A bold step towards cyber resilience

The UAE has taken a decisive step forward in its national cyber maturity journey with the release of the UAE Information Assurance (IA) Standard v2.1 in November 2025, replacing the earlier UAE IA Regulation v1.1 (2020). This evolution reflects a clear national intent to strengthen cyber resilience, enhance governance, and align with leading international best practices in response to an increasingly complex and evolving threat landscape.

The current geopolitical environment across the Middle East has further intensified the cyber threat landscape, with a marked increase in statesponsored activities, hacktivism, and targeted campaigns against government entities and critical infrastructure. Regional tensions have amplified the likelihood of disruptive and destructive cyber operations, while also increasing the sophistication, frequency, and coordination of these attacks. In this context, cyber resilience is no longer solely a technical priority but a national security imperative, requiring organizations to strengthen their defensive posture, enhance situational awareness, and adopt proactive, intelligence-driven security measures.

The UAE IA supports this through alignment with the national cyber mandates aimed at standardized practices and a cohesive response to cyber threats across the ecosystem. As government entities, critical infrastructure operators, and regulated organizations prepare to meet the new requirements, it is essential for leadership teams to understand not only what has changed, but why it matters. This paper outlines the key shifts introduced by UAE IA v2.1, their strategic implications, and how organizations can respond pragmatically and effectively.

Why UAE IA v2.1 matters now

The refresh of the UAE Information Assurance Standard is not a routine regulatory update. It has direct implications for leadership accountability, operational resilience, and organizational risk management.

Cybersecurity underpins operational resilience

UAE IA v2.1 promotes mature cyber practices enabling organizations to anticipate and respond to physical events that affect digital operations and critical services.
Cyber risk is a leadership issue

UAE IA v2.1 reinforces executive ownership of cyber risk, requiring informed risk acceptance, sustained oversight, and continuous assurance.
Digital transformation increases exposure

As cloud, shared platforms, and emerging technologies are rapidly adopted, UAE IA v2.1 provides a structured framework to enable secure innovation without impeding agility.
Non-compliance has tangible consequences

Weak information assurance can result in service disruption, regulatory scrutiny, and erosion of public trust—particularly for entities delivering critical or citizen-facing services.
Early action reduces cost and complexity

Proactive gap assessments and phased implementation are significantly more cost-effective than reactive remediation following audits or incidents.

A focus onemerging technologies: AI, Cloud, and IoT

A significant enhancement in UAE IA v2.1 is its explicit focus on emerging technologies that underpin national digital transformation initiatives:

Artificial Intelligence (AI)

New controls emphasize governance, lifecycle risk management, and secure deployment of AI-driven systems.

Cloud computing

Deploying a data aware lens, the expectations on security and more importantly on sovereignty are heightened, with more robust controls required around data location, key management, legal control, and operational autonomy.

Internet of Things (IoT)

Expanded controls address the security of connected devices and operational technology, particularly in critical and citizenfacing services.

How KPMG can support your organization

At KPMG, we support organizations with adopting the UAE Information Assurance (IA) Standard v2.1 through a simple, structured, and riskdriven approach:

UAE IA implementation support: We assess your alignment with the requirements of the standard and support you as you navigate the governance, process and technical controls imperative to drive compliance and maturity.
Cyber resilience roadmap: Leveraging a compliance lens, we develop, customize and embed cyber resilience journeys towards operational and digital resilience.
Emerging technology security advisory: We support organizations with implementing regulatory mandates within their AI and cloud journeys, allowing entities to innovate with confidence.

This approach enables organizations to move from compliance understanding to effective and sustainable implementation of the UAE IA Standard.