Phosra
Get Started
United Arab EmiratesEnacted (2025); effective Jan 2026

UAE Child Digital Safety Law (UAE Decree 26)

UAE law establishing comprehensive child digital safety requirements, including age verification, targeted ad bans, privacy protections, and restrictions on addictive design for platforms serving children under 13.

Compliance Coverage7/7

What UAE Decree 26 Requires

Key provisions of UAE Child Digital Safety Law

Age Verification Requirement

Platforms must implement age verification for all users. Enhanced protections apply to children under 13, with additional obligations for users under 18.

Targeted Advertising Ban for Under-13

Targeted advertising directed at users under 13 is prohibited. Platforms may not use personal data of children for advertising profiling, behavioral targeting, or ad personalization.

Privacy-by-Default Settings

Minor accounts must default to the most restrictive privacy settings. Platforms must disable data sharing, location tracking, and ad personalization by default for children.

Addictive Design Restrictions

Addictive design features such as autoplay, infinite scroll, streaks, and engagement-maximizing notifications must be disabled for children's accounts.

Geolocation Tracking Disabled

Geolocation tracking must be disabled by default for minor users. Location data may only be collected with explicit, informed parental consent.

Extraterritorial Application

The law applies extraterritorially to any platform accessible in the UAE that processes data of UAE-resident children, regardless of where the platform is headquartered.

How Phosra Helps

UAE Decree 26 provisions mapped to Phosra features

Each UAE Decree 26 requirement is addressed by a specific Phosra capability. Integrate once, and your platform is covered.

Age verification

Age Gate

age_gate

The age_gate rule enforces age verification on connected platforms, ensuring minor accounts are properly identified and subject to UAE-required protections.

REST API — Enforce age verification gate
bash
curl -X POST https://api.phosra.com/v1/enforcement \
  -H "Authorization: Bearer sk_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "child_id": "ch_omar_10",
    "rules": ["age_gate"],
    "platforms": ["instagram", "tiktok", "youtube"]
  }'

Targeted advertising ban

Targeted Ad Block

targeted_ad_block

The targeted_ad_block rule disables all behavioral advertising for users under 13, satisfying the Decree's advertising prohibition.

REST API — Block targeted ads for minors
bash
curl -X POST https://api.phosra.com/v1/enforcement \
  -H "Authorization: Bearer sk_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "child_id": "ch_omar_10",
    "rules": ["targeted_ad_block"],
    "platforms": ["instagram", "snapchat", "youtube"]
  }'

Privacy-by-default

Privacy Data Sharing Controls

privacy_data_sharing

The privacy_data_sharing rule blocks third-party data sharing by default, implementing the Decree's privacy-by-default requirements.

REST API — Enforce privacy-by-default
bash
curl -X POST https://api.phosra.com/v1/enforcement \
  -H "Authorization: Bearer sk_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "child_id": "ch_omar_10",
    "rules": ["privacy_data_sharing"],
    "platforms": ["instagram", "tiktok", "roblox"]
  }'

Addictive design restrictions

Addictive Design Control

addictive_design_control

The addictive_design_control rule disables autoplay, infinite scroll, and engagement-maximizing features for minor accounts.

REST API — Disable addictive design patterns
bash
curl -X POST https://api.phosra.com/v1/enforcement \
  -H "Authorization: Bearer sk_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "child_id": "ch_omar_10",
    "rules": ["addictive_design_control"],
    "platforms": ["tiktok", "youtube", "snapchat"]
  }'

Geolocation disabled by default

Geolocation Opt-In

geolocation_opt_in

The geolocation_opt_in rule ensures location tracking is disabled by default on connected platforms, requiring explicit parental authorization.

REST API — Disable geolocation by default
bash
curl -X POST https://api.phosra.com/v1/enforcement \
  -H "Authorization: Bearer sk_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "child_id": "ch_omar_10",
    "rules": ["geolocation_opt_in"],
    "platforms": ["instagram", "snapchat", "tiktok"]
  }'

Cross-platform enforcement

Multi-Platform Policy Engine

A single UAE Decree-26 compliance policy enforces all requirements simultaneously across Instagram, TikTok, YouTube, Snapchat, Roblox, and Discord.

REST API — Batch enforce all Decree 26 rules
bash
curl -X POST https://api.phosra.com/v1/enforcement/batch \
  -H "Authorization: Bearer sk_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "child_id": "ch_omar_10",
    "rules": [
      "age_gate",
      "targeted_ad_block",
      "privacy_data_sharing",
      "addictive_design_control",
      "geolocation_opt_in"
    ],
    "platforms": [
      "instagram", "tiktok", "youtube",
      "snapchat", "roblox", "discord"
    ]
  }'

Coverage Assessment

UAE Decree 26 compliance checklist

Compliance Coverage

Age verification implementedage_gate rule category
Targeted advertising blocked for under-13targeted_ad_block rule category
Privacy settings default to most restrictiveprivacy_data_sharing defaults to blocked
Addictive design features disabledaddictive_design_control rule category
Geolocation tracking disabled by defaultgeolocation_opt_in rule category
Cross-platform enforcement for UAE usersMulti-platform policy engine
Extraterritorial compliance documentationEnforcement audit trail and compliance dashboard

Start building UAE Decree 26-compliant features today

Phosra handles the complexity of multi-platform compliance so you can focus on building great products for families.

Get Started FreeRead the Docs