The UAE now regulates fiat-referenced cryptoassets (“stablecoins”) through a dedicated Payment Token Services Regulation 2024 issued by the Central Bank of the UAE (CBUAE). In this framework, a Payment Token is a virtual asset designed to maintain a stable value by referencing fiat currency (for example, AED or USD). Issuance, conversion, and custody/transfer of payment tokens are regulated activities that require CBUAE authorisation or registration. Algorithmic “stablecoins” and privacy tokens are expressly out-of-bounds. Marketing is tightly controlled, and the acceptance of tokens for payments is limited to narrow circumstances. Prudential obligations include white-paper approval, reserve governance, segregation of client assets, and full AML/CFT compliance. This article unpacks the perimeter, permissions, prohibitions, and prudential standards, with article-level references to the CBUAE rulebook.

Important: This article is for general information only and is not legal advice. Always verify specific positions against the current CBUAE instruments, your licence or registration conditions, and any applicable free-zone rules.

1) WHO REGULATES WHAT?

In the UAE’s multi-regulator model, CBUAE is the competent authority for Payment Token Services. “Payment token” activity sits alongside – rather than inside – virtual-asset investment regimes supervised by VARA (Dubai, outside DIFC), SCA (onshore investment-purpose VAs), FSRA (ADGM) and DFSA (DIFC). A practical takeaway used by market participants is: choose CBUAE if your token is for payments, merchant settlement, or remittance rails, and the other regimes for investment-purpose tokens and platforms.

The CBUAE regulation also recognises “Local Licensing Authorities” (LLAs) created under Cabinet Resolution No. (111) of 2022, which govern virtual-asset activities at the emirate level. That said, the payment token perimeter and permissions are set centrally by CBUAE.

2) WHAT IS A “PAYMENT TOKEN”? (AND WHAT IS NOT)

  1. Definition. A Payment Token is a virtual asset that purports to maintain a stable value by referencing the value of the same fiat currency in which it is denominated (or another payment token in the same fiat). A token designated by CBUAE as a “Designated Payment Token” is also deemed a Payment Token. This is the UAE’s working definition of stablecoin in the payments context.
  2. Dirham vs. foreign payment tokens. The rulebook distinguishes between:
  • Dirham Payment Tokens (AED-referenced); and
  • Foreign Payment Tokens (referenced to non-AED fiat).

These terms appear throughout the regulation and drive critical differences in who can issue and where tokens can be used.

  1. Means of Payment. A “Means of Payment” is either a virtual asset functioning as a store of value/medium of exchange/unit of account or one designated as such by the Central Bank under Article 3(1). This designation matters for acceptance rules.
  2. What is not permitted: Algorithmic stablecoins and privacy tokens are explicitly excluded from the permissible universe.

3) THE REGULATED SERVICES AND WHO CAN PERFORM THEM

The regulation establishes three Payment Token Services per Article 1:

  1. Payment Token Issuing (creating and making payment tokens available);
  2. Payment Token Conversion (buy/sell/spot conversion, including as agent or by operating an order-placing facility); and
  3. Payment Token Custody and Transfer (safekeeping and executing transfers on instruction).

Authorisation baseline – Article 2(1). No person may perform a Payment Token Service within the UAE or directed to persons in the UAE unless licensed or registered by CBUAE for that service. This prohibition applies even if the person is otherwise licensed by SCA or a Local Licensing Authority for other virtual-asset activities.

Licensing and registration models (at a glance).

  • Licensed Payment Token Issuer (for issuing AED tokens; see Section 4 and 5).
  • Registered Foreign Payment Token Issuer (for non-AED tokens directed to the UAE).
  • Payment Token Conversion Provider (registered via Non-Objection Registration).
  • Foreign Payment Token Custodian and Transferor (registered via Non-Objection Registration).

“Non-Objection Registration” is a formal CBUAE registration granted under Article 8(1) that permits Payment Token Conversion and Foreign Payment Token Custody & Transfer.

4) TERRITORIAL SCOPE AND INTERACTION WITH FREE ZONES

For Article 2’s prohibitions and marketing perimeter, “within the UAE” excludes the Financial Free Zones (DIFC, ADGM). This drafting prevents overlap between CBUAE’s onshore perimeter and free-zone financial regulators, but it does capture activity “directed to persons in the UAE” (for example, onshore retail targeting).

5) PROHIBITED ACTIVITIES AND PROMOTIONS

Activity prohibitions (Article 2). A person must not:

  • Issue payment tokens other than against payment in Dirhams or a foreign currency (i.e., no “in-kind” issuance), and must not issue tokens unless the token is designated as a Payment Token under the regime.
  • Engage in any activity relating to an algorithmic stablecoin or privacy token.
  • Conduct Payment Token Trading as a business.

These rules sit alongside a broad marketing control: non-authorised/registered persons may not promote, market or advertise payment token services or undesignated tokens to persons in the UAE.

Marketing discipline applies to everyone. Article 2 confirms the prohibitions apply to all persons, including those licensed by SCA or an LLA for other VA activities – i.e., there is no “passport” from a VA licence to payment-token promotions. This is consistent with the UAE’s general principle that promotions are a licensing issue, not just a marketing issue.

6) ACCEPTANCE AND USE: WHEN CAN A TOKEN BE USED FOR PAYMENTS?

  1. Merchant acceptance (Article 2(7)). No merchant (or other person selling goods/services in the UAE in the course of business) may accept a virtual asset in payment unless the asset is either: (a) a Dirham Payment Token issued by a CBUAE-licensed issuer and used as a Means of Payment; or (b) a Foreign Payment Token issued by a Registered foreign issuer and used as a Means of Payment for the purchase of a virtual asset or a VA derivative. This closes the door on using unregulated crypto as a general tender for goods/services onshore; only compliant payment tokens fit, and even then, foreign tokens can only be accepted in the virtual-asset vertical.
  2. Foreign token transfers (Article 2(5)). A Registered Foreign Payment Token Register may only initiate/facilitate/effect/direct a transfer if the token is being used (or sold for use) as a Means of Payment for the purchase of virtual assets or their derivatives. In short: the foreign payment-token rail is ring-fenced to VA commerce.
  3. Issuing to UAE residents (Article 2(6)). An AED issuer may only issue Dirham Payment Tokens to persons resident in the UAE – but beyond this residency gate, there is no territorial restriction on where a payment token may be used or transferred.

7) DESIGNATION AND PRODUCT CONSTRAINTS

Designation & form (Article 12). The Central Bank may designate a token as a Payment Token. Key constraints include:

  • Dirham Payment Tokens must be denominated in UAE Dirhams and must not provide any interest or return to holders.
  • Designation decisions are notified and published; the Central Bank retains discretion to impose conditions or revoke designation.

These features underscore the payments (not yield-bearing) function of AED stablecoins.

8) WHITE PAPER AND DISCLOSURES

White paper obligation (Article 26). A Payment Token Issuer must:
(1) produce a white paper; (2) submit it to CBUAE; (3) obtain CBUAE acceptance; and (4) publish it. The white paper must be audited; the audit report is filed when submitting the paper. If accepted, the paper must be publicly accessible at least seven days before making the token available for sale/transfer to persons in the UAE (excluding persons in a financial free zone). Amendments require re-submission with an updated audit.

Customer communications. Licensees and registered conversion providers must comply with CBUAE-directed disclosure and customer-communication requirements as specified from time to time. Expect prescriptive language on redemption mechanics, FX/fees, risks, and service scope.

9) RESERVES, LIQUIDITY AND SAFEKEEPING

Reserve of Assets (Article 22). Issuers must maintain a Reserve of Assets that is consistent with generally accepted principles and proportionate to liquidity risks, including asset quality, maturity and counterparties. The Reserve must comprise cash and cash equivalents, be safeguarded by independent third parties (banks/custodians), and be segregated from the issuer’s own assets. The regulation emphasises credit-risk limits, valuation discipline, and diversification consistent with “banking-grade” prudentials.

No interest to holders. As noted above, AED tokens may not pay interest; this protects the monetary nature of the instrument and avoids deposit-like features without a banking licence.

10) CLIENT-ASSET SEGREGATION AND WALLETS

  1. Wallet segregation (Article 23). Where customer payment tokens are held under Article 23(1), the relevant wallet must be designated for safeguarding/holding customer payment tokens and used only for those tokens. No one other than the customer may have any interest in or right over the tokens placed in such a wallet. Custodians/transferors must keep records of segregated customer tokens. This is a strict client-asset regime in a crypto context.
  2. Operational design. In practice, custodians should implement per-client address segregation, quorum-based key control (MPC/multisig), hot/warm/cold tiers, and T+0 reconciliation of ledger ↔ wallet(s) ↔ bank accounts, with audit trails and clear insolvency disclosures. These expectations are consistent with CBUAE’s prudential posture toward payment token services.

11) AML/CFT OBLIGATIONS

Article 24 applies in addition to all other UAE AML/CFT laws and regulations, including the federal AML Law. Obligors must implement risk-based measures to deter misuse, detect and report suspicious activity to the FIU at CBUAE. Given the payments-use case and open-ledger characteristics, expect scrutiny on sanctions/TFS screening, on-chain analytics, Travel Rule interoperability, and timely STR filings.

12) BANKS AND CORPORATE STRUCTURING

Banks may not act as Payment Token Issuers, but may set up subsidiaries/affiliates (subject to licensing and other requirements) to perform issuance. This ring-fences issuance from deposit-taking entities without banning bank group participation outright.

From a supervision perspective, CBUAE expects banking-grade governance, liquidity MI, incident management, and outsourcing control from issuers/custodians/transferors. Firms should prepare bank-ready evidence packs covering segregation, reconciliations, capital/liquidity headroom, and reserve/escrow arrangements.

13) TRANSITION PERIOD AND INTERACTION WITH OTHER CBUAE FRAMEWORKS

There is a one-year transition period following commencement of the Payment Token Services Regulation during which Article 2 (the core prohibitions) will be phased. After the transition, the Retail Payment Services and Card Schemes Regulation and the Stored Value Facilities (SVF) Regulation will no longer apply to crypto-assets/virtual assets/related providers; the dedicated payment-token regime takes primacy for this perimeter.

14) PRACTICAL ROAD-MAP FOR COMPLIANT OPERATIONS

Below is a consolidated implementation path that aligns with the regulation’s requirements and supervisory expectations:

  1. Classify the product: Confirm the token is a Payment Token (fiat-referenced), not an investment/utility token. Decide Dirham vs. foreign and whether designation is required. Reconfirm it is not algorithmic and not a privacy token.
  2. Choose the permission:
    • AED issuance → Licensed Payment Token Issuer.
    • USD/EUR issuance directed to UAE → Registered Foreign Payment Token Issuer.
    • Conversion/Custody-&-Transfer for foreign tokens → Non-Objection Registration (Article 8).
  3. Design the reserve: Cash/cash-equivalent assets with independent safekeeping, concentration/credit/maturity limits, and daily liquidity MI.
  4. Build client-asset protection: Dedicated customer wallets, no third-party interests, rigorous books/records, address-level segregation, MPC/multisig quorums, and T+0 reconciliations.
  5. White paper and audit: Produce, audit, submit, obtain acceptance, and publish ≥7 days before UAE availability; maintain amendment/audit procedures.
  6. Marketing & distribution: Train teams that promotions are regulated; ensure status-accurate wording and geo-controls for UAE audiences, and do not promote undesignated tokens or prohibited services.
  7. Acceptance policy (for merchants and platforms): Limit on-site acceptance to Dirham Payment Tokens (as Means of Payment) or Foreign Payment Tokens where payment is for virtual assets/derivatives only; do not accept other VAs for general goods/services.
  8. AML/Travel Rule: Integrate sanctions/TFS pre-transfer screening, on-chain analytics, Travel Rule interoperability (with fallbacks), and FIU reporting cadence.
  9. Incident and outsourcing: Implement 72-hour-class incident playbooks and vendor oversight with audit rights, data/key residency, and exit plans consistent with CBUAE expectations.

15) FAQS 

Can we market an algorithmic “stablecoin” to UAE users?
No. Any activity relating to algorithmic stablecoins is prohibited, and undesignated tokens cannot be promoted to UAE persons.

Can a merchant accept USDC/USDT for retail goods?
Not under this regulation. Merchant acceptance is limited to (a) AED payment tokens issued by a CBUAE licensee (as Means of Payment) or (b) foreign payment tokens only when paying for virtual assets or their derivatives.

Can a bank issue an AED stablecoin directly?
No. A bank cannot act as a Payment Token Issuer, but may set up a licensed subsidiary/affiliate to do so.

Is there time to comply?
Yes – one calendar year from commencement as a transition period for Article 2. After that, legacy retail-payment/SVF rules cease to apply to the crypto perimeter and the Payment Token framework governs.

The CBUAE Payment Token Services Regulation creates a purpose-built, banking-grade regime for fiat-referenced crypto used in payments. Issuers and intermediaries should treat it as prudential financial infrastructure, not a light-touch crypto add-on: reserves must be money-good, client assets must be ring-fenced, disclosures must be pre-cleared and auditable, and AML/CFT must be demonstrably effective. With a clear licence/registration choice, conservative reserve governance, and disciplined market conduct, compliant AED and foreign payment-token models can operate in the UAE’s broader virtual-asset landscape without friction at the regulator or at the bank.

Disclaimer. 

This article is a general overview and does not constitute legal advice. Regulatory expectations evolve; always confirm your position and documentation against the latest CBUAE instruments and your licence/registration conditions.

Newer GENIUS Act and CLARITY Act: A Pivotal Moment in U.S. Crypto Regulation
Back to list
Older REAL – WORLD ASSETS TOKENISATION IN DUBAI, UAE