All insights Technology & digital assets

The CBUAE stablecoin framework

UAE · digital assets

The UAE now has a federal stablecoin rulebook. The Central Bank's Payment Token Services Regulation draws a hard perimeter around who may issue, convert, and hold fiat-referenced tokens — and, more consequentially for operators, around which tokens may actually be spent inside the country. If you touch a dirham- or dollar-pegged token in the UAE, this is now your regime.

The instrument

The Central Bank of the UAE issued the Payment Token Services Regulation (PTSR) as Circular No. 2/2024 in mid-2024, made under its enabling statute, Decretal Federal Law No. 14 of 2018 on the Central Bank & Organisation of Financial Institutions and Activities (as amended). It regulates what the market calls stablecoins — the Regulation calls them Payment Tokens: virtual assets designed to hold a stable value by referencing a single fiat currency. Algorithmic and privacy tokens are expressly excluded. This is a payments regime, not a securities one, which is precisely why it sits with the Central Bank rather than the markets regulator.

Micro: the licence perimeter

The PTSR builds its permissions around three regulated activities — Payment Token Issuance, Payment Token Conversion, and Payment Token Custody and Transfer — and then splits issuance by currency. In practice, four positions matter:

  • Dirham Payment Token issuer — a full CBUAE licence, available only to entities incorporated in the UAE (including commercial free zones, but excluding the financial free zones DIFC and ADGM).
  • Foreign Payment Token issuer — a lighter registration pathway, open to non-UAE issuers (and DIFC/ADGM entities), for tokens referencing a foreign currency.
  • Conversion provider — registration to exchange tokens against fiat or other tokens.
  • Custody and transfer provider — registration to safeguard or move tokens for UAE users.

The substantive obligations bite hardest on issuers. Expect full reserve backing in high-quality liquid assets — with a portion held as cash in UAE-licensed banks — segregated from the issuer's own funds, and redemption at par on short order (reported as within one business day). Layer on regulatory capital, AML/CFT compliance under the UAE's federal regime, technology and cyber-resilience standards, and outsourcing controls. This is a bank-grade compliance load, not a light-touch token registration.

Micro: the cross-border trigger every founder should read twice

The commercially decisive rule is not about issuance — it is about use. Only an approved token may be used as a means of payment for goods and services in the UAE: a licensed Dirham Payment Token, or a registered Foreign Payment Token. Merchants may not accept unapproved stablecoins for everyday commerce. There is one deliberate carve-out: a Foreign Payment Token may be used to buy virtual assets (and VA derivatives). So a global USD stablecoin does not need a dirham licence to function inside a UAE crypto exchange flow — but it cannot be marketed or used to pay for a coffee, a SaaS subscription, or an invoice without registration. Marketing or facilitating use of a token in the UAE is itself the trigger; geography of the issuer does not save you.

The question is no longer "can I issue a stablecoin here" — it is "can my token lawfully be spent here," and for most foreign tokens the answer is: only after registration, and only to buy virtual assets.

Micro: the runway

Existing providers were given a one-year transition window, which is reported to have closed around mid-2025 (extendable at the Central Bank's discretion). The direction of travel is settled: the CBUAE licensed the first regulated dirham stablecoin issuer in late 2024, and the end of the grace period moved the framework from paper to enforcement. Anyone still operating on the assumption of a grace period should treat that assumption as spent.

Macro: the layered map

The PTSR is best understood as one deliberate layer in a multi-regulator architecture, not a land grab. The federal Central Bank owns payment tokens — the money-like, payments use case — because a token used to settle everyday obligations is functionally a monetary instrument. Investment- and trading-grade virtual assets sit elsewhere: VARA in Dubai, the FSRA in ADGM, and the federal SCA across the wider onshore market, with the DIFC and ADGM operating as distinct financial free zones. The line the UAE has drawn is by function: pay with it, and you meet the Central Bank; trade or invest in it, and you meet a markets regulator.

For operators, this means jurisdiction-mapping is now a first-order design decision, not an afterthought. A single product — say, an exchange that lets users hold a stablecoin, spend it, and trade volatile assets — can straddle CBUAE, VARA and SCA perimeters simultaneously. The signal, though, is favourable: rather than banning or ignoring stablecoins, the UAE has given them a bank-supervised home with reserve discipline and par redemption. That is a bid to be the jurisdiction where regulated, redeemable digital money actually circulates — an infrastructure play, not a defensive one. The strategic takeaway for founders is to stop asking which emirate is friendliest and start asking which regulator owns their specific token function, then build the licensing stack to match.

Sources: CBUAE Payment Token Services Regulation (Circular No. 2/2024), CBUAE Rulebook and official text; Decretal Federal Law No. 14 of 2018; and firm analyses (Hadef & Partners, Linklaters, Pinsent Masons, Norton Rose Fulbright). Dates for issuance, entry into force and the close of the transition period vary slightly across sources and should be confirmed against the Official Gazette for any live matter. This briefing is general information, not legal advice; obtain advice on your specific facts before acting.

Have a matter to discuss?

If a regulatory change or a dispute is on your desk, let's talk it through — confidentially and without obligation.

Get in touch