MoHRE Emiratisation: 30 June 2026, hard deadline for AED 6,000 minimum Emirati salary compliance.
30 June 2026 is the final deadline by which all private sector employers must have raised monthly salaries of Emirati employees hired before 1 January 2026 to the mandatory minimum of AED 6,000. MoHRE raised the minimum from AED 5,000 to AED 6,000 effective 1 January 2026, applying immediately to new and amended permits, with a six-month transition for existing employees. From 1 July 2026, enforcement activates automatically.
Key Takeaways:
- From 1 July 2026, UAE Wage Protection System (WPS) 2.0 automatically blocks salary payments below AED 6,000 for Emirati employees. Those below threshold are excluded from the employer’s Emiratisation quota calculations immediately eroding quota compliance without any additional enforcement action required.
- Non-compliant establishments face suspension of new work permit issuance by MoHRE. For businesses in growth mode or with high expatriate headcount needs, this is an acute operational risk particularly in financial services, banking, insurance, telecoms, and technology.
- The AED 6,000 threshold applies to the base monthly wage registered through WPS, not total compensation. Employers who have structured pay through lower base salaries with variable allowances must ensure WPS-registered figures reflect the new minimum. Contracts, WPS registrations, and MoHRE records must all be aligned.
- The June 30 deadline runs alongside the H1 Emiratisation quota checkpoint: companies with 50 or more employees must show a 1% increase in Emirati representation in skilled roles by 30 June 2026. Non-compliance on both salary and quota triggers parallel, compounding enforcement exposure at AED 9,000 per month per unfilled position. MoHRE’s AI-powered monitoring system cross-references WPS and Nafis data continuously.
UAE e-invoicing mandatory rollout: large business ASP appointment deadline 31 July 2026, final preparation month.
June 2026 is the final preparation month before the UAE’s e-invoicing rollout reaches its first hard compliance milestone. The MoF and FTA launched the 4-Corner exchange model on 21 April 2026. Large businesses, annual revenue AED 50 million or more must appoint an Accredited Service Provider (ASP) by 31 July 2026 and go live by 1 January 2027. Smaller businesses must appoint an ASP by 31 March 2027, with go-live by 1 July 2027.
Key Takeaways:
- All invoices must be issued in structured XML format (PINT-AE standard, based on Peppol international billing specifications) and transmitted through an FTA-accredited ASP. PDFs, scanned documents, and paper invoices are not valid e-invoices under the framework. ERP or accounting systems must support XML output, a non-trivial integration requirement for many businesses.
- The ASP appointment deadline of 31 July 2026 is a hard regulatory milestone. ASP selection should assess PINT-AE certification, ERP integration capability, data residency and security standards, and SLA commitments. Mandatory invoice data fields include supplier and buyer identifiers, invoice number, date, description of supply, taxable amount, VAT rate and amount, total value, and a digital signature or timestamp.
- Penalties for non-compliance after mandatory go-live are codified at AED 5,000 per month per violation under Cabinet Decision No. 106 of 2025. Businesses transacting at scale face material aggregate exposure. Voluntary implementation from 1 July 2026 (the pilot launch date) provides full penalty exemption, the most effective risk management strategy for businesses that can move early.
CFOs, tax directors, and IT teams should use June 2026 to confirm ERP PINT-AE compatibility, finalise ASP selection and contracting, complete invoice data mapping, and identify any transactions – intra-group, B2G, or export requiring specific handling. Businesses relying on manual invoicing processes should prioritise automation planning to meet the January 2027 deadline.
UAE Personal Data Protection Law – mid-year compliance update as January 2027 full-compliance deadline approaches.
The UAE Federal Decree-Law No. (45) of 2021 on the Protection of Personal Data (PDPL), together with its Executive Regulations (November 2023) and sector-specific standards, requires full compliance by 1 January 2027. June 2026 marks the midpoint of the critical compliance implementation window. DIFC and ADGM operate separate, parallel data protection regimes requiring multinational groups to maintain jurisdiction-specific frameworks across all three.
Key Takeaways:
- The PDPL applies to mainland UAE controllers and processors, and to extraterritorial processing relating to UAE data subjects. Cross-border data transfers are restricted to countries or entities with adequate protection as determined by the UAE Data Office, or where appropriate safeguards, contractual protections or binding corporate rules are in place. With UAE commercial transactions spanning GCC, India, Europe, and North America, cross-border transfer compliance is a material operational issue that many organisations have not yet fully assessed.
- For CBUAE-licensed financial institutions, Federal Decree-Law No. (6) of 2025 adds financial sector-specific data obligations – customer data confidentiality, digital banking security, and open finance data governance with a compliance deadline of 16 September 2026, ahead of the broader PDPL deadline. Firms in scope face a two-stage compliance sequencing challenge.
- Organisations across mainland UAE, DIFC, and ADGM must maintain jurisdiction-specific compliance: a single data flow such as HR data transferred from a DIFC entity to a UAE mainland payroll processor may trigger obligations under all three regimes simultaneously. AI systems processing personal data must also comply with the PDPL pending a dedicated UAE AI statute, with privacy impact assessments recommended for all AI-driven applications in UAE operations.
With six months to the January 2027 deadline, priority actions include: completing data mapping across all processing activities and cross-border transfers; reviewing and updating data processing agreements; implementing appropriate technical and organisational security measures; establishing data subject rights procedures; and appointing a Data Protection Officer where required.
UAE Capital Markets Law (Federal Decree-Law No. 33 of 2025) – six months to CMA transitional compliance deadline.
Federal Decree-Law No. (33) of 2025 on the Regulation of the Capital Market, in force from 1 January 2026, introduced the most comprehensive overhaul of the UAE’s federal securities law since 2000. All entities within scope must regularise their status with the CMA by 1 January 2027. At the June 2026 midpoint, firms that have not yet commenced regularisation planning are at material risk of missing the deadline.
Key Takeaways:
- The Capital Markets Law’s jurisdictional reach is deliberately broad: it applies to financial products dealt with in the UAE, regulated activities carried out in the UAE, foreign issuers incorporated in DIFC or ADGM offering securities in the UAE, and persons targeting UAE clients from offshore or free zone structures. Entities previously operating in a regulatory grey zone must assess their position urgently.
- A statutory prospectus liability framework is introduced for the first time at the federal onshore level, establishing clear legal liability for misstatements and omissions in securities offering documents against issuers, offerors, and underwriters. This will materially affect how UAE onshore offering documents are drafted, verified, and signed off.
- The investment funds framework under Article 38 provides funds with independent legal personality and ring-fenced financial liability. Funds may be established as CMA-licensed investment funds or as recognised commercial company forms with prior CMA approval. A dual-track structure to be assessed alongside the DIFC VCC and Prescribed Company regimes when selecting fund domicile.
Market abuse offences such as insider dealing, market manipulation, and misleading statements are codified at statutory level for the first time, with penalties of up to AED 200 million or ten times illicit gains. Financial institutions, intermediaries, listed companies, and advisers should review market abuse compliance policies against the new framework. Pre-existing SCA resolutions continue to apply where they do not conflict with the new Decree-Laws until replaced by CMA implementing resolutions.
