Executive summary
This page provides an overview of crypto-asset transfer regulation and Travel Rule requirements applicable in Dubai under the supervision of the Virtual Assets Regulatory Authority (VARA). It is intended for virtual asset service providers, financial institutions, and compliance teams operating in or interacting with the Dubai market.
Dubai operates a purpose-built regulatory regime for virtual assets, distinct from both UAE federal supervision and the DIFC framework. As of 2026, Travel Rule compliance is a core licensing requirement under VARA’s Full Market Product (FMP) regime and is treated as a non-negotiable element of ongoing regulatory compliance.
This content is provided for informational purposes only and does not constitute legal advice.
Regulatory landscape overview
Dubai is the first jurisdiction globally to establish an independent regulator dedicated exclusively to virtual assets. VARA’s framework is designed specifically for digital asset activity, rather than adapting legacy financial regulation.
Key characteristics of the Dubai approach include:
A dedicated virtual asset regulator with sector-specific rulebooks
Full alignment with Financial Action Task Force (FATF) Recommendation 16
Explicit integration of Travel Rule requirements into licensing, supervision, and enforcement
Progressive expansion of oversight to cover stablecoins, lending, and complex market activities
By 2026, Dubai has transitioned from an initial “minimum viable product” phase to a fully operational market regime with heightened supervisory expectations.
Supervisory and regulatory authorities
Travel Rule compliance in Dubai operates within a coordinated regulatory structure:
Virtual Assets Regulatory Authority (VARA): Primary supervisor for all virtual asset activities in Dubai, excluding DIFC
Central Bank of the UAE (CBUAE): Collaborates with VARA on oversight of payment tokens and federal AML standards
UAE Financial Intelligence Unit: Receives suspicious transaction reports and AML intelligence
VARA-licensed entities must comply with both VARA rulebooks and applicable UAE federal AML requirements.
Travel Rule status in Dubai
The Travel Rule is fully implemented and strictly enforced under VARA’s Compliance & Risk Management Rulebook.
Under the Dubai framework:
Travel Rule obligations apply across all licensed virtual asset activities
Compliance is assessed as part of licensing, renewal, and supervisory reviews
Firms are expected to demonstrate operational readiness and system-level integration of Travel Rule processes
Dubai’s implementation is widely regarded as among the most rigorous globally.
Timeline and key milestones
February 2023: VARA issues its Full Market Product (FMP) Regulations
2024–2025: Transition of legacy firms from provisional to FMP licences
January 2026: Full enforcement of requirements relating to fiat-referenced tokens
Q1 2026: Introduction of enhanced supervisory monitoring and automated oversight pilots
Thresholds and scope
Dubai applies the UAE federal threshold framework, with additional supervisory discretion.
Threshold: AED 3,500 (approximately USD 950)
Scope: Applies to exchanges, custodians, broker-dealers, payment services, and other licensed activities
Risk-based exceptions: VARA may require information exchange below the threshold in higher-risk scenarios
This approach combines defined thresholds with supervisory flexibility.
Required data elements (high-level)
For in-scope transfers, VARA rules generally require the transmission and retention of information relating to:
The originator, including identifying details and wallet or account identifiers
The beneficiary, including identifying details and wallet or account identifiers
Additional data elements may be required depending on transaction risk, activity type, and supervisory expectations. Specific requirements are defined in VARA rulebooks and guidance.
Local nuances and interpretive considerations
Several features of the Dubai framework are particularly relevant for compliance teams:
Stablecoins and lending: Fiat-referenced tokens and lending/borrowing activities are subject to enhanced scrutiny
Operational integration: VARA places emphasis on automated, system-level compliance rather than manual controls
Supervisory access: Regulatory oversight increasingly focuses on transparency, auditability, and real-time monitoring
These factors reflect VARA’s ambition to position Dubai as a trusted institutional crypto hub.
Self-custodied (unhosted) wallet considerations
Dubai applies a proactive, risk-managed approach to interactions with self-custodied wallets.
Transfers involving unhosted wallets are permitted but subject to enhanced risk assessment
Additional verification measures may apply above the applicable threshold
Continuous screening against sanctions and high-risk indicators is expected
This approach is among the more structured globally and reflects VARA’s supervisory posture.
Cross-border and interoperability considerations
Dubai places strong emphasis on cross-border compliance and interoperability.
Key considerations include:
Assessment of counterparty VASP readiness and data protection practices
Defined internal strategies for managing the “sunrise issue”
Expectations around secure, timely, and automated information exchange
Manual or ad-hoc processes are increasingly viewed as insufficient for high-volume or institutional platforms.
Indicative compliance readiness checklist
The following considerations are illustrative and non-exhaustive:
Valid VARA Full Market Product licence
Local operational presence and approved senior management
Ability to apply threshold- and risk-based Travel Rule controls
Processes for managing unhosted wallet risk
Record-keeping aligned with VARA and UAE AML retention requirements