Dubai VARA License
Bespoke Legal Service to Obtain a Dubai VARA License
VARA is the key crypto regulation and license in Dubai. LegalBison helps VASP company set-up in Dubai by providing extensive service for crypto license that adheres to VARA rulebooks and their application to the Dubai VASPs, VA issuers, and related businesses.
Background of the VARA Regulation
The Dubai Virtual Assets Regulatory Authority (VARA) presented its Virtual Assets and Related Activities Regulations, which are now the legal basis for all crypto companies in Dubai. Its main goal is to establish rules, licensing requirements, exemptions, and sanctions for non-compliance for all Dubai VASPs, VA issuers, and other related businesses.
Historical and Legal Basis of the VARA Regulation
In Dubai, the Virtual Assets Regulatory Authority (VARA) stands at the forefront of regulating and overseeing virtual asset activities. VARA is the competent entity responsible for regulating, supervising, and overseeing virtual assets and related activities in all zones across the Emirate of Dubai, including Special Development Zones and Free Zones, but excluding the Dubai International Financial Centre (DIFC). VARA was established as a public corporation with legal personality, granting it financial and administrative autonomy and the legal capacity to undertake legal acts and fulfil its objectives.
VARA’s responsibilities include developing policies, issuing permits, and enforcing regulations within the virtual assets ecosystem. VARA’s role as the regulatory authority encompasses licensing, supervising, and establishing a secure, innovative virtual asset ecosystem in Dubai.
Background of the VARA Regulation
The Law No. (4) of 2022 Regulating Virtual Assets in the Emirate of Dubai established and authorised VARA in 2022 with the purpose of regulating Virtual Assets and VASPs. Consequently, VARA issued its Virtual Assets and Related Activities Regulations in 2023. These regulations set forth a comprehensive framework for virtual asset issuers and VASPs licensed in Dubai. All entities seeking a license must adhere to the licensing process as prescribed by VARA from time to time.
Key documents, such as strategic plans, organisational structures, and regulations, require final approval by the Board of Directors before implementation. The development and implementation of these regulations involve coordination with concerned entities, including federal and local authorities, to ensure comprehensive oversight and compliance.
They reached success and shared it with us:
As a result of the fruitful cooperation with LegalBison, Yellow Card obtained a VASP registration, fast and without any legal complications.
LegalBison excels at adapting to challenges and demonstrates a perfect understanding of our business needs.
Quick set-up and straightforward process. It was a smooth process, we are happy to have chosen LegalBison as our Partner for incorporations, globally.
How to get a VARA crypto license in Dubai
The general licensing procedure for VASPs and related entities is thoroughly described in VARA regulations. While the majority of business models are obliged to secure a license before commencing their operations, some are exempt from this rule.
- VARA Rulebooks
Summary of the Comprehensive Regulatory Framework for VARA Implementation
VARA is affiliated with the Dubai World Trade Centre Authority (DWTCA) and is the competent entity in charge of regulating, supervising, and overseeing Virtual Assets and VA Activities in all zones across the Emirate of Dubai, including Special Development Zones and Free Zones, but excluding the Dubai International Financial Centre (DIFC).
The main goals of VARA are reflected in the following objectives established by Law No. (4) of 2022:
- Promoting Dubai as a regional and international hub for Virtual Assets, boosting its competitive edge and developing the digital economy;
- Increasing awareness about investment in the Virtual Asset services and products sector to encourage innovation;
- Attracting investments and encouraging companies operating in the field of Virtual Assets to base their business in the Emirate;
- Developing regulations required for the protection of investors and dealers in Virtual Assets and curbing illegal practices; and
- Regulating and supervising Virtual Asset platforms and Service Providers (VASPs).
The Dubai VA Law and VARA regulations apply to all Virtual Assets and VA activities in Dubai. While there are exemptions for certain entities (such as professionals like lawyers or accountants carrying out incidental activities), all entities must comply with the general regulations and directives of VARA. This includes strict adherence to AML-CFT policies, risk assessment, data management, and tax reporting obligations (such as FATCA compliance).
How Virtual Asset Service Providers can get a VARA Crypto License in Dubai
The general licensing procedure for VASPs is thoroughly described in the VARA Regulations. Regulated activities are subject to oversight, and entities must adhere to the licensing process prescribed by VARA.
Under the VARA framework, permitted VA Activities include:
- Advisory Services;
- Broker-Dealer Services;
- Custody Services (which includes safekeeping and wallet management);
- Exchange Services;
- Lending and Borrowing Services;
- VA Management and Investment Services; and
- VA Transfer and Settlement Services.
The issuance of virtual assets is also a regulated activity. Issuers must comply with the VA Issuance Rulebook, which categorises assets (e.g., Fiat-Referenced, Asset-Referenced) and sets requirements for Whitepapers and Risk Disclosure Statements.
VARA Rulebooks
VARA has established a comprehensive set of Rulebooks that licensees must follow. These are divided into two categories. The first one is compulsory rulebooks, which apply to all Licensed VASPs, regardless of their specific activity. They include:
- Company Rulebook (Corporate governance, capital requirements);
- Compliance and Risk Management Rulebook (AML/CFT, client money rules);
- Technology and Information Rulebook (Cybersecurity, data protection);
- Market Conduct Rulebook (Marketing, client agreements, complaints handling).
There are also activity-specific rulebooks, which correspond to the specific services local VASPs are licensed to offer (e.g., Exchange Services Rulebook, Custody Services Rulebook, Advisory Services Rulebook).
AML Compliance under VARA
VARA’s regulatory framework is compiled with the recognition of Federal Decree-Law No. (20) of 2018 on Anti Money Laundering, Combating the Financing of Terrorism and Financing of Illegal Organisations, and Federal Law No. (7) of 2014 on Combating Terrorism Offences. The framework is specifically designed to curb illegal practices within the virtual asset sector.
Consequently, VARA is designated as the Supervisory Authority responsible for regulating and supervising compliance with relevant AML-CFT laws for every licensed entity engaged in VA activities. Monitoring transactions is a key requirement. VASPs must employ effective controls, including distributed ledger analytics tools, to screen transactions and detect financial crimes.
Under the VARA license, VASPs must comply with all Federal AML-CFT Laws as well as all regulations, Rulebooks, and FATF recommendations that may be incorporated by VARA into the legal framework.
Supervision and examination under VARA
All licensed entities in the Emirate must comply with four basic Rulebooks, in addition to the specific Rulebook laying out the licensing and compliance criteria for their business model. These Rulebooks include:
- Company Rulebook;
- Compliance and Risk Management Rulebook;
- Technology and Information Rulebook;
- Market Conduct Rulebook.
In order to fulfil its obligations under the Dubai VA law, VARA must conduct regular investigations and/or examinations of the licensed bodies to ensure compliance with all four Rulebooks. At any time when VARA conducts an examination, the licensee must be able to provide it with all requested books and records in order to enhance and facilitate the examination. VARA is also empowered to take swift action against regulatory breaches or non-compliance, ensuring prompt and decisive enforcement within Dubai's virtual asset sector.
VASPs and other licensed entities must ensure that VARA is able to determine the following:
- Financial condition of the VASP or Issuer;
- Safety and soundness of the conduct of its business, VA Activities, or Virtual Asset;
- All management and/or operational policies of the VASP or Issuer;
- Whether the VASP or Issuer has complied with the requirements of all applicable laws, Regulations, Rules and Directives;
- Other matters as determined by VARA which may affect a VASP’s conduct of VA;
- Activities and/or compliance with its licensing conditions.
Sanctions and fees under VARA
At its sole discretion, VARA may impose sanctions on licensed entities in the event of the following breaches or misconduct:
- Violation of any law (including the Dubai VA Law and Federal AML-CFT Laws);
- Any violation of these Regulations, or any Rules or Directives;
- On any ground on which VARA might refuse to issue a Licence under these Regulations;
- For Good Cause, when an Entity has defaulted or is likely to default in performing its obligations or engages in unlawful conduct or practices that may cause harm to the public;
- Other grounds determined by VARA in exercising its powers, performing its functions, or fulfilling its objectives under the Dubai VA Law.
Is VARA ideal for you?
If you license your crypto company under VARA, many advantages come along.
But is Dubai the perfect destination for your crypto project? Let’s have a conversation with our legal experts.
LegalBison will assist in choosing the best course of action for your business.
What is possible with the VARA license
Dubai VARA Regulation: What is Possible with the License
VARA has implemented specific Rulebooks for activities such as Advisory Services, Broker-Dealer Services, Custody Services, Exchange Services, Lending and Borrowing Services, VA Management and Investment Services, VA Transfer and Settlement Services, and VA Issuance Services. These Rulebooks are part of the comprehensive Virtual Assets and Related Activities Regulations 2023, which set the standards required for Virtual Assets and related activities in all zones across the Emirate of Dubai, including Special Development Zones and Free Zones, but excluding the Dubai International Financial Centre (DIFC).
For each activity associated with virtual assets, a corresponding Rulebook provides a list of obligatory requirements to ensure compliance, curb illegal practices, and oversee virtual asset platforms and transactions.
Licensing Process and Requirements
It is noteworthy that not all types of services require a VARA license; for example, specific professionals (like lawyers or accountants) may be exempt if the activity is incidental to their practice. However, for businesses conducting VA activities, the licensing process generally requires obtaining initial approval from VARA prior to initiating the licensing procedures with the competent commercial licensing authority (such as Dubai Economy and Tourism or a Dubai Free Zone Authority).
Mandatory licensing requires Virtual Asset Service Providers (VASPs) to maintain a legal entity in the Emirate and appoint two Responsible Individuals who must be UAE residents or passport holders.
Capital Requirements
Minimum Paid-Up Capital varies by activity. The capital sum for advisory services is AED 100,000. For exchange services, the higher of AED 1,500,000 (or AED 800,000 if using a licensed custodian) or a percentage of fixed annual overheads applies.
For more information and a prior consultation on the requirements for your particular business model according to VARA, we recommend contacting our legal team.
Issuing Virtual Assets under VARA
There are two main categories of regulated VA issuance under VARA, alongside Exempt VAs:
- Category 1 VA Issuances include Fiat-Referenced Virtual Assets (FRVAs) and Asset-Referenced Virtual Assets (ARVAs). FRVAs maintain a stable value in relation to one or more fiat currencies but do not have legal tender status in the UAE. The mandatory requirement for this category is securing a VARA license before issuance;
- On the other hand, Category 2 VA Issuances cover Non-Transferable Virtual Assets and Redeemable Closed-Loop Virtual Assets. Unlike Category 1, these entities do not need prior approval from VARA, provided that all placement and distribution is carried out by a Licensed Distributor who assumes responsibility for assuring compliance. Such a distributor can be a VASP licensed for broker-dealer services.
Whitepaper for VA Issuers
Prior to offering or selling a VA (except for Exempt VAs), it is important that issuers provide required information in the form of a Whitepaper. The components of the Whitepaper include, but are not limited to:
- Overview of the Issuer of the main Entities involved, including whether any individual has been convicted of financial crimes, fraud, or dishonesty;
- Detailed description of the Virtual Asset to be issued, the rights and obligations attached to the VA, and the VA issuance structure;
- Information on all underlying technology, including DLT compatibility, standards used, and custody/transfer details;
- Breakdowns of any fees or charges associated with the VA;
- The estimated VA price (if applicable);
- A statement on the environmental and climate-related impact of the VA.
Issuers must ensure at all times that the Whitepaper is accurate and complete. It is possible to make changes, but holders of VAs must be notified of any updates prior to changes taking effect, unless the update is implemented in response to a security threat or to maintain the integrity of the VA.
Compliance Obligations of VA Issuers under VARA Regulatory Framework
According to the VA Issuance Rulebook, compliance obligations vary by category. Category 1 Issuers (e.g., Fiat-Referenced or Asset-Referenced VA issuers) must obtain a license and comply with the full suite of VARA Rulebooks. Category 2 Issuers (e.g., NFTs) do not require a license but must utilise a Licensed Distributor who ensures the issuer meets specific compliance standards.
Risk Assessment and Controls
Category 1 Issuers must implement a Technology Governance and Risk Assessment Framework, addressing cybersecurity risks, capacity planning, and system availability. They are also required to implement systems to monitor and control transactions (using distributed ledger analytics tools) to prevent financial crimes and ensure compliance with VARA regulations.
Testing and Audit
Issuers (specifically Category 1) must assign a qualified independent third-party auditor to conduct vulnerability assessments and penetration testing. This includes comprehensive audits of the effectiveness, enforceability, and robustness of all smart contracts used for the Virtual Asset. For Category 2 issuances, the Licensed Distributor must validate that smart contracts have undergone such audits and that findings have been remediated.
AML-CFT
Issuers must comply with all Federal AML-CFT Laws and applicable regulations in any jurisdiction where they operate. Category 1 Issuers must strictly adhere to VARA’s Compliance and Risk Management Rulebook, which aligns with UAE federal AML law and FATF standards, including requirements for ongoing compliance audits and effective AML-CFT controls.
Marketing
All Issuers must comply at all times with the Regulations on the Marketing of Virtual Assets and Related Activities 2024 (Marketing Regulations). Any marketing targeting the UAE must be fair, clear, not misleading, and must not imply safety or capital protection where none exists.
Personal Data Protection
Issuers must comply with applicable data protection and privacy requirements within the UAE, including Federal Decree-Law No. (45) of 2021 on the Protection of Personal Data (PDPL) and any applicable sectoral or free zone laws.
Tax Reporting
Issuers must comply with tax reporting obligations, including those established under the Foreign Account Tax Compliance Act (FATCA), where applicable.
Books and Records
Issuers must keep and preserve adequate books and records relating to all Virtual Assets they issue. Category 1 Issuers must specifically retain records such as transaction audit trails and client due diligence for a minimum of eight years. All Issuers must ensure their Whitepaper is accurate and updated to reflect material changes.
Exemptions for Virtual Asset Service Providers under VARA
No legal entity may carry out any VA-related activity in the Emirate unless it is authorised and licensed by VARA. However, VARA regulations recognise specific exclusions for certain professionals and government bodies.
VARA provides a Professional Exemption for duly registered practising lawyers, accountants, and other professionally licensed business consultants who carry out any VA Activity in a manner that is wholly incidental to their professional practice.
To qualify for this exemption, these professionals do not need a VARA license, provided that they:
- Remain at all times appropriately authorised by a competent professional body to operate in the Emirate;
- Maintain professional indemnity insurance applicable to their profession.
VARA retains sole discretion to decide whether an entity has appropriately relied on this Professional Exemption.
Separately, VARA defines Exempt Entities as UAE Federal or Dubai Government entities, or public, non-profit, and charitable entities. These entities are not subject to standard licensing requirements but must:
- Notify VARA and obtain confirmation of their Exempt Entity status;
- Obtain a no-objection confirmation from VARA prior to carrying out any VA Activities in the Emirate.
Determining whether your company qualifies for the Professional Exemption or is considered an Exempt Entity requires careful analysis. We highly recommend contacting a professional.
LegalBison is an experienced team of lawyers well-versed in the complexities of VARA regulations, assisting crypto projects with full compliance and licensing.
- VA Activities
Dubai VARA Regulation: What is Possible with the License
VARA has implemented specific Rulebooks for activities such as Advisory Services, Broker-Dealer Services, Custody Services, Exchange Services, Lending and Borrowing Services, VA Management and Investment Services, VA Transfer and Settlement Services, and VA Issuance Services. These Rulebooks are part of the comprehensive Virtual Assets and Related Activities Regulations 2023, which set the standards required for Virtual Assets and related activities in all zones across the Emirate of Dubai, including Special Development Zones and Free Zones, but excluding the Dubai International Financial Centre (DIFC).
For each activity associated with virtual assets, a corresponding Rulebook provides a list of obligatory requirements to ensure compliance, curb illegal practices, and oversee virtual asset platforms and transactions.
Licensing Process and Requirements
It is noteworthy that not all types of services require a VARA license; for example, specific professionals (like lawyers or accountants) may be exempt if the activity is incidental to their practice. However, for businesses conducting VA activities, the licensing process generally requires obtaining initial approval from VARA prior to initiating the licensing procedures with the competent commercial licensing authority (such as Dubai Economy and Tourism or a Dubai Free Zone Authority).
Mandatory licensing requires Virtual Asset Service Providers (VASPs) to maintain a legal entity in the Emirate and appoint two Responsible Individuals who must be UAE residents or passport holders.
Capital Requirements
Minimum Paid-Up Capital varies by activity. The capital sum for advisory services is AED 100,000. For exchange services, the higher of AED 1,500,000 (or AED 800,000 if using a licensed custodian) or a percentage of fixed annual overheads applies.
For more information and a prior consultation on the requirements for your particular business model according to VARA, we recommend contacting our legal team.
Issuing Virtual Assets under VARA
There are two main categories of regulated VA issuance under VARA, alongside Exempt VAs:
- Category 1 VA Issuances include Fiat-Referenced Virtual Assets (FRVAs) and Asset-Referenced Virtual Assets (ARVAs). FRVAs maintain a stable value in relation to one or more fiat currencies but do not have legal tender status in the UAE. The mandatory requirement for this category is securing a VARA license before issuance;
- On the other hand, Category 2 VA Issuances cover Non-Transferable Virtual Assets and Redeemable Closed-Loop Virtual Assets. Unlike Category 1, these entities do not need prior approval from VARA, provided that all placement and distribution is carried out by a Licensed Distributor who assumes responsibility for assuring compliance. Such a distributor can be a VASP licensed for broker-dealer services.
Whitepaper for VA Issuers
Prior to offering or selling a VA (except for Exempt VAs), it is important that issuers provide required information in the form of a Whitepaper. The components of the Whitepaper include, but are not limited to:
- Overview of the Issuer of the main Entities involved, including whether any individual has been convicted of financial crimes, fraud, or dishonesty;
- Detailed description of the Virtual Asset to be issued, the rights and obligations attached to the VA, and the VA issuance structure;
- Information on all underlying technology, including DLT compatibility, standards used, and custody/transfer details;
- Breakdowns of any fees or charges associated with the VA;
- The estimated VA price (if applicable);
- A statement on the environmental and climate-related impact of the VA.
Issuers must ensure at all times that the Whitepaper is accurate and complete. It is possible to make changes, but holders of VAs must be notified of any updates prior to changes taking effect, unless the update is implemented in response to a security threat or to maintain the integrity of the VA.
Compliance Obligations of VA Issuers under VARA Regulatory Framework
According to the VA Issuance Rulebook, compliance obligations vary by category. Category 1 Issuers (e.g., Fiat-Referenced or Asset-Referenced VA issuers) must obtain a license and comply with the full suite of VARA Rulebooks. Category 2 Issuers (e.g., NFTs) do not require a license but must utilise a Licensed Distributor who ensures the issuer meets specific compliance standards.
Risk Assessment and Controls
Category 1 Issuers must implement a Technology Governance and Risk Assessment Framework, addressing cybersecurity risks, capacity planning, and system availability. They are also required to implement systems to monitor and control transactions (using distributed ledger analytics tools) to prevent financial crimes and ensure compliance with VARA regulations.
Testing and Audit
Issuers (specifically Category 1) must assign a qualified independent third-party auditor to conduct vulnerability assessments and penetration testing. This includes comprehensive audits of the effectiveness, enforceability, and robustness of all smart contracts used for the Virtual Asset. For Category 2 issuances, the Licensed Distributor must validate that smart contracts have undergone such audits and that findings have been remediated.
AML-CFT
Issuers must comply with all Federal AML-CFT Laws and applicable regulations in any jurisdiction where they operate. Category 1 Issuers must strictly adhere to VARA’s Compliance and Risk Management Rulebook, which aligns with UAE federal AML law and FATF standards, including requirements for ongoing compliance audits and effective AML-CFT controls.
Marketing
All Issuers must comply at all times with the Regulations on the Marketing of Virtual Assets and Related Activities 2024 (Marketing Regulations). Any marketing targeting the UAE must be fair, clear, not misleading, and must not imply safety or capital protection where none exists.
Personal Data Protection
Issuers must comply with applicable data protection and privacy requirements within the UAE, including Federal Decree-Law No. (45) of 2021 on the Protection of Personal Data (PDPL) and any applicable sectoral or free zone laws.
Tax Reporting
Issuers must comply with tax reporting obligations, including those established under the Foreign Account Tax Compliance Act (FATCA), where applicable.
Books and Records
Issuers must keep and preserve adequate books and records relating to all Virtual Assets they issue. Category 1 Issuers must specifically retain records such as transaction audit trails and client due diligence for a minimum of eight years. All Issuers must ensure their Whitepaper is accurate and updated to reflect material changes.
Exemptions for Virtual Asset Service Providers under VARA
No legal entity may carry out any VA-related activity in the Emirate unless it is authorised and licensed by VARA. However, VARA regulations recognise specific exclusions for certain professionals and government bodies.
VARA provides a Professional Exemption for duly registered practising lawyers, accountants, and other professionally licensed business consultants who carry out any VA Activity in a manner that is wholly incidental to their professional practice.
To qualify for this exemption, these professionals do not need a VARA license, provided that they:
- Remain at all times appropriately authorised by a competent professional body to operate in the Emirate;
- Maintain professional indemnity insurance applicable to their profession.
VARA retains sole discretion to decide whether an entity has appropriately relied on this Professional Exemption.
Separately, VARA defines Exempt Entities as UAE Federal or Dubai Government entities, or public, non-profit, and charitable entities. These entities are not subject to standard licensing requirements but must:
- Notify VARA and obtain confirmation of their Exempt Entity status;
- Obtain a no-objection confirmation from VARA prior to carrying out any VA Activities in the Emirate.
Determining whether your company qualifies for the Professional Exemption or is considered an Exempt Entity requires careful analysis. We highly recommend contacting a professional.
LegalBison is an experienced team of lawyers well-versed in the complexities of VARA regulations, assisting crypto projects with full compliance and licensing.
FAQ about the VARA license and regulation
Firstly, you must define your project’s regulatory category. You must determine whether your project is subject to full licensing as a Virtual Asset Service Provider (VASP), requires mandatory registration (such as large proprietary traders or DLT technology providers), or is considered an Exempt Entity (such as government or non-profit entities), which requires a “no-objection confirmation” from VARA. To do this properly, contact LegalBison for a profound legal analysis of your project. You can find detailed information on the VARA licensing process and requirements on our dedicated page.
There are three stages of a fee required for licensing under VARA: the license application fee, the license extension fee, and the annual supervision fee (for each regulated activity).
While there are established fees for every type of VA activity, some companies tend to combine several business models under the same umbrella, which, consequently, affects the VARA license cost.
In order to calculate the fee for your particular project properly, contact LegalBison for a free primary consultation.
The Dubai Virtual Assets Regulatory Authority (VARA), established in 2022, is the competent entity in charge of regulating, supervising, and overseeing virtual assets and related activities in all zones across the Emirate of Dubai, including Special Development Zones and Free Zones, but excluding the Dubai International Financial Centre (DIFC). Additionally, activities related to UAE Central Bank Digital Currencies (CBDCs) remain under the regulatory purview of the UAE Central Bank.
Get in touch with our VARA lawyers
Before issuing virtual assets and offering other services with VAs in Dubai, authorization from VARA is required. Benefit from a free consultation with a dedicated LegalBison expert. Receive assistance with licensing under VARA.
Leave a request now for more information and a personalized consultation.
Legal experts in designing solutions for crypto licensing worldwide.
Corporate finance specialist and expert about FinTech regulations worldwide.
