Regulatory Developments in Digital Assets: DFSA and VARA Updates Shaping Dubai’s Crypto Landscape

Dubai continues to strengthen its position as a leading global hub for financial services and digital assets, supported by a regulatory environment that evolves in line with market innovation and international standards. Regulatory authorities in the UAE have consistently demonstrated a measured and forward-looking approach, balancing growth with governance, risk management, and investor protection.

Recent updates issued by the Virtual Assets Regulatory Authority (VARA), as well as parallel updates from the Dubai Financial Services Authority (DFSA) reinforce this approach. Together, these developments enhance regulatory clarity, strengthen market discipline, and address emerging financial crime risks across the digital asset ecosystem, reflecting the UAE’s broader strategy of enabling responsible innovation within a robust supervisory framework.

DFSA Updates to the Crypto Token Regulatory Framework

The DFSA has introduced updates to its Crypto Token Regulatory Framework applicable within the Dubai International Financial Centre (DIFC), marking a further evolution towards a principles-based, firm-led approach to crypto regulation. These updates have come into effect on 12 January 2026.

A key development under the revised framework is the removal of the DFSA-maintained list of “Recognised Crypto Tokens”. Authorised firms providing financial services involving Crypto Tokens are directly responsible for determining, on a reasoned and documented basis, whether each Crypto Token they engage with meets the DFSA’s suitability criteria.  This change places greater responsibility on authorized firms to demonstrate sound judgement, effective governance oversight and ongoing monitoring of the crypto assets they offer or transact in.

In addition, restrictions previously applied to funds with exposure to Crypto Tokens have been relaxed, subject to appropriate suitability assessments and risk management. Enhanced governance, disclosure, and conduct expectations further align crypto-related activities with the standards applied across traditional financial services.

Collectively, these changes underscore the DFSA’s expectation that firms operating in the digital asset space possess the necessary expertise, infrastructure, and accountability to manage associated risks, rather than relying on prescriptive regulatory listings.

VARA Circular on Enhanced Measures for High-Risk Jurisdictions

Alongside the DFSA updates, VARA has issued a circular dated 22 January 2026 addressing “Enhanced Measures for High-Risk Jurisdictions”, following the October 2025 updates issued by the Financial Action Task Force (FATF) and Federal Decree Law No. (10) of 2025.

Under this circular, all regulated Virtual Asset Service Providers (VASPs) are required to immediately integrate the updated FATF lists of high-risk jurisdictions and jurisdictions under increased monitoring into their internal risk assessment and control frameworks.

VARA mandates the application of Enhanced Due Diligence (EDD) for any customer or transaction linked to high-risk jurisdictions. This includes verification of beneficial ownership, source of funds and source of wealth analysis, justification of the business relationship, and enhanced ongoing monitoring with reporting to the Financial Intelligence Unit where applicable.

The circular further prohibits the establishment of branches or representative offices in FATF-blacklisted jurisdictions and restricts reliance on third parties in such jurisdictions for customer due diligence. Firms are also required to update internal policies, procedures and customer risk classification systems accordingly, with VARA monitoring compliance through inspections, thematic reviews and regulatory reporting.

A Converging Regulatory Direction

Taken together, the DFSA and VARA updates demonstrate a clear and consistent regulatory direction – increased accountability at the firm level, strengthened governance frameworks and closer alignment with international Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) standards. Dubai’s regulatory authorities are embedding digital assets firmly within a mature supervisory environment, reinforcing confidence among investors, counterparties and international stakeholders.

For firms, this regulatory landscape demands proactive governance, robust documentation and a clear understanding of how regulatory expectations translate into day-to-day operations.

How Baker Tilly UAE Supports Clients

At Baker Tilly UAE, we assist clients in navigating regulatory change with clarity and confidence. Our experience across assurance, risk advisory and regulatory compliance enables us to support firms in interpreting DFSA and VARA requirements and embedding them into practical, proportionate control frameworks.

We work closely with clients to strengthen governance structures, enhance risk assessments and align internal policies with evolving regulatory expectations – helping organisations operate responsibly while supporting sustainable growth in Dubai’s dynamic digital asset market.

References:

• Crypto Token Regulation | DFSA
• The DFSA implements major updates to Crypto Token Regulatory Framework, enhancing market integrity and supporting innovation in DIFC | DFSA | THE INDEPENDENT REGULATOR OF FINANCIAL SERVICES
• DFSA issues updated rules on the regulation of Crypto Tokens in the DIFC | DFSA | THE INDEPENDENT REGULATOR OF FINANCIAL SERVICES
• Enhanced Measures for High-Risk Jurisdictions - Updated FATF Lists (October 2025)
• Federal Decree by Law No. (10) of 2025 Regarding Anti-Money Laundering, and Combating the Financing of Terrorism and Proliferation Financing | CBUAE Rulebook