The proposals, printed below Session Paper No. 3 of 2026, are geared toward reinforcing the framework for autonomous and semi-autonomous methods, clarifying certification obligations and defining the tasks of Autonomous Techniques Officers. Stakeholders have till 18 July 2026 to submit feedback earlier than the amendments transfer in direction of the following stage of the legislative course of.
The adjustments would strengthen Regulation 10, the AI-focused provision launched in 2023 to manipulate private knowledge processed by means of autonomous and semi-autonomous methods. They’d additionally add a brand new Regulation 11, giving the Commissioner of Knowledge Safety powers to recognise accreditation and certification schemes. The transfer displays the rising use of AI in monetary companies, compliance, shopper onboarding, credit score evaluation, fraud monitoring, wealth administration and automatic buyer interplay.
DIFC’s proposal seeks to embed stronger security requirements into methods dealing with private knowledge, with emphasis on privacy-by-design, transparency, accountability and human oversight. The amendments are anticipated to require corporations to show that automated methods function inside outlined human-approved functions, significantly the place high-risk processing is concerned.
Jacques Visser, chief authorized officer at DIFC Authority, mentioned the framework should stay sensible, clear and responsive as AI and data-driven methods evolve. The proposed adjustments, he mentioned, are supposed to help excessive requirements of accountability and governance throughout the centre.
The session comes as DIFC’s company base expands sharply. The centre had 8,844 energetic registered firms on the finish of 2025, up 28 per cent yr on yr, and a monetary services-related workforce of about 50,200. That scale has elevated the significance of clear guidelines for knowledge governance, significantly as corporations deploy machine-learning instruments throughout regulated and non-regulated operations.
Regulation 10 already requires organisations utilizing autonomous or semi-autonomous methods to think about dangers to privateness, equity, safety and lawful processing. The proposed amendments would sharpen that regime by making certification and accreditation routes clearer, lowering uncertainty for corporations in search of to show compliance.
Autonomous Techniques Officers are anticipated to play a central function within the amended framework. Their perform is broadly aligned with senior governance tasks, together with oversight of system dangers, knowledge safety influence assessments, accountability measures and inner reporting to administration. The amendments would give corporations clearer steerage on when the function is required and the way it matches into wider compliance buildings.
The proposed certification framework can also be vital for firms utilizing AI in high-risk actions. These might embody automated selections affecting entry to monetary companies, profiling, workers monitoring, processing of delicate private knowledge, fraud detection and methods that generate materials outcomes for people. Corporations may have to point out that algorithms can set off human intervention the place there’s a threat of unfair, discriminatory or biased outcomes.
The session additionally locations DIFC inside a broader shift amongst monetary centres in search of to control AI with out slowing adoption. The European Union’s AI Act, the UK’s principles-based strategy, Singapore’s mannequin governance framework and rising steerage from monetary regulators have all pushed corporations in direction of stronger inner controls over automated methods. DIFC’s strategy seems designed to stay interoperable with these frameworks whereas reflecting its personal common-law regulatory surroundings.
For monetary establishments, the amendments may result in extra formal documentation of AI use instances, clearer registers of methods, proof of threat assessments, vendor due diligence and stronger board-level oversight. Know-how suppliers providing AI instruments to DIFC-based corporations might also face higher scrutiny over mannequin design, explainability, safety controls and knowledge dealing with preparations.
The adjustments are more likely to have an effect on banks, asset managers, insurers, fintech firms, household places of work, skilled companies corporations and digital platforms working from the centre. Smaller corporations might face greater compliance prices in the event that they depend on third-party AI instruments however lack mature governance buildings. Bigger establishments, already topic to inner model-risk controls and regulatory opinions, might discover the amendments simpler to soak up however will nonetheless must map methods towards DIFC-specific obligations.
