Motor claims compliance under Federal Decree-Law No. 6 of 2025

A practical guide for motor insurers and third-party administrators navigating the consolidated regulatory framework

Axxion Claims Settlement Services L.L.C. · Updated 31 May 2026 · v1.3

1. Executive summary

The UAE's insurance regulatory framework changed fundamentally on 16 September 2025. For motor claims operations, the implications are structural, the timeline is short, and the compliance perimeter is wider than a first reading of the law suggests.

THE THREE THINGS TO KNOW

One law replaces two. Federal Decree-Law No. (6) of 2025 consolidates the Central Bank law (14/2018) and the Insurance Law (48/2023) into a single 188-article framework under the CBUAE.¹
Three instruments operate together. Law 6/2025 sits alongside the CBUAE Consumer Protection Regulation⁵ and the UAE Personal Data Protection Law (FDL 45/2021)⁶. The CBUAE examines all three in the same supervisory review.⁷
September 2026 closes the window. Article 184 grants a one-year reconciliation period; Article 168 sanctions and Article 170 criminal penalties apply from entry into force, not from the end of the transition.¹

This paper maps ten operational areas where motor claims compliance is most likely to be tested:

Audit trail integrity
Role segregation
Decision provenance
Structured data reporting
Statutory claims timelines
Customer protection and fair treatment
Complaint resolution
Outsourcing governance and TPA accountability
Personal data and automated decisioning
Fraud prevention

The intended audience for this whitepaper is motor insurance leadership, claims directors, compliance officers, and operations managers responsible for ensuring that claims handling meets CBUAE standards before the transition window closes.

2. The regulatory shift

Law 6/2025 did three things to the regulatory architecture:

Repealed both predecessor laws. Article 185 explicitly repeals Law 14/2018 (Central Bank) and Law 48/2023 (Insurance Activities). One framework, one enforcement toolkit.¹
Brought the full insurance value chain inside the perimeter. Article 60 prohibits any Licensed Financial Activity without a license. Article 61(1)(j) lists insurance as a Licensed Financial Activity. Article 1 includes Insurance-Related Professions (third-party administrators, loss adjusters, actuaries, brokers) within the scope.¹
Raised the evidence standard. Article 122 requires periodic information submissions. Articles 90 and 91 impose data and disclosure obligations on Insurance-Related Professions. Article 133 grants the CBUAE examination powers extending to any person suspected of conducting Licensed Financial Activities. The model is demonstrate-compliance-through-documentation, not assert-compliance-through-policy-statements.¹

Existing regulations issued under the predecessor laws stay in force under Article 183 until the CBUAE replaces them. Circular 24/2022 on claims settlement timeframes continues to apply during the transition.^1,2

Three instruments operating simultaneously

Law 6/2025 is one of three instruments motor claims operations must satisfy together:⁷

Federal Decree-Law No. 6 of 2025	CBUAE Consumer Protection Regulation	UAE PDPL (FDL 45/2021)
Claims handling timelines	Fair treatment standards (TCF)	Lawful basis for processing
Audit trail and decision provenance	Vulnerable customer obligations	Data minimization
Governance and accountability	Complaints handling standards	Data subject rights
Penalty framework (Article 168)	Remediation authority	Automated decisioning rules

COMPLIANCE HIERARCHY No instrument supersedes the others. All three must be satisfied at the same time. A breach of one does not mitigate or excuse a breach of another. A claim that breaches a Law 6/2025 timeline may simultaneously breach the Consumer Protection Regulation if the policyholder is treated unfairly, and the PDPL if data has been retained or processed without lawful basis.

3. Ten requirements that define motor claims compliance

The expanded framework integrates three new requirements alongside the original seven. The originals are retained without dilution.

#	Requirement	Legal basis	Evidence expected
1	Audit trail integrity	Law 6/2025, Art. 130; Art. 122¹	Timestamped, immutable records of every claims decision. Contemporaneous reasoning, not retrospective justification. No manual overrides bypassing the audit trail.
2	Role segregation	Law 6/2025, Art. 130¹	Separation between assessment, repair authorization, and payment approval. No single individual controlling end-to-end settlement.
3	Decision provenance	Law 6/2025, Art. 130; Arts. 90-91¹	Every estimate, total loss determination, and settlement traceable to source data. Reasoned rejections that cite the specific exclusion, the evidence, and the policyholder's rights.⁷
4	Structured data reporting	Law 6/2025, Art. 122; Arts. 90-91¹	Claims data in structured, machine-readable formats. Regulatory returns on schedule.
5	Statutory claims timelines	Law 6/2025 implementing standards under Art. 130; Circular 24/2022^1,2; Al Tamimi⁷	Each lifecycle stage separately tracked, separately enforced, separately evidenced. Acknowledgement, loss adjuster appointment, decision, and payment as independent clocks. Status updates at the prescribed cadence. Extensions formally notified to the CBUAE.
6	Customer protection and fair treatment	CBUAE Consumer Protection Regulation⁵; Law 6/2025 Art. 148¹	TCF outcomes data and management information. Vulnerability identified at FNOL with adjusted communication, timelines, and support. Plain-language repudiation letters. Fair treatment evidenced across the lifecycle, not only at point of sale.
7	Complaint resolution	Law 6/2025 Art. 148; CPR⁵; Sanadak⁴	Designated complaints function. Public policy. Root-cause analysis. Board-level MI on systemic issues. Sanadak integration.
8	Outsourcing governance and TPA accountability	Law 6/2025, Art. 130; Art. 142(3)¹; Al Tamimi⁷	Written agreements with networks, loss adjusters, and TPAs. Right to audit and retrieve records as if the insurer's own, surviving termination. The insurer retains regulatory accountability; TPA delays are insurer regulatory exposure.
9	Personal data and automated decisioning	UAE PDPL (FDL 45/2021)⁶; Al Tamimi⁷	Lawful basis pre-processing. Data minimization. Right of access (SAR) workflow. Retention schedules. Automated decisioning disclosed, explainable, subject to human review. Vendor AI logic documented; "proprietary algorithm" is not a defense.⁷
10	Fraud prevention	Law 6/2025 Art. 149; Art. 130¹	Documented framework. Detection embedded in workflow, not layered on after settlement. Suspicious activity reporting in place.

The ten are not independent. Audit trails support fraud detection and decision provenance. Role segregation strengthens both. Statutory timelines depend on the audit trail. Customer protection evidence draws on the same logs. PDPL alignment runs through every stage. An operation that designs them as an integrated system finds they reinforce each other; one that treats them as isolated checkboxes finds the gaps between them.

4. Statutory claims timelines: the end of aspirational SLAs

Under the predecessor framework, claims timelines were a mix of regulatory guidance, soft circulars, and commercially negotiated SLAs. Under Law 6/2025 and its implementing standards, claims timelines are statutory obligations with enforceable, per-incident or per-day penalties.^1,7

Three rules that change everything

Each stage is separately clocked. A late acknowledgement is a breach even if the final decision is on time. A decision issued on the deadline but paid late is a second, independent breach.⁷
The clock cannot be paused with rolling documentation requests. A single complete documentation list at the start is permitted; iterative top-up requests that pause the clock are not. Front-loaded documentation discipline is required per claim type.⁷
TPA delays are insurer regulatory liability. Article 142(3) extends the CBUAE's early intervention powers to Insurance-Related Professions. The licensee retains accountability for outsourced functions regardless of who caused the delay.^1,7

Al Tamimi & Company's reading of Law 6/2025 and the Consumer Protection Regulation sets out the following stage sequence and indicative durations:⁷

Stage	Indicative duration
Acknowledgement of the claim	1 to 5 working days from notification
Appointment of a loss adjuster (where required)	Within 1 to 7 working days
Decision on the claim	Within 30 working days from the date the documentation list is satisfied
Payment after the decision	7 to 15 working days
Status updates to the policyholder	Every 15 days throughout the lifecycle
Aggregate handling of a standard claim	Approximately 45 to 60 working days

Complex or large-loss claims may follow extended timelines, but only where the extension is formally notified to the CBUAE with reasons.⁷ These durations derive from Al Tamimi's interpretation of the implementing standards under Article 130 of Law 6/2025 rather than from the text of the law itself; insurers should treat them as the working framework for stage-clock design.

5. The expanded perimeter: customer protection, data, and AI

Three additional perimeters sit alongside Law 6/2025's governance dimension and are examined in the same supervisory review.

5.1 Customer protection: conduct risk is now enforceable

The CBUAE Consumer Protection Regulation establishes Treating Customers Fairly (TCF) as an outcomes-based standard.⁵ Insurers must demonstrate, through outcomes data, that policyholders are treated fairly throughout the claim lifecycle.

Four obligations apply:

Vulnerability identification at FNOL. Communication, timelines, and support adjusted accordingly. Most UAE motor insurers do not yet operate a formal vulnerability framework, which is a structural gap.⁷
Plain-language communication. Repudiation letters cannot rely on exclusions buried in fine print. Clear, specific, evidence-linked, rights-informing.⁷
Complaints function with board MI. Designated owner, public policy, root-cause coding, monthly board-level reporting on systemic issues.^5,7
Remediation authority. Where the CBUAE identifies systemic claims-handling failings across a book, it can require redress payments to affected policyholders. The most financially significant enforcement tool short of license action.^5,7

5.2 Personal data: claims is a high-risk processing function

A single motor claim may involve medical records, financial data, biometric information, third-party personal data, and location and behavioral data. All within scope of the UAE PDPL.⁶

PDPL obligation	Claims implication
Lawful basis	Identified before processing begins, not retrofitted. Contractual necessity covers the policy; legitimate interests cover proportionate fraud detection.^6,7
Data minimization	Documentation lists at FNOL calibrated to claim type, not maximalist. Broad consent forms do not override the proportionality test.⁶
Right of access (SAR)	Declined claimants can request all internal records: adjuster reports, assessor notes, fraud flags, internal communications. Operate handler discipline accordingly.^6,7
Retention and deletion	Insurance records retained for the regulatory minimum (10 years from the date of last transaction under the CBUAE Insurance Brokers' Regulation 2024⁸) and deleted at the boundary. Indefinite retention is a live exposure.^6,7
Automated decisioning	AI-assisted decisions disclosed to the policyholder, explainable to a regulator, subject to human review on request.^6,7

5.3 AI and algorithmic tools: the explainability standard

AI-assisted decisions are subject to the same audit trail and decision provenance standards as any other claims decision.^1,7

EXPLAINABILITY STANDARD The logic of any AI tool that contributes to a claims decision must be documentable and explainable at a level a CBUAE examiner will accept. "Proprietary algorithm" is not a regulatory defense. Vendor contracts must include explainability warranties and cooperation clauses for regulatory examination.⁷

For each production model, a CBUAE examiner would expect documentation covering:

Training data scope and provenance
Decision logic at a level a regulator can interpret
Human-in-the-loop rules
Override frequency and rationale
Drift monitoring

AI as decision support is acceptable. AI as autonomous decision-maker on consequential claims actions is not. No algorithm should approve a payment, authorize a repair, or close a claim without a named human accountable for the decision.⁷

6. Where motor claims operations typically fall short

Most motor claims operations were built to process claims, not to produce regulatory evidence. The gap is architectural.

Area	Common gap
Audit trails	Outcomes recorded, decision pathway not. The integrated reading raises the bar to contemporaneous reasoning at the time of decision, not retrospective justification.⁷
Role segregation	A single handler typically assesses damage, selects the workshop, approves the estimate, and authorizes payment. Operationally efficient, structurally exposed.
Data format	PDF inspection reports, email approvals, scanned handwritten estimates. Unstructured data the regulator cannot efficiently analyze.
Statutory timelines	Operations that report on average cycle times typically cannot evidence stage-by-stage compliance.⁷
Customer protection	No formal vulnerability framework. Repudiation letters inherited from earlier regimes, not audited against the reasoned-rejection standard.^5,7
Personal data	Indefinite retention is widespread. Right of access (SAR) workflows are informal or absent.^6,7
AI documentation	Production AI tools deployed without explainability packs. Vendor contracts rarely include explainability warranties.⁷
Complaint handling	Informal handling through email and phone. Difficult to evidence timely response when complaints reach the 15-day Sanadak escalation boundary.⁴

7. Requirement by requirement

7.1 Audit trail integrity

Article 130 of Law 6/2025 requires every Licensed Financial Institution to maintain a governance framework, with internal controls that withstand regulatory examination.¹ For motor claims, every assessment, authorization, and payment decision must be recorded with enough detail to reconstruct the reasoning afterwards.

Old standard	New standard
Outcome noted on the file	Contemporaneous reasoning for every decision point
Reference to a broad policy exclusion	Specific, evidence-linked reasoning
Retrospective justification	Reasoning must exist at the time the decision is made
TPA records held separately	Insurer must retrieve TPA records as if its own

The fourth row carries weight for outsourcing arrangements: contracts with third-party administrators must provide the insurer with audit and retrieval rights surviving contract termination. The CBUAE's examination powers under Article 133 do not stop at the insurer's data perimeter.^1,7

7.2 Role segregation

Three motor claims functions must be segregated: damage assessment, repair authorization, and payment approval. The segregation must be:

Documented in the approval hierarchy
System-enforced, not policy-based alone
Visible in the audit trail at every decision

Where a single claims handler controls the full cycle from assessment through payment, the operation has no structural check against inflated estimates, unnecessary repairs, or preferred-garage steering. These are the patterns Article 149 fraud controls and Article 130 governance are designed to prevent.

7.3 Decision provenance

Every claims decision carries a number; every number should trace back to a verifiable source. The integrated reading adds three operational requirements at the decision stage:

Reasoned rejection. A repudiation letter must specify the exclusion relied upon, the evidence applying it to the specific claim, and the policyholder's rights including the path to Sanadak. Reference to a broad exclusion is no longer sufficient.^5,7
Partial settlement. Where a claim has both undisputed and disputed components, the undisputed portion must be paid within the standard window. The full claim cannot be held open over a quantum dispute on a single line item.⁷
Payment as a separate clock. A decision issued within the deadline but paid late is a second, independent breach.⁷

For motor claims, decision provenance depends on reference data quality. An operation that benchmarks against a verified parts pricing database and documented labor rate schedule can demonstrate provenance; one relying on individual assessor judgment cannot.

7.4 Structured data reporting

Article 122 requires periodic information submissions. Articles 90-91 impose data and disclosure requirements on Insurance-Related Professions.¹ Data must be captured in structured, machine-readable formats from point of entry, not converted afterwards for regulatory submission.

Circular 24/2022 specifies claims settlement timeframes that insurers must report against, requiring claims data timestamped at each lifecycle stage: notification received, inspection completed, estimate approved, repair authorized, payment released.²

7.5 Statutory claims timelines

Stage clocks (Section 4) apply at stage level and require evidence at each stage.^1,7 The operational requirement:

Each stage clock configured as a regulatory SLA distinct from any commercial SLA
Tracked per claim, surfaced on dashboards, reported in management information
FNOL design that issues a single complete documentation list per claim type. Subsequent requests are exception events that trigger named-supervisor review and an audit-trail entry
Complex and large-loss claims notified to the CBUAE with reasons before extended timelines apply⁷

7.6 Customer protection and fair treatment

The Consumer Protection Regulation operates as a parallel framework to Law 6/2025.⁵ Four operational components:

Vulnerability identification at FNOL with intake mechanism, optional automated indicator detection, mandatory human review at the flag point^5,7
Plain-language communications across all policyholder touchpoints, not only repudiation letters⁵
Complaints handling with designated owner, public policy, root-cause coding, board-level MI on systemic issues⁵
Remediation cooperation in outsourcing arrangements, with cost allocation defined upfront for CBUAE-mandated redress^5,7

7.7 Complaint resolution

Article 148 establishes a customer complaint resolution framework. Article 148(9) provides for potential expansion to Insurance-Related Professions.¹ The CBUAE's Sanadak platform operationalizes the framework for insurance complaints.

Sanadak's 15-calendar-day rule is an eligibility criterion, not a resolution deadline imposed on the insurer.⁴ Once 15 days pass without resolution, the complaint enters CBUAE's formal process and the regulator's documentation, response quality, and resolution timeline expectations apply directly.

Compliant complaint handling requires:

Documented internal process with defined response timelines
System that timestamps each stage (receipt, acknowledgment, investigation, resolution)
Sanadak integration so escalated complaints are received and responded to within the CBUAE's process framework

7.8 Outsourcing governance and TPA accountability

Motor claims operations depend on external parties: repair workshops, towing companies, surveyors, third-party administrators, and parts suppliers. The insurer retains regulatory accountability for outsourced functions regardless of who performs the work.¹

Article 142(3) extends the CBUAE's early intervention powers to Insurance-Related Professions. The integrated reading: the regulatory perimeter does not stop at the insurer's institutional boundary; it follows the function.^1,7

Outsourcing agreements need:

Statutory SLA flow-down at stage level (not only commercial SLAs)
Audit and retrieval rights surviving contract termination
Penalty pass-through for CBUAE penalties attributable to the outsourced function
PDPL-grade data processing agreement
Remediation cooperation in the event the CBUAE invokes its authority across the book⁷

Loss adjusting is classified as an Insurance-Related Profession under Article 61(j) of Law 6/2025 and falls within the same governance perimeter as the insurer.¹

7.9 Personal data and automated decisioning

Motor claims processing engages the UAE PDPL at every stage.⁶ Five operational components define a compliant position:

Lawful basis register maintained as part of the data processing infrastructure, not as a separate compliance document
Calibrated documentation lists at FNOL, aligned to claim type rather than to a maximalist template
Right of access (SAR) fulfillment workflow producing a complete dataset including adjuster reports, assessor notes, fraud flags, and internal communications attached to the claim
Retention and deletion per the regulatory schedule, with deletion at the boundary
Automated decisioning disclosure with policyholder-facing notice, regulator-grade explainability, and a path to human review^6,7

7.10 Fraud prevention

Article 149 addresses fraud prevention directly; Article 130 requires a governance framework whose internal controls address fraud risk.¹ Fraud prevention operates at three levels:

Transaction level. Automated checks flag anomalies: repeat claims, repair costs exceeding benchmarks, garage or geographic clustering
Process level. Role segregation (7.2) and decision provenance (7.3) create structural barriers to manipulation
Governance level. Documented framework defines detection criteria, investigation procedures, and reporting obligations

Fraud prevention is a by-product of operational design, not a bolt-on. An operation with strong audit trails, segregated roles, verified reference data, and structured reporting detects fraud as a natural consequence of its workflow.

8. The structural insight

THE ARGUMENT IN ONE PARAGRAPH
The ten requirements form an integrated compliance architecture where each element strengthens the others. Audit trails make fraud detection possible. Role segregation removes single points of failure. Decision provenance creates the evidence base for structured reporting. Statutory timelines depend on the same timestamped, documented process. Customer protection and complaint resolution share evidence with the rest. PDPL alignment runs through every stage. AI explainability extends decision provenance into the algorithmic layer. Outsourcing governance extends the same standards to external parties. Fraud prevention emerges from the interaction of all of the above.

An operation that bolts compliance onto an existing process (adding audit logging here and segregation controls there) produces a fragile result that is expensive to maintain. One that designs compliance into the operational architecture from the start finds each requirement reinforces the others, reducing the marginal cost of every additional layer.

The CBUAE's consolidated approach reflects this logic. By placing insurance within the same regulatory framework as banking and integrating conduct and data dimensions into the same supervisory review, the law signals an expectation that insurance operations will meet the same governance, reporting, and accountability standards as the rest of the financial sector. The transition period under Article 184 provides the window. The enforcement toolkit in Article 168, paired with the remediation authority under the Consumer Protection Regulation, provides the incentive.

The architecture described in the next section can be built within an insurer's internal claims function or accessed through a specialist provider. The structural logic holds either way; the choice between internal build and external partnership turns on capability, capacity, and time-to-readiness against the September 2026 horizon, not on which path the regulation prefers.

9. Practical compliance architecture

A compliant motor claims operation is built so that compliance evidence is generated as a by-product of normal operations. Five layers, each depending on the one below:

Layer	Function
1. Foundation	Claims management system that enforces role-based access, generates immutable audit logs, and captures structured data at every decision point
2. Reference data	Standardized parts pricing, labor rate schedules, vehicle valuation databases: the benchmarks against which claims decisions are measured
3. Process governance	Defined workflows with approval hierarchies, segregation controls, statutory stage clocks, and exception handling
4. Conduct and data	Vulnerability identification, plain-language templates, complaints handling with root-cause coding, lawful basis register, retention and deletion processes, AI explainability documentation
5. Reporting and analytics	Automated extraction of regulatory returns, performance dashboards, anomaly detection

IMPLEMENTATION SEQUENCE Fix the audit trail first. Then enforce segregation and stage clocks. Then standardize reference data. Then build the conduct and data layer. Then build reporting on top of a clean foundation. Operations that start with reporting before fixing the underlying data capture produce reports that look compliant but cannot withstand examination.

10. Timeline and priorities

Law 6/2025 took effect on 16 September 2025. The Article 184 reconciliation window closes approximately September 2026.¹ Existing regulations under the predecessor laws stay in force under Article 183 until replaced. The Consumer Protection Regulation and the PDPL operate from their own effective dates, separate from the Law 6/2025 transition clause.^5,6

Priority sequence for the transition period:

Audit trail and data infrastructure. Foundational, longest to implement correctly. Start here.
Statutory stage clocks. Configured in parallel, drawing on the same data infrastructure.
Governance structures. Role segregation, approval hierarchies, outsourcing agreements formalized alongside.
Conduct and data layer. Vulnerability framework, complaints handling, retention schedules, AI explainability.
Sanadak integration. Verified, gaps closed.
Fraud prevention framework. Documented, drawing on the operational controls established above.
Regulatory reporting. Built on the structured data foundation; the last layer, not the first.

WHY THE TRANSITION PERIOD IS NOT A DEFERRAL PERIOD

Article 168 sanctions apply from entry into force, not from the end of the transition. Up to AED 1 billion on Licensed Financial Institutions, AED 5 million on Authorized Individuals.¹
Article 170 criminal penalties for conducting Licensed Financial Activities without authorization apply from entry into force. AED 50,000 to AED 500 million.¹
Remediation authority under the CPR operates separately and can require restitution payments across an insurer's book.⁵

The transition period is for reconciliation, not for deferral.

11. What compliance looks like in practice

A CBUAE-compliant motor claims operation, in daily practice, looks structurally different from a conventional one. The differences are visible at every stage of the lifecycle.

Stage	What the compliant operation does
FNOL	System assigns identifier, timestamps receipt, screens vulnerability indicators, routes through triage workflow. The complete documentation list is issued as a single set, calibrated to claim type. The decision clock starts only when the documentation set is satisfied.
Assessment	The handler who assesses damage is not the handler who authorizes repair, who is not the approver of payment. AI tools (where used) record output alongside the human decision; override rationale is logged when the human disagrees with the model.
Estimate review	Workshop estimates benchmarked against standardized reference data. Deviations above the threshold trigger review. Authorization is logged with identity, timestamp, and basis.
Settlement	Where claims have undisputed and disputed components, the undisputed portion is paid within the standard window. Disputed portion held separately with rights notification. Repudiation, where required, follows a reasoned-rejection template.
Communication	Status updates run on the prescribed cadence throughout the lifecycle. All policyholder communication in plain language.
Complaint	Documented handling process, timestamped at each stage, root-cause coded. If unresolved at the 15-day Sanadak boundary, escalated with a complete record. Systemic patterns surfaced in monthly board MI.
Right of access (SAR)	Complete dataset produced within statutory timeline: adjuster reports, assessor notes, fraud flags, internal communications, AI tool outputs.
CBUAE examination	Required data produced in structured format without a scramble. The evidence exists because the process generates it continuously.

None of this requires exotic technology. It requires an operational architecture designed with compliance as a structural property rather than an afterthought.

References

[1] Federal Decree-Law No. (6) of 2025 Regarding the Central Bank, Regulation of Financial Institutions and Activities, and Insurance Business. Issued 8 September 2025, effective 16 September 2025. Key provisions referenced: Article 1 (definitions, Insurance-Related Professions), Articles 60-61 (licensing), Articles 63-73 (licensing framework), Articles 90-91 (provision of data and information; disclosure and transparency, both applying to Insurance-Related Professions), Article 120 (supervisory authority), Article 122 (providing the Central Bank with information and reports), Article 130 (governance of Licensed Financial Institutions), Article 131 (Rulebook), Article 133 (examination powers), Article 142 (early intervention, including 142(3) for Insurance-Related Professions), Article 148 (protection of customers), Article 149 (fraud prevention), Article 168 (sanctions), Article 170 (criminal penalties), Articles 183-185 (transitional and repeal provisions). Anti-money-laundering and counter-terrorist-financing obligations sit outside this law, under Federal Decree-Law No. 20 of 2018 (as amended) and its implementing decisions.

[2] CBUAE Circular 24/2022 on claims settlement timeframes. Remains in force under Article 183 of Law 6/2025 until replaced.

[3] CBUAE Rulebook, published under Article 131 of Law 6/2025. Available at rulebook.centralbank.ae.

[4] CBUAE Sanadak complaint management platform. The 15-calendar-day period is the eligibility criterion for escalation from insurer-level handling to CBUAE oversight.

[5] CBUAE Consumer Protection Regulation (Circular No. 8 of 2020) and accompanying Consumer Protection Standards, in force under Article 183 of Law 6/2025 until replaced. Provisions backing the obligations cited in this paper: Article 4 (disclosure and transparency), Article 5 (institutional oversight and responsible business conduct, including vulnerable-consumer treatment), and Article 8 (complaint management and resolution). The vulnerable-consumer and remediation detail sits in the accompanying Consumer Protection Standards.

[6] Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL). Governs lawful basis for processing, data subject rights, retention, cross-border transfers, and automated decisioning.

[7] Al Tamimi & Company, "The Real Impact of Federal Decree Law No. 6 of 2025 on Insurance Claims Operations." Presentation by Anand Singh, Legal Director (2026). Cited for the integrated three-instrument framing, the stage sequence and indicative stage-clock durations, the single-documentation-request rule, the audit-trail standard comparison, the TPA accountability doctrine, and the AI explainability standard. These reflect Al Tamimi's interpretation of the implementing standards under Article 130 of Law 6/2025.

[8] CBUAE Insurance Brokers' Regulation 2024. 10-year retention requirement for insurance records.

About Axxion

Axxion Claims Settlement Services L.L.C. is the UAE's first dedicated motor third-party administrator. From Dubai, Axxion manages the full motor claims lifecycle for insurance partners: first notification of loss, surveying, repair coordination, quality control, recovery, and settlement. The company serves UAE insurers across both large and small-to-medium carriers and is preparing to extend into Saudi Arabia and the wider GCC.

Compliance by design. Axxion was built to operate inside a tightening regulatory environment. The Central Bank of the UAE absorbed insurance regulation in 2020 and consolidated the framework under Federal Decree-Law No. 6 of 2025, which brings TPAs and loss adjusters explicitly inside the CBUAE perimeter. Every claim Axxion handles passes through formal compliance gates covering UAE PDPL data protection, policyholder-consent requirements, settlement-authority bands, sanctions screening, and audit-trail completeness. Compliance is not an overlay; it is the operating substrate.

The Axxion Intelligent Operating System (AIOS). The Claims OS that Axxion presents to insurer partners runs on the AIOS, a unified operating layer orchestrating a seven-stage claims pipeline across surveying, estimation, repair coordination, quality control, recovery, settlement, and reporting. The AIOS integrates human operators with structured AI-assisted decision points at every stage. Insurers receive cleaner data, faster cycle times, lower per-claim cost, and a complete audit trail, without giving up control over their portfolio.

Axxion is led by Managing Director and Co-Founder Frederik Bisbjerg. Frederik has spent over two decades in international insurance in operating and transformation roles, with a particular focus on motor claims, distribution, and AI-enabled insurance models. He has been a public voice on insurance modernization in the GCC and writes regularly on the operational shifts reshaping motor underwriting. Axxion is the operating expression of his thesis: that disciplined claims operations, built on AI-enabled but human-led decisioning, will define the next decade of competitive advantage in motor insurance.

More information:

Managing Director and Co-Founder Frederik Bisbjerg | f@axxion.co | www.axxion.co

This document is produced by Axxion Claims Settlement Services L.L.C., a Dubai-based motor claims third-party administrator. The analysis covers regulatory developments that affect both insurer in-house claims operations and outsourced TPA arrangements; readers should note the publisher's perspective when weighing the operational recommendations. The regulatory analysis itself rests on cited primary and secondary sources.

This document is for informational purposes. It does not constitute legal advice, regulatory guidance, or a substitute for professional compliance assessment. The analysis is based on the text of Federal Decree-Law No. (6) of 2025, the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021), publicly available CBUAE regulatory materials including the Consumer Protection Regulation, and third-party legal commentary from Al Tamimi & Company. Organizations should consult qualified legal and compliance professionals for advice specific to their circumstances.

Regulatory requirements may change as the CBUAE issues new regulations, decisions, and guidelines under the consolidated framework. Article citations were confirmed against the CBUAE Rulebook (rulebook.centralbank.ae) in May 2026.