Available in the UAE‍

Dfns is now officially available in the United Arab Emirates, running as a fully managed SaaS environment inside the AWS Middle East (UAE) Region (me-central-1) across data centers in Dubai and Abu Dhabi. This new regional deployment mirrors the architecture of our European environments while satisfying the strict data residency, cloud outsourcing, and ICT risk requirements imposed by ADGM, VARA, CBUAE, SCA, and FSRA.

Since 2021, Dfns has operated production environments primarily in Frankfurt (eu-central-1) and Paris (eu-west-3). Those regions continue to serve as our European backbone for high availability and multi-AZ redundancy. But for UAE-based banks, PSPs, broker-dealers, and virtual asset service providers, running wallet infrastructure in Europe can introduce friction around data sovereignty, cryptographic boundary control, and regulator expectations. The launch of our UAE environment solves this by keeping operational data, signing workflows, audit logs, and control-plane functions entirely within UAE borders, while preserving the exact same API surface and MPC security model.

Why the United Arab Emirates and what this unlocks

The UAE has rapidly become one of the world’s most structured regulatory environments for financial services and digital assets. ADGM/FSRA and VARA have both published clear expectations on cloud outsourcing, ICT risk management, and data residency. Regulators increasingly expect systemically important financial institutions and VASPs to keep key operational data, and often cryptographic operations, inside the country, trackable and seizable by local authorities.

The opening of AWS me-central-1, with three independent Availability Zones, finally provides the infrastructure needed to meet these requirements without compromising availability or performance. It gives our customers a way to deploy mission-critical wallet infrastructure entirely in-country, with regional failover, redundant networking, and the same high-assurance foundation we use in Europe.

For UAE organizations, this means that Dfns can now be consumed in a way that aligns with:

• data residency requirements around customer information, transaction records, cryptographic operations;
• regulator access and auditability, including logs, controls, and system behavior;
• operational continuity expectations, ensuring that wallet infrastructure remains available across multiple AZs in the UAE;
• outsourcing governance, with clear visibility into infrastructure location, subprocessors, and control boundaries.

Every one of these elements is essential for ADGM-regulated fintechs, FSRA-licensed institutions, and VARA-supervised VASPs.

Architecture of the UAE SaaS environment

The UAE environment follows the same architectural principles as our EU deployments (i.e., multi-AZ active-active services, per-tenant isolation, strong IAM boundaries, and strict control-plane separation) while adapting to local data governance constraints.

All primary data stores (wallet metadata, policy definitions, audit logs, key orchestration state, and configuration) live exclusively inside AWS me-central-1, and the environment operates as a sovereign partition of our platform. We maintain separate AWS accounts, dedicated VPCs, region-specific operational policies, and region-isolated control planes. Logs and telemetry can be kept fully in-region or exported in anonymized form depending on customer requirements.

Our MPC orchestrators, signing nodes, the Policy Engine, and all API gateways run in multi-AZ topologies within the UAE, ensuring that the failure of any one availability zone never leads to service unavailability. The performance profile matches our European deployments, and the platform’s semantics—authentication flows, webhook callbacks, quorum logic, developer SDKs—are identical.

HSMs, TEEs, and composable key infrastructure

Dfns’ Key Orchestration Service (KOS) allows institutions to compose their own cryptographic boundary:

• Some may choose Dfns’ MPC signing nodes as the only trust participants.
• Others may mix Dfns nodes with their own HSMs running inside the UAE region.
• Large financial institutions can enforce quorum rules that require participation from hardware devices they physically own or manage in-country.

Because Dfns is designed for “bring-your-own-HSM” configurations, the UAE deployment becomes not just a cloud region, but a framework for orchestrating keys across multiple trust domains without violating data-location rules. Audit logs include proof of which hardware components participated in each signing operation, giving compliance teams clear artifacts for regulators.

Compliance with ADGM, FSRA, CBUAE, SCA, and VARA

The UAE environment was built specifically to help regulated entities satisfy the cloud outsourcing and ICT risk expectations defined by regional regulators.

ADGM and FSRA emphasize governance over cloud providers, the ability to demonstrate data-location control, clear operational oversight, and the capacity for regulators to inspect systems if needed. Running Dfns inside AWS UAE makes this straightforward: all core services, logs, signing workflows, backups, and internal telemetry can be confined to the UAE region, and audit trails are granular enough to satisfy internal and external reviews.

VARA places strong requirements on VASPs regarding cybersecurity, operational risk, and virtual-asset transaction integrity. The combination of in-country MPC, strict tenant isolation, full auditability, and the ability to pair Dfns with local HSMs or enclaves gives VASPs a fully compliant foundation for operating under Dubai’s digital-asset rulebook.

Together, these regulatory structures benefit from the fact that Dfns provides deterministic signatures, cryptographically sealed logs, fine-grained policy enforcement, and transparent control-plane behavior.

From EU backbone to geo-redundant topologies

Our EU regions, Frankfurt and Paris, remain foundational, but the launch of the UAE environment marks the beginning of a shift toward multi-region composable infrastructure. We are now enabling workflows where customers can choose between:

• a UAE-only topology, fully sovereign and contained;
• an EU+UAE hybrid, where some tenants or business units run in Europe while others run in the UAE;
• or an upcoming active-active geo-redundant configuration, where Dfns operates across regions with coordinated failover and region-aware policy enforcement.

This evolution will make it possible for institutions to map their wallet infrastructure onto their own BCP/DR, data-sovereignty, and operational-risk practices.

Start building on Dfns today: https://app.dfns.io/get-started