Dubai PKI Transitional Conformity Statement

---

1. Purpose

This Dubai PKI Transitional Conformity Statement describes the controlled, phased adoption of the UAE legal framework for Trust Services and applicable ETSI standards within the Dubai PKI operated by the Dubai Electronic Security Center (DESC).

This statement is issued to ensure transparency regarding conformity references during the transition period and to prevent any misinterpretation of assurance levels by subscribers or relying parties.

2. Background

DESC is currently certified against:

• WebTrust for Certification Authorities,
• WebTrust for Network Security, and
• WebTrust for Code Signing,

and operates a hierarchical trust infrastructure consisting of a Root Certification Authority (Root CA) and multiple DESC Subordinate Certification Authorities.

In alignment with the UAE legal framework for Trust Services, DESC has approved a two-phase migration plan to transition its trust infrastructure to the applicable ETSI standards, while maintaining continuity of service, cryptographic trust, and audit assurance.

3. Phased Transition Model

Phase 1 – Root CA Transition

• The Root CA is re-keyed and issued a new Root CA certificate.
• The Root CA Certification Practice Statement (CPS) is updated to reference:
  • UAE legal framework for Trust Services
  • Applicable ETSI EN 319 standards
• This phase applies exclusively to the Root CA.

Phase 2 – DESC Subordinate CA and End-Entity Transition

• Following completion of Phase 1:
  • DESC Subordinate Certification Authorities are re-keyed.
  • DESC Subordinate CA Certificate Policies (CPs), CPSs, and End-Entity certificate profiles are updated to reference the UAE legal framework for Trust Services and applicable ETSI standards.
• Upon completion of Phase 2, the Dubai PKI hierarchy will operate fully under the UAE legal framework for Trust Services and applicable ETSI standards.

4. Transition Period Scope and Limitations

During the transition period between Phase 1 and Phase 2:

• The Root CA operates under a CPS aligned with the UAE legal framework for Trust Services and applicable ETSI standards.
• DESC Subordinate Certification Authorities continue to operate strictly under their existing, approved CP/CPS documents, which reference:
  • WebTrust for Certification Authorities,
  • WebTrust for Network Security,
  • WebTrust for Code Signing, and
  • CA/Browser Forum Baseline Requirements, where applicable.
• No end-entity certificates claiming conformity with the UAE legal framework for Trust Services or applicable ETSI standards are issued during this period.
• No assurance claims beyond those defined in the applicable DESC Subordinate CA CP/CPS are made to subscribers or relying parties.

5. Document Lifecycle

This Transition & Conformity Statement applies solely during the transitional period between the completion of the Root CA re-keying (Phase 1) and the publication of the updated Certificate Policies and Certification Practice Statements for the DESC Subordinate Certification Authorities following their re-keying (Phase 2).

Upon completion of Phase 2, this statement will be withdrawn from the public repository, and the Dubai PKI will operate exclusively under the UAE legal framework for Trust Services and applicable ETSI standards.

6. Conclusion

This phased transition approach ensures regulatory alignment, audit transparency, and service continuity while avoiding any misrepresentation of trust levels. Upon completion of Phase 2, all PKI components operated by DESC within the Dubai PKI will conform to the UAE legal framework for Trust Services and applicable ETSI standards.

7. Change History

Version	Date	Description
1.0	16 january 2026	Initial publication of Dubai PKI Transitional Conformity Statement.