Transform your business dream into reality with Charles & Darwish Associates. Optimize your Dubai business setup effortlessly in the Free Zone, Mainland, and Offshore ensuring flexibility and growth opportunities. Leverage Dubai's growth with our tailored business setup solutions.
Get Free ConsultationThe Dubai International Financial Centre (DIFC) has developed new data protection laws affecting AI businesses incorporating free-standing as well as partially self-governing technologies. These rules came into force on the 1st of September, 2023, and are contained in the DIFC’s Data Protection Law No. 5 of 2020. Regulation 10 provides a clear operational framework for companies that process personal data with the help of AI systems. These regulations have to be followed to ensure data is private and to prevent penalties. Here is some guidance for AI companies that may wish to avoid falling foul of the DIFC regime.
The Autonomous and semi-autonomous systems are dealt with under Regulation 10 of the DIFC Data Protection Law. Such AI apps are being developed that not only work with a minimal level of human control but are also hard to stop once activated, some of them include predictive analytic and machine learning apps. This regulation applies to any AI companies within the DIFC that carry out the processing of any personal data regardless of the role.
The DIFC then defines the “deployers” and “operators” to bolster the outlined roles and responsibilities. A deployer is a company or an individual who decides to launch or use an AI system with or without receiving any remuneration. In most cases, the operator is the technical service provider who puts the system on behalf of the deployer. It is important to comprehend these definitions because compliance obligations differ with the position.
The specific legislation that governs the use of artificial intelligence in the DIFC is rather focused on the ethical aspects of designing the AI. AI systems cannot be prejudiced, discriminating, or opaque. For this purpose, the following steps should be followed:
The following are the guidelines for constructing a compliant AI system, they enable the organization to maintain the trust of the data subjects and dodge ethical or legal complications.
Under Regulation 10, companies must inform data subjects on how artificial intelligence systems process their data. The notice should include the following information:
Business entities ought to conduct a critical analysis of the various privacy notices that they make to their clients, the media as well as the public as a way of avoiding any mishaps of making wrong information open to the public. For example, if personal data is processed to schedule something, that must be mentioned in the notice along with other details on the restrictions in using the provided data.
Currently, deployers and operators have to maintain a register of the AI’s data processing activities. This document should include:
Transparency requires this register needed for achieve the aim. It also satisfies the client’s compliance record, which is important for audits and inspections carried out by the DIFC Commissioner.
In detailed, critical, or high-risk processing, DIFC requires organizations to appoint an Autonomous Systems Officer, ASO. The ASO’s responsibilities are similar to those of a Data Protection Officer (DPO) and include:
If your AI system is participating in high-risk activities then the option would be to minimize compliance risks by having an ASO, who will help the organization follow Regulation 10.
The outcomes of the AI processing are capable of being challenged by the data subjects. Such complaints should be dealt with decisively and this should be put into practice in any company. In case of a request by a data subject, the companies should be ready to explain how the AI system processes data as well as make decisions.
The use of a customer complaint management process shows that the organization is serious about such issues and such documentation can be helpful to avoid regulatory actions.
According to Regulation 10, companies have to preserve records that demonstrate AI satisfaction with the DIFC requirements. This comprises audit trail, data handling, and certification. It is important to have such documentation well prepared in case of an audit of the company by the DIFC Commissioner or during any investigation.
It may be summed up to say that both the application of AI technology and the data protection laws are dynamic. There is a need for organizations to make some common policies when it comes to data processing and this should be done periodically. Unfortunately, it did not, so that there would be a continuing compliance with further requirements under DIFC codes whenever they are issued.
Click here to know more about ai business opportunities in UAE
Compliance with the regulations of DIFC is an ongoing process. Therefore, by following Regulation 10 AI companies can prevent personal data leakage and ensure users’ trust creating AI that meets the principles of DIFC’s vision and being ethical and innovative. These are ethical design, transparent notices, appropriate documentation, and independent audits. Such practices will help organizations manage relationships with the DIFC legal system while upholding positive AI processes.
In an increasingly digital environment, DIFC rules are useful in moderating drastic liberalization while still preserving the integrity of AI as a business.
CDA with its well-equipped team has been providing multiple services to the clients inclusive of business set up services, PRO services in Dubai, consultancy services, HR services etc as per the requirements. The businesses planning to set up their establishments in UAE can get the professional assistance from the experts at CDA whereby simplifying the procedures and getting ahead of the competitors. The experts can assist you in getting the licenses from the authorities without any complications and selecting the appropriate locations for the business.
To know more about the varied services of our team connect with us today