DIFC Commissioner of Data Protection & DFSA

The DIFC regime has two regulators: the DFSA (cyber-risk GEN 5.5, systems & controls GEN 5.3, operational risk PIB 6 — for DFSA-authorised financial firms) and the DIFC Commissioner of Data Protection (the Data Protection Law No. 5 of 2020 + the AI-specific Regulation 10 — binding on every DIFC entity). A non-financial DIFC AI company is bound by the Commissioner's regime but not the DFSA's. Every mapping cites a primary source; the DFSA rules are verified against the DFSA Rulebook and the DIFC rules against the official DIFC PDFs.