Dubai, UAE- The UAE has introduced stricter controls and regulatory measures surrounding the use of WhatsApp and other instant messaging platforms, particularly in the banking and financial sectors, as authorities intensify efforts to strengthen cybersecurity, consumer protection, and digital governance across the country.
In one of the most significant recent developments, the Central Bank of the UAE (CBUAE) directed all banks, exchange houses, insurers, and licensed financial institutions to immediately stop using WhatsApp and similar messaging applications for customer-related financial services. The move is aimed at preventing fraud, identity theft, account takeovers, impersonation scams, and unauthorized sharing of sensitive customer information.
Under the new directive, financial institutions are no longer allowed to use WhatsApp for sending OTPs, confirming transactions, requesting customer documents, sharing banking details, or handling financial communications. Authorities have instructed banks to shift customers toward official channels such as banking apps, websites, call centres, and branch networks. Institutions failing to comply may face regulatory penalties and supervisory action.
The UAE regulator has also raised concerns over data privacy and national data residency laws, noting that customer information shared through third-party messaging apps may be stored or processed outside the UAE, potentially violating local regulations that require sensitive financial data to remain within the country.
Legal experts in the UAE have meanwhile reminded residents that private WhatsApp chats and group conversations are not exempt from the country’s cybercrime laws. Forwarding fake news, sharing misleading content, distributing images without consent, or posting defamatory material — even in private groups — can lead to severe legal consequences, including heavy fines and imprisonment.
Authorities have especially warned residents against sharing unverified news, AI-generated misinformation, fake videos, and manipulated content during sensitive regional or political situations. Under UAE cybercrime regulations, even resharing false content without creating it may attract legal action.
At the same time, cybersecurity experts have reported a sharp rise in WhatsApp-based scams across the UAE, including fake Emirates ID calls, fraudulent UAE PASS approval requests, fake traffic fine messages, and phishing links impersonating government departments and banks. Residents are being urged never to share OTPs, banking credentials, Emirates ID details, or approve UAE PASS requests unless initiated directly through official government or banking platforms.
The latest measures reflect the UAE’s broader push toward stronger digital governance, cyber resilience, and safer online communication as the country continues to expand its digital economy and smart government ecosystem.
