6 mandatory requirements to protect the government digital space in Abu Dhabi

The Abu Dhabi Executive Council obligated government agencies, bodies and companies in the emirate to comply with six main requirements in the field of information security and cybersecurity, as part of a government trend aimed at enhancing the protection of digital assets and government data, and establishing a secure and sustainable digital infrastructure that supports the process of digital transformation in the emirate, within the framework of raising levels of readiness and cyber protection, to ensure the confidentiality of government information, and the reliability and continuity of digital services, in line with the National Cybersecurity Strategy 2025-2031 and the best practices and approved standards.

In detail, the Abu Dhabi Executive Council issued a circular to all government agencies and companies in the emirate regarding compliance with the information security requirements of the Abu Dhabi government, indicating that within the framework of consolidating the aspirations of the digital transformation strategy of the Abu Dhabi government, which aims to provide a safe, solid and sustainable digital infrastructure, and achieve a solid and comprehensive security position across the government, and in light of the transition of government services to the digital world, threats, electronic attacks and attacks that may target government data and digital systems are risks that must be faced. Tightly to ensure the security, integrity, confidentiality and privacy of information, as well as the continuity and reliability of government services.

The circular, issued in the second quarter of this year, which was reviewed by Emirates Today, stressed the importance of adhering to and complying with all legislation, policies, and standards adopted and in force in the country related to regulating digital affairs and information security, and complying with the National Cybersecurity Strategy 2025-2031 and the national policies, frameworks, and programs emanating from it, which contributes to strengthening the entity’s comprehensive cybersecurity position, and ensuring the alignment of its practices with the national directions for protecting cyberspace in the country.

The circular stressed the need to ensure the entities’ commitment to dealing with technical service providers and approved national cloud computing service providers, and hosting government systems, applications and data within the country on approved cloud platforms, in accordance with government policies and programs and the classification of Abu Dhabi government data, so that confidential data is hosted exclusively on a private national cloud, owned, managed and operated within the country and not connected to the public cloud, and is not provided or managed by any external service provider or non-national entity, directly or indirectly, while the Sensitive and privacy data on approved and licensed sovereign cloud platforms within the country, with open data permissible to be hosted on the public cloud within the country.

The commitments included not publishing or making available any new systems, applications, or websites related to government services or public events, which may include personal data or sensitive information, except after obtaining prior approval from the Government Empowerment Department, and committing to a comprehensive and periodic evaluation of all digital technical systems and infrastructure, in accordance with best practices and approved standards, to ensure enhancing the level of cyber protection, business continuity, and preventing any exploitation that may affect the safety and efficiency of systems or expose digital assets to any risks.

The obligations included ensuring the application of information security and privacy requirements from the first design stages of systems, applications or websites, including conducting the necessary risk assessment and security tests, and taking the necessary preventive, proactive and coordination measures to reduce the risks of exploitation or penetration attempts that may target government data or services, and committing to share information security incident data and relevant technical information immediately and systematically with the government cyber operations center of the department, in order to ensure speed of response, enhance joint monitoring and analysis capabilities, and achieve operational integration in the face of information security threats, in a way that contributes to Protecting digital assets and raising the level of readiness of the Emirate of Abu Dhabi to address any potential security risks.