UAE Child Digital Safety Law: Why TikTok, Twitch, Snapchat and other global apps now face strict new rules

Dubai: The UAE has rolled out one of the region’s most comprehensive online child protection frameworks, placing far-reaching obligations on digital platforms, including global apps such as TikTok, Twitch and international gaming (ex: Roblox), streaming and e-commerce services used daily by children and teenagers.

The new Child Digital Safety Law (CDS Law) significantly tightens rules around harmful content, excessive engagement and the collection of children’s personal data.

Crucially, it applies not only to locally based companies but also to foreign platforms that target users in the UAE, even if they have no physical presence in the country.

Marina El Hachem, TMT Associate at BSA LAW, said the CDS Law applies broadly to any digital platform or internet service provider operating in the UAE or directing services at users in the country.

“The scope of the CDS Law applies to any digital platform or ISP ‘operating within the State or targeting users in the State,’ meaning that foreign services directing content or services at UAE users are subject to the law regardless of having a physical presence in the country,” she said.

This means internationally popular platforms, including social media apps such as TikTok, Snapchat, Instagram, live-streaming platforms like Twitch, global messaging services, online games, video platforms (Netflix, Disney Plus and more) and e-commerce websites are all covered if they are accessible to children in the UAE.

The law goes beyond content moderation and directly addresses how platforms handle children’s data. For users under the age of 13, platforms are prohibited from collecting or using personal data without explicit, documented and verifiable parental consent.

Federal Decree-Law No. 26 of 2025 on Child Digital Safety came into force on January 1, 2026. Foreign online platforms that target users in the UAE have a one-year grace period to update their systems and policies to comply with the law before enforcement measures apply.

The CDS Law significantly raises compliance expectations for both local and global service providers. El Hachem said platforms must introduce safeguards that are specifically designed to protect children, rather than relying on generic safety settings.

“In practice, platforms must implement risk-appropriate age-verification mechanisms and a suite of enhanced child protection measures,” she explained.

These include default high-privacy settings for child accounts, tools to enforce minimum age requirements, content filtering and age classification systems, restrictions on targeted advertising, and features designed to limit excessive screen time and engagement.

Platforms must also provide clear reporting channels for harmful content, actively detect and remove violations, and submit periodic reports to the relevant authorities. This includes cooperation with federal and local entities responsible for cybersecurity, digital media regulation and protecting the online environment.

"Companies are also required to update their privacy policies to include clearly written, child-specific sections that explain how children’s data is collected, used and protected," she added.

Failure to comply with the CDS Law could have serious consequences for digital services operating in the UAE.

“Non-compliance exposes them to administrative measures, including partial or full blocking, closure, and penalties under the forthcoming Administrative Penalties Regulation,” El Hachem said.

This effectively puts pressure on global platforms to align their systems with UAE child safety standards or risk disruption to their services in the country.

Kenan Abu Ltaif, Regional Lead for the Middle East and Turkey at Proofpoint, explained that children are particularly vulnerable on popular social media, gaming and streaming platforms because of how they share information online.

Children often disclose personal data gradually, without fully realising the risks.

“This includes names, photos, voice notes, school details, location data, and login credentials reused across multiple platforms,” he said.

In addition, platforms such as social networks, live-streaming services and online games collect large volumes of behavioural data, including browsing habits, likes, comments, gaming activity and interactions.

According to Abu Ltaif, the real threat comes from how this data accumulates over time.

“These digital breadcrumbs can be combined to build detailed profiles, which can be exploited for impersonation, targeted manipulation, or account compromise,” he said.

Once shared, this information is difficult to fully remove, increasing long-term exposure and reinforcing why stricter platform safeguards are needed.