UAE Website Legal Requirements — VAT, TRN, DED Licence and Consumer Protection

Running a business website in the UAE involves compliance with several intersecting legal frameworks — federal tax law, commercial regulation, consumer protection legislation, and the UAE's 2022 data protection law. Non-compliance ranges from reputational risk to regulatory fines. This guide covers what your UAE business website legally must include in 2025.

VAT and TRN Display Requirements

The UAE introduced Value Added Tax (VAT) at 5% under Federal Decree-Law No. 8 of 2017. Businesses with annual taxable supplies exceeding AED 375,000 are required to register and obtain a Tax Registration Number (TRN) from the Federal Tax Authority (FTA).

Your website must:

• Display your TRN on any page that includes pricing, quotes, or commercial offers
• Clearly state whether displayed prices are VAT-inclusive or VAT-exclusive
• Show VAT as a separate line item on any online invoice or receipt generated through your website
• Ensure that automated quote or proposal tools on your site calculate and display VAT correctly

The FTA has issued fines for businesses displaying prices without VAT disclosure. The TRN format is a 15-digit number beginning with 100 — it should appear in your website footer and on all pricing pages.

DED Licence Display for Dubai Businesses

All businesses licensed by the Dubai Department of Economy and Tourism (DET, formerly DED) are required to display their trade licence number in business communications. Best practice — and increasingly enforced expectation — is to include this in your website footer alongside your registered business name. Requirements:

• Display your complete DED trade licence number
• Your registered legal business name must match your trade licence exactly
• If operating under a different trading name, the legal entity behind it must be identifiable
• Professional services businesses (legal, medical, financial) must also display their professional licence issued by the relevant regulatory authority (DIFC Authority, HAAD, DFSA)

Free Zone Business Display Requirements

Businesses registered in UAE free zones have their own display requirements:

• DIFC: DIFC Authority registration number; financial services firms must display DFSA regulatory status
• DMCC: DMCC company number; member portal verification badge recommended
• ADGM: Registration Authority number; financial services firms must display FSRA regulatory status
• Note: Free zone businesses may only solicit clients from within their free zone or internationally unless they hold a mainland DED licence — your website content should reflect your actual licensing scope

UAE Consumer Protection Law — Website Pricing Obligations

Federal Law No. 15 of 2020 on Consumer Protection and its executive regulations impose requirements on commercial websites:

• Product and service prices must be clearly displayed in AED for UAE customers
• Any promotional pricing must clearly state the original price, discounted price, and promotion end date
• Return and refund policies must be clearly communicated before purchase
• Contact information (physical address, phone number, and email) must be easily accessible
• Terms and conditions must be written in Arabic or in Arabic and English

UAE Personal Data Protection Law (PDPL) 2022

Federal Decree-Law No. 45 of 2021 (UAE PDPL), effective September 2023, is the UAE's comprehensive data protection law. For websites collecting personal data (contact forms, booking systems, newsletter signups):

• Privacy notice: Must be provided at the point of data collection — a generic footer link to a privacy policy is insufficient. The notice must explain the specific purpose for collecting each data element
• Consent: Required for data processing beyond the immediate transaction; must be freely given, specific, and withdrawable
• Data subject rights: Website must provide a clear mechanism for individuals to request access to, correction of, or deletion of their personal data. This typically means a dedicated contact email or form for data rights requests
• Data breach notification: The UAE Data Office must be notified within 72 hours of a breach — your website hosting and form data storage arrangements must allow you to detect and respond to breaches within this window
• Cross-border transfers: Transferring UAE resident personal data to countries outside an approved list requires contractual safeguards

Telecommunications Regulatory Authority (TRA) Requirements

The UAE's TRA (now part of TDRA — Telecommunications and Digital Government Regulatory Authority) has content guidelines for UAE websites:

• Websites operating in UAE must comply with the UAE's internet content regulations — certain categories of content are legally prohibited
• E-commerce businesses selling to UAE residents must comply with the UAE Electronic Commerce Law (Federal Law No. 1 of 2006)
• Online marketplaces and platforms facilitating transactions must register with relevant UAE authorities

Practical Implementation for UAE Business Websites

A compliant UAE business website footer should contain: registered legal business name, DED or free zone registration number, TRN (if VAT-registered), physical address, phone number (+971 format), email address, and links to Privacy Policy and Terms & Conditions. A custom-built React site can implement all of this cleanly in a structured footer component. QX137 builds this compliance architecture into every UAE client site at no additional cost within the $500 USD project scope.