Regulation 10, explained plainly.
Every DIFC Regulation 10 obligation, in clear English: what the rule is, why it matters, and how to comply. Each guide cites the exact Reg 10 / DPL reference. This is audit-ready guidance — not certification, and not legal advice.
- Scope of application
Does Regulation 10 apply to your AI system?
Learn which AI and automated systems fall under DIFC Regulation 10, and why a wider scope means more obligations and more evidence to hold.
DIFC Reg 10 §10.2.1; Schedule 3 (High-Risk Processing triggers)
- High-Risk Processing classification
What counts as High-Risk Processing
Learn which AI systems are High-Risk Processing, why they need a documented classification, and the stronger controls that follow.
DIFC Reg 10 §10.2.2; Schedule 3 items 1–4 (automated decision-making, profiling)
- ASO appointment
Appointing your Autonomous Systems Officer
Learn who the Autonomous Systems Officer is, why one named person must own AI risk, and how to make the appointment audit-ready.
DIFC Reg 10 §10.3.1 (ASO appointment); §10.3.2 (ASO duties)
- DPIA coverage
Data Protection Impact Assessments explained
Learn what a DPIA is, when it is mandatory, and why keeping it current is the core record of how you manage risk to individuals.
DIFC DPL Schedule 3 (mandatory DPIA triggers); DIFC Reg 10 §10.3.3
- Transparency notices (EN + AR)
Telling people when AI decides about them
Learn what a transparency notice must say, why it must reach people in English and Arabic, and how it protects the right to a human review.
DIFC Reg 10 §10.4 (transparency); DIFC DPL Art 14 (right to explanation)
- AI System Register
Keeping an AI System Register
Learn what an AI System Register is, why a single live inventory of your AI matters, and how to keep it accurate over time.
DIFC Reg 10 §10.3.4 (AI System Register); §10.5.2 (Substantial Change)
- Substantial Change notification
Notifying a Substantial Change
Learn what a Substantial Change is, why it must reach the DIFC Commissioner within 14 days, and how to run a reliable notification process.
DIFC Reg 10 §10.5.2 (Substantial Change notification); §10.5.3 (content)
- Article 5 prohibited-use screen
Screening for prohibited AI uses
Learn which AI uses are prohibited, why you must screen for them and record the result, and how the EU cross-walk fits DIFC duties.
EU AI Act Art 5 (via DIFC Reg 10 cross-walk to §10.6 prohibited uses)
- Audit trail / record-keeping
Keeping a tamper-evident audit trail
Learn what an AI audit trail must capture, why a WORM record matters, and how it lets decisions be inspected long after they are made.
DIFC Reg 10 §10.3.3 (record-keeping); DIFC DPL Art 47 (inspection)
- Data residency / transfers
Where your AI data is allowed to sit
Learn where AI data should be held, when you need SCCs and a transfer impact assessment, and why in-country compute is not DIFC adequacy.
DIFC DPL Art 24 (international transfers); DIFC Adequacy List