Cloud Services Agreement (UAE)
CLOUD SERVICES AGREEMENT
Dated: [Agreement Date]
Provider: [Provider Name] (Trade Licence: [Provider Licence]), of [Provider Address] (the "Provider");
Customer: [Customer Name] (Trade Licence: [Customer Licence]), of [Customer Address] (the "Customer").
1. CLOUD SERVICES AND SERVICE LEVELS
1.1 The Provider shall provide the Customer with [Cloud Service Type]: [Service Description] (the 'Services').
1.2 The Provider shall use commercially reasonable efforts to maintain monthly uptime of [Uptime SLA], measured on a calendar-month basis, excluding scheduled maintenance windows notified at least 24 hours in advance and emergency maintenance required to protect the security or integrity of the cloud platform.
1.3 Where uptime falls below the agreed SLA, the Customer's exclusive remedy is a service credit as set out in Schedule 2, unless the failure results from the Provider's wilful misconduct.
1.4 The Provider shall maintain a Security Operations Centre that monitors the cloud infrastructure 24 hours a day, 7 days a week, and shall notify the Customer of any security incident affecting the Customer's environment within 4 hours of detection.
2. FEES AND PAYMENT
2.1 The Customer shall pay [Monthly Fee] per month in AED by bank transfer within 30 days of invoice. Resource usage above the base bundle is charged at the Provider's current published rate card.
2.2 All fees are exclusive of Value Added Tax at 5% under Federal Decree-Law No. 8 of 2017, administered by the Federal Tax Authority. The Customer shall pay VAT upon receipt of a valid VAT invoice.
3. DATA PROTECTION AND RESIDENCY
3.1 The Customer is the data controller and the Provider is the data processor in respect of personal data processed through the Services. Both parties shall comply with the Personal Data Protection Law (Federal Decree-Law No. 45 of 2021), administered by the UAE Data Office.
3.2 All Customer data shall be stored and processed [Data Residency]. Cross-border transfers are permitted only in accordance with Chapter 7 of the PDPL.
3.3 The Provider shall implement technical security measures including encryption of data in transit (TLS 1.2 or higher) and at rest (AES-256), multi-factor authentication for administrative access, and regular penetration testing. Security standards shall be audited annually.
3.4 On termination, the Provider shall make all Customer data available for export in a standard format and delete all copies within 30 days of a written deletion request, certifying deletion in writing.
4. TERM AND TERMINATION
4.1 This Agreement commences on the Effective Date and continues for [Contract Term], after which it renews automatically for successive 12-month terms unless either party gives 90 days written notice of non-renewal.
4.2 Either party may terminate for material breach unremedied within 15 days of written notice. The Provider may suspend Services for non-payment unremedied within 7 days.
5. GENERAL
5.1 This Agreement is governed by the laws of the United Arab Emirates. The parties submit to the exclusive jurisdiction of the [Governing Forum].
5.2 Electronic signatures are valid under the Electronic Transactions and Trust Services Law (Federal Decree-Law No. 46 of 2021).
Signed for and on behalf of the Provider: [Provider Name]
Signed for and on behalf of the Customer: [Customer Name]
Provider
________________
Signature
Customer
________________
Signature
What Is a Cloud Services Agreement (UAE)?
A Cloud Services Agreement in the United Arab Emirates is a commercial contract under which a cloud service provider agrees to deliver infrastructure, platform, or managed cloud services to a customer over the internet in exchange for a periodic fee, subject to defined service levels, data residency requirements, and security obligations. Cloud services agreements cover the full spectrum of cloud delivery models: Infrastructure as a Service (IaaS — virtual machines, storage, networking); Platform as a Service (PaaS — managed databases, application runtimes, container platforms); Software as a Service (SaaS — hosted software applications); and Managed Cloud Services (where the provider operates and manages the cloud environment on the customer's behalf). UAE cloud services agreements are classified as service agreements under the UAE Civil Code (Federal Law No. 5 of 1985), which governs the provider's obligation of professional skill and care and the customer's payment obligations. The Personal Data Protection Law (Federal Decree-Law No. 45 of 2021), administered by the UAE Data Office, is the paramount regulatory overlay for cloud services agreements: every cloud arrangement that processes personal data of UAE residents must comply with the PDPL's data processor obligations, data residency restrictions, and cross-border transfer rules.
The UAE has positioned itself as a regional cloud hub. Major hyperscale providers including Microsoft (Azure UAE North region in Abu Dhabi and Dubai), Amazon Web Services (AWS Middle East UAE region in Abu Dhabi), and Google Cloud (UAE region) all operate data centre infrastructure in the UAE, providing UAE businesses with the ability to host cloud workloads within the country and satisfy data localisation requirements imposed by the Central Bank of the UAE, the Securities and Commodities Authority (SCA), and the health authorities. The UAE Government Cloud (G-Cloud) programme, administered by the Telecommunications and Digital Government Regulatory Authority (TDRA), provides a framework for federal government entities to procure approved cloud services from vetted providers.
The Central Bank of the UAE has issued specific Cloud Computing Guidelines (2021) for licensed financial institutions, requiring that UAE banks procuring cloud services for critical banking operations use UAE-based data centres, document the cloud arrangement in a formal written agreement, retain audit rights over the provider's UAE infrastructure, and ensure that the Central Bank can access systems and records in the UAE-hosted environment. Similar requirements apply to insurance companies regulated by the Insurance Authority and to capital markets participants licensed by the SCA. Healthcare entities licensed by the Department of Health in Abu Dhabi or the Dubai Health Authority are subject to health data security standards that impose comparable cloud governance requirements.
Value Added Tax at 5% under Federal Decree-Law No. 8 of 2017, administered by the Federal Tax Authority (FTA), applies to cloud services. Cloud providers registered for UAE VAT must charge VAT on service fees and issue compliant tax invoices. For customers, cloud service fees are a deductible business expense under the Corporate Tax Law (Federal Decree-Law No. 47 of 2022) at the 9% rate applicable to UAE-established taxable persons.
For free-zone cloud customers in the DIFC, agreements may be governed by the DIFC Contract Law (DIFC Law No. 2 of 2004) with data protection under the DIFC Data Protection Law (DIFC Law No. 5 of 2020). For ADGM entities, the ADGM Contract Regulations 2015 and ADGM Data Protection Regulations 2021 apply. Both regimes impose data processor obligations broadly equivalent to the federal PDPL requirements.
When Do You Need a Cloud Services Agreement (UAE)?
A Cloud Services Agreement in the UAE is required whenever a business procures infrastructure, platform, or managed cloud services from a third-party cloud provider under the UAE Civil Code (Federal Law No. 5 of 1985) and the Personal Data Protection Law (Federal Decree-Law No. 45 of 2021).
Enterprise cloud migration. UAE enterprises migrating from on-premises data centres to public cloud or hybrid cloud environments require formal written cloud services agreements with their chosen hyperscale or regional cloud provider. The agreement governs the service scope, data residency, security standards, SLAs, pricing, and exit rights critical to a well-managed migration.
Financial services cloud procurement. UAE banks, insurance companies, and capital markets participants procuring cloud services for regulated workloads must comply with the Central Bank of the UAE's Cloud Computing Guidelines, which require formal written agreements specifying UAE data residency, audit rights, and business continuity provisions. A cloud services agreement satisfying the Central Bank Guidelines protects the institution from regulatory penalties.
Government and semi-government entities procuring cloud services for digital government initiatives must comply with the UAE Government Cloud (G-Cloud) framework requirements and the TDRA's cloud governance standards. A formal cloud services agreement is a prerequisite for G-Cloud procurement.
Healthcare providers adopting cloud-based electronic medical records, telemedicine platforms, or health data analytics systems require cloud services agreements that address health data security requirements from the Dubai Health Authority or the Department of Health in Abu Dhabi.
Startups and scale-ups hosted on cloud infrastructure for their SaaS, fintech, or digital platform products require cloud services agreements that ensure data residency, security, and SLA commitments from their infrastructure providers — terms their own end-customers will require them to confirm. A formal cloud services agreement with the infrastructure provider enables the startup to provide its customers with documented security and compliance assurances.
What to Include in Your Cloud Services Agreement (UAE)
A UAE Cloud Services Agreement compliant with the Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) and the UAE Civil Code (Federal Law No. 5 of 1985) must contain the following elements. The forms-legal.com UAE Cloud Services Agreement template addresses each component in a format recognised by the Dubai Courts, the DIFC Courts, and the ADGM Courts, and aligned with the Central Bank of the UAE's Cloud Computing Guidelines.
Party identification must record the full legal name, UAE trade licence number (or free-zone registration), and registered address of both the provider and the customer.
Service description must identify the type of cloud service (IaaS, PaaS, SaaS, or managed cloud) and describe the specific resources, capabilities, or applications being provided, with reference to a technical specification attached as Schedule 1.
Service levels must set the monthly uptime commitment, incident response and resolution targets, maintenance window notification requirements, and the customer's exclusive remedy (typically service credits) for SLA failure. For regulated-sector customers, SLAs must align with the relevant regulator's business continuity requirements.
Data residency must specify the location(s) where customer data is stored and processed. For customers subject to UAE data localisation requirements, the agreement must explicitly require storage within the UAE (typically in named data centre regions). Cross-border transfer restrictions under Chapter 7 of the PDPL must be addressed.
Data protection obligations must confirm the customer as data controller and the provider as data processor under the PDPL, specifying processing instructions, security measures, sub-processor restrictions, breach notification timelines, and data deletion obligations on termination.
Security standards must specify technical security requirements: encryption standards (TLS 1.2+, AES-256), access controls, MFA, vulnerability scanning, penetration testing frequency, and relevant certifications (ISO 27001, SOC 2).
Audit rights must allow the customer (and, where applicable, its regulator — the Central Bank of the UAE, the DFSA) to audit the provider's UAE-hosted environment and security controls, either directly or through an independent auditor.
Fees and VAT must state the monthly fee in AED, the billing basis (fixed resource bundle, usage-based, or hybrid), and confirm that VAT at 5% under Federal Decree-Law No. 8 of 2017 applies.
Exit provisions must address data portability, data deletion timescales, and transition assistance obligations.
Governing law and forum must identify UAE law and the chosen forum.
How to Fill Out Your Cloud Services Agreement (UAE)
Completing a UAE Cloud Services Agreement requires the provider and customer to agree technical and commercial terms before populating the template. Proceed as follows.
Begin with the parties. Enter the provider's full legal name from its UAE trade licence or free-zone registration. For international cloud providers without UAE establishment, enter the full company name and jurisdiction of incorporation. Enter the customer's full legal name and UAE trade licence number.
Enter the agreement date in DD/MM/YYYY format.
In the cloud services section, select the service type — IaaS, PaaS, SaaS, or Managed Cloud. Enter a specific description of the services, referencing the technical schedule. Vague descriptions such as 'cloud hosting services' should be replaced with specific resource descriptions (virtual machine types, storage capacity, managed database specifications).
Enter the uptime SLA. For standard business workloads, 99.5% to 99.9% monthly is appropriate. For regulated financial or healthcare workloads, confirm the uptime required by your regulator and specify accordingly.
Select the data residency requirement. Customers subject to UAE data localisation obligations (Central Bank of the UAE regulations, healthcare data requirements) should select 'within the United Arab Emirates only' and confirm with the provider the specific data centre region (for example, Microsoft Azure UAE North, AWS Middle East UAE).
Enter the monthly fee in AED. Note that VAT at 5% under Federal Decree-Law No. 8 of 2017 applies in addition. For usage-based pricing, attach a rate card as Schedule 3.
Enter the initial contract term. Enterprise cloud agreements commonly run 24 to 36 months. Longer terms typically attract discounts; shorter terms provide more flexibility. Include a 90-day non-renewal notice provision.
Select the governing forum. The DIFC Courts or ADGM Courts are popular choices for cloud services agreements involving international providers and UAE enterprise customers.
Both parties sign through authorised representatives. Electronic signatures are valid under the Electronic Transactions and Trust Services Law (Federal Decree-Law No. 46 of 2021).
Legal Requirements for Cloud Services Agreement (UAE)
A UAE Cloud Services Agreement must comply with the following legal requirements.
Data protection obligations under the Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) are the most significant regulatory requirement. The PDPL requires a written data processing agreement governing the cloud provider's role as data processor. The UAE Data Office may investigate non-compliant processing and impose administrative penalties. Cross-border data transfer restrictions under Chapter 7 must be addressed in the agreement.
Regulatory requirements for licensed financial institutions under the Central Bank of the UAE's Cloud Computing Guidelines require formal written agreements, UAE data residency for critical banking data, audit rights, and business continuity provisions. Non-compliance may result in regulatory action against the financial institution.
Cybersecurity obligations under the UAE Cybercrime Law (Federal Decree-Law No. 34 of 2021) require cloud providers to implement reasonable security measures to prevent unauthorised access to customer data. A data breach caused by inadequate security may expose the provider to investigation by the UAE Data Office and civil liability to the customer.
VAT registration and invoicing under Federal Decree-Law No. 8 of 2017 require cloud providers exceeding the AED 375,000 annual registration threshold to register with the Federal Tax Authority, charge VAT at 5%, and issue compliant tax invoices. For foreign cloud providers supplying to UAE customers, the reverse-charge mechanism may apply.
Corporate Tax Act (Federal Decree-Law No. 47 of 2022) at 9% applies to UAE-established cloud providers' taxable income. Cloud service fees are deductible business expenses for UAE customers.
Electronic execution is valid under the Electronic Transactions and Trust Services Law (Federal Decree-Law No. 46 of 2021). Corporate signatories must hold authority under the Commercial Companies Law (Federal Decree-Law No. 32 of 2021).
Common Mistakes to Avoid in Your Cloud Services Agreement (UAE)
UAE Cloud Services Agreements regularly fail to protect customers — and expose providers to liability — because of the following recurring errors.
1. No data residency specification. Accepting a cloud agreement without specifying where data is stored exposes regulated-sector customers to Central Bank of the UAE or UAE Data Office enforcement. Name the data centre region explicitly.
2. Vague data deletion obligations. An agreement without a specific timeline and procedure for data deletion on termination leaves the customer unable to confirm PDPL compliance. Require deletion within 30 days with written certification.
3. Service credits as inadequate remedy. Accepting service credits as the exclusive remedy without evaluating whether the credit cap covers actual business interruption costs leaves enterprise customers underprotected for sustained outages. Negotiate higher credit caps or carve out liability for wilful misconduct.
4. No audit rights. Accepting a cloud agreement without documented audit rights prevents regulated-sector customers from satisfying their regulators' cloud governance requirements. Include a right for the customer (and its regulator) to audit the UAE-hosted environment.
5. Inadequate exit provisions. A cloud agreement without data portability and transition assistance obligations creates vendor lock-in. Require a data export mechanism and a transition assistance period.
6. Ignoring VAT. Agreeing fees without addressing VAT at 5% under Federal Decree-Law No. 8 of 2017 creates pricing disputes. State the VAT position on each invoice.
7. Short non-renewal notice window. Accepting an auto-renewal clause with a 30-day non-renewal window for a 24-month term creates the risk of being locked into an unwanted renewal. Negotiate a 90-day non-renewal notice period.
Cite this page
Reference this free template in an article, syllabus, or research note:
Forms Legal. (2026). Cloud Services Agreement (UAE) (United Arab Emirates) [Legal document template]. Forms Legal. https://forms-legal.com/uae/business/services/cloud-services-agreement-uae
"Cloud Services Agreement (UAE) (United Arab Emirates)." Forms Legal, 2026, https://forms-legal.com/uae/business/services/cloud-services-agreement-uae.
@misc{formslegal-cloud-services-agreement-uae,
author = {{Forms Legal}},
title = {Cloud Services Agreement (UAE) (United Arab Emirates)},
year = {2026},
howpublished = {\url{https://forms-legal.com/uae/business/services/cloud-services-agreement-uae}},
note = {Free legal document template. Based on Personal Data Protection Law — Federal Decree-Law No. 45 of 2021}
}
Frequently Asked Questions
Data residency for cloud services in the UAE is governed primarily by the Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) and by sector-specific regulatory requirements from the Central Bank of the UAE, the Securities and Commodities Authority (SCA), and the health authorities. The PDPL's Chapter 7 restricts cross-border transfers of personal data to countries that provide an adequate level of data protection as determined by the UAE Data Office, or on the basis of approved safeguards (such as standard contractual clauses approved by the UAE Data Office), or with the data subject's explicit consent. Where a cloud provider hosts data in a jurisdiction outside the UAE not on the adequacy list, the cloud services agreement must document the applicable transfer mechanism.
The Central Bank of the UAE's regulations require licensed financial institutions (banks, insurance companies, payment service providers) to store critical banking data — defined as data required to maintain essential banking operations — within the UAE. This data localisation requirement mandates use of UAE-based cloud data centres. Microsoft Azure UAE North (in Abu Dhabi and Dubai), Amazon Web Services Middle East (UAE) in Abu Dhabi, and Google Cloud UAE region in Doha/Dubai all operate UAE data centre regions that satisfy this requirement. The cloud services agreement should specify the data centre location(s) by name or region code to ensure regulatory compliance is documented.
For cloud services hosted for entities in the DIFC, the DIFC Data Protection Law (DIFC Law No. 5 of 2020) applies, and for ADGM entities, the ADGM Data Protection Regulations 2021. Both apply comparable transfer restriction frameworks.
UAE cloud services agreements for enterprise and regulated-sector customers should specify concrete security standards rather than vague 'commercially reasonable measures' language. Baseline security requirements for UAE cloud services agreements include: encryption of data in transit using TLS 1.2 or higher; encryption of data at rest using AES-256 or equivalent; multi-factor authentication for all administrative access to cloud management consoles; role-based access controls with the principle of least privilege; regular vulnerability scanning (monthly minimum) and annual penetration testing; ISO 27001:2022 certification or equivalent (SOC 2 Type II, CSA STAR) from the cloud provider; and a documented incident response plan with notification timescales.
For financial institutions regulated by the Central Bank of the UAE, the UAE Central Bank's Information Technology Risk Management Guidelines require cloud providers to hold specific accreditations and to subject their UAE-hosted infrastructure to audits accessible to the regulated institution. The Central Bank's Cloud Computing Guidelines (issued 2021) set out due diligence requirements for UAE banks procuring cloud services, including contractual provisions for audit rights, regulatory inspection access, and business continuity testing.
For government cloud procurement, the UAE Government Cloud (G-Cloud) program administered by the Telecommunications and Digital Government Regulatory Authority (TDRA) sets security standards and approved cloud service providers for federal government entities. A UAE cloud services agreement should align its security requirements with the applicable regulatory framework for the customer's sector.
Service credits for uptime failures in UAE cloud services agreements are typically calculated as a percentage of the monthly fee for each period of excess downtime, subject to a maximum cap. A standard credit schedule for a 99.9% monthly uptime SLA might provide: 10% monthly fee credit for uptime below 99.9% but above 99.0%; 25% monthly fee credit for uptime below 99.0% but above 95.0%; and 50% monthly fee credit for uptime below 95.0%. Credits are generally capped at 100% of the monthly fee — meaning the maximum credit in any month equals one free month of service.
Service credits in UAE cloud agreements are almost universally expressed as the customer's exclusive remedy for SLA failure — the customer may not claim additional damages for business interruption or data loss caused by downtime, unless the downtime results from the provider's wilful misconduct or fraud. This limitation on remedies is enforceable under Article 390 of the UAE Civil Code (Federal Law No. 5 of 1985), which permits parties to contractually limit liability. Customers in regulated sectors (banking, healthcare) should assess whether contractual credit caps conflict with their regulators' expectations of business continuity standards.
Credit claims procedures are also important: most UAE cloud agreements require the customer to submit a credit claim within 30 days of the SLA failure, with supporting evidence (monitoring logs, incident reports). Claims not submitted within this window are typically waived. The customer should ensure it has access to the monitoring data needed to support a credit claim — either through the provider's portal or through its own monitoring tools.
Exit provisions in UAE cloud services agreements are among the most commercially important — and most commonly neglected — terms for enterprise cloud customers. A robust exit framework should address four areas: data portability, transition assistance, contract notice periods, and vendor lock-in.
Data portability: the agreement must require the provider to make all customer data available for export in a standard, machine-readable format (such as open formats — CSV, JSON, XML, or industry-standard formats) upon request and on termination, at no additional charge. The PDPL's data subject portability right under Article 12 of the Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) reinforces this requirement for personal data. A 30-day data export period is standard; regulated-sector customers may require a shorter window.
Data deletion: the provider must delete all customer data (including backups and replicated copies in disaster recovery environments) within a defined period after termination and certify deletion in writing. UAE financial institutions should ensure deletion procedures comply with their regulatory data retention requirements — data required to be retained for supervisory purposes may need to be exported and locally archived before deletion.
Transition assistance: the agreement should require the provider to assist the customer in migrating workloads to a successor provider for a transition period after notice of termination, at a pre-agreed daily rate. Vendors are not obligated to provide transition assistance without a contractual obligation.
Notice periods and lock-in: cloud agreements with long minimum terms (24 to 36 months) and short notice periods for non-renewal expose customers to automatic renewal. Require a non-renewal notice window of at least 90 days before the renewal date.
Corporate tax in the UAE at 9% under Federal Decree-Law No. 47 of 2022, administered by the Federal Tax Authority (FTA), may be relevant to cloud services agreements in limited circumstances. UAE-based cloud service providers that are taxable persons under the Corporate Tax Law must include their Taxpayer Registration Number (TRN) on invoices. For the customer, cloud services fees paid to a UAE-registered provider are a deductible business expense under Article 28 of the Corporate Tax Law, reducing the customer's taxable income.
For free-zone cloud providers (in DIFC, ADGM, JAFZA, or other qualifying free zones), the 0% corporate tax rate may apply if the provider earns qualifying income from qualifying activities under the Qualifying Free Zone Person rules. The invoice for cloud services from a free-zone provider should reflect the provider's tax status. Customers receiving invoices from free-zone providers should verify the provider's Qualifying Free Zone Person status if relying on input tax deductions.
For international cloud providers without a UAE permanent establishment, the Corporate Tax Law's withholding tax provisions may apply to certain service payments. However, the UAE has not activated general withholding tax on service payments as of 2026 — only specific categories such as dividends and interest from UAE-source income to non-resident persons are subject to withholding tax (at 0% under Article 45 of the Corporate Tax Law). Specialist UAE tax advice should be sought for cross-border cloud payments involving non-UAE providers.
Uptime expectations for UAE enterprise cloud services depend on the criticality of the workloads hosted and the customer's sector. The following benchmarks reflect market practice in UAE cloud services agreements as of 2026.
For non-critical workloads (development environments, test systems, archival storage), 99.0% monthly uptime is standard, allowing approximately 7 hours of downtime per month. For standard business applications (corporate intranets, document management, collaboration tools), 99.5% monthly uptime is common, allowing approximately 3.5 hours per month. For production workloads (customer-facing applications, e-commerce platforms, core business systems), 99.9% monthly uptime is the market standard, allowing approximately 44 minutes per month. For business-critical or regulated workloads (payment processing, banking core systems, healthcare records), 99.95% or 99.99% availability is typically required, translating to approximately 4 to 22 minutes of downtime per month, with high-availability architecture (multiple availability zones, automatic failover) mandated.
The Central Bank of the UAE's IT Risk Management Guidelines specify that critical banking systems must meet recovery time objectives (RTO) and recovery point objectives (RPO) defined in the institution's Business Continuity Plan — typically RTO under 4 hours and RPO under 1 hour for core banking. The cloud services agreement must reflect these objectives in the SLA schedule for regulated-sector customers. Major cloud providers operating in the UAE (Microsoft Azure UAE North, AWS Middle East UAE, Google Cloud UAE) publish region-specific SLAs aligned with these market expectations.
Terminating a UAE cloud services agreement involves three practical phases: giving notice, transitioning workloads, and ensuring data deletion. The agreement's notice provisions determine the timeline for each phase.
Notice: most enterprise UAE cloud agreements require 60 to 90 days written notice of non-renewal before the end of the initial or renewal term. Early termination without cause typically requires payment of an early termination fee — commonly the remaining monthly fees for the balance of the minimum term, or a defined percentage. Termination for cause (provider's material breach — sustained SLA failure, data breach attributable to the provider) typically requires a 15 to 30-day cure period before the termination right becomes exercisable under Article 267 of the UAE Civil Code (Federal Law No. 5 of 1985).
Transition: after notice of termination, the customer should immediately begin exporting its data and migrating workloads to a successor environment. A well-drafted agreement includes a transition assistance obligation from the provider for a period of up to 90 days post-termination, at a pre-agreed rate, to assist with workload migration. Customers should not assume transition assistance without a contractual provision.
Data deletion: the provider should certify in writing that all customer data has been deleted (including backups and disaster recovery copies) within 30 days of the end of the transition period. The Abu Dhabi Judicial Department and the Dubai Courts have jurisdiction over disputes arising from a provider's failure to delete data as agreed, and the UAE Data Office may investigate a provider that retains personal data beyond the agreed period.
This template is provided for informational purposes only and does not constitute legal advice. Laws vary by jurisdiction and change over time. Consult a qualified attorney for advice specific to your situation.Full disclaimer
Found an error? Let us knowRelated Documents
You may also find these documents useful:
SaaS Subscription Agreement (UAE)
A SaaS subscription agreement for the UAE governing cloud software access, service levels, data protection, and subscription fees, compliant with the Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) and Copyright Federal Decree-Law No. 38 of 2021.
Data Processing Agreement (UAE)
A data processing agreement for the UAE governing how a data processor handles personal data on behalf of a data controller, fully compliant with the Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) administered by the UAE Data Office.
IT Support Agreement (UAE)
An IT support agreement for the UAE governing helpdesk services, hardware and software support, incident response times, and data protection obligations under Federal Decree-Law No. 45 of 2021, compliant with the UAE Civil Code.
Cybersecurity Services Agreement (UAE)
A cybersecurity services agreement for the UAE governing SOC monitoring, penetration testing, incident response, and data protection obligations under the PDPL Federal Decree-Law No. 45 of 2021 and Cybercrime Law Federal Decree-Law No. 34 of 2021.
Master Services Agreement (UAE)
A master services agreement (MSA) for UAE technology, consulting, and professional services engagements under the UAE Civil Code (Federal Law No. 5 of 1985) and the Commercial Transactions Law (Federal Decree-Law No. 50 of 2022), covering Statement of Work framework, payment, IP ownership, confidentiality, PDPL compliance, liability cap, and dispute resolution.