Introduction  

Recent advancements in artificial intelligence have triggered a global push for its regulation as governments worldwide seek to help the economy grow through AI, while also protecting people from its risks. Initially, the European Union led the way with its AI Act, soon followed by the United States and China using executive orders and rules to manage AI. In Asia, nations like South Korea have also been building their own legal foundations. Now, the UAE has joined this group with its CBUAE Guidance Note, reflecting an aim to align with international AI risk management standards while preserving regulatory flexibility.  

Background: AI in UAE Finance and the Need for Guidance  

• Context on UAE’s AI Ambitions: The United Arab Emirates is aggressively pursuing a leadership role in the global tech economy, steered by the National Strategy for Artificial Intelligence 2031 and the UAE Charter for AI 2024. These frameworks aim to embed smart technologies into the nation's economic fabric, positioning the UAE as a global hub for innovation.  

  
  

• Growth of AI/ML in Licensed Financial Institutions: Within the financial sector, Licensed Financial Institutions (LFIs) are increasingly deploying machine learning for high-speed credit risk assessment, automated fraud detection, and personalised insurance underwriting. In banking, insurance, and fintech, these technologies are no longer optional but are central to the UAE’s infrastructure as a premier global financial centre.  

  
  

• Risks Highlighted by Regulators: Despite the benefits, the CBUAE has highlighted significant risks, including potential consumer harm and a lack of transparency in "Black Box" algorithms. Without clear standards, AI could lead to data privacy issues and accountability gaps, where it becomes unclear whether a software vendor or the institution is responsible for automated errors.  

  
  

• How the Guidance Fits Issued in February 2026, this Guidance Note aligns with existing CBUAE enabling technologies guidelines and national AI efforts. While it is non-binding, it establishes clear supervisory expectations for how LFIs must manage AI risks to ensure the integrity of the financial system.  

Overview of the CBUAE Framework   

The CBUAE Guidance Note applies to all LFIs, including banks and insurance providers. It adopts a principles-based and proportionate approach, ensuring that oversight matches the complexity of the AI system.  

• Governance and Accountability: The Board of Directors is now directly liable for AI performance and must maintain a live inventory of all deployed models to ensure oversight.  

  
  

• Fairness and Ethics: Institutions must use representative data sets and perform regular bias testing to prevent discriminatory outcomes against specific consumer groups.  

  
  

• Transparency and Bilingual Support: Disclosures must be made in plain language and provided in both Arabic and English so that the diverse UAE population can understand how decisions are made.  

  
  

• Effective Human Oversight: A mandatory Human-in-the-Loop model is required for high-impact decisions such as loan approvals or insurance claims to prevent purely automated errors.  

  
  

• Alignment with UAE AI Charter: The framework is built to strictly honour the ethical pillars of the UAE Charter for AI 2024, focusing on safety, inclusivity, and peaceful coexistence with technology.  

Deep Dive into Key Requirements for LFIs  

The transition from theoretical principles to practical compliance requires Licensed Financial Institutions [LFIs] to implement a series of robust operational changes. The CBUAE Guidance mandates the following practical actions:  

• Establishing Governance Frameworks and Policies: LFIs must develop and maintain a formal, written AI Governance Framework that is integrated into their enterprise-wide risk management system. This includes creating a "Live Inventory" of all AI and ML models and conducting mandatory risk assessments to identify potential impacts on consumers before any system is deployed.  

  
  

• Defining and Managing High-Impact Decisions: A core requirement is the heightened scrutiny of "High-Impact" AI applications. These are systems where automated decisions materially affect a customer's financial standing or rights. Key examples include:  

• Credit Scoring and Lending: Algorithms that determine eligibility for personal loans or mortgages.  

• Insurance Pricing: ML models used to calculate individual premiums or evaluate claims.  

• Fraud Detection and Flags: Real-time systems that may freeze customer accounts or block transactions based on automated risk patterns.  

  
  

• Implementing Continuous Testing: To ensure ongoing accuracy and fairness, LFIs must conduct periodic bias testing and stress testing. This prevents "Model Drift," where an algorithm’s performance degrades over time as it encounters new data, ensuring the logic remains sound and non-discriminatory.  

  
  

• Implementation Tip (Building the Framework): To successfully build an AI governance framework, LFIs should establish cross-functional committees comprising legal, technical, and ethical experts. This team should oversee the entire lifecycle of the AI model, from data collection and training to final decommissioning, ensuring a "Human-in-the-Loop" remains present at every critical stage.  

To reinforce the weight of these requirements, H.E. Khaled Mohamed Balama, Governor of the CBUAE, stated:  

"The new guidance note establishes a clear framework for the responsible use of AI and ML by Licensed Financial Institutions in a way that enhances consumer protection and reinforces governance and transparency principles within the financial sector."  

This authoritative stance signals that the CBUAE will actively monitor these internal policies during regular supervisory audits to ensure they meet national safety standards.  

Comparison with Existing Industry Standards  

Introduce the landscape: Global standards are evolving rapidly in 2026 (e.g., US Treasury FS AI RMF, EU AI Act enforcement).  

Analysis of the CBUAE Guidance in a Global Context 

• Similarities:  

  
  

• There is a strong overlap with global best practices on core pillars such as governance, fairness, transparency, human oversight, and data privacy.  

  
  

• The framework aligns well with OECD principles by focusing on responsible, ethical use and emphasizing accountability in AI development and deployment.  

  
  

• Differences:  

  
  

• The CBUAE approach is more finance-sector-specific and principles-based, similar to the UK FCA or Singapore’s model, rather than the EU’s prescriptive, cross-sector risk-based approach.  

• It is less onerous than the EU AI Act because it provides supervisory expectations rather than strictly binding legal mandates with heavy penalties.  

  
  

• It is more targeted toward financial consumers than the general NIST AI Risk Management Framework.  

• Strengths of CBUAE:  

  
  

• The framework is tailored to the UAE context, specifically requiring multilingual disclosures in both Arabic and English to ensure inclusivity for the local population.  

  
  

• It is highly consumer-centric, providing specific rights such as the right to human review and the consideration of opt-out rights for high-impact decisions.  

  
  

• It directly integrates with the UAE National Strategy for AI, promoting innovation while maintaining financial stability.  

  
  

• Gaps/Opportunities:  

  
  

• The guidance currently lacks the mandatory conformity assessments found in the EU AI Act or the high-level model risk management rigour seen in US federal banking standards.  

  
  

• Licensed Financial Institutions (LFIs) may need to voluntarily adopt elements from these more rigid frameworks to ensure full compliance when operating in global markets.  

Strategic Assessment  

The introduction of the CBUAE Guidance represents a strategic shift for the UAE financial sector, moving AI from a technical experiment to a core pillar of corporate governance. To prepare for this new supervisory environment, banks and fintech firms should immediately conduct a comprehensive gap analysis to compare their existing AI models against the Central Bank's expectations. This process must be supported by policy updates that formalise board-level liability and staff training programmes that emphasise ethical AI use. 

• Implications: 

  
  

• AI has evolved into a high stakes compliance and board-level priority, where senior leadership is now directly accountable for automated outcomes.  

  
  

• There is a mandatory requirement for bilingual transparency, necessitating that all consumer-facing AI logic is accessible in both Arabic and English.  

• Firms must ensure a human-in-the-loop remains present for high-impact decisions, such as credit approvals or insurance claim evaluations.  

  
  

• Challenges; 

  
  

• Retrofitting legacy systems to meet explainability standards is a significant technical hurdle for established financial institutions.  

  
  

• Maintaining high data quality within the diverse UAE population is difficult, as algorithms must be trained to avoid bias across various nationalities and backgrounds.  

  
  

• Keeping pace with evolving global rules while adhering to local guidelines requires a multidisciplinary team that balances innovation with strict regulatory compliance.

    

• Opportunities; 

• Adherence to ethical AI principles builds immense consumer trust, providing a distinct competitive advantage for compliant LFIs.  

  
  

• The framework significantly reduces regulatory risk by providing a clear roadmap for safe technological adoption.  

  
  

• This guidance supports the UAE’s ambition to become a premier global AI and fintech hub, attracting international investment through a stable and transparent regulatory environment.  

Key Takeaways 

• Liability starts at the top: Senior management and Boards are now the ultimate owners of AI risks.  

  
  

• Humanity is non-negotiable: No machine has the final word on high-impact consumer decisions. 

• Transparency is bilingual: Every resident has the right to understand AI decisions in both Arabic and English.  

Conclusion  

The CBUAE Guidance Note is a pragmatic and forward-looking framework that successfully positions the UAE at the forefront of ethical global finance. By focusing on accountability and the human element, the regulator has ensured that the financial sector can innovate without sacrificing integrity. LFIs should begin their gap analysis immediately to align with these new supervisory expectations. As artificial intelligence continues to redefine the world, these frameworks will define which nations remain the most secure and attractive hubs for the future of digital finance.