close icon

National IoT Security Policy

Internet-connected devices in recent times have become essential to many aspects of day-to-day life, from fitness trackers, pacemakers, and cars; to the control systems that deliver water and power to our homes. They enable seamless connections among people, networks and physical services. They are increasingly being used to collect telemetry data or perform actions without human intervention - on the brink of the fourth industrial revolution.

As we continue to integrate network connections into our nation’s critical infrastructure, important processes that once were performed manually and in physical isolation (and thus enjoyed a measure of immunity against malicious cyber activity) are now vulnerable to cyber threats across the vast context of sensors, smart objects, smart city devices, transportation systems, automation devices, robotics, healthcare devices and other industrial components. The risk introduced by the IoT ecosystem to consumer privacy and potential disruptions in critical infrastructure are grave and require a holistic approach while still promoting interconnectivity and intelligent automation.

The Council has established this policy to protect the use, adoption and implementation of IoT, aligned with the UAE’s national priority to be a global leader in cyber security; and enhance the security posture of organizations and individuals within the UAE using IoT products and solutions. 


This policy aims to strengthen the IoT security posture of the UAE by outlining the principles of securing the IoT ecosystem and addressing challenges in the emerging technology landscape. The policy will further provide guidance to the key stakeholder in the IoT ecosystem in the UAE, define requirements for IoT security and outline the oversight and enforcement of IoT security mandates.

The policy will help to ensure IoT Service Providers achieve a set of security requirements and ensure all IoT Consumers are well protected when procuring and using IoT services. This policy also aims to carefully avoid the potential negative impacts of implementation, i.e. inhibiting investment and stunting the growth of the IoT ecosystem due to overly stringent requirements.