StableNexus
Note
|United Arab Emirates
|Infrastructure move
|High signal

DFSA's January 2026 crypto rewrite gives firms the token gate and keeps payment-token issuance federal

DIFC no longer relies on a DFSA-maintained recognised-token list for non-fiat crypto tokens. Firms now assess suitability themselves, fiat stablecoins remain on a separate DFSA gate, and payment-token issuance, conversion and custody-transfer sit with CBUAE.

StableNexus Research DeskPublished Apr 5, 2026

Key takeaways

  • The January 2026 DFSA package is already in force. It amended GEN, COB, CIR, FER, AMI, MKT and GLO, removed the recognised-token list for non-fiat Crypto Tokens, and shifted suitability to firms under GEN 3A.2.1 and 3A.2.1A.
  • Stablecoins were not pushed out of DIFC supervision. Fiat Crypto Tokens remain directly assessed by the DFSA under GEN 3A.2.1(2)(b) and the Policy Statement on Fiat Crypto Tokens, whose current annex lists EURC, USDC and RLUSD.
  • Custody did not become lighter. COB 15.4, COB 14.3, COB 6.13/App 6 and COB 15.7/15.8 still require segregation, key-security controls, client disclosures, quarterly incident reporting and annual independent technology audit. The sharper boundary is federal. The CBUAE Payment Token Services Regulation expressly licenses payment-token issuance, conversion, and custody/transfer across the UAE and for activity directed to UAE persons, including Financial Free Zone persons in the foreign-issuer registration limb.

Trigger

DFSA Jan 2026 crypto rules update

Dubai Financial Services AuthoritySource date Jan 12, 2026

On 12 January 2026, the DFSA brought into force a major Crypto Token package that removed the prescribed Recognised Crypto Token list, made authorised firms directly responsible for assessing the suitability of non-Fiat Crypto Tokens, kept a separate DFSA gate for Fiat Crypto Tokens, and tightened conduct, governance, custody, disclosure, and reporting expectations.

Open source document

SN Desk view

Dubai's financial free zone just changed how crypto tokens get approved. Until January 2026, DFSA maintained a recognized-token list -- if a token was not on it, DIFC-authorized firms could not touch it. That list is now gone for non-fiat tokens. Firms assess suitability themselves using DFSA criteria, must disclose which tokens they have approved, review them every six months, and file monthly returns. For stablecoins, DFSA kept the gate: fiat crypto tokens still need regulator-level approval, with EURC, USDC, and RLUSD currently listed.

The bigger structural signal is the boundary between DIFC and federal regulation. DFSA governs trading, custody, and intermediation of crypto tokens inside the free zone. But payment-token issuance -- actually creating and redeeming stablecoins for payment use -- sits with CBUAE under its Payment Token Services Regulation, which applies across the entire UAE including free zones. Dirham payment tokens are reserved for a specific issuer category with par-redemption and cash-reserve requirements. That two-layer model is now clearer than it was before: DIFC for financial services around tokens, CBUAE for the payment-token plumbing underneath.