SME Software Guides

Does Your App Need a CBUAE License Now? A Practical Checklist Before the September Deadline

CBUAE Article 62 checklist SME compliance 2026

CBUAE Article 62 checklist SME compliance 2026

Does Your App Need a CBUAE License Now? A Practical Checklist Before the September Deadline.

This site covered the new CBUAE Law’s expanded licensing scope in depth when it was first confirmed, including the September 16, 2026 deadline for newly affected entities to regularize. That piece explained what changed at the regulatory level. This one is different. It is a practical, step-by-step way to check whether your specific UAE business falls inside Article 62’s scope, since the legal language alone leaves plenty of founders genuinely unsure which side of the line they sit on.

The law itself is Federal Decree-Law No. 6 of 2025, effective September 16, 2025, which replaced both the 2018 Central Bank law and the 2023 insurance law and gave newly captured entities one year to comply. The stakes are not theoretical: maximum administrative fines under the new law reach AED 1 billion, and operating a licensed financial activity without a license is now a criminal offense.

THE ROBIUS VERDICT: A real compliance deadline with a genuinely checkable set of questions behind it. Most UAE tech businesses will not need a full banking license. A meaningful subset that assumed they were exempt need to check specifically, and soon. The core test under Article 62 is whether your platform, app, or technology infrastructure facilitates, intermediates, or enables a licensed financial activity, even if your company is not itself a bank, insurer, or payment institution, and regardless of the medium, technology, or form employed. If your product connects a customer to a regulated financial institution, processes or routes payment data, or enables credit, deposit, remittance, exchange, or investment activity through an underlying partnership rather than your own license, you are a strong candidate for review before September 16, 2026. If your product has no connection whatsoever to payments, credit, deposits, or financial data movement, you are very likely outside this specific scope.

Question One: Does Your Product Touch Money Movement Directly?

Start here, since it eliminates the largest share of UAE tech businesses immediately. If your app or platform never initiates, processes, routes, or influences an actual payment, credit, or deposit transaction, you are very unlikely to fall inside Article 62’s scope, regardless of how sophisticated your technology otherwise is. A project management tool, a marketing platform, or a general SaaS product with no financial transaction component sits outside this specific law’s reach.

Question Two: Are You the Regulated Entity, a Supplier to One, or Sitting in Between?

If your business already holds its own CBUAE, VARA, DFSA, or FSRA license for the financial activity you conduct, this law does not add a separate obligation on top of what you already comply with; it is the mechanism that now governs you. At the other end, the CBUAE has clarified that technology providers merely supplying software or infrastructure to a licensed institution are not automatically pulled into licensing themselves.

The exposed category sits in between: platforms that connect users to licensed institutions, embed financing or insurance inside a non-financial product, or aggregate payment methods into one integration. That middle ground, including decentralized structures, is precisely what Article 62 was written to capture, and the law’s function-over-form approach means calling your platform decentralized does not move you outside it.

Question Three: Would Removing Your Platform Break a Financial Transaction?

This is the most useful practical test. If a customer could not complete a payment, get a loan, or move money without your platform’s involvement, even though a separate bank or payment provider technically executes the underlying transaction, your platform is functioning as a facilitator or intermediary under the law’s own language. If your platform’s absence would have zero effect on whether a financial transaction could still happen through other means, you are further from the law’s actual target.

One Boundary Worth Knowing

The new law governs the UAE mainland. Entities regulated exclusively by the DFSA in DIFC or the FSRA in ADGM for their financial services sit under those frameworks instead, though a free zone entity serving mainland customers should assess whether any of its activity reaches into CBUAE territory. The implementing regulations that will detail the application process for newly captured activities are still pending, and the CBUAE retains discretion to extend the transition period, but building a compliance position around a hoped-for extension is not a strategy.

What to Actually Do With Your Answer

If your answers suggest you likely fall inside Article 62’s scope, do not wait for a warning letter, particularly with penalties at the level this law sets. Contact the CBUAE directly to confirm your specific status, and if you are already working with a compliance partner, this is precisely the kind of scope question worth raising immediately rather than closer to the deadline. This site covered Sumsub’s partnership with Innovation City separately, a genuinely relevant option specifically for AI, Web3, and digital asset founders who need identity verification and compliance infrastructure bundled into their setup process.

If your answers suggest you are clearly outside the scope, document your own reasoning anyway. A brief internal note explaining why your specific product does not facilitate, intermediate, or enable a financial service, dated before the September deadline, is a genuinely useful record to have if your regulatory status is ever questioned later.

The Honest Uncertainty Worth Naming

Legal analysts reviewing the new law have themselves described Article 62 as drafted broadly, which means genuine edge cases exist where the answer is not obvious even to a careful founder working through this checklist honestly. If your business sits close to the line after these three questions, the responsible move is a direct conversation with the CBUAE or a qualified UAE regulatory lawyer, not a confident guess based on this checklist alone. This piece narrows the question. It does not replace a formal compliance opinion for a genuinely borderline case.

Robius.news — Dubai, UAE — 2026 | Built to be first. Built to be trusted.

Shares:

Related Posts