Alsuwaidi & Company

Regulation of Virtual Assets

The UAE’s New Virtual Assets Regime: Key Features of CMA Decision No. 4/R.M/2026

/ Latest Insights

Following the UAE’s broader reset of its capital markets framework earlier this year, the federal regulatory landscape embraced a significant shift. As part of the UAE’s broader capital markets reform, Federal Decree-Law No. 32 of 2025 established the Capital Market Authority (“CMA”) as the legal successor to the Securities and Commodities Authority (“SCA”), introducing an expanded supervisory and enforcement framework for federal capital market regulation, including virtual asset activities .

Building on this transition, on February 13, 2026, the Capital Markets Authority issued Decision No. 4/R.M/2026, introducing the first comprehensive implementing framework for virtual assets under the new regime. The decision fully supersedes Decision No. 26/R.M/2023 and repeals the virtual asset provisions previously embedded within the financial activities rulebook governing virtual asset service providers (VASPs), setting regulations designed to create completion and coherence out of the fragmented and complex landscape.

However, with respect to virtual asset activities, Cabinet Resolution No. 111 of 2022 on the Regulation of Virtual Assets and their Service Providers, Cabinet Resolution No. 112 of 2022 on the Delegation of Certain Competences Related to the Regulation of Virtual Assets, and any resolutions issued pursuant to them, shall continue to apply to virtual asset activities to the extent that they are not inconsistent with this Decree-Law and other relevant legislation.

Scope and Structure

Unlike the previous framework, where obligations were broadly categorized, Decision No. 4/R.M/2026 introduces a comprehensive framework that applies to all VASPs and comprises three modules, each addressing a specific layer of regulation.

  1. General framework module is the foundational structure covering definitions, regulated activities, capital requirements, licensed activities and licensing requirements, governance, cybersecurity, and general obligations applicable to all licensees.
  2. Business regulation module governs the operational conduct of licensed firms, outlining rules for client protection and client classification, as well as the firm’s reporting obligations, market conduct, advertising, and AML/CTF compliance. It creates an ecosystem for day-to-day compliance.
  3. Alternative Trading Systems (ATS) module applies to operators, key persons, and controllers. This module establishes a two-step licensing process for operators of alternative trading systems (in-principal approval followed by final license), setting conditions for obtaining initial approval, backed by strict governance, operational, and compliance requirements. It also introduces special rules for virtual assets and tokenized instruments.

Major Developments

  • Activity-based licensing system identifying Eight licensed activities including:
  1. Principal dealing
  2. Agent dealing
  3. Custody provision
  4. Arrangement
  5. Operating a multilateral trading facility
  6. Providing investment advice
  7. Portfolio management
  8. Arranging investment deals

Firms must obtain separate authorization for each activity.

A.  Higher thresholds on Capital, Governance, and Compliance Requirements:

  1. Capital requirements have been increased for six of the eight licensed activities, with stated minimums serving merely as baseline floor rather than the effective capital requirement. The CMA applies a three-way test where whichever produces the highest number is considered the binding requirement:
  • The fixed minimum for the relevant license category;
  • a risk-based capital calculation; and
  • an expense-based floor, typically set at 25–35% of annual operating expenses.
  1. Hard prohibitions: The regulation adopts strict prohibition on privacy tokens and devices and algorithmic tokens, banning any financial services, promotion, issuance, or related activities involving such assets. In contrast, it takes a more cautious approach to utility tokens and NFTs, prohibiting licensed entities from providing services in relation to these assets, except in limited cases. Specifically, custody services and the operation of multilateral trading facilities may be permitted, provided prior approval is obtained from the Authority.
  2. Governance and personnel obligations: which require each licensed entity to maintain, at all times, six designated senior roles: Chief Executive, Senior Executive Officer, Compliance Officer, Money Laundering Reporting Officer (MLRO), Finance Director, and Internal Auditor. UAE residency is mandatory for the Chief Executive, Compliance Officer, and MLRO. These requirements are not satisfied by nominal appointments, as all senior personnel must obtain individual CMA accreditation demonstrating competence and integrity prior to assuming their roles.

B. Repeal of provisions and transitional safeguards:

Several chapters and the glossary of the Rule Book of Financial Activities relating to VASPs and their employees, and the Chairman’s decision No. (26/2023) have been repealed immediately, while the fulfillment of conditions relating to application, licensing, approval, and job accreditation is subject to a one-year grace period from the effective date of the resolution.

Application transition and relevance to existing licensed VASPs:

  • Licensed entities and accredited personnel: may continue to comply with obligations related to licensing, approval, and job accreditation set out in previous resolutions, until status regularization is completed
  • Applicants who have obtained initial approval from the Authority may continue with its application to obtain licenses and carry out any of the activities of VASP in accordance with the previous provisions or may withdraw its application if it wishes to abandon it.
  • Application submitted to Authority that have not obtained initial approval prior to the effective date of the resolution shall be deemed null. And shall amend its application in accordance with the new provision of the resolution.
Alignment with existing UAE regulations
 

The decision does not displace VARA, DFSA, or FSRA. It is worth noting that for the meantime the relationship between these regimes is one of coexistence. While DFSA governs DIFC free zone. The FSRA governs ADGM. And VARA governs mainland Dubai and most free zones outside DIFC. The CMA resolution establishes a federal baseline for onshore virtual asset activities.

For advice on virtual asset regulation, licensing strategies, and navigating the UAE’s evolving digital asset compliance landscape, please contact Suneer Kumar at suneer@alsuwaidi.ae,Vida Grace Serrano at vida@alsuwaidi.ae, or Alivia Alabkal at a.alabkal@alsuwaidi.ae.