Navigating Video Surveillance Standards in the Middle East: Obligations for Consultants, Integrators, and Technology Vendors

Tertius Wolfaardt, Architecture & Engineering Program Manager for MEA at Axis Communications, explores the importance and impact of video surveillance standards across the Middle East, and why they differ so significantly from those in the rest of the world.

Setting the Scene: Why Standards Matter

Across the Middle East, video surveillance has long been the invisible safety net behind the region’s reputation for low crime and strong public confidence.

With rapid urban growth, mega-events, and the expansion of critical infrastructure, the need for consistent, compliant, and interoperable security systems has never been greater.

In the UAE, two primary authorities lead the way:

·         SIRA – Security Industry Regulatory Agency (Dubai)

·         ADMCC – Abu Dhabi Monitoring & Control Centre

Other Gulf states, including Saudi Arabia’s MOI & HCIS framework, Qatar’s Ministry of Interior regulations, and emerging guidance in Kuwait and Bahrain, follow a similar approach: defining minimum technical requirements for cameras, storage, analytics, and data-sharing protocols according to the risk profile of the environment (for example, shopping malls, hospitality, commercial high-rises, and critical utilities).

It’s worth noting that the way “critical infrastructure” is classified in the Middle East often differs from Europe. For example, the UAE’s federal Critical Information Infrastructure Protection (CIIP) policy and Dubai’s DESC regulations extend “critical” status beyond traditional sectors such as energy and transport to include areas like tourism, real estate, ICT, and certain commercial properties, sectors not typically treated as critical under European frameworks.

This distinction means that organisations accustomed to European or US standards cannot assume a like-for-like approach in the Gulf; each project must be assessed against the local critical-sector definitions and compliance codes.

These frameworks help standardise baseline performance, protect public safety, and guide investment, ensuring that surveillance systems are built to meet operational needs while maintaining public trust.

Understanding the Standards - and Their Scope

A common misconception is that all cameras installed in the UAE must be SIRA-approved.

In reality, SIRA and ADMCC mandate compliance only for certain categories of premises, typically publicly accessible spaces, high-risk environments, or facilities defined as critical infrastructure such as shopping malls, airports, hotels, public venues, schools, and oil & gas sites.

For restricted operational spaces – such as private corporate offices or the white-space inside a data centre – system owners often have more flexibility in equipment choice. This distinction is crucial for consultants and integrators to factor into both cost and specification decisions.

That said, many corporate and industrial operators voluntarily exceed the minimum standard to align with internal risk policies or international audit frameworks.

What “SIRA-approved” Really Means

·         Approval confirms that the device or solution meets prescribed technical standards for resolution, coverage, retention, and integration with the central authority’s platform.

·         Approval does not mean the police or government have unrestricted live access to private surveillance feeds. Lawful access can be granted under investigation or emergency response, but there is no default “open-door” connection – an important reassurance for businesses handling sensitive data or IP.

It’s worth mentioning Dubai Police’s advanced citywide initiative, “Oyoon”, which securely integrates selected, approved surveillance feeds from designated public and high-risk sites to improve incident response and situational awareness.

Key points about Oyoon:

·         Purpose-built for public safety: designed to enhance crime prevention, traffic monitoring, and emergency response.

·         Controlled and conditional access: not a blanket surveillance dragnet; only registered, approved cameras can be connected, and access is regulated by clear policy and legal oversight.

·         No routine live monitoring of private businesses: feeds remain under the control of the premises owner/operator unless a lawful investigation or emergency warrants authorised access.

·         Auditable and secure: encryption, logging, and role-based permissions are in place to ensure only authorised personnel can access footage.

These initiatives reflect the evolution of smart-city security platforms – designed to enhance public safety, streamline incident response, and deliver a better experience for residents, businesses, and visitors. By integrating authorised systems under clear regulation and strong privacy safeguards, they enable faster investigations, quicker emergency support, and safer communities without compromising individual privacy.

Why Compliance Matters - Beyond Technology

In several Middle Eastern jurisdictions, a compliant video-surveillance system is tied directly to the operating licence of a premises.

If the system is non-compliant, the site may not receive the authority’s completion certificate, and cannot open its doors to the public or begin trading.

This makes compliance a commercial necessity, not a technical afterthought.

Further benefits include:

·         Regulatory certainty: clear benchmarks reduce ambiguity in tenders and designs.

·         Operational credibility: approved systems are tested for reliability, retention and, increasingly, for baseline cybersecurity.

·         Public confidence: compliant coverage means that incidents can be investigated quickly, deterring opportunistic crime by reducing the belief offenders can “get away with it.”

·         Risk of penalties: non-compliance can result in delays to opening, mandatory remedial works, fines, or even suspension of the business licence.

Who Bears the Cost of Non-Compliance?

Responsibility typically falls where the failure occurred:

·         Design errors - borne by the consultant who stamped the specification.

·         Installation/commissioning defects - borne by the system integrator responsible for delivery.

·         Equipment failing certification - the vendor or supplier may be liable for replacement and any resulting project delay.

Clear contracts and early engagement with the authorities are essential to avoid costly disputes and project overruns.

Obligations for Stakeholders

Consultants - Compliance starts on the drawing board

·         Mandatory design to standard: all drawings, device schedules, retention calculations, and placement grids must align with SIRA/ADMCC technical codes.

·         Stamping & approval: final designs must be reviewed, stamped, and signed by a SIRA-approved consultant before they can be issued for tender or construction.

·         Third-party endorsement: if the lead design consultant is not SIRA-licensed, a certified consultant must be engaged to validate and stamp the package.

·         Change-control discipline: any variation from the stamped design must be documented, justified, and re-approved by the relevant authority before work proceeds.

System Integrators - Delivery must mirror the approved design

·         Licensed labour: all installation and commissioning must be performed by teams registered and licensed by SIRA/ADMCC.

·         Compliance-driven commissioning: systems must be installed, configured, and tested strictly in line with the stamped design and regulations, including field-of-view validation, storage retention, fail-over and network-security settings.

·         Witness testing & hand-over: the completed system must be witness-tested by the authority or its delegate. Formal sign-off is required before the site can obtain its operational approval or trade licence.

Technology Vendors - Supplying approved, life-cycle-compliant products

·         Certified product portfolio: cameras, NVRs/VMS, analytics or any connected hardware must be formally tested and approved by the relevant authority before specification in regulated projects.

·         Evidence & transparency: vendors must supply certificates of conformity, firmware version control, cybersecurity credentials, and retention performance data to design teams and integrators.

·         Maintain certified status: any firmware or hardware update that changes device behaviour must retain approval status; vendors are obliged to notify partners if compliance is affected.

The Bigger Picture: Standards as an Enabler

Security standards are not a barrier but a foundation of trust and resilience. They ensure that investment in surveillance delivers measurable operational value, from analytics-driven insights to faster incident response. The Middle East’s ambitious smart-city and infrastructure agenda demands surveillance ecosystems that are interoperable, cyber-hardened, and future-ready.

By embracing the spirit as well as the letter of these regulations, consultants, integrators, and vendors safeguard the region’s reputation for safety and efficiency while enabling smarter, data-driven operations.

Final Thoughts

A well-designed standard is a shared language between authorities, consultants, integrators, and vendors. When everyone speaks that language, from stamped drawings to witness-tested commissioning and certified devices, projects open on time, risks are reduced, and public confidence is strengthened. Ultimately, compliance is not just a regulatory checkbox but a business-critical commitment to building a smarter, safer Middle East.

As the Middle East continues to deliver some of the world’s largest and most sophisticated developments, it’s no surprise the region attracts immense interest from international consultants, integrators, and technology vendors eager for a share of this opportunity. However, it’s vital to recognise that the region distinguishes itself through its regulatory frameworks. What may be acceptable in the US or Europe is not automatically compliant in the Middle East.

Organisations must take the time to understand and respect local standards and approval processes before entering the market. Missteps can be costly, delay project completion, jeopardise operating licences, and introduce significant business risk. Early engagement with the relevant authorities, and alignment to their codes, is the surest way to protect investments and reputation.