Important Note: This article is the result of independent analysis and is opinion based. It does not constitute formal advice that can be relied upon. It is not validated or endorsed by any regulator or authority. The purposes of this article is a guide to aid entrepreneurs, founders, executives, and regulated firms in understanding the recent developments to the Crypto Token framework and how these developments may influence compliance expectations within the United Arab Emirates’ virtual asset regulatory landscape. If you require formal advice on this topic, please contact our expert team.
Recently, the Dubai Financial Services Authority (DFSA) implemented significant changes to its regulatory framework for Crypto Tokens with respect to the Dubai International Financial Centre (DIFC) rules applicable to virtual assets. The updates consist of a transition from a centralized evaluation model, conducted directly by the regulator, to a supervisory model that permits a greater degree of flexibility and responsibility to regulated firms regarding how they assess, list, monitor, and use crypto assets within the DIFC jurisdiction.
Under the previous regime, firms operating in the DIFC could only interact with tokens included in the official list of “Recognised Crypto Tokens”, maintained and updated by the DFSA. With the new rules, this model no longer applies to all non-fiat tokens, and the regulator ceases to determine which assets are considered permissible, transferring the responsibility for this assessment to the firm itself, which must determine whether a token is suitable based on objective criteria established by the DFSA.
However, this is not a general rule applicable to all tokens. The exception applies to Fiat Crypto Tokens, such as fiat-backed stablecoins, which remain subject to direct verification by the DFSA.
If, on one hand, this change expands the autonomy of regulated firms, on the other hand it greatly increases their responsibility, requiring firms to develop the capability to conduct well-substantiated assessments that include analysis of the project’s governance, the founders’ background and reputation, the underlying technological structure, market risks, liquidity, volatility, cybersecurity, regulatory status in other jurisdictions and, above all, compliance risks, such as the ability to meet general compliance and AML/CFT requirements.
With respect to the obligations, firms must prominently disclose an updated list of all tokens assessed as suitable and must conduct ongoing reassessments at least every six months, or earlier if specific events indicate deterioration in the risk profile of the asset. If, at any moment, based on an objective assessment as authorized by the regulations the firm views a token as unsuitable, it must immediately cease operating with the asset, update the public list to reflect its removal, and adopt all appropriate measures to mitigate risks and any potential harm to clients and the market.
In addition, all firms must submit monthly reports to the DFSA containing detailed information about the tokens they use, reinforcing the continuous and dynamic nature of supervision.
This new approach being adopted by the DFSA is similar to the model employed by the Abu Dhabi Global Market (ADGM), which assigns to the so-called Authorised Persons (regulated firms) the responsibility of conducting an Auto-Assessment for the purpose of classifying certain virtual assets as Accepted Virtual Assets, provided that the criteria of Security, DLT Infrastructure and Ecosystem, Exchange Connectivity, Market Profile, Innovation and Efficiency, and Practical Application and Functionality are met.
With respect to investment funds, there have also been updates, one of the most significant being the removal of the 30% exposure limit to cryptoassets, previously applicable to Qualified Investor Funds. The result is an expansion of possible strategies for managers, allowing portfolios with higher concentration in digital assets, provided that the tokens involved have undergone the suitability assessment process and that the manager maintains solid controls for risk, liquidity, and governance. The flexibility aims to allow the institutional market to explore broader opportunities within the DIFC without sacrificing regulatory rigor and safety.
To mitigate the impact of the changes in the market, which took effect on 12 January 2026, a three-month transition period was established, during which any token previously included in the now-eliminated Recognised Crypto Tokens list will automatically be considered suitable, with the exception of Fiat Crypto Tokens, as mentioned earlier. It is important to note, however, that this presumption of suitability is not absolute, but conditional. If relevant events occur, such as security breaches or abrupt loss of liquidity, the transitional rule ceases to apply, requiring immediate action from the firm.
At the end of the three-month period, the new regime will be fully applicable, and the firm must possess complete and updated documentation capable of justifying the use of each token with which it operates.
For firms that already operate in the DIFC or plan to enter the market, understanding and anticipating the impacts of these changes is essential. The implementation of robust suitability frameworks, mechanisms for continuous monitoring, and well-defined governance protocols will be decisive for operating safely in this regulatory environment.
If your firm wishes to develop a robust evaluation program aligned with the required standards, review internal structures, or prepare for a smooth transition, our team is available to support you in this process. We value constructive dialogue and are committed to helping organizations navigate the practical aspects of compliance within the UAE’s digital asset environment.
Contact Details
Email: admin@bankslegal.com
WhatsApp: +971 52 648 3727