While Brussels finalises the dense compliance machinery of the EU AI Act and Washington oscillates between executive orders, Abu Dhabi is quietly doing something more interesting: building an AI governance regime that takes both innovation and accountability seriously, without treating every model as a presumptive hazard.
Over the past several months, the Abu Dhabi Global Market (ADGM) and its Financial Services Regulatory Authority (FSRA) have been advancing AI-specific guidance for financial services firms operating within the free zone. This work sits on top of two broader UAE-level foundations: the National Strategy for Artificial Intelligence 2031, first announced in 2017, and the more recent National Charter for the Development and Use of Artificial Intelligence, issued by the UAE AI Office under Minister of State Omar Sultan Al Olama — the world's first dedicated AI minister.
What the UAE is actually doing
The UAE's approach has three defining features that mark it apart from the European model.
First, principles before prescription. The National Charter sets out high-level commitments — human wellbeing, safety, transparency, accountability, fairness, sustainability — without translating each into a static checklist of mandatory ex-ante obligations. This mirrors the OECD AI Principles and the approach taken in early UK and Singaporean frameworks, leaving room for context-specific application.
Second, sector-led implementation. Rather than a single horizontal statute, the UAE is letting sectoral regulators tailor guidance. FSRA's work on AI in financial services is the clearest example: it builds on ADGM's existing rulebook for fintech and digital assets, and integrates with the regulator's well-established RegLab sandbox — one of the first regulatory sandboxes in the MENA region, launched in 2016.
Third, jurisdiction as a product. ADGM operates under direct application of English common law, with an independent court and arbitration centre. For AI firms — particularly those building foundation models, autonomous trading systems, or AI-native digital asset platforms — this offers something rare globally: legal certainty plus regulatory engagement that doesn't default to suspicion.
The contrast with the EU AI Act
The EU AI Act, which entered into force in August 2024 and is being phased in through 2026 and 2027, takes the opposite approach. It is a horizontal, risk-tiered regulation that classifies AI systems into prohibited, high-risk, limited-risk and minimal-risk categories. High-risk systems — a category that sweeps in everything from CV-screening tools to credit-scoring models — carry substantial conformity assessment, documentation, human oversight, and post-market monitoring obligations. General-purpose AI models face their own tier of obligations, with stricter rules for those deemed to pose "systemic risk".
There is a coherent case for parts of this framework. But there are also costs that even sympathetic observers are now acknowledging: the compliance burden falls disproportionately on smaller European labs and startups; the "high-risk" classification is broad enough to chill plainly beneficial uses; and the conformity assessment infrastructure is, by the European Commission's own admission, still being built.
The question is not whether AI should be regulated. It is whether regulation should presume harm and demand permission, or presume legitimate use and intervene where evidence of harm appears.
Why the sandbox model is the right starting point
ADGM's RegLab — and the FSRA's willingness to bring AI-driven firms in under tailored authorisations — is the kind of institution proportionate regulation actually requires. Sandboxes do three things prescriptive regimes struggle to do:
- Generate empirical evidence about where AI systems actually cause harm in deployment, rather than where regulators imagine they might.
- Allow iteration between firms and regulators before rules are crystallised in statute, reducing the risk of legislating against last year's technology.
- Create competitive pressure for jurisdictions to attract responsible AI firms, rather than racing to publish the most expansive rulebook.
This matters in financial services in particular. AI is already embedded in fraud detection, AML transaction monitoring, credit underwriting, robo-advisory, and increasingly in compliance itself. A regulatory regime that treats every model deployment as a notifiable event will, in practice, push experimentation offshore — which is exactly what the UAE is offering to absorb.
What other jurisdictions should take from this
The UAE model is not a complete template. It benefits from a small population, a strong state, and a financial centre architecture that can move faster than parliamentary democracies. It will need to evolve clearer redress mechanisms for individuals harmed by automated decisions, and to ensure that "principles-based" does not collapse into "unenforced". The National Charter's commitments to fairness and accountability will matter only if FSRA and other regulators are willing to act on them in concrete cases.
But the broader direction is correct. Good AI policy should distinguish between (i) clearly unacceptable uses — mass biometric surveillance, social scoring, manipulation of vulnerable users — which warrant outright prohibition, and (ii) the vast remainder, where the right move is sectoral guidance, sandboxes, post-market monitoring, and enforcement against actual harm.
India, which is finalising its own AI governance posture under the IndiaAI Mission and ongoing MeitY consultations, is closer to the UAE model than the EU one — and rightly so. The UK's pro-innovation white paper, published under the previous government and now being revisited, pointed in a similar direction. The US, post the rescission of the 2023 Biden AI executive order, is broadly in the same camp by default.
If the EU AI Act's implementation in 2026-2027 produces the chilling effects critics fear, the UAE's bet — that you can be a serious regulator and an innovation hub simultaneously — will look prescient. Either way, ADGM has positioned itself as one of the few places on earth where a frontier AI firm can build, deploy, and be regulated, without first having to ask permission to exist.