Digital Dirham & Digital Riyal: Future of Gulf Money
The digital dirham (UAE) and digital riyal (Saudi Arabia) are central bank digital currencies (CBDCs) designed to speed up and de-risk payments, especially for cross-border trade and remittances. For US, UK and EU firms, they offer cheaper, faster Gulf payment routes but also denser regulatory scrutiny, so contracts, compliance frameworks and treasury systems need to be upgraded before onboarding these CBDC rails.
Introduction
The digital dirham and digital riyal are central bank digital currencies (CBDCs) issued by the Central Bank of the UAE (CBUAE) and the Saudi Central Bank (SAMA). They are central bank money in fully digital form, aimed at modernising payments especially cross-border while sitting alongside, not replacing, traditional bank deposits and cash in the near term.
Across the Gulf and globally, CBDC work has moved from theory to pilots: by 2024–2025, surveys suggest that more than 90% of central banks are exploring some form of CBDC. The UAE is already using the digital dirham in projects like mBridge and in early government transactions, while Saudi Arabia is testing a wholesale digital riyal and joined mBridge in 2024.
For US, UK, German and wider EU institutions, these Gulf CBDCs will increasingly shape how money moves between Abu Dhabi, Dubai, Riyadh and financial centres such as New York, London and Frankfurt. That makes the legal framework for the digital dirham and digital riyal and “CBDC regulation Middle East” more broadly a board-level topic rather than a lab experiment.
What Are the Digital Dirham and Digital Riyal?
Definitions.
The digital dirham and digital riyal are central bank liabilities in digital form, unlike bank deposits (commercial-bank liabilities) and unlike crypto or stablecoins (private or algorithmic tokens). In other words, holding UAE or Saudi CBDC is economically closer to holding reserves or physical cash issued by CBUAE or SAMA than to having a balance in a commercial bank in Dubai or Riyadh.
Traditional bank money in the Gulf whether in Abu Dhabi, Dubai or Riyadh sits on commercial-bank balance sheets, is subject to bank default risk and moves over rails such as SWIFT and local RTGS systems. CBDCs, by contrast, are settled directly in central-bank money on new digital infrastructures (such as mBridge for cross-border UAE–Saudi–China corridors).
For US, UK and EU firms, this means CBDC balances may need different accounting, treasury and risk treatment from existing bank deposits, even when they are accessed via a familiar commercial bank or fintech front end.
How Digital Dirham & Digital Riyal Work in Practice
In the Gulf, designs are currently wholesale-first.
Wholesale CBDC
SAMA and CBUAE issue digital money to local banks and possibly licensed payment institutions, which then use it for interbank and cross-border settlement (for example, on Project mBridge or its successors).
Retail CBDC
The UAE is more explicit about a phased approach that could extend access to residents and businesses over time, while Saudi Arabia remains focused on wholesale digital riyal pilots.
A basic flow for a US or EU bank using Gulf CBDCs might look like this:
A New York or Frankfurt bank pre-funds a UAE correspondent that holds digital dirham on behalf of clients.
The UAE bank converts commercial-bank dirham balances into digital dirham on a CBUAE platform.
Payment instructions are sent over a CBDC platform (for example, mBridge) to a Saudi or Chinese counterparty, settling instantly in central-bank money.
Local beneficiaries in Riyadh or Dubai receive funds through commercial-bank accounts or CBDC-enabled wallets.
Commercial banks and payment firms remain crucial intermediaries, but settlement finality happens in digital central-bank money, not just via traditional nostro/vostro accounts.
CBDCs vs Stablecoins and Crypto in the Gulf
From a legal and regulatory perspective, Gulf CBDCs are radically different from cryptoassets.
Legal status and backing
The digital dirham and digital riyal are fully backed by and directly issued by their central banks. Stablecoins are usually claims on private issuers or algorithmic structures, and unbacked crypto such as Bitcoin has no issuer.
Volatility and systemic risk
CBDCs are designed to be as stable as the underlying fiat dirham or riyal (often pegged to the US dollar), while many cryptoassets are highly volatile and pose different prudential and conduct risks.
Regulatory treatment
Crypto and stablecoins in Dubai, Abu Dhabi and Riyadh are typically regulated as virtual assets or securities/commodities, with stricter conduct and investor-protection regimes. CBDCs form part of core payment infrastructure and are supervised as monetary instruments.
For compliance teams in London, New York or Berlin, that means Gulf CBDC flows will typically be treated like high-visibility fiat payments (with strong AML/KYC expectations) rather than like speculative crypto trading.
Why UAE and Saudi Arabia Are Launching CBDCs
Policy Goals: Faster Settlement, Remittances and Gulf Integration
UAE and Saudi CBDCs are primarily about frictionless cross-border settlement and regional integration, not about replacing cash at the supermarket. Project mBridge, in which both CBUAE and SAMA participate, is positioned as a multi-CBDC platform for instant, cost-effective cross-border payments and trade settlement.
Key goals include.
Reducing FX and correspondent-bank costs for GCC–US/EU trade routes, for example Dubai–London commodities trades or Riyadh–Frankfurt industrial exports.
Modernising remittance corridors from the Gulf to recipient countries, including flows that ultimately land in US or EU financial institutions via SEPA or US ACH rails.
Deepening regional cooperation between Gulf central banks and major partners such as China, the Eurosystem and the Federal Reserve (via observer roles and technical collaboration).
For US and UK remittance providers, faster and cheaper CBDC rails between Abu Dhabi, Riyadh and New York or London could become a competitive differentiator but only if their compliance and technology stacks are ready.
Financial Stability, Monetary Policy and Data Visibility
From a macro-prudential perspective, CBDCs give CBUAE and SAMA more granular, real-time data on payment flows and liquidity. That data supports monetary policy in economies whose currencies are closely linked to the US dollar, and helps detect stress, such as sudden outflows during regional or global shocks.
At the same time, both central banks need to manage
Bank-run and disintermediation risk
If retail CBDC becomes widely available in the UAE or Saudi Arabia, caps, tiered remuneration or intermediated models may be used so households don’t simply move all deposits into CBDC during stress events.
Interaction with dollar and euro pegs
Gulf CBDCs will still reflect underlying peg policies; they do not create a new free-floating currency separate from USD or EUR benchmarks used in energy and trade contracts.
For multinational banks, that means CBDC exposures must be integrated into internal liquidity-risk and interest-rate models, alongside existing GCC currency-peg assumptions.
Why Middle East CBDCs Matter for US, UK and EU Institutions
For US, UK and EU institutions, Gulf CBDCs could mean cheaper, faster cross-border flows but tighter regulatory visibility, requiring upgraded compliance, contracts and treasury systems.
In practice, this may involve.
More granular transaction data being available to banks and regulators in New York, London or Frankfurt, potentially making sanctions, tax and AML enforcement easier.
Pressure to modernise infrastructure: legacy correspondent-banking stacks and batch-based treasury systems in Europe or the US may struggle to integrate with always-on CBDC rails.
New competitive dynamics: early-moving institutions in London or Berlin that support the digital dirham and digital riyal may win Gulf trade flows away from slower rivals.
US and European boards therefore need a cross-functional CBDC roadmap spanning legal, compliance, IT and product not just a “wait and see” approach.
Cross-Border CBDCs Between the Middle East, US, UK and EU
Cross-Border Settlement and Remittances with CBDCs
CBDC platforms such as mBridge aim to support cross-border settlement with CBDCs across UAE–Saudi–Asia–Europe corridors. For a remittance provider in New York or a SEPA-licensed payment institution in Berlin, the opportunity is to plug into a chain where the Gulf leg settles in digital dirham or digital riyal, then converts into USD or EUR for final credit.
Sample use cases include.
US or UK remittance firms using UAE CBDC rails to pay expatriate workers’ families in Europe or the wider Middle East.
EU/SEPA institutions offering “CBDC-optimised” routes for invoices between Dubai free zones and counterparties in Brussels or Frankfurt.
London FX brokers and City of London banks providing liquidity into CBDC corridors as mBridge and similar platforms move beyond pilot phase.
These flows will still have to respect the US Bank Secrecy Act, OFAC sanctions, UK and EU AML rules, and local GCC requirements often simultaneously.
Impact on US Dollar-Denominated Trade and FX
A common question is how the digital dirham and digital riyal will affect US dollar-denominated trade. In the near term, CBDCs mostly change how USD-linked trades are settled, not the underlying dollar peg: oil and petrochemical contracts out of Riyadh or Abu Dhabi are still likely to be priced in USD, but CBDCs might move tokenised USD or local-currency legs more efficiently.
Implications for New York, London and Frankfurt include:
More direct Gulf–Asia and Gulf–EU corridors, potentially reducing reliance on US-based correspondent chains for some flows.
New FX products where banks hedge CBDC exposures alongside traditional spot, forward and swap instruments.
Interoperability questions: how CBDC platforms integrate with SWIFT, CLS and existing trade-finance systems will shape adoption.
Boards and treasury teams should assume CBDCs will become another settlement rail for USD/EUR trade, not an overnight replacement for the dollar’s global role.
Comparing Gulf CBDCs with the Digital Euro and Digital Pound
The digital euro and a potential digital pound share many design objectives with the digital dirham and digital riyal: preserving monetary sovereignty, improving payment resilience and integrating with private-sector intermediaries. The ECB’s digital euro project has completed an investigation phase and is now in a technical capacity-building stage, with pilots targeted around 2027 and potential wider rollout by 2029.
Key differences for UK/EU firms include.
Regulatory perimeter
EU and UK CBDCs will sit under GDPR/DSGVO and UK-GDPR from day one, with stringent privacy and data-minimisation constraints, while Gulf CBDCs follow local data-governance models.Integration with open-banking/PSD2 APIs
UK and EU firms will be able to pull CBDC functionality into existing open-banking stacks; integrating Gulf CBDCs will require custom API and messaging gateways.
For technology teams whether at a London bank or a Berlin fintech this is where partnering with CBDC-ready web development and backend experts, such as Mak It Solutions’ web development services, can de-risk integration work. (Mak it Solutions)
CBDC Regulation in the Middle East.
Local Rules: CBUAE, SAMA and GCC AML/KYC Requirements
The core of the legal framework for the digital dirham and digital riyal is formed by CBUAE and SAMA regulations on payments, virtual assets, AML/KYC and outsourcing.
Foreign firms need to map, at minimum.
CBUAE rulebooks on stored value, payment services and fintech collaboration, plus specific CBDC documentation and circulars.
SAMA frameworks for payment service providers, open banking and CBDC experimentation, including wholesale digital riyal pilots and prior Project Aber work.
GCC-wide AML expectations, which are strongly aligned to FATF standards and increasingly harmonised across the UAE and Saudi Arabia.
In practice, CBDC flows are unlikely to relax AML/KYC obligations; if anything, central banks may require richer, more standardised “travel rule-style” datasets from banks and payment institutions using CBDC rails.
Cross-Regime Issues: US, UK and EU Law Overlay
For US, UK and EU-regulated institutions, Gulf CBDC flows sit under a layered regulatory stack:
US
Bank Secrecy Act requirements, OFAC sanctions programmes and guidance on screening, reporting and dealing with blocked parties continue to apply, regardless of whether a transaction clears over SWIFT or mBridge.
UK
FCA-authorised firms must meet UK-GDPR and sanctions obligations, and follow Bank of England and HM Treasury guidance where relevant to CBDC or tokenised payments.
EU/Germany
EU-regulated entities must consider GDPR/DSGVO, PSD2 (and upcoming PSD3), MiCA for relevant cryptoassets, and BaFin/ECB oversight—especially for German institutions in Frankfurt processing GCC CBDC flows.
The result is multi-regime compliance: a single CBDC payment between Riyadh and London may simultaneously trigger CBUAE/SAMA rules (via intermediaries), UK-GDPR, EU GDPR (via data mirrors), US sanctions filters and FATF-aligned AML expectations.
Legal and Compliance Obligations for Foreign Firms Using Gulf CBDCs
Foreign firms must apply local UAE/Saudi rules plus home-state regimes (US, UK, EU), covering AML/KYC, sanctions, data protection, outsourcing and operational-resilience duties.
Common obligation clusters include
Data-localisation & cross-border transfers: CBDC ledgers and analytics may need to remain in UAE or Saudi data centres, while mirrored data in the US, UK or EU must comply with GDPR/DSGVO and UK-GDPR transfer rules. (EUR-Lex)
Record-keeping and audit: both CBUAE and SAMA can be expected to mandate robust logging, reconciliation and audit trails for CBDC transactions, aligning with FATF standards and home regulators’ expectations. (FATF)
Outsourcing & operational resilience: US, UK and EU regulators increasingly scrutinise critical third-party and cloud arrangements, which will cover CBDC-ready infrastructure and analytics platforms built, for example, with partners like Mak It Solutions’ business intelligence services. (Mak it Solutions)
For compliance teams in New York, London or Berlin, documenting this cross-regime overlay is an early, essential task before any live onboarding of digital dirham or digital riyal corridors.
Risk, Contracts and Compliance.
CBDC Risk Mapping for Banks, Fintechs and Corporates
Adopting programmable money in the Middle East introduces new risk categories:
Operational, cyber and fraud risk: smart-contract logic, API gateways into CBDC platforms and always-on settlement will be attractive targets for attackers.
Monetary and liquidity risk: holding large digital dirham or digital riyal balances may change liquidity buffers and intraday risk profiles; treasury needs to understand CBDC convertibility, any caps and intraday access rules.
Accounting and tax: some jurisdictions may treat CBDC slightly differently from deposits for balance-sheet and tax purposes, especially where CBDC holdings or rewards are tokenised.
Risk officers should treat Gulf CBDCs as a distinct but related asset class to fiat, documenting differences for auditors, regulators and boards.
Contracts, Smart Contracts and Liability in Programmable CBDC Payments
As CBDC rails introduce programmability, contract design needs to catch up:
CBDC-denominated obligations: specify whether invoices reference traditional dirham/riyal bank transfers, CBDC transfers, or either at a given conversion rate, and clarify FX fixing mechanisms for USD/EUR legs.
Liability for failed or reversed CBDC transactions: map which party payer bank, payee bank, CBDC platform operator or smart-contract provider bears responsibility if a programmable condition misfires.
Smart-contract governance: define who can pause, amend or override on-chain logic for Gulf corridors, and how such governance aligns with US, UK and EU consumer-protection rules.
For corporates in Austin, London or Munich, template upgrades may be needed across trade-finance documents, treasury policies and vendor contracts. Mak It Solutions’ front-end development and mobile app development teams can help embed these contractual options into user-facing flows without confusing customers. (Mak it Solutions)
Practical Compliance Checklist for US, UK and EU Firms
Multinationals should update policies, contracts, sanctions and data-protection controls, and treasury workflows before onboarding digital dirham or digital riyal payments, ideally with specialist cross-border legal advice.
A practical, five-step “how-to” sequence.
Map exposure and use cases
Identify which business lines (trade finance, remittances, e-commerce) are most likely to touch Gulf CBDCs.
Prioritise corridors involving Abu Dhabi, Dubai or Riyadh customers and counterparties.
Align regulatory obligations
Cross-map CBUAE/SAMA CBDC guidance to US BSA/OFAC, UK-GDPR/FCA rules and EU GDPR/PSD2/MiCA obligations.
Update internal AML, KYC and sanctions policies accordingly.
Upgrade data and security controls
Ensure CBDC-related data is logged, encrypted and access-controlled to recognised standards such as PCI DSS and SOC 2.
Validate cloud and on-prem infrastructure against internal security baselines, working with partners like Mak It Solutions’ digital marketing & analytics and SEO services teams where customer-facing journeys are impacted. (Mak it Solutions)
Adapt contracts and customer terms
Add CBDC-specific clauses on settlement methods, FX conversion, liability and dispute resolution.
Obtain updated consents and privacy notices for any new data flows between GCC, US and EU locations.
Pilot, train, then scale
Run controlled pilots with selected Gulf corridors, including end-to-end testing of sanctions screening and CBDC settlement.
Train legal, compliance, treasury and product teams in New York, London and Berlin on CBDC-specific red flags and escalation paths.
Handled this way, CBDC adoption becomes an extension of existing risk and compliance frameworks not a bolt-on experiment.
Strategic Scenarios and Next Steps for US, UK and EU Firms
Adoption Timelines and Scenario Planning for Middle East CBDCs
CBDC rollouts will likely be phased.
Pilot/wholesale phase
UAE and Saudi CBDCs mainly used by banks and major payment institutions for cross-border settlement and government transactions (already underway in the UAE).
Broader access phase:
Potential expansion to corporates and fintechs under tighter licensing, especially those embedded in Gulf free zones with strong regulatory regimes.
Retail or hybrid phase:
Possible broader public access, with caps and safeguards to protect Gulf banking systems and currency pegs.
Scenario planning for boards in Washington D.C., London and Brussels should model:
A best-case where CBDCs reduce costs and improve visibility with manageable compliance overhead.
A base-case where adoption is gradual and limited to specific corridors and client segments.
A risk-case where regulatory fragmentation or geopolitical shocks complicate CBDC use, forcing rollbacks or strict caps.
Governance, Training and Board-Level Oversight
CBDCs are not just an IT issue they’re a governance and risk-committee topic:
Boards should assign explicit oversight of CBDC exposure to an existing committee (risk or technology), with regular reporting.
Legal, compliance, treasury and product teams in New York, London, Frankfurt and Berlin need targeted training on Gulf CBDCs, sanctions and data-protection angles.
CBDC considerations should be woven into enterprise risk-management frameworks, alongside cloud, AI and cyber-risk assessments, potentially supported by analytics platforms developed with Mak It Solutions’ business intelligence and cloud cost optimization expertise. (Mak it Solutions)
When to Bring in Specialist Cross-Border CBDC Counsel
You should consider bringing in specialist cross-border CBDC counsel when.
Your institution joins a Gulf CBDC or mBridge pilot.
You sign your first CBDC-enabled contract with a counterparty in Abu Dhabi, Dubai or Riyadh.
Regulators whether CBUAE, SAMA, the FCA, BaFin, or US supervisors start asking CBDC-specific questions in exams or supervisory dialogues.
Specialist counsel can bridge gaps between Middle East CBDC frameworks and US/UK/EU rules, while technology partners such as Mak It Solutions ensure your systems, APIs and data pipelines are built to withstand regulatory scrutiny.
Key Takeaways
The digital dirham and digital riyal are central-bank-issued CBDCs, distinct from bank deposits and crypto, and will initially focus on wholesale and cross-border settlement rather than replacing cash.
UAE and Saudi CBDC initiatives form part of a global trend, with over 90% of surveyed central banks exploring CBDCs and dozens of countries in advanced pilot stages.
For US, UK and EU institutions, Gulf CBDCs offer faster, cheaper corridors but also denser regulatory overlays across GCC, US, UK and EU regimes.
Legal and compliance obligations cover AML/KYC, sanctions, data protection, outsourcing, operational resilience and tax/accounting treatment of CBDC balances.
A structured how-to checklist covering exposure mapping, regulatory alignment, data/security upgrades, contract changes and training helps multinationals adopt digital dirham and digital riyal payments safely.
Strong governance, technical integration and collaboration with both legal specialists and technology partners like Mak It Solutions are essential to turn CBDCs from risk into competitive advantage.
If your bank, fintech or corporate treasury is even considering digital dirham or digital riyal pilots, now is the time to get your architecture, analytics and customer-facing journeys CBDC-ready. Mak It Solutions can help your teams design compliant, secure and scalable payment and analytics platforms that integrate with evolving Gulf CBDC rails.
Reach out via the Mak It Solutions contact page to discuss a scoped CBDC readiness assessment covering systems, data flows and user journeys before your first live transaction leaves Dubai or Riyadh. (Mak it Solutions)
FAQs
Q : Will the digital dirham or digital riyal replace cash and bank deposits in the Gulf?
A : In the foreseeable future, the digital dirham and digital riyal are designed to complement, not replace, cash and commercial-bank deposits. Central banks in Abu Dhabi and Riyadh emphasise a phased model where CBDCs sit alongside existing money forms, with careful limits to avoid destabilising banks or pegs to the US dollar.Over time, usage may expand to more use cases, but a full switch-off of cash or bank deposits looks unlikely in the medium term.
Q : How do CBDC payments in the Middle East differ from using stablecoins or traditional wire transfers?
A : Gulf CBDC payments settle in central-bank money on purpose-built platforms, often in near real time, with strong regulatory oversight and rich transaction data. Stablecoins are private-issuer tokens that may carry reserve and governance risk, while traditional wires move bank deposits via SWIFT or local RTGS systems and can take days across time zones. For compliance teams, CBDCs are closer to highly transparent fiat rails than to crypto trading venues.
Q : What accounting and tax issues arise when a company settles invoices in digital dirham or digital riyal?
A : Economically, CBDC-settled invoices resemble traditional dirham or riyal payments, but some jurisdictions may treat CBDC balances differently for balance-sheet presentation, interest recognition or tax timing. Multinationals should confirm whether CBDC holdings are classified as cash and cash equivalents, how any CBDC-specific incentives or yields are taxed, and how FX gains/losses are recorded when CBDCs are used as an intermediate settlement asset between, say, USD and EUR. Local advice in the UAE, Saudi Arabia and home jurisdictions is essential.
Q : Can small and mid-size UK or EU fintechs access Middle East CBDC pilots, or are they limited to major banks?
A : Early CBDC pilots in the Gulf tend to focus on banks and systemically important payment players, but there is growing space for regulated fintechs especially those already licensed in the UAE or Saudi Arabia to participate via sandbox programmes or as technical integrators.UK or EU fintechs often need a local presence, licences and strong compliance track records before being admitted to pilots, but partnering with established Gulf institutions can accelerate access.
Q : What red flags should compliance teams watch for when onboarding merchants that want to accept Gulf CBDC payments?
A : Key red flags mirror traditional AML and sanctions risks but with heightened data and technical angles: opaque beneficial ownership; unexplained spikes in high-value cross-border CBDC flows; merchants with weak cybersecurity for programmable-payment APIs; and counterparties in or linked to sanctioned jurisdictions or sectors.Compliance teams should also monitor whether merchants are routing CBDC funds into higher-risk crypto assets or jurisdictions outside standard trade patterns.