14 digital-asset-specific disclosure categories are required by Saudi Arabia’s CMA for tokenized securities — more than any other GCC jurisdiction and approximately double the disclosure requirements in the UAE and Bahrain. This comparison examines the disclosure frameworks across the three GCC jurisdictions with operational tokenized securities markets, analyzing pre-issuance prospectus requirements, ongoing reporting obligations, and material event disclosure standards.
Pre-Issuance Disclosure Comparison
The most significant differences between GCC disclosure regimes emerge at the pre-issuance stage, where the depth and specificity of required documentation varies substantially:
Saudi Arabia: Digital Asset Prospectus
Saudi Arabia’s Digital Asset Prospectus (DAP) requires all standard securities disclosures plus 14 additional digital-asset-specific categories covering blockchain protocol details, smart contract code, token economics, custody arrangements, technology risk assessment, interoperability disclosure, data privacy, Sharia compliance, valuation methodology, secondary market access, redemption terms, tax treatment, conflict of interest, and exit provisions.
The DAP must be filed 30 days before the token generation event, in both Arabic and English, with Arabic as the legally binding version. The CMA reviews the DAP for completeness and accuracy, with an average review period of 30-60 business days for public offerings and 10-day notification for private placements.
| Disclosure Category | Saudi CMA | UAE VARA | Bahrain CBB |
|---|---|---|---|
| Standard securities disclosures | Full prospectus | Whitepaper | Offering document |
| Smart contract code | Mandatory (full or hash) | Summary only | Not required |
| Blockchain protocol rationale | Mandatory | Optional | Not required |
| Sharia compliance | Mandatory if applicable | Optional | Optional |
| Token economics model | Detailed financial model | Summary | Summary |
| Custody arrangements | Full custody disclosure | Summary | Summary |
| Technology risk assessment | Dedicated section | Included in general risks | Included in general risks |
| Exit provisions | Mandatory | Not required | Not required |
| Filing lead time | 30 days | 14 days | 21 days |
| Language requirements | Arabic + English | English (Arabic optional) | English (Arabic optional) |
UAE: Virtual Asset Whitepaper
The UAE’s disclosure regime varies by regulator. VARA requires a “Virtual Asset Whitepaper” that covers 8 digital-asset-specific categories — approximately half the Saudi requirement. ADGM’s Digital Securities framework requires a more detailed prospectus closer to the Saudi model but still lacking the mandatory Sharia disclosure and exit provisions.
Bahrain: Digital Asset Offering Document
Bahrain’s Central Bank of Bahrain requires a “Digital Asset Offering Document” covering 6 additional digital-asset-specific categories. Bahrain’s approach prioritizes speed-to-market over disclosure depth, reflecting the jurisdiction’s strategy of attracting early-stage digital asset firms that may not have the resources for comprehensive prospectus preparation.
Ongoing Disclosure Obligations
Quarterly Reporting
| Requirement | Saudi CMA | UAE VARA | Bahrain CBB |
|---|---|---|---|
| Financial performance | Quarterly | Semi-annual | Annual |
| Token holder demographics | Quarterly (anonymized) | Not required | Not required |
| Secondary market data | Quarterly | Monthly (limited) | Not required |
| Smart contract activity log | Quarterly | Not required | Not required |
| Custody attestation | Quarterly | Annual | Semi-annual |
| Sharia audit | Quarterly | N/A | N/A |
| Investor complaint summary | Quarterly | Annual | Annual |
Saudi Arabia’s quarterly reporting cadence is the most frequent in the GCC. The smart contract activity log requirement — documenting all upgrades, parameter changes, and emergency actions — is unique to Saudi Arabia and reflects the CMA’s enforcement position that on-chain actions are subject to the same disclosure standards as off-chain corporate actions.
Material Event Disclosure
Saudi Arabia defines 18 specific material event categories for tokenized securities with a 24-hour disclosure deadline. The UAE requires disclosure of “significant events” within 48 hours but does not enumerate specific categories. Bahrain requires disclosure of “material developments” within 5 business days.
The Saudi approach — enumerating 18 specific events with a strict 24-hour deadline — provides clarity for issuers on what constitutes a material event, reducing the risk of non-disclosure due to subjective assessment. Two CMA enforcement actions have been issued for late material event disclosure as of March 2026, establishing precedent for strict enforcement of the 24-hour deadline.
Disclosure Technology and Format
Machine-Readable Disclosure
Saudi Arabia is implementing XBRL tagging for digital asset disclosures effective Q3 2026, enabling automated compliance monitoring by the CMA and integration with Tadawul’s market surveillance systems. Neither the UAE nor Bahrain has announced machine-readable disclosure requirements for digital assets, though the UAE’s SCA has indicated interest in exploring the approach.
On-Chain Disclosure
Saudi Arabia requires material events to be logged as smart contract events on the blockchain, creating an immutable audit trail alongside the traditional DAFS filing. This dual-channel disclosure (on-chain event log plus regulatory filing system) ensures that token holders receive real-time notification through blockchain monitoring tools while the regulatory record is maintained through conventional channels.
No other GCC jurisdiction requires on-chain event logging for disclosure compliance, making Saudi Arabia’s approach the most technologically integrated disclosure regime in the region.
Compliance Cost Comparison
The disclosure compliance cost differential is significant:
| Cost Category | Saudi CMA | UAE VARA | Bahrain CBB |
|---|---|---|---|
| DAP/Whitepaper preparation | SAR 300K-800K | AED 100K-300K | BHD 30K-80K |
| Annual ongoing disclosure | SAR 200K-500K | AED 80K-200K | BHD 20K-50K |
| Smart contract audit | SAR 200K-400K | AED 100K-200K | BHD 30K-80K |
| Sharia compliance disclosure | SAR 150K-500K | N/A (optional) | N/A (optional) |
| Total first-year cost | SAR 850K-2.2M | AED 280K-700K | BHD 80K-210K |
Saudi Arabia’s disclosure costs are approximately 3x higher than the UAE and 5x higher than Bahrain. However, the Saudi framework’s comprehensiveness provides issuers with regulatory certainty that reduces the risk of enforcement action for inadvertent non-disclosure — a risk that is harder to manage under the UAE and Bahrain’s less prescriptive frameworks.
Implications for Cross-Border Issuance
For tokenized securities with cross-border GCC distribution, the disclosure differential creates practical challenges:
Upward Harmonization: Issuers distributing tokenized securities across multiple GCC jurisdictions typically prepare disclosures to the highest standard (Saudi CMA) and file subsets of this documentation in lower-requirement jurisdictions. This “upward harmonization” approach minimizes the risk of non-compliance in any jurisdiction.
Mutual Recognition: The CMA’s bilateral cooperation agreements include provisions for disclosure document mutual recognition, but practical implementation requires that the originating jurisdiction’s disclosures meet or exceed the destination jurisdiction’s requirements. Given Saudi Arabia’s higher standards, Saudi-origin disclosures are generally accepted in UAE and Bahrain without supplementation, while UAE-origin disclosures may require additional Saudi-specific categories.
IOSCO Influence: IOSCO’s 2025 recommendations on tokenized securities disclosure cite Saudi Arabia’s 14-category framework as a reference model, suggesting that international standards may converge toward the Saudi approach. This potential convergence would advantage issuers who have already invested in Saudi-compliant disclosure infrastructure.
The disclosure comparison reveals Saudi Arabia’s deliberate strategy of positioning its tokenized securities market as the most transparent in the GCC. Higher disclosure costs are the price of this transparency, but the resulting investor protection and regulatory certainty create a market environment that attracts institutional capital — the investor segment that Saudi Arabia’s Vision 2030 financial sector strategy prioritizes.
FATF Beneficial Ownership Disclosure
All three GCC jurisdictions are FATF members (Saudi Arabia since 2019, UAE since 2000, Bahrain since 2000), and FATF Recommendation 24 (transparency of legal persons) shapes beneficial ownership disclosure requirements across the region:
Saudi Arabia: The CMA mandates beneficial ownership disclosure to the ultimate natural person level for all tokenized securities issuers, with visual ownership charts for complex structures and 5-day update requirements for ownership changes. This aligns with FATF’s enhanced transparency standards and exceeds the beneficial ownership disclosure requirements in both the UAE and Bahrain.
UAE: VARA requires beneficial ownership disclosure but permits aggregated reporting for entities with more than 10 beneficial owners. ADGM follows a more stringent approach aligned with the UK’s Persons with Significant Control (PSC) register model.
Bahrain: The CBB requires beneficial ownership disclosure for licensed entities but applies a 25% ownership threshold for individual disclosure — meaning owners holding less than 25% may not be individually identified.
The disclosure comparison reinforces Saudi Arabia’s position as the most transparent jurisdiction for tokenized securities in the GCC. For international institutional investors, the CMA’s disclosure standards provide the information quality needed for due diligence and risk assessment, supporting capital allocation decisions in favor of Saudi-issued digital securities.
Sharia Compliance Disclosure
A unique dimension of the GCC disclosure comparison is Sharia compliance transparency:
Saudi Arabia: Mandatory Sharia compliance disclosure includes Sharia board composition, certification basis, smart contract Sharia review outcomes, purification methodology, and quarterly Sharia audit results. All Sharia disclosures are published on-chain as part of the tokenized security’s compliance record.
UAE: Sharia disclosure is optional and follows the issuer’s voluntary decision to seek Sharia certification. When pursued, VARA requires disclosure of the certifying board’s opinion but does not mandate ongoing Sharia audit disclosure.
Bahrain: The CBB requires Sharia disclosure for instruments marketed as Sharia-compliant, with semi-annual Sharia audit reports. Bahrain’s AAOIFI-based Sharia governance standards are well-established but predate tokenization and have not been specifically adapted for smart contract-based instruments.
Saudi Arabia’s mandatory Sharia disclosure creates a competitive advantage for tokenized sukuk and other Islamic digital securities. Institutional investors in Islamic finance — particularly sovereign wealth funds and pension funds with mandatory Sharia investment policies — require the disclosure transparency that Saudi Arabia uniquely provides at the regulatory level. The integration of Sharia disclosure with on-chain compliance records enables real-time verification of compliance status, exceeding the transparency available for any conventional Islamic finance instrument globally.
Technology Disclosure Innovation
Saudi Arabia’s technology disclosure requirements represent the most forward-looking approach in the GCC:
Smart Contract Disclosure: The CMA requires complete smart contract source code disclosure, formal verification reports, and detailed governance procedures for contract upgrades. Neither the UAE nor Bahrain mandate source code disclosure, relying instead on summary descriptions of smart contract functionality.
Blockchain Protocol Disclosure: Saudi Arabia mandates disclosure of the specific protocol version, consensus mechanism, node operator details, and rationale for protocol selection. This level of technical transparency enables independent risk assessment by sophisticated investors and provides CMA regulators with the technical detail needed for ongoing supervision.
Incident Disclosure: Saudi Arabia requires 24-hour disclosure of smart contract security incidents, blockchain protocol disruptions, or custody system failures. The UAE mandates 72-hour disclosure for material incidents; Bahrain requires “prompt” disclosure without a defined timeline.
The disclosure comparison reveals the strategic choice each jurisdiction has made between comprehensiveness and compliance cost. Saudi Arabia has chosen maximum transparency at higher issuer cost, reflecting the Kingdom’s positioning as the institutional-grade market in the GCC. Issuers targeting Saudi Arabia’s $2.7 trillion Tadawul market and the Kingdom’s institutional investor base must invest in disclosure infrastructure that meets the CMA’s exacting standards — but the resulting transparency creates a market quality advantage that supports Vision 2030 financial center objectives.
Disclosure Infrastructure and Technology
The disclosure comparison extends beyond regulatory text to the technology infrastructure supporting compliance. Saudi Arabia’s Digital Asset Filing System (DAFS) provides a centralized, CMA-managed platform for all tokenized securities disclosures, enabling automated processing, cross-referencing, and public access to 340+ filings. The Elm Company’s secure document management infrastructure underpins DAFS operations, while the Saudi Digital Academy trains disclosure compliance professionals through specialized certification programs.
The UAE’s disclosure infrastructure is fragmented across VARA, SCA, and ADGM — each operating separate filing systems without unified cross-referencing. Bahrain’s CBB disclosure portal provides basic filing capability but lacks the automated processing and smart contract integration that the Saudi system offers. The CMA’s planned migration to machine-readable XBRL-based disclosures (Q3 2026) will further widen the technology gap, enabling automated analysis by institutional investors and fintech ecosystem data aggregators.
IOSCO’s 2025 recommendations on digital asset disclosure specifically cited the Saudi CMA’s 14-category disclosure framework as a reference model for emerging market jurisdictions, while ESMA’s MiCA disclosure requirements — which the CMA benchmarked against during framework development — cover 11 categories. This international recognition reinforces Saudi Arabia’s positioning as the GCC’s disclosure standard-setter for tokenized securities, with the CMA’s bilateral cooperation agreements providing the channels through which disclosure harmonization across the Gulf will eventually be achieved.
For comparative analysis inquiries: info@sauditokenisation.com