DIFC Authority 2025 Regulatory Update: Key Changes for CSPs in Dubai

The DIFC as a CSP Jurisdiction

The Dubai International Financial Centre has established itself as one of the Middle East's premier financial centre jurisdictions over the past two decades. Operating under its own legal framework — English common law applied through DIFC Courts — the DIFC hosts a significant number of corporate structures across banking, fund management, professional services, and family office sectors. Corporate service providers operating within the DIFC or serving DIFC-incorporated entities are subject to DIFC Authority oversight, with DFSA (Dubai Financial Services Authority) maintaining oversight of regulated financial activities.

For CSPs, the DIFC presents a distinctive compliance environment: a onshore-quality regulatory framework in a tax-advantaged jurisdiction, with the added complexity of navigating between DIFC law, UAE federal law, and in some cases the laws of the jurisdiction of the ultimate beneficial owners. The 2025 regulatory updates from the DIFC Authority are specifically targeted at the corporate services sector, reflecting the Authority's response to increased scrutiny of UAE-related structures internationally.

Updated UBO Register Requirements

The DIFC has maintained a UBO register for several years, but the 2025 updates significantly strengthen the verification and maintenance obligations. Previously, UBO information could be filed based on self-declaration by the entity's authorised representative. Under the updated requirements, independent verification of beneficial ownership information is now required — consistent with the approach being adopted across other leading jurisdictions including Jersey and Guernsey in 2026.

For CSPs acting as DIFC registered agents, this creates a direct obligation: you are responsible for ensuring the UBO information on the DIFC register for entities for which you are registered agent is accurate, verified, and kept current. Failure to maintain accurate UBO information exposes both the entity and the registered agent to DIFC Authority enforcement action.

Revised Registered Agent Obligations

The 2025 DIFC Registered Agent regime updates — delivered through amendments to the DIFC Companies Law and the associated Registered Agent Regulations — formalise a number of obligations that were previously expectation-based rather than rule-based:

• Due diligence on entities for which you act: Registered agents must now conduct and document due diligence on the beneficial owners and senior management of every entity for which they are the registered agent — regardless of whether a separate regulated relationship exists. This is distinct from any AML obligation under DFSA rules.
• Notification of suspicious activity: Registered agents who become aware of suspicious activity in connection with an entity they represent have an explicit obligation to notify the relevant authority. The 2025 amendments specify a 24-hour notification window for suspicions related to sanctions violations.
• Annual confirmation: Every entity's registered agent must file an annual confirmation that the entity's information on the DIFC register — registered address, officers, UBOs — is accurate and current. This filing carries personal liability for the registered agent signatory.

"The DIFC's 2025 updates bring registered agent obligations meaningfully closer to the standard applied to regulated financial service firms. CSPs who thought of their DIFC registered agent function as an administrative formality need to reassess."

Corporate Governance Framework Updates

The DIFC Authority's 2025 Corporate Governance Code update extends mandatory governance requirements to a broader range of DIFC entities. Previously, the detailed governance code applied primarily to listed companies and regulated entities. The 2025 update applies a proportionate governance framework to all DIFC private companies above a defined threshold of assets under management or annual revenue.

For CSPs providing director services or company secretarial services to qualifying DIFC entities, this means the entities you serve may now be subject to formal requirements around board composition (requiring at least one independent director), documented conflict of interest policies, and annual governance reporting. Entities using a CSP for nominee director services should assess whether the governance code requirements necessitate any changes to their board composition or governance documentation.

Interaction with UAE Federal AML Requirements

DIFC entities are subject to both DIFC law and UAE federal law in areas where the two frameworks intersect. The UAE's AML framework — administered federally by the Financial Intelligence Unit and the Central Bank — applies to all persons operating in the UAE, including within the DIFC, to the extent their activities fall within the federal AML regime's scope. In 2025, the UAE Central Bank issued updated guidance on the identification and reporting of virtual asset transactions, which has implications for DIFC entities with any digital asset exposure.

CSPs managing DIFC entities with virtual asset connections should ensure they understand both the DFSA's approach to digital assets (separately regulated under DFSA's digital asset regime) and the federal AML obligations that may apply to transactions involving digital assets.

Practical Steps for CSPs

• Audit all DIFC entities for which you are registered agent against the updated UBO register requirements — ensure all beneficial ownership information is independently verified and current.
• Update your registered agent compliance procedures to incorporate the new 24-hour sanctions notification obligation.
• Review the annual confirmation filing requirement and ensure you have a system to collect the necessary data from entity officers before the filing deadline.
• Assess whether any DIFC entities you serve are subject to the updated Corporate Governance Code and, if so, whether their current governance arrangements meet the new requirements.