On 29 July 2025, the Financial Services Regulatory Authority (FSRA) of the Abu Dhabi Global Market (ADGM) announced the implementation of a new Cyber Risk Management Framework that will apply to financial sector firms under its supervision1. The central purpose is to: (i) enhance the overall cyber resilience of the ADGM financial services sector, by establishing consistent cyber risk management standards; and (ii) align with the UAE government’s efforts to combat both cyber threats and financial crime at a national level.
The implemented framework takes account of industry feedback on the FSRA’s proposals in its Consultation Paper No. 3 of 20252. Firms now have a six-month transition period to ensure compliance with the requirements, which take effect from 31 January 2026.
Firms are expected to integrate the cyber risk management requirements into their existing risk frameworks, which should already meet the FSRA’s expectations in its Governance Principles and Practices to Mitigate Cyber Threats and Crime and Information Technology Risk Management Guidance3.
Applicability and scope
The Cyber Risk Management Framework has been…
