As the appointed ((Q)TSP) Supervisory Body, the Telecommunications and Digital Government Regulatory Authority (TDRA) plays an essential role in the implementation of the national trust services framework in the United Arab Emirates (UAE).
TDRA has the following main responsibilities:
- The setup and management of the regulatory framework. This may include laws, bylaws, resolutions, but also any prescriptive technical / non-technical requirements laid down in them.
- The licensing and monitoring of the (Qualified) Trust Service Providers, and related activities.
- The issuance and management of the UAE Trusted List (TL).
- The communication and marketing efforts to ensure awareness and foster the take-up of stakeholders in the trust services market.
TDRA is in charge of implementation of the following three main processes:
- Licensing the (Q)TSPs, starting from the “Preparation” step until the possible licensing of the (Q)TSP and publication in the TL. Through this process, TDRA first verifies, as a pre-authorization step (i.e. ex-ante), the compliance of the (Q) TSPs and the (Qualified)Trust Services ((Q)TSs) they provide against the requirements in force under the national trust services framework and decides whether the (Q)TSP shall be licensed, and its (Q)TSP/(Q)TS shall be published in the UAE Trust List.
- Monitoring the (Q)TSPs to ensure that all (Q)TSP/(Q)TS continues to be compliant against requirements for their entire life-cycle. In case of the termination of the (Q)TSP and according to the post-authorization (ex-post) supervision, TDRA shall ensure the correct roll-out of the termination plan.
- During this life-cycle, potential notifications from various stakeholders will have to be handled and possibly shared with other national authorities.
The UAE trust model for (Q)TSP/(Q)TS
The provisions of the UAE Laws, the establishment of requirements for Qualified TSPs/Qualified TS and for TSP/TS (here after collectively referred to as (Q)TSP/(Q)TS), which are leveraging on international best practices and standards, their licensing & supervision regime, the trusted lists of (Q)TSP/(Q)TS are as many building blocks of a complete pyramid of trust as a virtual representation of the UAE trust model for (Q)TSP/(Q)TS illustrated in the next Figure.
The most visible part of this pyramid is the “UAE Trust Logo”, which each QTSP (and only QTSP, not TSP) may, on a voluntary basis, use to brand and promote the quality and trustworthiness of the QTS it provides. It is key to note that such a mark is not just another quality logo without any trust foundation. The UAE Laws explicitly set up a consistent set of quality/security requirements and obligations for QTSP/QTS aiming to enhance the trust of consumers, enterprises, and public entities in the digitalized market and to promote the use of QTS and related products, boosting the digitalization of the UAE society.
Through pre-authorisation (ex ante) and post-authorisation (ex post) licensing and supervisory activities, the UAE Laws build a supervisory regime upon those quality/security requirements and obligations for (Q)TSP/(Q)TS. This regime aims to ensure that, from genesis up to termination, the (Q)TSPs and the (Q)TSs they provide do meet the requirements laid down in the Laws.