regulation10.ae
Knowledge base

Regulation 10, explained plainly.

Every DIFC Regulation 10 obligation, in clear English: what the rule is, why it matters, and how to comply. Each guide cites the exact Reg 10 / DPL reference. This is audit-ready guidance — not certification, and not legal advice.

  • Learn which AI and automated systems fall under DIFC Regulation 10, and why a wider scope means more obligations and more evidence to hold.

    DIFC Reg 10 §10.2.1; Schedule 3 (High-Risk Processing triggers)

  • High-Risk Processing classification

    What counts as High-Risk Processing

    Learn which AI systems are High-Risk Processing, why they need a documented classification, and the stronger controls that follow.

    DIFC Reg 10 §10.2.2; Schedule 3 items 1–4 (automated decision-making, profiling)

  • Learn who the Autonomous Systems Officer is, why one named person must own AI risk, and how to make the appointment audit-ready.

    DIFC Reg 10 §10.3.1 (ASO appointment); §10.3.2 (ASO duties)

  • Learn what a DPIA is, when it is mandatory, and why keeping it current is the core record of how you manage risk to individuals.

    DIFC DPL Schedule 3 (mandatory DPIA triggers); DIFC Reg 10 §10.3.3

  • Transparency notices (EN + AR)

    Telling people when AI decides about them

    Learn what a transparency notice must say, why it must reach people in English and Arabic, and how it protects the right to a human review.

    DIFC Reg 10 §10.4 (transparency); DIFC DPL Art 14 (right to explanation)

  • Learn what an AI System Register is, why a single live inventory of your AI matters, and how to keep it accurate over time.

    DIFC Reg 10 §10.3.4 (AI System Register); §10.5.2 (Substantial Change)

  • Substantial Change notification

    Notifying a Substantial Change

    Learn what a Substantial Change is, why it must reach the DIFC Commissioner within 14 days, and how to run a reliable notification process.

    DIFC Reg 10 §10.5.2 (Substantial Change notification); §10.5.3 (content)

  • Article 5 prohibited-use screen

    Screening for prohibited AI uses

    Learn which AI uses are prohibited, why you must screen for them and record the result, and how the EU cross-walk fits DIFC duties.

    EU AI Act Art 5 (via DIFC Reg 10 cross-walk to §10.6 prohibited uses)

  • Audit trail / record-keeping

    Keeping a tamper-evident audit trail

    Learn what an AI audit trail must capture, why a WORM record matters, and how it lets decisions be inspected long after they are made.

    DIFC Reg 10 §10.3.3 (record-keeping); DIFC DPL Art 47 (inspection)

  • Data residency / transfers

    Where your AI data is allowed to sit

    Learn where AI data should be held, when you need SCCs and a transfer impact assessment, and why in-country compute is not DIFC adequacy.

    DIFC DPL Art 24 (international transfers); DIFC Adequacy List