The UAE has enacted comprehensive child digital safety legislation that moves the obligation from voluntary platform commitment to statutory compliance. Federal Decree-Law No. 26 of 2025 mandates proactive AI-driven detection of harmful content directed at minors, enhanced child-protection controls on services accessible to children, and prosecution-ready reporting from digital service providers and internet service providers.
The compliance perimeter is deliberately broad: any service "operating in or targeting" UAE users falls inside it, regardless of where the platform is headquartered. The international law-firm analysis published since the decree was issued — from Latham & Watkins, Baker McKenzie, Hogan Lovells, Clyde & Co, and Bird & Bird — is consistent on this point: the law applies to global platforms, not only domestic operators.
What proactive detection requires
Reactive moderation tools — keyword lists, known-bad hash matches, user-flag triage — can identify content that already exists. They cannot identify the manipulation patterns that produce that content. By the time the explicit message has been written or the image has been generated, the harm has already occurred. A "proactive" standard, by definition, requires detection before the harmful artifact exists. Behavioural pattern detection — identifying manipulation patterns, escalation sequences, and coercive structures regardless of specific words — is the only technical approach that meets the proactive bar at scale.
The deployment window
Full enforceability is scheduled for 1 January 2027. Twenty months is not a long window for behavioural-detection infrastructure: training-data work, multilingual fine-tuning, platform integration, and operationalising the escalation pipeline routinely take 12–18 months together. Platforms that wait until late 2026 to begin will not be in compliance on day one.