GLA & Company

Federal Decree-Law No. 20 of 2025 introduces a wide-ranging set of amendments to the Commercial Companies Law (Federal Decree-Law No. 32 of 2021). The reforms clarify the interface between onshore and free-zone regimes, strengthen the legal framework for investment and governance, and provide greater flexibility in corporate structuring and capital arrangements. While free-zone entities remain subject to their own regulatory rules, the amendments bring the UAE’s corporate environment closer to international standards and enhance its usability for investors, founders and multinational groups operating in or from the UAE. This overview highlights the key changes and their practical implications for companies active in the UAE. 1) Clearer Scope Across Onshore, Free Zone and Foreign Companies The law now provides more explicit guidance on how it applies to foreign companies with a UAE presence and to free zone entities conducting activities outside their zone. Free zone companies continue to be governed by their own regulatory frameworks within the boundaries of the free zone; however, when they carry out activities in the mainland—whether through a branch, representative office, or otherwise—they must comply with the Commercial Companies Law and other applicable federal legislation. The amendments also confirm that free zone companies are considered UAE juridical persons for the purposes of UAE law. This clarification reduces long-standing uncertainty in cross-border structuring and offers greater predictability for groups operating across both mainland and free zone jurisdictions. 2) Introducing Non-Profit Companies For the first time, UAE company law expressly recognises non-profit companies. These entities must reinvest all revenues to advance their stated objectives and are prohibited from distributing profits to shareholders or partners. Detailed rules on their governance, permitted activities, licensing requirements and any regulatory exemptions will be issued at Cabinet level. Once implemented, this framework will provide a purpose-built legal vehicle for philanthropic, cultural, community and social initiatives, offering greater clarity and legitimacy for organisations pursuing non-commercial purposes in the UAE. 3) Common-Law Style Shareholder Rights Embedded in LLCs and PJSCs The amendments introduce statutory recognition of drag-along and tag-along rights for limited liability companies and private joint stock companies, allowing these mechanisms to be included directly in the memorandum or articles. This enhances enforceability, reduces reliance on side agreements, and increases certainty in exit and share-transfer scenarios—particularly relevant for M&A, venture capital, private equity, and family business restructurings. The detailed conditions and procedures for exercising these rights will be clarified through implementing regulations. Succession Planning for Shares Companies and shareholders may now agree in advance on how a deceased shareholder’s interest will be dealt with. These arrangements may include priority purchase rights for remaining shareholders or, importantly, acquisition of the shares by the company itself. The valuation may be agreed with the heirs or determined by the competent court, with independent valuation experts engaged in case of dispute. While this is a welcome development that provides greater certainty in succession planning, further guidance is expected on the post-acquisition treatment of such shares—specifically whether they may be held as treasury shares, cancelled, or reissued to third parties. 4) Greater Share Class Flexibility for LLCs Mainland LLCs can now issue multiple classes of shares with different voting, dividend, liquidation, redemption, and other rights. This represents a significant modernization that brings UAE practice closer to international standards commonly used in growth equity and venture financing. Cabinet-issued rules are expected to clarify the precise parameters, but the policy direction is clear: private companies now have the flexibility to structure their capital in line with strategic objectives. 5) In-Kind Capital Contributions The law reinforces the ability to make in-kind contributions to LLC capital, provided that , among other things ,such contributions are valued by one or more accredited valuers. If an accredited valuation is not obtained, the in-kind contribution will be considered invalid. This approach balances flexibility—particularly relevant for asset-intensive and technology-driven businesses—with safeguards against inflated or subjective valuations. 6) Private Placements by Private Joint Stock Companies Private joint stock companies may now raise capital through private placements within UAE financial markets, subject to the procedures and conditions set by the Securities and Commodities Authority. A private placement allows a company to sell shares or other securities directly to a limited group of investors—such as institutional investors or high-net-worth individuals—rather than through a public offering. This closes a historical gap in the fundraising pathway, enabling issuers to access domestic capital efficiently without relying on offshore structures or parallel vehicles. 7) Governance Continuity and Deadlock Solutions The amendments address day-to-day governance challenges that often arise in closely held entities. A manager’s resignation becomes effective after 30 days if the company takes no action, unless otherwise agreed. Companies must notify the competent authority when a manager’s term expires and appoint a successor within 30 days. Boards may continue to operate for up to six months after their term lapses to maintain operational continuity. If shareholders fail to appoint a new board, the competent authority may appoint directors who are not shareholders. This provides a practical mechanism to resolve deadlocks and restore functionality through a neutral or independent board composition. 8) A Unified Framework for Re-Domiciliation (Migration/Continuation) Perhaps the most transformative change is the introduction of a statutory framework for corporate migration (continuation) that preserves a company’s legal identity, contractual continuity, and corporate history. Companies can now re-domicile from foreign jurisdictions into the UAE, between mainland authorities, from mainland to free zones (including financial free zones) and vice versa, as well as between different free zones. This flexibility is subject to shareholder approval (typically via a special resolution or other prescribed majority), compatibility between registries, absence of prohibitive annotations or blocks, approvals from the relevant licensing authorities (and the Ministry of Economy or Securities and Commodities Authority where applicable), and compliance with the necessary publication and disclosure requirements. For regional groups and multinationals, this creates a powerful tool to realign licensing, tax, governance, and operational structures without the need for liquidation or reincorporation. Practical Implications for Companies The 2025 amendments reflect a deliberate shift toward a more adaptable, investor-friendly regime that builds on the UAE’s strengths in regulatory clarity. The ability to issue multiple share classes, embed drag-along and tag-along rights, structure thoughtful succession mechanisms, conduct private placements, and re-domicile across jurisdictions will simplify corporate life cycles and support more sophisticated capital formation. Companies operating across the mainland–free zone divide will benefit from clearer rules, while mission-driven organisations will finally have a fit-for-purpose legal vehicle for non-profit activities. The net effect is enhanced certainty for transactions and governance, fewer structural workarounds, and closer alignment with international practices. The UAE continues to position itself as a jurisdiction capable of hosting complex cross-border operations while maintaining the stability that underpins long-term investment and growth. Authors: Suzanne Hashem, Legal Director and Khaled Abu Orabi, Senior Associate

Small and medium-sized enterprises (SMEs) often struggle to secure credit due to a lack of real estate, securities and other easily securitized assets. Recognizing this limitation, the State of Qatar recently established a modern, centralized Movable Collateral Registry to diversify the range of acceptable security interests, reshaping the credit landscape in the country. This article reviews the legal foundation and operational procedures of the Qatar Movable Collateral Registry (“MCR”), administered by the Qatar Central Securities Depository, commonly known as Edaa (“Edaa” or “QCSD”). We also highlight a highly valuable practical precedent from our experience: the successful cross-border use of this mainland registry by a foreign lender/pledgee, on the one hand, and a borrower/pledgor registered in the Qatar Free Zones (“QFZ”), on the other hand. Governing Laws: The Regulatory Shift The mechanism for securing interests in non-real estate property is primarily governed by Law No. 16 of 2021 on the Regulation of Pledge over Movable Assets (the “MCR Law”), as well as Decision No. 1 of 2022 of the Qatar Central Bank Governor on the Procedures for Regulating the MCR (the “QCB Governor Decision”). This transformative piece of legislation provides a comprehensive, transparent framework for creditors, or secured parties, to formalize their claims over a debtor’s movable assets. The law’s objective is twofold: to provide certainty for lenders, and to allow borrowers to leverage the full value of their operating assets. The Administrator: Edaa’s Role Edaa is a financial company licensed by Qatar Financial Market Authority. It provides services such as clearing, safekeeping, settlement of securities and other financial instruments listed on the Qatar Exchange. Under article 6 of the MCR Law, Edaa is designated as the implementing platform for the registration and publication of security rights over movables, ensuring creditor protection and maintaining a central searchable public database of such interests. Edaa oversees the operational administration and supervision of the MCR. What is MCR and What Movable Assets Could Be Registered? The MCR is an electronic public database that contains information on security interests over movable property. Pursuant to article 3 of the MCR Law, movable collateral is a broad category encompassing virtually all assets not classified as land or buildings, such as: Inventory and raw materials Machinery and equipment Accounts receivable (invoices owed to the debtor) Contractual rights and intellectual property Agricultural crops, animals, and their products Bonds and negotiable instruments, including commercial instruments and bank deposit certificates. The Purpose/ Function of the MCR The primary purpose of the MCR is to enhance market transparency by allowing pledgees to access information via MCR website and verify whether a particular asset has already been pledged. Article 3(2) of the QCB Governor Decision allows a pledgee to simply “search” the MCR database to confirm that an asset is not already encumbered by a security right over it to a former pledgee. This boosts lender confidence and mitigates risk. Ultimately, the MCR strengthens the infrastructure of financial instruments in the Qatari market, positioning Qatar as an attractive regional and global financial hub. Registration and Perfection For diligent lenders, the registration process is ideally preceded by searching the MCR database to confirm the absence of any prior registrations on the intended movable asset. To make a security interest legally effective and enforceable against third parties, the following steps are required: Execution of the Security Agreement: The debtor (pledgor) and the secured party (pledgee) must execute a definitive pledge over movables agreement in writing, clearly outlining the assets being pledged. Open a User Account in the MCR Portal: Pledgee (acting directly or through its representative) must register as “user” in the MCR system, accepting the Edaa general terms, paying the required deposit, and providing required identification documents. Once approved, the user obtains access to the MCR services. Submission of the Registration Request: The pledgee or the pledgor must then electronically submit a registration request via the Edaa platform, detailing the relevant parties and the pledged movable asset description. Under article 6 of the MCR Law, the pledgee is responsible for the registration fees, unless otherwise agreed. Issuance of a Registration Certificate: Upon completion, the MCR issues an electronic certificate confirming the registration of the security interest. Legal Effect and Priority: First-to-register Principle Upon registration, the pledge becomes public and enforceable against third parties. Qatar follows the “first-to-register” principle. Under article 16 of the MCR Law, priority between competing security rights is determined primarily by the date of registration in the MCR. A secured creditor who registers its security interest first will generally have superior priority in the collateral and its proceeds, regardless of when the underlying debt was granted. Enforcement Rights In case a pledgee wishes to enforce the pledge, articles 27 and 29 of the MCR Law provide that a pledgee may enforce the pledge upon default through: Contractual Enforcement: After notice to the Pledgor, by sale at a public auction; or Judicial Enforcement: By application to the judge sitting in the executions circuit. Can QFZ Entities’ Assets Be Registered in the MCR? The MCR is a state-wide register for pledges over movable assets in the entirety of Qatar. Though there is no explicit carveout in the law excluding QFZ, some might assume that the assets of the entities registered with the Qatar Free Zones Authority (“QFZA”) may not be pledged in the MCR. This is complicated by the fact that the QFZA issued “the Collateral and Security Regulations” on 16 December 2020, which outlines the intent to establish a separate, dedicated movable collateral registry for the Free Zones created and maintained by the QFZA, accompanied by an FAQ Guide, which serves as supplementary guide to the regulations.  However, there is currently no evidence that such QFZ register is in force yet. In all cases, article 40 of Law No. 34 of 2005 on Free Zones as amended by Decree Law No. 21 of 2017 and Law No. 15 of 2021 provide that “Save for what is inconsistent with the provisions of this Law and the Regulations, all the laws, Regulations, and civil rules applicable in the State will be applied to the Free Zones.” Based on our firm’s successful precedent, we confirm that QFZ-registered entities can and should register their movable assets as collateral in the MCR. We believe this principle should equally apply to Qatar’s other sub-jurisdictions, such as the Qatar Financial Centre and the Qatar Science and Technology Park (QSTP). Conclusion The MCR represents a major step forward for financing in Qatar. By allowing movable assets to be pledged as security, it provides lenders with clear, enforceable rights while enabling borrowers to unlock the value of their operational assets. The registry is transparent, centralized, and accessible through Edaa, ensuring confidence for all market participants. GLA is a member of the MCR and has successfully registered a security interest over movable collateral on behalf of one of its clients. Recommendations Creditors and borrowers should actively utilize the MCR to register and search for pledges, ensuring priority and reducing risk. Further, QFZ-registered entities should register their movable assets in the mainland MCR to benefit from the same protection as mainland entities. Lastly, policymakers and stakeholders should continue to raise awareness of the MCR’s benefits to encourage wider adoption and improve market efficiency. Authors: Maryam Tarek, Dean Jaloudi, Ashraf Hendi    

Kuwait has entered a transformative phase in its public-health and compliance architecture with the issuance of Decree-Law No. 159 of 2025, effective December 14, 2025, a comprehensive overhaul of the narcotics, psychotropics, and chemical-precursor regime, repealing the four-decade-old 1983 and 1987 laws. The new framework modernizes Kuwait’s approach to substance control through a structured system of licensing, surveillance, treatment, data governance, and inter-agency coordination. Although the law’s immediate focus is public health and anti-trafficking enforcement, its implications extend into healthcare, pharmaceuticals, logistics, research, compliance, risk management, and corporate governance. This impacts pharmacies, manufacturers, technology providers, and supply-chain operators. This shift aligns with Kuwait’s broader objective of building institutional systems capable of supporting the next generation of economic and social reforms. At its core, the new regime establishes an integrated governance model, anchored in the Ministry of Health but coordinated with the Ministry of Interior, Customs, laboratories, treatment centers, and cross-border regulatory bodies. The forthcoming Executive Regulation is expected to unify these operational requirements through a detailed rulebook governing licensing, storage, electronic tracking, treatment protocols, and surveillance mechanisms. Institutional Architecture: Ministry of Health at the Center of a Cross-Sector Control Ecosystem The law repositions the Ministry of Health as the national authority responsible for the scientific, medical, regulatory, and oversight pillars of the framework. Under the law, the Ministry licenses all entities dealing with narcotic drugs, psychotropics, and chemical precursors; establishes central registers, quota systems, batch-tracking controls, and electronic monitoring platforms; and governs prescribing, dispensing, storage, destruction, and transport through detailed procedures to be formalized in the Executive Regulation. It further oversees rehabilitation and treatment centers, medical committees, and post-treatment monitoring systems. The Ministry of Interior plays a parallel enforcement role, particularly with respect to smuggling, trafficking networks, digital crime, and controlled deliveries, while Customs controls cross-border flows of substances and precursors. This alignment reflects a shift toward integrated compliance governance, where medical, enforcement, and data-governance mandates intersect. The structure is designed to create a controlled, traceable ecosystem capable of preventing diversion, ensuring public safety, and supporting evidence-based health interventions. From Policy to Implementation: Licensing, Electronic Tracking, and Supply-Chain Controls The law introduces a comprehensive licensing and control system applicable to hospitals, pharmacies, manufacturers, warehouses, research institutions, veterinary facilities, and transport operators. Its core pillars include electronic tracking systems covering import, storage, dispensing, return, and destruction of controlled substances; batch-tracking and serialization requirements for manufacturers and warehouses; supply-chain controls over qualified transport vehicles, secure containers, GPS-enabled routes, and mandatory reporting of delays or discrepancies; real-time, Ministry-linked electronic prescriptions to eliminate fraudulent or unauthorized dispensing; and inspection rights allowing regulators to access premises, records, samples, and audit trails. These measures mirror international best practices and reflect a deliberate move toward digital compliance, reducing diversion risk and strengthening Kuwait’s pharmaceutical and clinical governance environment. “For both healthcare providers and manufacturers, compliance will ultimately be expressed contractually. Agreements with vendors, logistics operators, and software providers must embed traceability tools, inspection cooperation, serialization obligations, and incident-reporting workflows aligned with regulatory expectations.” Treatment, Rehabilitation, and Medical Oversight: A Modern Public-Health Approach A core innovation in the law is the establishment of a medical-based model for addiction treatment. Under the articles, a specialized medical committee evaluates addiction cases and determines individualized treatment plans. Treatment may be voluntary or court-ordered, with strict confidentiality requirements; commitment periods count toward sentencing for eligible offenses; and release decisions are based on medical, not punitive, criteria. Rehabilitation programs involve coordinated social, psychological, and vocational support, anchored in clinical best practices. The law positions addiction as a medical condition, integrating treatment, rehabilitation, and post-care monitoring into the national health system. This public-health approach reduces stigma while strengthening institutional capacity to manage long-term addiction cycles and reintegration outcomes. Data Governance and Surveillance: A Controlled and Traceable Information System The law establishes sophisticated data-governance requirements comparable to those applied in Kuwait’s cyber and cloud sectors. It mandates centralized electronic databases covering licenses, imports, exports, prescriptions, dispensing records, inventories, and destruction logs; confidential medical records with limited access pathways for judicial and medical authorities; mandatory reporting of irregularities, losses, discrepancies, and adverse reactions; and digital integration between ministries, laboratories, customs authorities, and enforcement bodies. These systems create a unified surveillance environment in which every dose of controlled substance is traceable, and every treatment event is securely recorded. Enforcement and Regulatory Expectations: High Penalties, Clear Duties The law separates (i) criminal offenses (such as trafficking, manufacturing, distribution, and smuggling) from (ii) regulatory breaches by licensed or registrable entities. Criminal offenses carry severe custodial penalties up to life imprisonment when aggravating factors are present. Aggravating factors that can elevate penalties to the death penalty include exploiting or involving a minor or a person lacking capacity, abusing an official position, or acting on behalf of a criminal organization. Regulatory and administrative sanctions apply to non-compliance with licensing, storage, dispensing, transport, record-keeping, or destruction obligations by regulated entities. Authorities may order immediate confiscation of substances, equipment, vehicles, and proceeds; close facilities; suspend or revoke licenses; impose doubled fines and activity suspensions on legal persons; and, for non-Kuwaiti offenders convicted of relevant crimes, deportation. Inspectors are empowered to enter, search, and inspect premises; review and copy records; require destruction of stock; and mandate compliance remediation. “Supervisory expectations are rising. Entities that maintain documented standard operating procedures, conduct periodic control assessments, and implement compliance monitoring programs will face fewer corrective measures following inspection. Contracting and Operational Implications for Healthcare and Industry The new framework requires that operational relationships reflect regulatory controls through clear contractual alignment. Priority themes include inventory-management and serialization obligations; secure transport requirements tied to permit conditions; joint inspection and cooperation clauses; record-keeping commitments aligned to retention mandates; data-sharing and confidentiality frameworks that comply with health-records protection rules; and incident-reporting workflows consistent with statutory timelines. For pharmaceutical companies, hospitals, laboratories, and logistics operators, the completeness of these terms will increasingly determine regulatory resilience and audit readiness. A National Control Strategy: Future Trajectory The forthcoming Executive Regulation is expected to integrate technical storage standards; e-prescribing and e-tracking specifications; detailed licensing conditions; precursor-control requirements; laboratory and destruction protocols; and inter-agency coordination procedures. Once issued, these regulations will solidify Kuwait’s movement toward a more mature, compliance-driven public-health system to connect enforcement, treatment, and supply-chain governance within a unified national structure. Conclusion Law No. 159 of 2025 represents a generational modernization of Kuwait’s narcotics and psychotropics regime. Far beyond a criminal framework, it introduces a national compliance infrastructure spanning healthcare, supply chains, digital systems, treatment models, and cross-border coordination. As Kuwait moves from legislative reform to operational execution, entities that engage early, align their internal controls with the new regulatory requirements, and prepare for the forthcoming Executive Regulation will not only mitigate legal and operational risk but also contribute to a safer and more resilient public-health environment. Authors: Legal Director, Mohammed Al Awadhi, Senior Associate, May El Mahdy and Trainee Lawyer, Fahad Al Zouman    

Kuwait is taking a major step toward strengthening the integrity of its financial system with the announced establishment of a specialized Public Prosecution for Banking Affairs, which is expected to commence operations in 2026. The proposal, announced by the Public Prosecutor, shows Kuwait’s ongoing efforts to strengthen protection of the banking sector and respond to the rapid growth of financial crimes driven by digital transformation. The newly established prosecution will function as a specialized body dedicated to investigating and prosecuting banking related crimes. Its duty will cover a range of financial offenses, with particular focus on electronic fraud, forgery, and the issuance of cheques without sufficient funds. These offenses have become increasingly common alongside the growth of electronic banking and digital payment systems, the fact that makes specialized oversight and enforcement a regulatory necessity. The Public Prosecutor emphasized that accelerating financial developments have created an urgent need for an advanced institutional response capable of safeguarding confidence in banking transactions. The new prosecution is expected to contribute to this objective by strengthening enforcement mechanisms and improving the efficiency of legal procedures related to banking crimes. This development represents a shift toward more specialized prosecution functions within Kuwait’s criminal justice system. Selection of Prosecutors assigned to the Banking Affairs Prosecution will be based on objective criteria, including professional experience and technical competence. The goal is to establish a highly capable prosecuting framework equipped to address the nature of financial crimes with its continuous evolving in both scale and complexity. For the first time, the new prosecution will also assume responsibility for preparing analytical studies and periodic reports aimed at monitoring patterns and methods of banking related crimes. These reports are expected to support proactive crime prevention strategies and position the prosecution as a key reference for data and analysis in this field. In parallel, the prosecution will play a vital role in public legal awareness. Where necessary, it will launch legal awareness programs targeting institutions and individuals to enhance understanding of digital crime. Overall, the establishment of the Public Prosecution for Banking Affairs represents an important milestone in reinforcing Kuwait’s financial security framework through enhancing oversight, improving enforcement capabilities, and promoting preventive awareness. This initiative supports economic stability and contributes to a safer and more resilient financial environment to individuals and the national economy. Authors: Ashraf Hendi, Partner and Ahmed Al Buaijan, Trainee Lawyer

Kuwait has developed a structured and proportionate pathway for small and medium-sized enterprises “SMEs” to access public capital through the Emerging Companies Market “ECM” at the Kuwait Stock Exchange “KSE”. Established as a dedicated listing segment under the Capital Markets Authority’s “CMA” market-segmentation framework, the ECM balances reduced entry thresholds with clear governance, disclosure, and investor-protection standards. Designed for growth-stage companies, the ECM provides a regulated route to equity financing while avoiding the full complexity of the main market. Its architecture reflects Kuwait’s broader policy objective of strengthening capital-market depth, improving SME access to funding, and institutionalising governance across the private sector in line with international best practices. Although the ECM is primarily a capital-raising platform, its implications extend to corporate governance, valuation discipline, disclosure controls, shareholder structuring, and regulatory compliance. For SMEs seeking institutional credibility, diversified funding sources, and long-term scalability, ECM listing represents a strategic legal and commercial milestone. Market Architecture and Regulatory Authority The ECM operates within Kuwait’s statutory capital-markets framework, under which the KSE is authorized, subject to CMA approval, to segment the market and allocate securities to each segment based on published eligibility criteria. No company may list without a formal recommendation from the KSE and approval from the CMA following review of a complete application. Applications must be submitted using Exchange-prescribed forms and supported by documentation required under the Exchange Rulebook and the CMA Executive Bylaws. The CMA is required to decide on a complete application within thirty business days, providing applicants with procedural certainty. This gatekeeping structure ensures that ECM admission standards are enforceable, transparent, and aligned with broader market-integrity objectives. Admission Standards and Eligibility Thresholds While detailed ECM requirements are set out in the Exchange’s rules, the principal eligibility thresholds reflect SME operating realities. Issuers must demonstrate a minimum total fair market value of issued share capital of at least KWD 750,000; a free float of at least 20% of the company’s share capital; and a minimum of 20 shareholders, each holding shares valued at KWD 5,000 or more, except where the company is incorporated as a public joint stock company. The company must demonstrate continuity of activity for the last two financial years in one or more of the main purposes stated in its Articles of Association, with the majority of its revenues generated from those activities. It must also have audited financial statements approved by the General Assembly for the two financial years preceding the listing application. The issuer must be a shareholding company with freely transferable shares, subject only to limited statutory or contractual restrictions. Companies may list newly issued shares, existing shares, or a combination of both, provided that the applicable ECM requirements and CMA approvals are satisfied. Valuation, Offering Structure, and Prospectus Discipline Where ECM admission involves a public or private offering, Kuwait’s dealing-in-securities regime applies. This includes mandatory CMA approval of the prospectus, which must disclose business risks, financial history, governance structures, management details, related-party transactions, and use of proceeds. Where share premiums or fair value are relevant, a valuation report must be prepared by a CMA-licensed investment advisor or asset valuator, setting out the methodology and basis of valuation. In public offerings, allocation safeguards apply, including subscriber withdrawal rights where free-float or shareholder-dispersion thresholds are not met upon allocation. These mechanisms embed pricing discipline and investor confidence into ECM transactions and support orderly capital formation. Governance and Disclosure Obligations Post-Listing ECM issuers are listed companies and are therefore subject to ongoing governance and disclosure obligations. These include compliance with general assembly procedures covering advance notice, agenda disclosure, authenticated minutes, and shareholder participation; transparent board-nomination and election processes with advance disclosure of candidates and their executive or independent status; and the implementation of core governance controls, including board oversight of executive management, an Audit Committee reporting to the board, a risk-management framework, and the appointment of a Compliance Officer or outsourced equivalent. ECM issuers must also comply with periodic financial-reporting obligations, including the publication of annual and semi-annual financial statements audited by CMA-registered auditors, subject to rotation and notification requirements. Failure to meet reporting or governance obligations may trigger trading suspension, disciplinary action against the board, or, where deficiencies persist, delisting. Addressing Structural SME Challenges Through ECM Listing The ECM is designed to address recurring structural challenges faced by SMEs. From a financing perspective, it provides a regulated platform for equity fundraising and access to future capital-market instruments, reducing reliance on bilateral bank financing. From a human-capital perspective, ECM-listed companies are better positioned to implement employee equity and incentive plans within a defined legal and disclosure framework. From an operational standpoint, mandatory reporting cycles, audit oversight, and disclosure controls drive stronger internal controls, financial discipline, and risk management. Institutionally, baseline governance and transparency standards enhance credibility and engagement with investors, lenders, and strategic counterparties. Role of Licensed Market Participants ECM listings rely on coordinated input from licensed market participants. A Listing Advisor, licensed by the CMA to carry out investment-advisory activities for listing purposes, guides the issuer through eligibility assessment, documentation, governance uplift, and regulatory interfaces. Where valuation is required, a CMA-licensed investment advisor or asset valuator provides the valuation report supporting fair value or share premium. Issuers must appoint CMA-registered auditors to anchor financial reporting, and, where offerings are involved, subscription agents and underwriters may be engaged to manage allocation and book-building mechanics. The KSE manages the application intake and recommendation process, while the CMA exercises approval, supervision, and enforcement authority. Practical Legal Workstreams for ECM Readiness From a practical legal perspective, ECM readiness typically involves a structured work plan covering eligibility and free-float gap analysis; review of shareholder agreements and transfer restrictions; governance and committee structuring; coordination of prospectus and valuation documentation; capital-increase approvals and management of pre-emptive rights; audit readiness and IFRS alignment; and establishment of a post-listing compliance calendar covering reporting, disclosures, and general assemblies. Early legal and governance structuring significantly reduces execution risk and regulatory friction during the listing process. Conclusion The Emerging Companies Market represents a calibrated and credible entry point into Kuwait’s capital markets for SMEs with sustainable growth ambitions. By combining proportionate admission standards with enforceable governance and disclosure obligations, the ECM offers a legally robust platform for capital formation, valuation transparency, and institutional credibility. For companies considering ECM admission, early engagement with a Listing Advisor, disciplined governance preparation, and structured legal readiness are essential to achieving a smooth listing and sustaining long-term compliance as a public company. Authors: Mohammed Al Awadhi, Legal Director and Fahad Al Zouman, Trainee Lawyer

Entering into a hotel management agreement (“HMA”) in Dubai is a high-stakes decision for any property owner. The emirate’s hospitality sector operates under a complex regulatory framework overseen by multiple authorities, including the Dubai Department of Economy & Tourism (“DET”), Dubai Civil Defence, the UAE Federal Tax Authority, and various federal labour and data-protection regulators. While hotel managers oversee day-to-day operations, the ultimate responsibility for legal and regulatory compliance almost always rests with the property owner. 1. Licensing and Regulatory Compliance One of the most significant challenges for owners lies in licensing and operational compliance. Hotel operating licences and related permits are typically issued in the owner’s name, which makes the owner directly liable for renewals, record-keeping, and any violations—even when the management company is at fault. To mitigate this exposure, the HMA should: Acknowledge the owner as the licence holder; Obligate the manager to comply with all operational regulations and filing deadlines; Require the prompt provision of supporting documents; and Include robust indemnities and audit rights so that any fines caused by the manager’s actions can be recovered. 2. Financial and Tax Compliance Financial compliance presents another layer of complexity. Hotel managers typically collect the Tourism Dirham fee, municipality service charges, and VAT on behalf of the owner. However, it is the owner who remains the taxable person responsible for filings and remittances. Any misreporting can result in significant penalties. An effective HMA should therefore: Require detailed reconciliations and regular tax reports; Include warranties regarding the manager’s accounting systems and tax codes; Provide indemnities and clear audit rights to ensure transparency and accountability. 3. Health, Safety, and Employment Obligations Dubai enforces strict health and safety standards under the UAE Fire and Life Safety Code and other municipal regulations. Violations can lead to fines, closures, or costly remediation orders. The agreement should: Assign daily safety compliance duties to the manager; Mandate comprehensive record-keeping; and Grant the owner step-in rights and cost-recovery mechanisms in cases of manager negligence. Employment compliance is equally important. If the owner is the employer of the hotel workforce, they are liable for payroll, visa sponsorship, and end-of-service gratuities. The HMA should  clearly specify: The employer of record; The manager’s obligations under Federal Decree-Law No. 33 of 2021 and MoHRE regulations; and Indemnities covering any breach of employment laws. 4. Financial Reporting and Insurance Transparent and consistent financial reporting is fundamental to every successful HMA. Without it, owners risk revenue discrepancies, tax errors, and operational disputes. To prevent these risks, the HMA should: Mandate standardized monthly and annual financial reports; Grant the owner direct access to management and accounting systems; Require independent audits; and Include data migration and system integration provisions to ensure business continuity upon termination. Insurance provisions also warrant careful drafting. The owner should be: Named as an additional insured on all policies; Provided with proof of renewal annually; and Protected by clauses excluding liability caps for regulatory fines, gross negligence, and wilful misconduct. 5. Ownership and Management Changes Changes in ownership or management can trigger regulatory complications. Transfers of ownership or control often require prior approval from DET or other authorities. Failure to secure such approval can affect the status of the property’s operating licences. To manage these scenarios, the HMA should: Require written notice of any change; and Mandate cooperation in obtaining regulatory approvals. 6. Data Protection and Cybersecurity Hotels manage large volumes of personal and financial data, making compliance with privacy laws critical. HMAs must adhere to the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) and, where applicable, the DIFC Data Protection Law. Key data-protection provisions should include: A data-processing addendum defining roles, transfer restrictions, and breach-response procedures; Compliance with global payment-card standards (PCI-DSS); and Integration of anti-money-laundering (AML) and counter-terrorist-financing (CTF) obligations under Federal Decree-Law No. 20 of 2018, supported by cyber-insurance coverage and immediate breach-notification duties. 7. Performance Tests and Capital Expenditure Performance tests are critical owner protections. Without objective benchmarks—such as Revenue per Available Room (RevPAR) or Gross Operating Profit (GOP)—owners risk being locked into underperforming management arrangements. An HMA should therefore establish: Measurable performance metrics; Defined cure periods and termination rights; and Step-in rights for the owner in cases of significant non-compliance. For capital expenditure (capex), the agreement should: Distinguish routine maintenance from capital projects; Create a Furniture, Fixtures & Equipment (FF&E) reserve (typically 3–5% of gross revenue); and Require annual capex plans subject to owner approval. 8. Governing Law and Dispute Resolution The governing law and dispute-resolution mechanism are key strategic considerations. Many owners choose UAE law and the jurisdiction of the Dubai Courts, while others prefer arbitration—for instance, under the Dubai International Arbitration Centre (DIAC) or DIFC-LCIA—to ensure neutrality and enforceability. Conclusion HMAs in Dubai require more than sound commercial terms—they demand a carefully structured legal framework that anticipates regulatory complexity and allocates risk with precision. Owners who put in place strong legal protections, including indemnities, audit rights, performance standards, and compliance obligations, position themselves to safeguard their investment and maintain operational excellence in one of the world’s most competitive hospitality markets. Authors: Suzanne Hashem, Legal Director and Khaled Abu Orabi, Senior Associate.

Kuwait has taken a significant leap toward modernizing its notarization system with the issuance of Decree Law No. 147 of 2025, which amends provisions of Law No. 10 of 2020 on notarization. The new law unveils structural reforms that impact how a power of attorney (POA) is granted, renewed, and authenticated in Kuwait. This legislative update doesn’t just strengthen but also shifts the country to align with global best practices in documentation and E-governance. The reform aims to reduce miss use of indefinite authorizations while ensuring periodic verification of representation rights and accelerating Kuwait’s transition toward digital legal services. The Key Changes Include A five-year limit on the validity of all new Powers of Attorney. The automatic expiration of pre-existing POAs within two years. The formal recognition of electronic signatures as legally binding and enforceable. The Decree applies to the following All new Power of attorneys Existing notarized powers executed before the decree’s issuance, which remain valid for only two years from the date the law takes effect. Electronic notarization systems approved by the Ministry of Justice and related government entities. After the expiry of the transitional two-year period, any old power of attorney not renewed in accordance with the new law will automatically lose validity. Key Legal additions under Article 2 of the Decree Article 2 of Decree Law No 147 of 2025 adds two new articles to Law 10 of 2020 which are Article 5 bis and Article 9 bis which represent the foundation of the reform. Article 5 bis states that “Except for commercial agencies and any agencies exempted by decision of the Minister of Justice, a power of attorney shall be valid for five (5) years unless a shorter term is agreed or the agency terminates for another reason. The notarization shall specify the expiry date. The expiration of the notarization period shall not affect the validity of the agency between the parties”. This addition is designated to prevent endless delegation of authority and ensure that representation rights are periodically renewed reducing outdated authorizations. While Article 9 states that “The concerned parties or their representatives may appear before the notary in person, through the accredited electronic system, or by visual connection using modern or electronic means. The implementing regulation shall prescribe the procedures for each case, determine when personal attendance is required or remote appearance permitted, and regulate the manner of recording and evidencing such notarizations in the official registers and all other related provisions”. This addition established legal infrastructure for full digital notarization, in line with Kuwait’s shift toward online government services and paperless documentation. Why legal practitioners should take note The reform closes loopholes created by issuing lifetime power of attorney. Clients can now sign and validate documents remotely through secure electronic systems. Lawyers and companies must review and renew all existing power of attorney before the two-year deadline. Firms that adapt early can guide clients through renewals, reducing risk exposure and maintaining validity of representation. Conclusion The introduction of Decree law No.147 of 2025 marks a pivotal moment in Kuwait’s notarization framework. By limiting the duration of Powers of Attorney, mandating renewal and embracing electronic and remote notarization, the law stabilizes legal certainty with technological progress. These amendments especially the additions to article 2 promote accountability and prevent misuse of indefinite authorizations and modernize how legal documents are executed and authenticated. Critically, these reforms are set to significantly streamline national projects across Kuwait by fostering greater efficiency and transparency in legal processes. This digital transformation directly supports the ambitious objectives of Kuwait Vision 2035, positioning the country as a leader in digital legal services and contributing to sustainable economic development. For practitioners the reform presents an opportunity to lead clients into an era of digital security and transparent documentation aligning with the nation’s strategic future. Authors: Asad Ahmad, Legal director and Ahmed Al Buaijan, Trainee Lawyer

The Saudi Competition Law (Royal Decree No. (M/75) of 1440H, as amended) (the “Competition Law”) and its Implementing Regulations (the “Regulations”) have been in force for a substantive period, establishing a comprehensive legal framework (the “Competition Regime”). The General Authority for Competition (“GAC”) maintains an active and vigilant oversight of Saudi markets. Nevertheless, experience indicates that market participants often remain underprepared in navigating the full scope of the Regime’s prohibitions. Drawing from recent engagements, we observe that the most common compliance pitfalls are recurring themes: commercial arrangements, often well-intentioned, that inadvertently constitute resale price maintenance; output controls disguised as demand forecasting; and territorial management practices that cross into market partitioning. This article expands on our previous analysis of the GAC’s investigatory powers by detailing these persistent risks, elucidating the GAC’s enforcement perspective, and offering practical guidance to help businesses avoid regulatory exposure. Fixing Resale Price – The Conflation of Recommendation and Control The most consistent compliance risk arises from interference in the pricing autonomy of downstream customers. While rarely explicit, this practice commonly manifests through the circulation of recommended sale prices (“RSPs”). The critical issue emerges when RSPs are implemented with an expectation of adherence, reinforced through mechanisms such as: (i) conditioning commercial funding, stock compensation, or key account alignment on price compliance; or (ii) linking promotional support, rebates, or loyalty payments to a retailer’s maintenance of a specific shelf price. The GAC views such practices as violations of Article 5, Paragraph 1 of the Competition Law, which prohibits fixing or suggesting prices or other sale conditions. The GAC’s analysis is effects-based. Consequently, if internal guidance operates as a de facto directive, or if commercial benefits are withheld for price non-compliance, the GAC will likely characterize the conduct as illicit price-fixing. It is a safe conclusion that “non-binding RSPs” do not constitute a safe harbour where the commercial reality demonstrates a contrary effect. The key takeaway under article 5.1. is to ensure price guidance remains genuinely optional and to decouple all trade expenditure from adherence to a specific shelf price. Output Controls – A High-Risk Endeavour A similarly significant risk area involves the control of product or service quantities. This rarely appears as an overt directive to limit sales, but rather as periodic supply caps or gates applied to customers, channels, or regions. These are often framed as demand-planning exercises but function as hard stops once thresholds are met. A more complex variation involves pre-price-increase supply throttling to prevent “overstocking,” sometimes coupled with threats of clawbacks if a distributor exceeds an allotted cap. In legal terms, articles 5.2, 5.3, and 5.7 of the Competition Law prohibit practices that determine production quantities, limit the flow of goods, or restrict distribution. The GAC will look beyond commercial justifications to assess whether supply is being restricted for an anti-competitive purpose. Therefore, enforcing purchase ceilings, particularly in anticipation of pricing actions, is inherently risky. To manage commercial volatility, companies should utilize neutral tools related to credit, logistics, and service levels, tied to objective risk factors—not volume ceilings linked to commercial timing. Territorial Management Sliding into Market Partitioning In regionally structured supply chains, efforts to prevent cross-border “leakage” from neighbouring jurisdictions can swiftly devolve into prohibited market allocation. A company concerned that distributors in a higher-priced jurisdiction are sourcing products from a lower-priced neighbouring market may be tempted to implement restrictive measures. In this context, side letters or policies that penalize exports into neighbouring markets, delisting specific SKUs, or engineering portfolio differences primarily to render parallel imports less profitable—absent legitimate regulatory or consumer protection reasons—may be construed as anti-competitive territorial protection. Article 5.6 of the Competition Law contains a broad prohibition on allocating markets by geography, customer type, or sales channel. Furthermore, article 5.3 expressly targets restrictions on the free movement of goods. The Competition Regime adheres to the established distinction between active and passive sales: while a supplier may, in certain vertical contexts, restrict a distributor from activelytargeting sales in another distributor’s exclusive territory, it cannot prohibit passivesales—that is, responding to unsolicited orders from customers in that territory. This principle is clarified in the new GAC Guidelines on Dealing with Vertical and Horizontal Relationships, issued in July 2025. The Rebate Trap Rebates and trade expenditure are not inherently unlawful, and the Competition Law does not prohibit discounting. Liability arises when these commercial levers are structured to achieve prohibited outcomes. High-risk rebate structures include: (i) progressive rebate tiers tied to volume targets that effectively compel purchases irrespective of demand; (ii) conditional support linked to a customer’s adherence to a specific shelf price or promotion; and (iii) selective, non-transparent funding that advantages one key account over similarly situated rivals without objective justification. Such practices may violate article 5.1 of the Competition Law by constituting a fixing of sale conditions or resale price maintenance. For entities in a dominant position, article 6.4. introduces an additional layer of risk, as discriminatory treatment of trading partners can constitute an abuse of dominance. Recurring Abuse of Dominance Issues Entities holding market shares at or above 40% trigger a dominance analysis. Common missteps include leveraging discount structures and funding to discipline retailers that deviate from preferred RSPs and refusing to supply, or threatening delisting, to curb parallel trade or extract favourable terms. While such conduct is problematic for all market players, it is significantly amplified under article 6 for dominant entities. Practices such as price-conditioned supply and discriminatory terms attract heightened scrutiny and pose a substantially greater enforcement risk for dominant entities. Refresher: Key provisions of the Competition Regime the KSA Competition Law empowers the GAC to investigate anti-competitive behaviours in Saudi markets. As a reminder of the provisions addressed under our previous installment, remember that the Compettion Regime enables empowers the GAC to undertake its duties as follows: Article 15 of the Competition Law authorizes investigators of the GAC to inquire, gather evidence, and investigate violations of the Competition Regime where the GAC personnel would have equivalent to law enforcement capacity. Article 16 of the Competition Law authorizes the GAC personnel to seek the assistance of the competent authorities, including law enforcement agencies, to enable them to carry out their duties. Article 16 also prohibits any entity from obstructing the operations of any GAC officers or investigators, including prohibiting or withholding any information, providing misleading information, or concealing or destroying documents that benefit the investigation by the GAC. This is further emphasized by articles 36 through 38 of the Regulations. Such an umbrella of authority is furthered by granting GAC personnel extra-territorial authority to investigate foreign incidents with effects on the KSA market per the provisions of article 35 of the Regulations. A key element in fostering a healthy competitive landscape is recognizing the GAC’s substantial investigatory authority and proactively complying with the Competition Regime. Reiterating Competition Law Compliance As outlined in our previous instalment, proactive compliance measures are critical for mitigating risk under the Competition Regime. The following steps are fundamental to establishing robust antitrust policies and avoiding substantial financial sanctions. Conduct Regular Audits: Entities are advised to undertake legal due diligence reviews of their documents, operations, and commercial correspondence to ensure compliance. This is essential for identifying and remedying potential violations, and for assessing the entity’s overall risk profile, whether or not it is currently subject to GAC scrutiny. Fair Rebates: All entities in the market are encouraged to review their rebate schemes and implement an objective rebate programme, one that does not discriminate between any of the vendors benefiting from its implementation. Implement Employee Training Programs: Entities should provide comprehensive antitrust and competition training to all employees, with a focus on personnel in leadership, sales, and procurement roles. Training should delineate lawful versus unlawful practices, establish clear communication protocols, and detail reporting mechanisms to prevent violations. Establish Robust Internal Policies: Entities must draft and implement internal policies designed to mitigate anti-competitive risks. These should include clear guidelines on interactions with competitors, vendors, and customers, as well as protocols for pricing and market analysis. Seek Proactive Legal and Regulatory Guidance: When navigating complex or novel situations, seek expert legal counsel to ensure compliance and pre-empt regulatory issues. Conclusion Combating anti-competitive behaviour remains a work in progress for market participants. While multiple factors impact a company’s ability to ensure full compliance, consistent internal action and the cooperative nature of the GAC are key elements that enable businesses to successfully navigate the pitfalls of the Competition Regime and mitigate the risks associated with allegations of anti-competitive conduct and abuse of dominance. Authors: Asad Ahmad, Head of Anti-Trust & Competition and Khaled Al Khashab, Associate

The State of Kuwait has enacted Decree-Law No. 148 of 2025, introducing substantial amendments to Law No. 20 of 2014 on Electronic Transactions (the Electronic Transactions Law). The reform broadens the Law’s scope and reinforces the legal recognition of electronic records, documents, signatures, and transactions across civil, commercial, administrative, and personal-status matters. It forms part of Kuwait’s wider digital-governance initiative aimed at enhancing service efficiency and reducing reliance on paper-based procedures. Under the amended framework, electronic instruments now have the same legal and evidentiary effect as their paper equivalents, provided they meet the procedural and technical requirements prescribed by law. The amendment further confirms that electronic contracts, communications, and registers are legally valid and enforceable, removing uncertainty regarding the reliability of digital documentation before courts and administrative bodies. Procedural and Technical Requirements Pursuant to Article (9) of the amended Law, an electronic document or record shall have legal effect if all of the following conditions are satisfied: It is preserved in the form in which it was created, sent, or received, or in a manner that reliably proves the accuracy of its data at the time of creation, sending, or receipt; Its contents are capable of being stored and retrieved at any time; It identifies the creator or sender and specifies the date and time of creation, sending, or receipt; and It is saved in an electronic format pursuant to the conditions and rules established by the competent supervisory authority. Similarly, Article (19) provides that an electronic signature shall be deemed a protected electronic signature if it fulfills the following requirements: The signatory can be clearly identified; The signature is uniquely linked to the signatory; The signature is created using a secure signature tool under the exclusive control of the signatory at the time of signing; and Any alteration to the data associated with the signature or its link to the signatory can be detected. The Executive regulations will further specify the detailed technical controls and standards governing these conditions. Practical Implications In practice, these reforms enable public authorities, financial institutions, and private entities to: Execute and store contracts, notices, and records entirely through electronic means; Transition toward fully digital filing and registration systems; Shorten processing timelines and reduce administrative costs; and Rely on electronic registers established by competent authorities as valid proof of rights and obligations. Compliance Considerations In light of Decree-Law No. 148 of 2025, companies should promptly align their internal practices with the new amendments. Key preparatory steps include: 1. Adopt Secure and Verifiable E-Signature Tools Ensure all e-signature systems satisfy the criteria under Article (19), including signatory identification, exclusive linkage to the signer, control at the time of signing, and tamper-detection capabilities. 2.Implement Reliable Electronic Archiving Systems Establish compliant electronic record-keeping aligned with Article (9), ensuring data accuracy, retrievability, and traceability through standardized metadata, timestamps, and system logs. 3.Update Internal Policies and Templates Revise corporate policies, document templates, and approval workflows to formally recognize the legal validity of electronic records and signatures. Decree-Law No. 148 of 2025 was published in the Official Gazette on 23 October 2025 and entered into force on the date of publication. This measure represents a significant milestone in Kuwait’s legal modernization and its continued shift toward a comprehensive digital transformation of public and private sector processes. Authors: Asad Ahmad, Legal Director and Fahad Al Zouman, Trainee Lawyer

This year, Kuwait’s merger control regime has been reshaped by legislative reforms and constitutional challenges. The framework now requires close attention to the scope of notifiable transactions, the financial thresholds that trigger a filing obligation, and the exemptions designed to exclude routine restructurings. Parties must also navigate detailed notification requirements, supporting documentation, filing fees, and a multi-stage review before the Kuwait Competition Protection Agency (“CPA”). Recent constitutional rulings—most notably the 2025 decision striking down the CPA’s power to impose revenue-based fines—have added a new dimension to enforcement and signal further reform on the horizon. Merger control in Kuwait is governed by Law No. 72 of 2020 on the Protection of Competition and its Implementing Regulations, issued under Resolution No. 14 of 2021 and amended by Decree No. 25 of 2022. Together, they establish the CPA, prohibit anti-competitive practices, and set out merger control obligations, review procedures, and exemptions. This overview walks through the scope of notifiable transactions, the financial thresholds that trigger notification, and carve-outs for routine restructurings, before outlining the notification process, documentation, and filing fees. We then explain the CPA’s multi-stage review and monitoring practices and concludes with constitutional developments—particularly the ruling that limited the CPA’s power to impose revenue-based fines—and their implications for enforcement and legislative reform. A merger control filing with the CPA is required when a transaction (i) qualifies as an economic concentration. Under the Competition Law, an economic concentration includes mergers, acquisitions of control, and joint ventures that create an autonomous economic entity. In the event a transaction is considered an economic concentration, then the financial thresholds must be analysed. The obligation to notify the CPA is triggered when certain financial thresholds are met, based on the audited financial statements of the preceding fiscal year. Specifically, notification is required if any of the following financial thresholds are met (“Financial Thresholds”): One party to the concentration generates revenues in Kuwait exceeding KWD 500,000; The aggregate revenues of all parties exceed KWD 750,000; OR The registered assets of the parties in Kuwait exceed KWD 2.5 million. The Competition Law provides several exemptions to ensure that routine transactions are not unnecessarily subjected to merger control filings. These exemptions include acquisitions by banks, insurance companies, and financial institutions engaged in securities trading, provided they do not exercise substantive voting rights and dispose of the securities within one year of acquisition. The disposal period may be extended by the CPA upon a justified request demonstrating that disposal was not reasonably practicable within the one-year period. Exemptions also apply to acquisitions arising from insolvency, defaults, debt restructuring, or settlements with creditors are excluded, as are intra-group restructurings within the same economic group. These carve-outs reflect the legislature’s intent to capture only those transactions that materially affect market structure and competition in Kuwait. Parties must notify the CPA within 60 days of signing the transaction agreement or related contract. However, in practice, the CPA does not strictly enforce this 60-day requirement. A binding agreement is not strictly required before notification; it is sufficient for parties to file based on a letter of intent, memorandum of understanding, or a good faith intention to reach an agreement. The merger control notification must include detailed corporate documents, financial statements, transaction agreements, market share data, competitor information, and an economic report addressing the potential effects on competition in the relevant market. The filing fee is 0.1% of the combined paid-up capital or Kuwaiti assets of the parties, whichever is less, capped at KWD 100,000, with a minimum charge above zero. The review process before the CPA involves several steps. Once a filing is submitted, the CPA chairman has five days to refer the application to the executive director for review. The executive director then conducts a substantive examination of the transaction, which must be completed within 90 days. This period may be extended if additional information is required or if third-party objections are raised. After the executive director’s assessment, the matter is referred to the CPA’s board of directors, which must issue a decision within 30 days on whether to approve, conditionally approve, or reject the transaction. The parties must be formally notified of the board’s decision within 15 days, ensuring transparency and closure of the review process. In practice, clearance typically takes around 45–60 calendar days from the time a complete application is submitted, though delays are common if filings are incomplete or contested. Importantly, transactions cannot be implemented before clearance; violations can result in fines or orders to unwind the transaction. These include fines of up to 10% of total revenues for failing to notify an economic concentration or for submitting misleading or incorrect filings, and the same ceiling for anti-competitive agreements or abuse of dominance. Lesser violations—such as obstructing CPA investigations, failing to comply with obligations after notice, or providing misleading information—carry fines of up to 1% of revenues from the previous fiscal year. In parallel with these sanctioning powers, the CPA has a designated department tasked with reviewing transactions published on social media platforms to ensure that any notifiable transactions, which have not submitted a merger control filing, are investigated and then referred to the CPA disciplinary board. The CPA has sent investigatory letters to both local and foreign parties requesting information and details surrounding published transactions they are involved in. GLA has played a key role in moulding the Kuwait merger control landscape. In February 2025, GLA successfully represented a client facing significant CPA sanctions.  In a landmark ruling by the Kuwaiti Constitutional Court, which significantly altered the CPA enforcement capabilities. The Court declared Paragraph (1) of Article 34 of Law No. 72 of 2020 unconstitutional. This provision had empowered the CPA’s disciplinary board to impose financial penalties of up to 10% of a party’s total revenues for violations of Articles 5–8 (anti-competitive agreements and abuse of dominance). The challenge, successfully argued by GLA & Company Senior Partner, Nader Al Awadhi, on behalf of the Union of Cooperative Societies, was based on constitutional principles, including: Violation of due process and judicial oversight (penalties were imposed administratively, not judicially); Lack of proportionality between penalties and violations; and Encroachment on protections of private ownership and personal liberty. The ruling curtails the CPA’s ability to impose revenue-based fines and raises questions about the validity of past sanctions. Going forward, merger control enforcement will likely need to rely on judicially supervised remedies or amended legislative provisions consistent with constitutional safeguards. Further, by establishing constitutional precedent, the ruling has already influenced subsequent cases, including one that struck down the 1% fine for non-compliance as unconstitutional, and has intensified calls for legislative reform. As a result, draft amendments to the Competition Law have been introduced and are currently awaiting approval. .Kuwait’s merger control regime features relatively low financial thresholds that capture both domestic and cross-border transactions. Parties must prepare comprehensive filings and anticipate a few rounds of queries within the review period. However, the Constitutional Court’s ruling striking down the CPA’s power to impose steep turnover-based fines introduces a new layer of legal complexity. Companies engaging in mergers and acquisitions in Kuwait should closely monitor forthcoming legislative or regulatory adjustments as the state reconciles the Competition Law framework with constitutional requirements. Authors: Asad Ahmad, Head of Anti-Trust & Competition and Fahad Al Zouman, Trainee Lawyer.

The Kingdom of Saudi Arabia has taken a significant step forward in reshaping its arbitration landscape with the release of the Draft Arbitration Law. This development reflects Riyadh’s broader ambitions under Vision 2030 to become a hub for commerce, dispute resolution, and foreign investment in the Middle East. For businesses, investors, and practitioners alike, the law represents a modern, comprehensive framework designed to align with international standards while respecting Saudi Arabia’s unique legal identity rooted in Sharia principles. Modernization and International Alignment The Draft Arbitration Law streamlines procedures and introduces clearer definitions, greater flexibility for parties, and stronger enforcement mechanisms. Importantly, it applies not only to domestic arbitration seated in the Kingdom but also to international commercial arbitration with a Saudi nexus, should the parties agree. This dual scope underscores Saudi Arabia’s desire to attract cross-border commerce and investment by assuring international parties that arbitration proceedings will meet global best practices. Provisions governing interim measures, electronic communications, virtual hearings, and enforcement of awards demonstrate a clear effort to align with UNCITRAL standards while retaining a distinctly Saudi character. Key Highlights Arbitration Agreement: The law recognizes electronic formats and digital signatures, broadening access in today’s digital economy. Tribunal Composition: Arbitrators must have full legal capacity, but there are no restrictions on nationality unless parties agree otherwise, widening the pool of expertise available. Procedural Flexibility: Parties may select their own procedural rules, including institutional rules, provided they do not contravene Sharia and provides for virtual hearings and electronic submissions. This allows alignment with leading international arbitration centers. Interim and Conservatory Measures: For the first time, tribunals can order measures to preserve assets, maintain status quo, or secure evidence. Courts are empowered to enforce these measures quickly. Finality of Awards: Awards are binding and enforceable, with annulment limited to narrow grounds, such as violation of Sharia or public policy, improper tribunal formation, or incapacity of a party. Enforcement: Awards have the same res judicata effect as court judgments, subject to verification by Saudi courts. Certified Arabic translations are required for awards in other languages. A Balancing Act: Modern Standards and Local Identity The Draft Arbitration Law reflects a careful balance between international norms and domestic legal principles. While inspired by global models such as the UNCITRAL Model Law, its mandatory references to Sharia and Saudi public policy maintain continuity with the Kingdom’s legal tradition. This duality will be familiar to regional practitioners, but for international users it provides reassurance that Saudi Arabia is committed to predictability while remaining anchored in its constitutional foundations.   Business Confidence and Investor Protection For multinational corporations, joint ventures, and financial institutions, arbitration is often the preferred method of dispute resolution due to its neutrality and confidentiality. The Draft Law goes a long way in addressing investor concerns around enforceability and efficiency, especially by introducing time limits for certain procedures and enabling virtual hearings. These reforms support Riyadh’s strategic goal of becoming a regional hub for finance and trade. Opportunities for the Region For the wider Middle East, the Saudi reform raises the bar. It will encourage greater consistency across jurisdictions, increase investor confidence, and may well inspire similar updates in neighboring states. Given the Kingdom’s role as the largest economy in the GCC, this legislation is likely to influence the direction of arbitration reform across the region. GLA & Co’s Perspective As a firm deeply engaged in regional arbitration, GLA & Co recognizes the importance of this draft law for the legal community and business sector. Nader Al Awadhi, Senior Partner at GLA & Co, commented: “Saudi Arabia’s Draft Arbitration Law is a milestone for the Kingdom and for the region. It brings the Kingdom’s arbitration framework closer to international standards while preserving its unique legal identity. For businesses, it provides clarity, flexibility, and—most importantly—confidence that their disputes will be resolved fairly and efficiently. At GLA & Co, we view this as a positive development that will enhance Saudi Arabia’s role as a regional leader in dispute resolution.” Conclusion The Draft Arbitration Law marks a new era for dispute resolution in Saudi Arabia. By integrating international best practices with local legal traditions, the Kingdom is signaling its readiness to host high-value commercial disputes and to strengthen its attractiveness as a global investment destination. GLA & Co will continue to monitor the progress of this law closely and provide clients with up-to-date analysis and practical guidance. As the Middle East’s leading regional law firm, we remain committed to supporting clients in navigating this evolving landscape and in harnessing the opportunities it presents.

In line with Kuwait’s vision to develop its real estate investment environment and regulate non-Kuwaiti participation in this vital sector, Decree No. 195 of 2025 (the “Decree”) was issued to strike a balance between attracting foreign investment while safeguarding the exclusivity of private housing for Kuwaiti nationals and maintaining consistency with the existing legal framework governing non-Kuwaiti ownership. The Decree, while operates alongside Decree No. 74 of 1979 on non-Kuwaiti ownership of real estate, sets out the following provisions: Eligibility and Conditions For Real Estate Ownership (Article 1): In compliance with Decree-Law No. 74 of 1979 on Non-Kuwaiti Real Estate Ownership, companies with non-Kuwaiti partners and which are listed on licensed stock exchanges in Kuwait, as well as real estate funds and investment portfolios licensed by the competent Kuwaiti authorities, may own real estate, subject to the following conditions: One of the activities of such companies, real estate funds, or investment portfolios must include dealing in real estate. The Decree imposes a categorical prohibition on owning or dealing of real estate, plots, or lands designated for private housing purposes regardless of location or project. Exceptions and Equal Treatment (Article 2) The provisions of this Decree expressly preserve two key points: The right of entities under the supervision of the Central Bank of Kuwait or the supervision of other regulatory bodies to own real estate in accordance with the law. The treatment of nationals of the Gulf Cooperation Council (GCC) member states shall be treated the same as Kuwaiti citizens with respect to the ownership of land and constructed properties in Kuwait, in accordance with the law. Implementation and Entry into Force (Article 3): Ministers, each within their respective jurisdictions, shall implement this Decree, which shall take effect upon its publication in the Official Gazette. Market participants should, therefore, align internal policies, funds documentation, and transaction screening protocols to ensure compliance with the Decree from the date of publication. As outlined above, Decree No. 195 of 2025 aims to preserve the exclusivity of residential housing for citizens and prevent practices that could disrupt the national real estate market, while clearly ring-fencing the private housing segment for citizens and preserving supervisory and GCC equal-treatment frameworks. In parallel, it promotes sustainable investment within the real estate sector, while remaining consistent with existing laws governing the ownership of property by non-Kuwaitis.. The result is a more defined pathway for non-Kuwaiti capital that aligns with Kuwait’s policy objectives and market stability. Authors: May El Mahdy, Senior Associate and Maha Abdullah, Trainee Lawyer

Kuwait is positioning itself as a leading regional jurisdiction in integrating artificial intelligence and cloud into the digital economy.   Government‑backed collaborations with Microsoft and Google have been announced to advance AI‑enabled cloud capabilities and deploy productivity solutions across public agencies, Supported by Vision 2035 and potential participation by Kuwait’s sovereign ecosystem in global digital infrastructure initiatives, these developments signal a material step toward embedding AI across the nation. This transformation, however, is not being driven by technology alone. Kuwait’s expanding digital ecosystem is developing within a sophisticated legal and institutional framework that governs data protection, cloud computing, and cybersecurity.  For AI vendors and cloud service providers, understanding this framework is essential not only as a matter of compliance but as a prerequisite for market participation.  These institutional foundations are evolving toward a more coordinated governance model under Kuwait’s forthcoming National AI Strategy, which is expected to align the roles of existing regulators and establish a unified national framework for AI oversight and data governance. Institutional architecture: CAIT, CITRA, and the National Cybersecurity Center At the core of this structure stand three institutions that define Kuwait’s digital governance model.  The Central Agency for Information Technology, known as “CAIT,” leads governmental digital transformation and supports the development of national cloud infrastructure and AI adoption across public entities.  Working alongside CAIT is the Communications and Information Technology Regulatory Authority, or “CITRA,” established under Law No. 37 of 2014 to regulate the telecommunications and information technology sectors, license operators, and oversee privacy and cloud compliance through instruments including the Data Privacy Protection Regulation and the Cloud Computing Regulatory Framework.  Complementing both agencies is the National Cybersecurity Center, created by Decision No. 37 of 2022, which serves as Kuwait’s authority for cybersecurity and data‑classification oversight and sets parameters for cross‑border processing of sensitive information. “Taken together, these bodies form a layered governance model.  CITRA’s licensing and cloud rules establish the baseline for service provision and customer protections, while the National Cybersecurity Center’s classification and cross‑border controls determine where sensitive workloads may reside. CAIT’s digital transformation mandate then operationalizes these standards across the public sector, ensuring that modernization initiatives are designed around compliance from inception rather than retrofitted post‑deployment. ” Programs and partnerships: from policy to implementation Recent initiatives demonstrate how these institutions coordinate to align technological development with regulatory oversight. In cooperation with Microsoft, CAIT and CITRA have announced and begun implementing a national program that includes the planned establishment of  AI‑enabled data center capabilities, an integrated AI system, a center for cloud auditing, and a facility dedicated to advancing the digital infrastructure within the public sector.  CAIT oversees execution across government entities, while CITRA ensures that the deployment of cloud and AI environments remains consistent with Kuwait’s data‑governance, cybersecurity, and localization requirements. The initiative includes large‑scale training programs in cybersecurity and artificial intelligence, embedding compliance and institutional capability within the government’s transformation framework. “For both vendors and government entities, successful execution hinges on translating these high‑level initiatives into contractually enforceable obligations.  Agreements should embed data residency commitments tied to approved classifications, encryption and key management aligned to supervisory expectations, audit and inspection cooperation mechanisms, and incident workflows that meet statutory notification thresholds.  This contractual scaffolding is how Kuwait’s compliance requirements are made real in day‑to‑day operations.” Data governance pillars: privacy, localization, and cloud compliance CITRA’s regulatory reach extends beyond traditional telecommunications providers to include any entity offering communications or IT services in Kuwait, including cloud platforms, application developers, and AI‑based service providers that process user data.  The Cloud Computing Regulatory Framework requires providers to obtain authorization before operating, comply with technical and security standards, and commit to service‑level and continuity obligations through transparent contractual terms.  It also sets clear rules on data transfers, encryption, and customer exit rights to ensure that information remains protected throughout the term of a service. Meanwhile, the Cybersecurity Center requires organizations handling electronic information to implement internal data classification processes that it reviews and approves, and to obtain authorization before storing or processing sensitive information outside Kuwait.  Together, these requirements  create a comprehensive data‑governance system, ensuring that information flows remain traceable, accountable, and primarily local. The Data Privacy Protection Regulation sets out the main principles governing data processing in Kuwait.  Processing activities must rely on a lawful basis such as consent, legal obligation, or necessity.  Service providers must publish privacy notices in both Arabic and English that clearly explain the purpose of collection, retention periods, and data transfer practices.  Additional protections apply to minors under eighteen, who require guardian consent, while users retain the right to access, correct, erase, or object to the processing of their data.  Marketing communications must include opt‑out mechanisms, and any third‑party or affiliate marketing requires prior consent from the data subject. Data localization requirements apply in defined contexts, including where instruments require classification, encryption, and approvals tied to sensitivity and sectoral scope; organizations should confirm whether obligations arise under statute, regulation, license conditions, or supervisory circulars.  Organizations must classify and encrypt data both in transit and at rest, and in certain cases must notify or obtain authorization from the competent authority before cross‑border transfers.  Sensitive data may only be processed outside Kuwait where the National Cybersecurity Center grants prior approval under applicable classification and cross‑border rules.  Under the Cloud Framework, providers must also maintain exit procedures and data deletion mechanisms to prevent vendor lock‑in and ensure the secure return or destruction of customer data upon termination. Beyond localization, the framework expects a program of security governance.  Entities may be required to or are expected to appoint a data protection officer, conduct regular audits and penetration tests, and maintain business continuity and disaster recovery plans as required or expected under the governing instrument.  Breach reporting is governed by defined timelines, with major incidents often notified within twenty‑four hours for major incidents and seventy‑two hours for other reportable breaches.  These timelines reflect Kuwait’s emphasis on prompt response and transparency in handling cyber incidents. “Organizations face a practical design choice: fully localize sensitive datasets, adopt hybrid architectures that segment workloads and apply strong pseudonymization techniques, or deploy sovereign models with customer‑managed keys. Each path carries different approval, audit, and continuity implications. Early engagement on data classification—paired with architecture diagrams and control evidence—can materially shorten authorization timelines and reduce rework.” Enforcement and supervisory expectations Enforcement under this framework is robust and signals the seriousness of Kuwait’s commitment to compliance.  CITRA retains wide supervisory powers, including the authority to order the blocking of networks,  require the removal of unlawful content, and enforce confidentiality obligations.  Non‑compliance can result in administrative fines reaching up to one million Kuwaiti dinars for each violation up to applicable statutory or regulatory caps.  In severe cases, authorities may suspend or cancel an operator’s or provider’s authorization and refer breaches involving unauthorized disclosure or interception of communications to criminal prosecution.  Entities may also be required to implement remedial measures following inspection or compensate affected users. CITRA’s supervisory toolkit, combining licensing leverage, inspection rights, and administrative penalties—creates concrete incentives for robust control environments.  Entities that maintain a tested incident response plan calibrated to 24/72‑hour reporting thresholds, document periodic control assessments (including penetration testing where required), and retain traceable audit artifacts typically encounter fewer remedial directives following inspection. Contracting and operational implications The strategic partnerships with Microsoft and Google illustrate how legal compliance now shapes every stage of Kuwait’s cloud and digital Cross‑border collaborations must reconcile innovation with the country’s strong commitment to data sovereignty.  Agreements increasingly address data controller and processor responsibilities, localization and encryption requirements, breach notification obligations aligned with statutory timelines, and provisions ensuring compliance with CITRA’s audit, inspection, and termination requirements. In practice, legal compliance has become a central component of contractual design rather than a post‑signing consideration. “For technology providers and regulated customers, key contractual provisions typically scrutinized in Kuwait include: (i) data residency and classification‑tied processing covenants; (ii) encryption standards and key‑management models (including customer‑managed keys where applicable); (iii) audit, inspection, and logging transparency; (iv) incident notification aligned to statutory thresholds; and (v) exit, portability, and secure deletion mechanics.  Well‑designed clauses should be accompanied by operational runbooks to ensure obligations are practicably deliverable at scale. ” National AI Strategy: trajectory and scope Kuwait’s broader digital economy stands at the intersection of rapid digitalization and rigorous legal oversight.  The country’s dual focus on innovation and accountability distinguishes it within the region and offers a model for the responsible integration of artificial intelligence within critical national infrastructure.  As the legal framework continues to mature, companies that engage early and align their internal processes with these requirements will not only mitigate risk but play a defining role in shaping the next phase of Kuwait’s digital economy. Kuwait’s forthcoming National AI Strategy is expected to provide a policy framework that complements these legal and regulatory developments.  The draft strategy proposes establishing a High‑Level Steering Committee, a cross‑sectoral body bringing together senior representatives from CAIT, CITRA, the National Cybersecurity Center, key ministries, academia, and private‑sector partners.  The committee’s objective is to coordinate national AI initiatives and ensure alignment between regulation, infrastructure, and innovation.  The strategy also proposes AI safety frameworks (including safety brakes for critical infrastructure) and a shared‑responsibility model that defines the respective roles of regulators and technology providers in safeguarding AI systems and data.  Aligned with Vision 2035, the strategy calls for strengthening Kuwait’s data and digital foundations through centralized repositories, standardized governance policies, and cybersecurity baselines, enabling responsible AI deployment across sectors such as healthcare, education, energy, and public safety. “Kuwait’s trajectory places it among the region’s more sovereignty‑forward jurisdictions, prioritizing local control, auditability, and public‑sector modernization. For market entrants, the decisive differentiator will be governance maturity: the ability to evidence compliance‑by‑design in architecture, contracts, and operations. Those that internalize this model will mitigate regulatory risk and gain a competitive edge in public‑sector and critical‑infrastructure procurement.” Conclusion Taken together, these measures signal that Kuwait’s data‑localization and cloud‑compliance regimes are part of a wider national effort to embed trust, accountability, and resilience at the core of its AI‑driven digital transformation.  As Kuwait advances from regulatory enforcement to strategic execution, its ability to align law, policy, and innovation will determine how effectively it leads the next wave of AI governance in the region. Authors: Asad Ahmad, Head of Anti-Trust & Competition Fahad Alzouman, Trainee Lawyer.

On 4  August 2025, the Board of Directors of the Qatar Financial Markets Authority (“QFMA”) issued Decision no. 5 of 2025, issuing the Governance Code of Listed Companies (the “New Code”). The New Code, published in the Official Gazette dated 17 August 2025, came into effect immediately. However, affected companies have one year to make changes necessary to comply with its provisions. With over 50 companies listed on the Qatar Stock Exchange (“QSE”) as of this writing, dozens of prominent Qatari companies may need to consider how to come into compliance before August 2026. Here are some key takeaways from the New Code that QSE-listed companies should consider: As mentioned above, affected companies have one year to make necessary amendments to come into compliance with the New Code. Nevertheless, the New Code is effectiveupon publication, meaning that companies currently applying to convert into a Qatari Public Shareholding Company (“QPSC”) and be listed on the QSE may have to make last minute adjustments in order to comply with the New Code. These adjustments could include: Revising their proposed QPSC Memorandum and Articles of Association Revising Board Charters before they take effect Expanding their proposed Board of Directors Updating the draft Offering Prospectus before publication in order to accurately reflect the governance structure, size and names of Board members, among other information. It would be advisable for companies currently going through the listing application process to check with the QFMA and confirm whether they may proceed with their applications as is. The New Code applies to both Main Market and Venture Market public listed companies. Previous governance codes were limited to one category or the other. (As of this writing there is only 1 company on the Venture Market, but it is expected that this number will increase in the next year or so.) 6.The definition of “Insider” has been expanded to include both Board Committee Members and the spouses and children of Insiders. Higher standards now apply to Independent Board Members, including the following requirements: Relevant education and professional experience Shareholding restrictions also apply to the first degree relatives of the potential Independent Board Member Employment restrictions apply to both the Independent Board Member and his/her first degree relatives Independent Board Members cannot serve more than 2 consecutive terms Instead of a minimum requirement for one-third (1/3) of the Board to be independent, the New Code requires an absolute minimum of 3 Independent Board Members. For smaller boards (with the minimum of 7 members), this would result in a largely independent Board (nearly 50%). For larger boards (e.g. 11 members), this could potentially result in a board that is less than 1/3 independent. More focus has been given to ESG issues, with an obligation on listed companies to consider their impact on the environment and on society, in addition to good governance. The Chairman of the Board of the QFMA may extend the one-year compliance grace period for one or more additional one-year periods. GLA will continue to monitor developments with respect to the 2025 Governance Code and will publish a more detailed summary in the coming weeks. For more information, please feel free to contact Dean Jaloudi, Partner and Head of Qatar Office ([email protected]). Author: Dean Jaloudi, Partner

GLA & Company has successfully secured merger control clearance from the Saudi General Authority for Competition (“GAC”) in Saudi Arabia on behalf of Bajaj Auto International Holdings B.V. (the Buyer) in relation to its acquisition of an additional controlling stake in Pierer Bajaj AG (the Target) from Pierer Industrie AG (the Seller). The EUR 50,600,000 transaction grants the Buyer sole control over the Target, marking a significant milestone in Bajaj Auto’s long-standing partnership with the Pierer Group and in its strategic global expansion. GLA & Co’s Antitrust & Competition team, which was led by Asad Ahmad, Head of Anti-Trust & Competition with the assistance of Associates Khaled Al Khashab and Shahad Al Humaidani, advised the Buyer on all aspects of the Saudi merger control process, including preparing and submitting the economic concentration filing, compiling supporting documentation, and engaging with the GAC throughout the review to secure approval in less than a week from submission of filing fee. The Target, Pierer Bajaj AG, was established from the cooperation between Bajaj Auto Limited (“BAL”) and the Seller’s KTM brand in 2007, with the Target’s sole business being Pierer Mobility AG (PMAG), a holding company for KTM AG. The Buyer, a Netherlands-based wholly owned subsidiary of BAL, is part of one of the world’s leading manufacturers of two- and three-wheeled vehicles, headquartered in Pune, India. The Seller, Pierer Industrie AG, is a globally active industrial investment group with a diverse portfolio in the production and distribution of motorbikes, high-performance vehicle components, electric bicycles, and automotive wiring solutions. GLA & Co’s Antitrust & Competition team is recognized for its deep expertise in advising on complex merger control and competition law matters across the MENA Region. The team regularly supports clients in navigating regulatory frameworks, securing clearances for high-value cross-border transactions, and managing antitrust risks in diverse industries. Combining technical legal knowledge with great working relationships with the regulators, the practice is well-equipped to handle all aspects of competition law—from economic concentration filings to anti-competitive behaviour investigations and ensuring compliance in complex multi-jurisdictional deals. Alex Saleh, Managing Partner at GLA & Co, commented, “We are delighted to have supported Bajaj Auto in obtaining merger clearance from the GAC for this strategic transaction. This matter reflects the growing significance of competition law in cross-border industrial investments and demonstrates our ability to navigate complex regulatory processes in Saudi Arabia with precision and efficiency.” This clearance underscores GLA & Co’s leading position in advising on high-value, cross-border transactions and competition law matters across the MENA Region, cementing the firm’s reputation for delivering practical, business-focused legal solutions. For more information, please contact Alex Saleh, Managing Partner, or Asad Ahmad, Head of Antitrust & Competition.