The key provision of the Amendment, as cited by the press, states that an imprisonment term and/or a financial penalty of between AED 500,000 and AED 2 million could be imposed on any person that uses a fraudulent VPN address for the purposes of committing a crime or preventing its discovery.
What this means for businesses and individuals
The Telecommunications Regulation Authority has clarified that the Law and Amendment are not intended to prohibit companies, financial institutions and banks in the UAE from lawfully using VPN technology in order to access their global IT networks. Rather, they target individuals or businesses using false IP addresses for the purposes of committing a crime or preventing its discovery.
It is also worth mentioning that the imposition of fines and periods of imprisonment, as provided for under the Amendment, is not new: the Law previously sanctioned the same offences with fines or imprisonment. However, the Amendment has increased the minimum fine from AED 150,000 to AED 500,000, and the maximum fine from AED500,000 to AED 2 million.
Legitimate use of VPN architecture within the internal IT networks of businesses will not fall foul of the Law or Amendment. That being said, businesses in the UAE must be aware of the UAE Government’s efforts in stepping up its enforcement activities against fraudulent VPN usage. Accordingly, businesses in the UAE legitimately using VPN technology must be diligent in ensuring that their employees at all times remain in compliance with the Law and Amendment when using an employer’s IT platform, bearing in mind that there will always remain a degree of risk that an employee might commit an offence while on an employer’s IT or telephony network, which might raise indirect liability issues for the employer. This is especially so if the employer does not maintain an IT acceptable use policy at the workplace.
As such, the Amendment should be a reminder for businesses in the UAE to revisit their IT acceptable use policies and ensure that employee usage of an employer’s VPN platform is at all times in compliance with the laws of the UAE.
Individuals and families in the UAE using VPN technology should also exercise caution over personal use. While the Law and Amendment do not elaborate on what constitutes criminal activity, other laws in the UAE clearly do so. Specifically, individuals should exercise extreme caution when using VPN technology and should not access the following:
- Content that violates the ethics and public morals of the UAE, including content containing nudity or relating to dating services.
- Content that contains material which expresses hatred towards religions.
- Content that violates UAE laws.
- Content that allows or assists users to access blocked content.
- Content that directly or indirectly represents a risk to UAE internet users, such as phishing websites, hacking tools and spyware.
- Content that relates to gambling activities.
- Content that provides information on or promotes the purchase, manufacture or use of, illegal drugs.
The major risk for an individual is inadvertent access to blocked content using VPN technology as such act, under the strict letter of the Law and Amendment, may be considered an offence and, accordingly, punishable with imprisonment or a fine. To avoid such unintentional consequences, it is recommended that individuals activate VPN technology only when needed and deactivate it when it is no longer required for legitimate use, and, in addition, that they use parental-control or web-filtering software as this adds an additional layer of safety for individuals and families who habitually use VPN technology at home.
If you have any questions or concerns regarding your personal or business use of VPN technology, feel free to contact us for additional guidance.
Client Alert 2016-252
