In late 2025, the UAE formally approved a National Encryption Policy, strengthening the country’s cybersecurity framework with the aim of preparing digital infrastructure for the next generation of cryptographic threats – namely, technologies such as quantum computing.
According the Emirates News Agency – WAM, the executive regulation calls on government to develop ‘clear, well-defined, and officially approved transition plans from traditional encryption methods to post-quantum cryptography.’
The policy was announced by the UAE Cybersecurity Council, and introduces several cryptographic requirements for government entities, such as:
- Mandatory Transition Plans. Official roadmaps must be submitted that show a plan for migration from traditional encryption (RSA, ECC) to post-quantum standards.
- Automated Inventory. Entities are required to use automated tools for crypto discovery in the UAE in order to maintain a real-time record of assets.
- Crypto Agility. New systems must be built with crypto agility by design, meaning that it’s possible to rotate keys, switch algorithms without disrupting or causing downtime.
- Prioritization. The UAE also focuses on prioritizing data that must remain confidential for 10-20 years such as health records, national security information, and long-term financial history.
In addition, the UAE government sets out a key framework for testing and accrediting digital systems – including ensuring data pipelines and AI models are secure, validating that applications do not exhibit cryptographic weaknesses, and ensuring hardware reliability in the digital infrastructure.
The framework set out by the UAE is another insight into how the world is preparing for the next generation of threats – not just by issuing rules but by providing the infrastructure to meet them. Backed up by the National Information Assurance Program that sets the baseline security requirements, the UAE is embarking on two other programs designed to bolster the effort:
- National Cybersecurity Index Platform – provides a dashboard to track the readiness of government sectors
- National Post-Quantum Migration Program – identifies vulnerable systems and aims to help entities through the challenges of deploying PQC.
It’s precisely those challenges that we at PQShield are constantly working on. As 2026 moves into the year of implementation of PQC, we’re focused on building solutions that integrate flexibly into both hardware and software applications – and we’re partnering with governments, industry leaders and private sector organizations to do exactly that with our UltraPQ suite of products.
There’s little doubt that this policy is a significant pivot for the UAE. As a global pioneer, its influence is not to be understated. With specific, centralized oversight from the Cybersecurity Council, as well as a clearly mandated compliance approach, it’s likely to be a huge turning point for the region, urging consistency and readiness ahead of the quantum threat.
Read more:
Advanced Technology Research Council