Technology, Media & Telecoms Newsletter – Issue 7 (21 August 2025)

We are delighted to present the seventh edition of our TMT Digest, focusing on legal developments and updates in the TMT field within our region. 

This digest aims to provide a comprehensive overview of recent case law and advancements, fostering knowledge sharing among our regional TMT team. By staying informed, our practitioners will be better equipped to navigate the regulatory frameworks governing the Middle East TMT sector. 

We hope you find this edition to be informative and beneficial. As always, we encourage you to share your thoughts, feedback, and any notable developments that may contribute to our collective knowledge.

United Arab Emirates 

UAE approves first music rights collecting society

On 25 May 2025, the Ministry of Economy and Tourism (MoET) granted the Emirates Music Rights Association (EMRA) a collective music management license, making it the country’s first official music right collecting society. EMRA will manage the collection and distribution of royalties for composers, authors and music publishers for public performance and broadcasting of music within the UAE. Establishments using background or incidental music must now obtain the appropriate licenses from EMRA and ensure compliance with new reporting and payment obligations. The initiative aims to support the protection of music rights and foster a more transparent and structured royalty system across the UAE.

The statutory licensing and rights enforcement authority granted to the EMRA was recently also granted to Music Nation on 2 June 2025. The MoET plans to initially conduct workshops educating the public on the functions of the EMRA. It is expected that penalties for non-compliance will be issued later in the year.

Telecom regulator launches consultations on satellite reseller services

The country’s telecommunications regulator, the Telecommunications and Digital Government Regulatory Authority (TDRA), has opened a public consultation to gather feedback on a new “category B” license scheme. This new license would allow more businesses to sell satellite internet devices and services, a significant change from the current system where only a few providers are authorized to do so.

The proposed changes aim to create clear guidelines for these new resellers while still allowing the TDRA to oversee the telecommunications market. The consultation period is open until September 25, 2025. This initiative follows a previous approval for maritime satellite internet services, which were authorized for a 10-year period beginning in 2024.

New Permit System for Social Media Advertising

The UAE Media Council has introduced a new rule that requires all social media users who share promotional content to obtain a mandatory advertising permit. This regulation applies to both paid and unpaid advertisements. The new rule requires individuals to display a license number on their social media accounts before publishing any advertisements. The permit is free for the first three years, but account holders must manage their own advertising content and are prohibited from letting third parties publish ads through their accounts. The regulation also outlines exemptions, including individuals promoting their own products, business owners advertising their own companies on personal accounts, and minors involved in educational, athletic, cultural, or awareness activities.

UAE Court of Cassation reinforces the line between defamation and lawful online consumer criticism

The court overturned a criminal conviction against an individual prosecuted under the Cybercrime Law for posting negative reviews about a real estate developer online. The individual had published comments via electronic means describing the company as “the worst developers,” citing construction issues such as pool leakage. Lower courts interpreted these remarks as criminal defamation, leading to a conviction, monetary fine, confiscation of the device, deletion of posts, and a temporary ban from internet use.

• The comments constituted legitimate consumer criticism, not personal insults.
• The platform used was open to public review, and the tone—though critical—did not amount to a criminal offense under Article 43 of Federal Decree-Law No. 34 of 2021.
• The lower courts had mischaracterized the nature of the language used and failed to differentiate between protected opinion and unlawful speech.

The Court ruled in favor of the appellant, reversing the prior convictions, and declaring him not guilty. This ruling marks an important clarification in the application of UAE cybercrime provisions, especially in distinguishing consumer feedback from punishable online defamation.

Dubai Court of Cassation Judgment No. (316) of 2025

A dispute arose after a distributor of “Clear Water” alleged that the manufacturer unlawfully terminated the distribution agreement and breached its terms by appointing another distributor and undercutting prices, resulting in significant financial and reputational harm. Despite the distributor citing pandemic-related disruptions, the court upheld the termination and ruled against the distributor. The Dubai Court of Cassation’s recent ruling offers critical clarification on when force majeure or exceptional circumstances — like COVID-19 — can be relied on to excuse contractual non-performance.

Key Points from the Judgment:

• Lawful Termination – The manufacturer acted within the contract terms by terminating after the distributor failed to meet sales targets and performance obligations.
• Burden of Proof – The court emphasized that the party invoking force majeure must prove that the event was unforeseeable, unavoidable, and the direct cause of the breach. General references to COVID-19 or economic hardship are not sufficient.
• Contractual Certainty – The ruling reinforces the need for clear contract drafting and strict adherence to agreed terms.
• Business Continuity – Companies must ensure they have robust documentation and mitigation strategies to support any claim of disruption.

This decision strengthens the principle of contractual certainty in the UAE and reminds businesses to:

• Draft force majeure and termination clauses with precision.
• Maintain detailed evidence of how extraordinary events impact performance.
• Meet contractual obligations unless objectively prevented by a qualifying event.

Kingdom of Saudi Arabia

SDAIA has released draft amendments to the Implementing Regulations of the Personal Data Protection Law

These proposed changes touch on key areas such as definitions, consent for marketing, data subject rights, PDPO responsibilities, and more. Companies are encouraged to review and assess how these revisions may impact their data handling and compliance strategies.

SDAIA has issued a draft of the Controls Governing Commercial, Professional, and Non-Profit Activities Related to Personal Data Protection via the Istitilaa portal for public feedback

The draft offers a detailed framework for entities involved in commercial, professional, or non-profit activities related to personal data. It sets out key definitions, registration requirements, operational obligations, and compliance expectations to ensure alignment with the Kingdom’s Personal Data Protection Law and its Implementing Regulations.

The Communication, Space & Technology Commission has issued a new draft law on artificial intelligence, aimed at positioning KSA as a hub for the development of AI systems

The Draft Law seeks to foster a collaborative environment where foreign governments and private entities can develop and adopt advanced technologies for peaceful purposes. Additionally, the Draft Law leverages KSA’s strategic geographic location to promote sustainable technology solutions, enhance global digital accessibility, and drive innovation, entrepreneurship, and research within the digital economy.

Qatar

Qatar Enhances Digital Privacy Protections with Cybercrime Law Amendment

Qatar has recently amended its Anti-Cybercrime Law (Law No. 14 of 2014) through Law No. (11) of 2025, published in Official Gazette No. 20 of 2025.

The amendment introduces Article 8 (bis), which provides that any person who, in a public place, publishes or circulates photographs or videos of individuals without their knowledge or consent, or in circumstances not authorised by law, through online platforms or other digital technologies, will be subject to the following penalties:

• Imprisonment for up to one year
• A fine of up to QAR 100,000

This amendment reflects Qatar’s effort to enhance privacy protection and regulate the use of digital technologies in public spaces.

Position Paper on the Internet of Things (IoT) and Machine-to-Machine (M2M)

The Communications Regulatory Authority (CRA) has released a Position Paper on the Internet of Things (IoT) and Machine-to-Machine (M2M) technologies. By issuing such position paper, the CRA has shown its intention to develop a comprehensive regulatory framework in relation to IOT and M2M.

Regulation to Protect Postal Services Consumers in Qatar

The CRA has issued the Consumer Protection Policy for the Postal Sector and the Regulation for Postal Consumer Protection. The Consumer Protection Policy outlines the guiding principles for consumer protection in postal services, ensuring that consumers receive clear, accurate, and accessible information about the services offered. It establishes a robust foundation for consumer rights, ensuring that postal services are fit for purpose and that Service Providers adhere to fair and transparent practices. The Regulation for Postal Consumer Protection establishes a detailed framework of rules and obligations for postal Service Providers.

Qatar Central Bank has issued Data Handling and Protection regulations

The Regulations apply to entities licensed by the Qatar Central Bank and introduce additional obligations concerning data storage. Specifically, sensitive personal information, sensitive financial information, and personal data must be stored within Qatar, unless explicit approval is obtained from the QCB to store it elsewhere. The regulations are intended to set out clear requirements for the collection, processing, storage, and transmission of data, ensuring alignment with international best practices and regulatory compliance.

National Incident Management Framework

National Cyber Security Agency has issued National Incident Management Framework that addresses the management of cybersecurity incidents of national significance and applies to all entities within Qatar. The said framework provides guidance on how to manage and respond to incident with national significance. National Significance is defined as an “Event with a negative impact on the information assets of the State of Qatar (including industrial control systems and other operational technology) and/or the infrastructure enabling them.”

Bahrain

The Personal Data Protection Authority has announced the commencement of applications for the appointment of Data Protection Guardians process for high-risk sectors

The Personal Data Protection Authority has announced the commencement of applications for the appointment of Data Protection Guardians (DPGs) in private sector entities classified as high-risk regarding personal data processing. High-risk sectors identified include finance, business, banking, education, health, and telecommunications. Entities in these sectors are now required to appoint a DPG whose primary responsibilities are to monitor and ensure compliance with the Personal Data Protection Law (Law 30 of 2018) and its implementing decisions. The DPG will also assist data controllers, coordinate with the Authority, and maintain records of data processing activities that must be reported to the Authority.

The Authority, in collaboration with the Judicial and Legal Studies Institute (JLSI) and the Bahrain Institute of Banking and Finance (BIBF), will launch a training program for DPGs, which is a mandatory requirement for fulfilling their duties under the law. A dedicated register for accredited DPGs has been established, and only those meeting the conditions specified in Order (46) of 2022 on Data Protection Guardians will be recognised.