ServicesGovern & AssureFinance & TransactionsTransform & DigitizeOperate & Scale
FrameworkAI Policy DevelopmentResponsible AIData Governance
RegulationsGCC regulationsRegulations & standardsResearch & benchmarks
Insights
About
Contact
Book a consultation
GCC regulation

AI expectations in the Abu Dhabi Global Market.

Between FSRA technology guidance and ADGM's data protection regime, Abu Dhabi Global Market entities face concrete obligations whenever AI touches regulated activity or personal data.

ADGM

Two regimes, one set of AI consequences.

ADGM entities answer to the Financial Services Regulatory Authority for how technology — including AI and machine learning — is governed within regulated business, and to the ADGM data protection regime for how personal data is processed, including by automated decision-making. The FSRA co-issued the UAE's joint Enabling Technologies Guidelines, and the ADGM Data Protection Regulations 2021 give individuals specific rights around decisions made solely by machines.

Who is in scope

  • FSRA-licensed firms using AI/ML in regulated activities
  • ADGM entities processing personal data with automated decision-making
  • Holding structures and SPVs whose group AI platforms process ADGM personal data
  • Firms outsourcing AI capability — material outsourcing rules still apply
At a glance
RegulatorsFSRA · ADGM Office of Data Protection
Key instrumentsEnabling Technologies Guidelines · ADGM Data Protection Regulations 2021
Applies inAbu Dhabi Global Market
Focus areasTechnology governance · automated decisions
Request a readiness review
Key expectations

What ADGM regimes expect of AI use.

Technology governance

AI within regulated business needs documented governance, senior management ownership and risk management proportionate to its use.

Automated decision-making rights

Individuals can contest decisions made solely by automated means that significantly affect them — your processes must make that real.

Data protection by design

AI systems processing personal data must build in minimisation, purpose limitation and security from the start.

Impact assessment

High-risk processing — which AI often is — calls for documented data protection impact assessments.

Outsourcing & operational resilience

AI delivered through third parties remains your responsibility, with due diligence, oversight and exit options expected.

Notification & accountability

Controllers must be able to demonstrate compliance to the Office of Data Protection — records first, assurances second.

How we help

One programme covering both regimes.

Dual-regime gap analysis

FSRA technology expectations and ADGM data protection obligations assessed together, so controls aren't duplicated.

ADM safeguards design

Human review, contestability and explanation processes for automated decisions — built into the operating model.

Impact assessments

DPIAs for AI systems that stand up to Office of Data Protection scrutiny.

Source & disclaimer

This page summarises ADGM regulatory expectations for general information — it is not legal advice. Verify obligations against current FSRA rules and the ADGM Data Protection Regulations.

Abu Dhabi Global Market

Cover both ADGM regimes in one pass.

A scoping review tells you what FSRA and the Office of Data Protection each expect of your AI.

Book a consultation