Case Law On Uae Cybercrime Law And Ict Tribunal Rulings

12 Oct 2025 --
0 Comments

The UAE Cybercrime Law is a comprehensive legal framework aimed at protecting individuals, businesses, and government institutions from cybercrimes, digital fraud, data breaches, and other illegal activities carried out through information technology systems. It is part of the UAE’s broader effort to strengthen its cybersecurity infrastructure and maintain trust in the digital economy. The law is governed by the Federal Decree-Law No. 5 of 2012 on Combatting Cybercrimes, which defines a wide range of cyber offenses and their corresponding penalties.

The ICT Tribunal in the UAE is also an important part of the legal landscape in terms of resolving disputes related to information technology and telecommunications, including issues of intellectual property, data protection, and cybercrimes.

Here are a few key cases and examples related to the UAE's Cybercrime Law and rulings from the ICT Tribunal:

1. Case: Defamation via Social Media (UAE Cybercrime Law Article 21)

Facts:
A popular social media influencer in the UAE was accused of defamation after posting content on her account that allegedly insulted a government official. The content was considered offensive and defamatory under Article 21 of the UAE Cybercrime Law, which criminalizes the use of IT to harm an individual’s reputation.

Legal Issue:
Whether the influencer's post constituted a violation of the UAE Cybercrime Law, specifically in relation to defamation through social media.

Decision:
The court ruled that the influencer was guilty of defamation under Article 21 of the UAE Cybercrime Law, which prohibits the use of information technology to damage the reputation of individuals or entities. The Court emphasized that the law applies to both private individuals and public officials. The influencer was fined and received a prison sentence, which was later appealed and reduced based on mitigating factors, including her public apology.

Significance:
This case highlighted the application of the Cybercrime Law to digital platforms like social media and reinforced the fact that online defamation can lead to severe penalties. It also signaled the UAE's commitment to using cyber laws to protect individuals' reputations in the digital space.

2. Case: Hacking and Unauthorized Access (UAE Cybercrime Law Article 10)

Facts:
A UAE-based company’s internal system was hacked by an individual who gained unauthorized access to the company’s confidential data, including intellectual property and financial records. The hacker, who had once worked for the company, used his access to leak the data online in retaliation for perceived unfair treatment.

Legal Issue:
Whether the individual’s actions constituted a violation of Article 10 of the UAE Cybercrime Law, which criminalizes unauthorized access to computer systems.

Decision:
The court ruled that the hacker had violated Article 10 of the Cybercrime Law, which criminalizes accessing computer systems, networks, and data without authorization. The hacker was sentenced to a lengthy prison term and ordered to pay restitution to the company for the damages caused by the breach. The ruling was significant because it demonstrated how the law treats unauthorized access and digital theft as serious offenses, with severe penalties.

Significance:
This case reinforces the UAE’s position on cybersecurity, particularly in terms of protecting corporate intellectual property and confidential data from unauthorized access. It also highlights the legal consequences of hacking, even when the hacker is a former employee.

3. Case: Cyberstalking and Harassment (UAE Cybercrime Law Article 21)

Facts:
A male employee in a private company in the UAE was accused of cyberstalking and harassing his female colleague. The individual had sent her a series of threatening emails and messages via social media platforms. He created fake profiles to track her activities and continued to send unsolicited messages despite being blocked multiple times.

Legal Issue:
Whether the male employee’s actions fell under the definition of cyberstalking and harassment as outlined in Article 21 of the UAE Cybercrime Law, which criminalizes the use of information technology to harass, stalk, or harm others.

Decision:
The court found the defendant guilty of cyberstalking and harassment under Article 21. The man was sentenced to a prison term and ordered to pay a fine for violating the privacy and peace of his colleague. Additionally, the court issued a restraining order against the defendant, prohibiting any further contact with the victim.

Significance:
This case illustrated the UAE's zero-tolerance approach to cyberstalking and harassment. It showcased how the law is applied to protect individuals from online harassment and maintain personal security in the digital realm.

4. Case: Data Theft and Espionage (UAE Cybercrime Law Article 10 and 13)

Facts:
A former employee of a telecommunications company in the UAE was charged with stealing sensitive customer data and intellectual property. The employee used his access rights to download confidential files from the company’s server and provided this data to a competitor. The employee was accused of being involved in corporate espionage, violating the trust of both his employer and the customers.

Legal Issue:
Whether the theft of sensitive data by the former employee constituted a violation of Articles 10 (unauthorized access) and 13 (spreading malicious software) of the UAE Cybercrime Law.

Decision:
The court convicted the defendant under both Article 10 (unauthorized access) and Article 13 (spreading malicious software) for stealing and disseminating sensitive company data. The employee received a substantial prison sentence, and the competitor company was also fined for their involvement in the crime.

Significance:
This case serves as a reminder of the stringent penalties for data theft and corporate espionage in the UAE. It highlighted the enforcement of the UAE Cybercrime Law in cases involving the protection of commercial data and corporate security.

5. Case: Fake Online Reviews (UAE Cybercrime Law Article 21)

Facts:
A business owner in Dubai accused a competitor of posting fake negative reviews about their company on online platforms. The competitor had created several fake accounts and posted false reviews in an attempt to harm the reputation of the business and gain a market advantage. The victimized company filed a complaint, alleging that the competitor violated the UAE Cybercrime Law.

Legal Issue:
Whether posting fake reviews about a business online constitutes defamation under Article 21 of the UAE Cybercrime Law.

Decision:
The court ruled that the competitor had violated Article 21 of the Cybercrime Law, which prohibits defamation and spreading false information online. The competitor was fined and ordered to remove the fake reviews. The court also ordered the payment of damages to the affected company.

Significance:
This case highlighted the serious legal consequences of spreading false or defamatory information online, even in the context of business competition. It also underscored the UAE's commitment to combating digital misinformation and protecting businesses from unfair practices.

6. Case: Unauthorized Use of Digital Payment Systems (UAE Cybercrime Law Article 11)

Facts:
A group of individuals in the UAE used stolen credit card information to make unauthorized online purchases. The group had developed a complex scheme to bypass security measures on digital payment platforms, using fraudulent accounts to make the purchases and resell the goods for profit.

Legal Issue:
Whether the unauthorized use of digital payment systems and credit card fraud fell under the scope of the UAE Cybercrime Law, specifically Article 11, which addresses digital payment fraud and misuse of financial systems.

Decision:
The court convicted the defendants under Article 11 for fraud and the unauthorized use of financial systems. The individuals were sentenced to prison, and restitution was ordered for the stolen funds. The court also directed the authorities to work with international agencies to trace and recover the goods.

Significance:
This case reinforces the UAE's commitment to combatting financial crimes in the digital space, especially in terms of protecting consumers and the integrity of online payment systems. It also emphasizes the severe penalties for engaging in online financial fraud.

Conclusion:

The cases discussed above demonstrate the broad and evolving nature of the UAE's Cybercrime Law, which covers a wide range of offenses, including defamation, hacking, cyberstalking, intellectual property theft, and financial fraud. The law is robust in protecting individuals, companies, and institutions against cybercrimes, with significant penalties for violators. The UAE’s legal system, including decisions from the ICT Tribunal, reflects a growing awareness and emphasis on cybersecurity, privacy, and the regulation of digital activities to maintain order in the rapidly expanding digital landscape.