UAE’s new Child Digital Safety Law now makes parents legally responsible for children’s online activity

Dubai: Parents and caregivers in the UAE now have a legal obligation to actively monitor and manage their children’s digital activity, following the introduction of the country’s new Child Digital Safety Law (CDS Law).

The legislation significantly tightens controls around harmful online content, excessive digital engagement and the collection and use of children’s personal data. Crucially, it reshapes digital safety from a matter of guidance into one of legal responsibility, placing explicit duties on parents, platforms and service providers alike.

The CDS Law does not only apply to companies based in the UAE. It also extends to foreign digital platforms that target users in the country, even if they have no physical presence locally.

This means social media platforms, gaming services, apps and websites used by children in the UAE must comply with the law’s requirements, regardless of where they are headquartered.

Enforcement measures include age verification systems, content filtering, parental controls and strict limits on advertising aimed at minors.

Most significantly, the CDS Law applies to anyone responsible for the care of a child, including parents and guardians, formally redefining their obligations when it comes to online safety.

“Caregivers are expressly obligated in the law to monitor children’s digital activities, use parental control tools, avoid creating or permitting accounts that are not age-appropriate or fail to implement enhanced protections, and refrain from exposing children online in ways that threaten privacy, dignity, or well-being,” said Marina El Hachem, TMT Associate at BSA LAW.

“They must also comply with privacy requirements and report harmful or pornographic content immediately to the authorities,” she added.

According to El Hachem, the CDS Law marks a clear shift in how parental responsibility is treated.
“The law redefines parental responsibility as a legal obligation,” she explained.

The law also gives parents greater control over how platforms collect and use children’s personal data, particularly for younger users.

“For children under 13, platforms cannot collect or use personal data without explicit, documented and verifiable parental consent,” El Hachem said. “They must also provide an easy consent withdrawal mechanism, limit access to authorised personnel, and are prohibited from using such data for commercial purposes or targeted advertising.”

“These rules give parents decisive authority over data practices,” she added.

Children under the age of 18 are also barred from participating in online commercial games, including gambling and betting platforms. Digital platforms and internet service providers are required to implement safeguards to prevent access, creating what El Hachem described as a statutory barrier against high-risk, monetised online environments.

The law comes amid growing concern about the volume of data social media platforms hold on children and the rapid spread of inappropriate and AI-generated content. While policy changes are critical, the law reinforces that parental oversight remains essential, even where technical controls exist.

According to UAE Cybersecurity Council data, 72 per cent of children aged between eight and 12 use smartphones daily, yet only 43 per cent of parents regularly monitor their children’s online activity.

Cybersecurity experts warn that digital threats targeting children often rely on psychology rather than technical vulnerabilities.

“Cyber threats succeed by exploiting human behaviour rather than technical gaps,” said Kenan Abu Ltaif, Regional Lead for the Middle East and Turkey at Proofpoint.

“The same social engineering techniques used in large-scale cybercrime are adapted for younger audiences, with AI accelerating how quickly scams are created, personalised and scaled,” he said. “In children’s digital environments, repetition, familiarity and routine interactions lower suspicion and increase risk.”

With 2026 designated as the UAE’s Year of the Family, experts say the CDS Law highlights that child digital safety is part of a broader challenge around trust, identity and long-term protection.

Addressing these risks requires coordinated action across households, platforms and regulatory frameworks, rather than awareness campaigns alone.

Children often share personal data gradually rather than deliberately, including names, photos, voice notes, school details, location data and reused login credentials across multiple platforms.

“Beyond obvious identifiers, children also generate significant behavioural data through gaming activity, browsing habits, likes, comments and interactions across social and messaging platforms,” Abu Ltaif added.