United Arab Emirates (UAE) Information Assurance Regulation (IAR)

Overview

Amazon Web Services (AWS) has completed the United Arab Emirates (UAE) Information Assurance Regulation (IAR) independent compliance assessment report. The completion of the assessment verifies that AWS’s control environment is appropriately designed and implemented to align with IAR requirements. AWS’s alignment with IAR requirements demonstrates our continuous commitment to meeting the heightened expectations for cloud service providers set by the Telecommunications and Digital Government Regulatory Authority (TDRA). 

• What is IAR?

  The Information Assurance Regulation (IAR), which was developed by the Telecommunications and Digital Government Regulatory Authority (TDRA) of the United Arab Emirates (UAE), provides management and technical information security controls for entities to establish, implement, maintain, and continuously improve information assurance. It provides requirements designed to raise the minimum level of protection of information assets and supporting systems across the implementing entities in the UAE.

  TDRA requires entities designated as critical to implement the IAR and apply its requirements to the use, processing, storage, and transmission of information or data, and the systems and processes used for those purposes. 

• What services are covered by the IAR assessment report?

  The AWS services that are in scope of the IAR attestation can be found within AWS Services in Scope by Compliance Program. 

• What does this mean to me as a customer?

  The compliance assessment, conducted by an independent third-party audit firm, provides UAE customers with the assurance that AWS’s control environment is appropriately designed and implemented to address key operational risks. Additionally, the report provides customers with important guidance on complementary user entity controls (CUECs), which AWS recommends customers consider implementing as part of AWS’s Shared Responsibility Model to help customers comply with IAR requirements. 

• Can I get copy of the assessment report?

  Yes. The audit report can be downloaded via AWS Artifact. 

• Is AWS IAR regulated?

  AWS is not an IAR-regulated entity; however, AWS government customers and other customers identified as critical by TDRA may be obligated to implement IAR controls. TDRA highly recommends all entities in the UAE adopt these regulations on a voluntary basis. More information about the role of TDRA and its regulations are available on the TDRA website.