 During the coverage period, Human Rights Watch (HRW) reported that Mansour was further mistreated in prison after a letter he wrote detailing abuses in detention was published in July 2021.7

Female activists have been harassed online by government officials in an attempt to silence them. In December 2020, Ghada Ouiess, a high-profile Lebanese journalist, filed a lawsuit against then Crown Prince Mohammed bin Zayed al-Nahyan alleging that he, among other defendants, shared photos of her online in retaliation for her reporting on the Saudi regime. Other activists who have allegedly been targeted by the UAE include the late Alaa al-Siddiq and prominent Saudi women’s rights activist Lina al-Hathloul.8

Political dissidents and their families are frequently harassed and intimidated on Twitter. In December 2019, HRW reported that dissidents and their family members are targeted and surveilled, constantly summoned by the authorities and interrogated for their opinions, intimidated, and asked to spy on their communities.9

C8 1.00-3.00 pts0-3 pts
Are websites, governmental and private entities, service providers, or individual users subject to widespread hacking and other forms of cyberattack? 2.002 3.003

Government entities have been subject to cyberattacks in recent years. Attacks on individuals are less frequent but have also been reported in the past.

In May 2023, Mohamed al-Kuwaiti, the head of the government’s cybersecurity agency, said that the UAE Cyber Security Council deters more than 50,000 cyberattacks per day, many of which target strategic national sectors.1 A report published by Group-IB estimated that in the second half of 2021 and the first half of 2022, more than a dozen companies in the UAE were subject to cyberattacks and ransomware attacks.2

During the coverage period, at least two hacking groups based abroad claimed to have hacked Emirati governmental websites. In May 2023, a hacktivist group called “Mysterious Team Bangladesh” claimed to have used a series of distributed denial-of-service (DDoS) attacks against several government service websites.3 Also in May, “Anonymous Sudan” claimed to have conducted DDoS attacks on the Emirates National Oil Company.4

Activists have faced repeated technical attacks designed to deceive them into downloading spyware. In May 2019, reports emerged that NSO Group, whose spyware enabled various countries to surveil journalists and activists, exploited a security flaw in WhatsApp to hack into targets’ mobile devices. The flaw may have been used to hack the UAE’s targets (see C5).5

In January 2019, Reuters reported on the involvement of former US intelligence analysts in Project Raven, which had been moved under DarkMatter’s management (see C5). These hackers use state-of-the-art technology to hack into phones and spy on enemies of the state, including journalists, activists, and political rivals.6

On United Arab Emirates

See all data, scores & information on this country or territory.

See More
  • Global Freedom Score

    18 100 not free
  • Internet Freedom Score

    30 100 not free
  • Freedom in the World Status

    Not Free
  • Networks Restricted

    No
  • Websites Blocked

    Yes
  • Pro-government Commentators

    Yes
  • Users Arrested

    Yes