VAT Challanges

VAT Challenges for UAE E‑Commerce Businesses: Cross‑Border Sales, Returns, and Compliance

by with No Comment Accounting, Bookkeeping & Auditing

VAT Challenges for UAE E-Commerce Businesses: Cross-Border Sales, Returns, and Compliance

The UAE e-commerce sector has grown rapidly over the last few years, driven by digital adoption, logistics innovation, and changing consumer behavior. While this growth presents enormous commercial opportunities, it also exposes businesses to increasingly complex VAT challenges. Many e-commerce operators underestimate VAT risks—particularly in cross-border sales, product returns, and ongoing compliance—until issues arise during audits or assessments by the tax authorities.

This article explains the most common VAT challenges faced by UAE e-commerce businesses and provides practical insights on how to manage them effectively.

Understanding VAT in the UAE E-Commerce Context

VAT in the UAE is governed by Federal Decree-Law No. 8 of 2017 and is administered by the Federal Tax Authority (FTA). While the standard VAT rate of 5% appears straightforward, its application in e-commerce transactions can be significantly more complex than in traditional brick-and-mortar retail.

E-commerce businesses often deal with:

  • Multiple jurisdictions
  • Digital platforms and marketplaces
  • Third-party logistics providers
  • Cross-border suppliers and customers

Each of these factors affects VAT treatment.

Cross-Border Sales: One of the Biggest VAT Risk Areas

1. Selling Goods Outside the UAE

When a UAE e-commerce business exports goods to customers outside the UAE, these sales may qualify for zero-rated VAT, provided strict documentary evidence is maintained. This includes:

  • Customs export declarations
  • Shipping and airway bills
  • Proof of delivery outside the UAE

A common mistake is assuming that all international shipments are automatically zero-rated. In reality, insufficient documentation can result in the FTA reclassifying the sale as standard-rated, leading to VAT liabilities, penalties, and interest.

2. Importing Goods for Online Sales

Many e-commerce companies import inventory into the UAE before selling it locally or regionally. VAT is generally payable at customs at the time of import.

Challenges arise when:

  • Import VAT is paid but not properly reconciled with VAT returns
  • Import documentation does not match accounting records
  • Goods are imported under incorrect HS codes

These discrepancies often trigger VAT audits.

3. Digital Services and Overseas Platforms

If a UAE e-commerce business sells digital services (such as subscriptions, downloads, or software access) to customers outside the UAE, VAT treatment depends on the customer’s location and status. Similarly, using foreign platforms or advertising services can trigger reverse charge VAT obligations, which many businesses fail to recognize or report correctly.

VAT on Returns, Refunds, and Cancellations

Product returns are a normal part of e-commerce, but VAT handling on returns is one of the most misunderstood areas.

1. Issuing Credit Notes Correctly

When customers return goods and receive a refund, VAT previously charged must be adjusted through a valid tax credit note. Common errors include:

  • Refunds processed without issuing VAT credit notes
  • Credit notes issued without referencing the original tax invoice
  • Incorrect VAT adjustments in the VAT return

These mistakes can result in VAT being overstated or understated.

2. Partial Returns and Exchange Scenarios

In cases where:

  • Only part of an order is returned
  • Goods are exchanged instead of refunded

VAT treatment becomes more complex. Businesses must ensure that VAT is adjusted only on the returned portion and that exchange transactions are properly invoiced.

Marketplace and Platform-Based Sales

Many UAE e-commerce sellers operate through marketplaces rather than selling directly via their own websites.

Key VAT challenges include:

  • Determining who is responsible for charging VAT (seller vs platform)
  • Commission and service fee VAT treatment
  • VAT on logistics, fulfillment, and warehousing services

In some cases, the platform may charge VAT on commissions, while the seller remains responsible for VAT on the underlying sale. Misunderstanding this split is a frequent cause of non-compliance.

VAT Registration Thresholds and Timing

E-commerce businesses often scale quickly. A common compliance failure is late VAT registration.

  • Mandatory registration threshold: AED 375,000 taxable supplies
  • Voluntary registration threshold: AED 187,500

Many startups track revenue informally and miss the exact point at which registration becomes mandatory. Late registration can lead to:

  • Backdated VAT liabilities
  • Administrative penalties
  • Disallowed input VAT claims

Record-Keeping and Documentation Challenges

The FTA places strong emphasis on proper record-keeping. E-commerce businesses must retain:

  • Tax invoices and credit notes
  • Customs documentation
  • Payment gateway reports
  • Platform sales summaries
  • Inventory and return logs

Disorganized or incomplete records often lead to unfavorable audit outcomes, even when VAT has been paid correctly.

Technology and System Limitations

Another major issue is reliance on systems that are not VAT-configured for the UAE.

Common problems include:

  • Incorrect VAT calculation on checkout
  • VAT applied to zero-rated exports
  • Manual adjustments outside the accounting system
  • Lack of integration between e-commerce platforms and accounting software

VAT compliance should be system-driven, not spreadsheet-driven.

How UAE E-Commerce Businesses Can Reduce VAT Risk

To manage VAT effectively, e-commerce businesses should:

  • Conduct regular VAT health checks
  • Clearly map VAT treatment for all transaction types
  • Automate VAT calculations and reporting
  • Reconcile VAT returns with customs and platform data
  • Seek professional advice before expanding cross-border operations

Proactive compliance is far more cost-effective than dealing with penalties after an audit.

Final Thoughts

VAT compliance in UAE e-commerce is no longer a simple box-ticking exercise. Cross-border sales, frequent returns, digital platforms, and rapid scaling have made VAT a strategic business risk. Businesses that treat VAT as an afterthought often face assessments, penalties, and operational disruption.

A structured VAT framework—supported by proper systems, documentation, and expert guidance—is essential for sustainable growth in the UAE e-commerce market.

Main land vs Free zone

Mainland vs Freezone Company Setup: Choosing the Wrong Structure Can Cost You

by with No Comment Business Registration and PRO Services

Mainland vs Freezone Company Setup: Choosing the Wrong Structure Can Cost You

Setting up a company in the UAE is often described as fast, flexible, and business-friendly. While that is largely true, one decision continues to cause long-term operational and financial issues for many entrepreneurs: choosing the wrong company structure at the time of incorporation.

The debate between mainland and freezone setup is not about which option is cheaper or faster—it is about fitness for purpose. Selecting the wrong structure can restrict revenue streams, complicate VAT and corporate tax compliance, block access to clients, and force costly restructuring later.

This article explains the real differences between mainland and freezone companies, highlights common mistakes, and outlines how the wrong choice can directly impact your business.

Understanding the Two Structures

In the UAE, companies are primarily registered under two frameworks:

  • Mainland companies, licensed by the Department of Economic Development (DED) of each emirate
  • Freezone companies, licensed by individual free zone authorities

While both structures are legal and widely used, they operate under very different commercial and regulatory rules.

Mainland Companies: Designed for Market Access

A mainland company is allowed to conduct business anywhere in the UAE without restrictions.

Key Advantages

  • Freedom to trade directly with UAE customers
  • Ability to bid for government and semi-government contracts
  • No restriction on office location within the emirate
  • Easier expansion into multiple activities under one license

Common Misconception

Many believe mainland companies are expensive or complex due to historic sponsorship rules. However, most commercial activities now allow 100% foreign ownership, making mainland setups more accessible than ever.

Freezone Companies: Attractive but Limited

Freezones are often marketed as the “easy” option—lower setup costs, quick incorporation, and minimal compliance. While this can be true, freezones are designed primarily for export-oriented or niche activities.

Key Advantages

  • Simplified setup process
  • Attractive packages for startups and SMEs
  • Sector-specific ecosystems (tech, media, logistics, etc.)

Structural Limitations

  • Cannot trade directly with mainland UAE customers without a local distributor or agent
  • Restrictions on physical office locations outside the freezone
  • Limited scope to add unrelated activities under one license

These limitations often surface only after the business starts operating.

Where Businesses Go Wrong

1. Choosing Cost Over Strategy

Many startups select a freezone simply because the initial license fee is lower. However, when the business begins selling to UAE clients, issues arise:

  • Invoices may be rejected by mainland clients
  • Distribution agreements become mandatory
  • Margins shrink due to intermediary costs

What appeared cheaper initially becomes more expensive over time.

2. VAT and Tax Compliance Complications

From a VAT perspective, mainland and freezone entities are not treated equally.

  • Some freezones are classified as Designated Zones for VAT purposes
  • Incorrect assumptions about VAT exemptions are common
  • Improper structuring can block VAT recovery or trigger penalties

With the introduction of UAE Corporate Tax, the distinction becomes even more critical. Certain freezone companies may qualify for tax incentives only if specific conditions are met—conditions that are often misunderstood or ignored during setup.

3. Banking and Substance Issues

Freezone companies frequently face:

  • Stricter bank due diligence
  • Requests for economic substance proof
  • Delays in account opening

Mainland companies generally encounter fewer restrictions, especially when local operations, offices, and contracts are involved.

4. Activity Mismatch

A major risk is registering the wrong activity under the chosen structure. For example:

  • Consultancy firms choosing freezones but needing onsite UAE clients
  • Trading companies restricted from holding stock outside the freezone
  • E-commerce businesses unable to invoice UAE customers directly

Changing activities or migrating licenses later can be costly and disruptive.

The Hidden Cost of Restructuring

When businesses realize they chose the wrong structure, the fix is rarely simple.

Restructuring may involve:

  • Setting up a new company
  • Migrating contracts and bank accounts
  • Transferring visas and employees
  • Re-registering for VAT and corporate tax

These costs often exceed what proper advisory at the setup stage would have required.

How to Choose the Right Structure from Day One

Before deciding between mainland and freezone, businesses should assess:

  • Target customers (UAE vs international)
  • Revenue model (B2B, B2C, government, online)
  • Physical presence requirements
  • VAT and corporate tax implications
  • Future expansion plans

There is no universal “best” option—only the right option for your business model.

Final Thoughts

Mainland and freezone company setups are both powerful tools when used correctly. Problems arise when businesses choose based on marketing promises rather than operational reality.

In the UAE, the wrong structure does not just limit growth—it can directly impact revenue, tax exposure, banking access, and long-term scalability. Making an informed decision at the beginning is one of the most critical strategic choices a business will make.

Whatsapp post

WhatsApp Marketing Compliance in the UAE: Legal Risks Businesses Overlook

by with No Comment App Development and SaaS

WhatsApp Marketing Compliance in the UAE: Legal Risks Businesses Overlook

WhatsApp has become one of the most powerful customer communication tools in the UAE. From order confirmations and promotions to customer support and lead nurturing, businesses increasingly rely on WhatsApp to reach customers quickly and personally.

However, what many companies overlook is that WhatsApp marketing in the UAE is regulated, and non-compliance can expose businesses to legal complaints, blocked numbers, fines, and reputational damage. The assumption that “everyone is doing it” has led many businesses into risky territory—often without realizing it.

This article explains the key compliance risks associated with WhatsApp marketing in the UAE and what businesses must do to stay on the right side of the law.

Why WhatsApp Marketing Is a Compliance Issue in the UAE

Unlike email marketing, WhatsApp communication is considered direct electronic messaging, which places it under telecom, data protection, and consumer consent regulations.

Oversight and enforcement involve authorities such as the Telecommunications and Digital Government Regulatory Authority (TDRA), along with UAE cybercrime and data protection frameworks.

Businesses that misuse WhatsApp—intentionally or not—may face:

  • Customer complaints
  • WhatsApp number bans
  • Platform restrictions
  • Legal notices or penalties

The Biggest Compliance Risks Businesses Overlook

1. Sending Messages Without Explicit Consent

The most common violation is unsolicited messaging.

Many businesses rely on:

  • Purchased contact lists
  • Old customer databases
  • Numbers collected for “support” but used for marketing

In the UAE, consent must be clear, voluntary, and specific. Silence, inactivity, or pre-ticked checkboxes do not qualify.

If a customer did not clearly agree to receive promotional WhatsApp messages, sending them marketing content can be considered spam.

2. Confusing Customer Support With Marketing

A frequent misconception is that once a customer contacts a business on WhatsApp, the business is free to send promotional messages later.

This is incorrect.

  • Consent for transactional or support communication does not automatically extend to marketing
  • Promotional messages require separate opt-in consent
  • Follow-up marketing without consent is a compliance risk

This distinction is one of the most common triggers for customer complaints.

3. Using Personal WhatsApp Numbers for Business Marketing

Many SMEs and startups use personal WhatsApp accounts to send bulk messages or promotions.

This creates multiple risks:

  • No consent tracking
  • No audit trail
  • Higher likelihood of number blocking
  • No formal opt-out mechanism

Using unofficial or automated tools with personal numbers also violates platform policies and increases exposure to permanent bans.

4. Ignoring Opt-Out and Unsubscribe Requirements

Compliance does not end with consent.

Every marketing message must:

  • Clearly identify the business
  • Allow customers to opt out easily
  • Honor opt-out requests immediately

Ignoring a “stop” or “unsubscribe” request is one of the fastest ways to trigger complaints and account suspension.

5. Data Privacy and Message Content Violations

WhatsApp marketing often involves processing personal data such as:

  • Names
  • Phone numbers
  • Order history
  • Location data

Under UAE data protection principles, businesses must:

  • Collect only necessary data
  • Use it only for stated purposes
  • Protect it from unauthorized access

Forwarding customer data to third-party tools, freelancers, or overseas systems without safeguards can create serious compliance issues.

WhatsApp Business Platform: Not Just a Technical Upgrade

Businesses using the WhatsApp Business Platform are subject to additional compliance expectations.

Key requirements include:

  • Approved message templates for outbound communication
  • Clear business identity verification
  • Conversation category classification (marketing vs utility)
  • Consent records for each recipient

Many businesses adopt the platform for automation but fail to align their internal processes with compliance rules—creating a false sense of security.

Marketing vs Utility Messages: A Critical Distinction

One overlooked risk is misclassifying message types.

  • Utility messages: Order updates, payment confirmations, service alerts
  • Marketing messages: Promotions, discounts, cross-selling, announcements

Sending promotional content under the guise of utility messaging is a violation that can result in account penalties.

Real-World Consequences of Non-Compliance

Non-compliance does not always start with fines. More often, businesses experience:

  • Sudden WhatsApp number bans
  • Loss of customer trust
  • Platform restrictions with no clear appeal process
  • Complaints escalated to regulators

For customer-facing businesses, losing WhatsApp as a channel can directly impact revenue and operations.

How Businesses Can Stay Compliant

To reduce legal and operational risk, businesses should:

  • Obtain and document explicit customer consent
  • Separate support and marketing workflows
  • Use approved WhatsApp Business solutions
  • Maintain opt-out and consent logs
  • Train staff on compliant messaging practices
  • Review message content and frequency regularly

Compliance should be built into the communication strategy—not treated as an afterthought.

Final Thoughts

WhatsApp marketing in the UAE is highly effective—but only when done responsibly. The legal risks are often overlooked because enforcement is not always immediate. However, once issues arise, the consequences can be disruptive and costly.

Businesses that treat WhatsApp as a regulated communication channel—rather than an informal chat tool—are far better positioned to scale safely, protect their brand, and maintain long-term customer trust.

Digital marketing - fail

Why Most UAE Businesses Fail at Digital Marketing Despite High Ad Spend

by with No Comment Digital Marketing, Web And Graphical Designing

Why Most UAE Businesses Fail at Digital Marketing Despite High Ad Spend

The UAE is one of the most digitally active markets in the region. Businesses invest heavily in Google Ads, social media campaigns, influencers, and paid promotions—often allocating substantial monthly budgets. Yet despite this high level of spending, many companies see little to no return.

The problem is rarely a lack of budget. In most cases, UAE businesses fail at digital marketing because spending is misaligned with strategy, structure, and execution. Advertising becomes an expense rather than a growth engine.

This article breaks down the core reasons why digital marketing underperforms in the UAE, even when ad spend is high.

The UAE Market: High Competition, High Expectations

The UAE’s digital ecosystem is crowded. Almost every sector—real estate, healthcare, e-commerce, education, professional services—competes aggressively for attention.

Platforms such as Google, Meta, and TikTok reward relevance, data quality, and consistency—not just spending power.

Many businesses enter this environment assuming higher budgets guarantee visibility and leads. They do not.

The Most Common Reasons Digital Marketing Fails

1. Ads Are Run Without a Clear Business Objective

One of the biggest mistakes is launching campaigns without defining what success actually looks like.

Common vague goals include:

  • “Increase brand awareness”
  • “Get more leads”
  • “Boost online presence”

Without clear KPIs—such as cost per qualified lead, conversion rate, or customer acquisition cost—campaigns cannot be optimized. Money is spent, but performance remains unclear.

2. Weak Landing Pages and Sales Funnels

Many UAE businesses spend aggressively on ads but send traffic to:

  • Outdated websites
  • Slow-loading pages
  • Generic homepages with no clear call to action

Even well-targeted ads fail when the post-click experience is poor. High ad spend cannot compensate for weak user experience or unclear messaging.

3. Targeting Everyone Instead of the Right Audience

A frequent assumption is that broader targeting equals more leads.

In reality:

  • Poor audience segmentation inflates costs
  • Irrelevant clicks drain budgets
  • Conversion rates remain low

This is especially common in UAE campaigns targeting “all residents,” without accounting for language, income level, buyer intent, or cultural nuances.

4. Chasing Trends Instead of Strategy

Businesses often jump between platforms based on trends:

  • Reels this month
  • Influencers next month
  • Performance ads the month after

Without a structured marketing roadmap, efforts become fragmented. Branding, messaging, and data continuity are lost, making it impossible to build momentum.

5. Overreliance on Vanity Metrics

Likes, impressions, views, and followers look impressive in reports—but they do not pay the bills.

Many businesses fail because:

  • Reports focus on reach, not revenue
  • No link exists between ads and actual sales
  • Marketing teams are not accountable for ROI

Without revenue attribution, marketing becomes a cost center rather than a growth function.

6. Poor Lead Handling and Follow-Up

Even when campaigns generate leads, many businesses lose them at the sales stage.

Common issues include:

  • Slow response times
  • No CRM or lead tracking
  • Untrained sales teams
  • No structured follow-up process

In high-cost markets like the UAE, poor lead handling can destroy campaign profitability.

7. Lack of Localization

Generic ads copied from other markets rarely perform well in the UAE.

Successful campaigns account for:

  • Multilingual audiences
  • Cultural sensitivity
  • Local buying behavior
  • Trust signals relevant to the UAE market

Ignoring localization results in low engagement and wasted spend.

The Agency and Freelancer Problem

Another major factor is execution quality.

Many businesses:

  • Work with multiple freelancers without coordination
  • Switch agencies frequently
  • Lack internal oversight of marketing performance

Without accountability and performance benchmarking, ad spend continues while results stagnate.

Data Without Decisions

Most platforms provide detailed analytics. The problem is not data availability—it is decision-making.

Businesses often:

  • Collect data but do not act on it
  • Ignore poor-performing campaigns
  • Fail to test and refine creatives, audiences, and offers

Digital marketing requires continuous optimization, not set-and-forget spending.

How UAE Businesses Can Fix the Problem

To improve outcomes, businesses should:

  • Align marketing objectives with business goals
  • Invest in conversion-focused websites and funnels
  • Use precise audience targeting and segmentation
  • Track ROI, not vanity metrics
  • Integrate CRM and lead management systems
  • Demand accountability from agencies and teams

Digital marketing success in the UAE is not about spending more—it is about spending smarter.

Final Thoughts

High ad spend creates visibility, but visibility alone does not drive growth. Most UAE businesses fail at digital marketing because they treat it as a tactical activity rather than a structured business function.

Those that succeed approach digital marketing with the same discipline they apply to finance, operations, and compliance—clear goals, measurable outcomes, and continuous improvement.

Ai in Accounting

AI in Accounting and Taxation: Opportunities, Risks, and Compliance Concerns

by with No Comment Tax Agency And Taxation Matters

AI in Accounting and Taxation: Opportunities, Risks, and Compliance Concerns

Artificial Intelligence is rapidly changing how accounting and taxation functions operate. From automated bookkeeping and predictive analytics to AI-assisted tax reviews, businesses across the UAE are adopting AI tools to increase efficiency and reduce costs.

However, while AI presents real opportunities, it also introduces new risks and compliance concerns that many organizations underestimate. In regulated environments like accounting and taxation, speed and automation cannot come at the expense of accuracy, auditability, and legal responsibility.

This article explores where AI adds value in accounting and taxation, where it creates exposure, and what businesses must consider before relying on it.

The Rise of AI in Accounting and Tax Functions

AI adoption in finance is no longer limited to large enterprises. Cloud accounting platforms, tax software, and ERP systems increasingly embed AI features such as:

  • Automated transaction categorization
  • Anomaly detection in ledgers
  • Predictive cash-flow forecasting
  • AI-assisted tax rule interpretation

These tools promise efficiency, but they also shift how responsibility and control are managed within finance teams.

Key Opportunities AI Brings to Accounting and Taxation

1. Automation of Routine Tasks

AI significantly reduces time spent on repetitive activities such as:

  • Data entry and reconciliation
  • Expense classification
  • Invoice matching
  • Preliminary tax computations

This allows finance professionals to focus on advisory, planning, and review rather than manual processing.

2. Improved Accuracy and Error Detection

When properly configured, AI systems can identify:

  • Duplicate entries
  • Unusual transactions
  • Inconsistent VAT treatments
  • Outliers that may indicate errors or fraud

This can strengthen internal controls—provided outputs are reviewed by qualified professionals.

3. Faster Reporting and Decision Support

AI-driven analytics enable:

  • Real-time financial dashboards
  • Trend identification across periods
  • Scenario modeling for tax and cash-flow planning

For management teams, this improves decision-making speed and visibility.

Where the Risks Begin

Despite these benefits, AI introduces risks that are often overlooked during implementation.

1. Over-Reliance on AI Outputs

AI tools do not “understand” law or intent—they process patterns and probabilities. When businesses rely on AI without professional review:

  • Incorrect tax treatments may go unnoticed
  • Context-specific exemptions can be missed
  • Complex transactions may be misclassified

In taxation, automation without judgment is a liability.

2. VAT and Tax Rule Misinterpretation

Tax laws are interpretive, not binary. AI systems trained on generic datasets may:

  • Apply incorrect VAT rates
  • Misclassify zero-rated or exempt supplies
  • Fail to account for jurisdiction-specific rules

In the UAE, VAT compliance is overseen by the Federal Tax Authority, and liability always rests with the taxpayer—not the software provider.

3. Audit and Evidence Challenges

AI-generated outputs can be difficult to explain during audits:

  • How was a tax position derived?
  • What assumptions were used?
  • Can the logic be documented and reproduced?

If an AI system cannot produce a clear audit trail, it weakens the business’s defense during inspections or assessments.

4. Data Privacy and Confidentiality Risks

Accounting and tax systems process highly sensitive data, including:

  • Financial statements
  • Tax filings
  • Personal data of clients and employees

Using AI tools—especially cloud-based or third-party platforms—raises concerns under UAE data protection frameworks. Unauthorized data access, overseas data storage, or weak controls can result in regulatory exposure.

AI and Corporate Tax: A New Risk Layer

With the introduction of UAE Corporate Tax, AI adoption must be handled carefully.

AI tools may assist with:

  • Tax computations
  • Loss utilization modeling
  • Transfer pricing documentation

However, incorrect assumptions or automated interpretations can lead to:

  • Understated tax liabilities
  • Incorrect free zone tax positions
  • Misapplied exemptions or reliefs

Tax positions must be defensible, not just computationally accurate.

Who Is Responsible When AI Gets It Wrong?

One of the most critical misunderstandings is responsibility.

  • AI vendors do not carry regulatory liability
  • Cloud platforms do not defend audits
  • Automated systems do not attend tax inspections

Responsibility remains with:

  • Company directors
  • Finance heads
  • Tax agents and advisors

AI is a tool—not a shield.

How Regulators View AI in Finance

Globally, tax authorities are becoming more technologically advanced themselves. Organizations such as the Organisation for Economic Co-operation and Development (OECD) continue to emphasize transparency, traceability, and accountability in tax reporting.

Using AI does not reduce scrutiny—it often increases expectations around controls and governance.

Best Practices for Using AI in Accounting and Taxation

To use AI responsibly, businesses should:

  • Treat AI as an assistive tool, not a decision-maker
  • Maintain human review for all tax-critical outputs
  • Ensure systems provide clear audit trails
  • Validate AI logic against local tax laws
  • Implement strict data access and privacy controls
  • Engage qualified professionals for oversight

AI should strengthen compliance—not replace professional judgment.

Final Thoughts

AI has a meaningful role to play in modern accounting and taxation. When implemented correctly, it enhances efficiency, accuracy, and insight. When adopted blindly, it creates hidden compliance risks that may only surface during audits or disputes.

For UAE businesses, the key is balance: embracing innovation while maintaining governance, accountability, and regulatory discipline. In accounting and taxation, technology can assist—but responsibility can never be automated away.

Cloud Backup

Cloud Backup vs Cloud Storage: A Costly Mistake Many UAE Businesses Make

by with No Comment Cyber Security and Data Safety

Cloud Backup vs Cloud Storage: A Costly Mistake Many UAE Businesses Make

Cloud adoption in the UAE has accelerated rapidly. Businesses now store accounting data, emails, contracts, designs, customer records, and operational systems in the cloud. Yet one critical misunderstanding continues to cause serious financial and operational damage: confusing cloud storage with cloud backup.

Many UAE businesses assume that because their data is stored in the cloud, it is automatically protected. This assumption is incorrect—and often only discovered after data loss, ransomware incidents, accidental deletions, or compliance failures.

This article explains the difference between cloud storage and cloud backup, why the confusion is so dangerous, and how businesses can avoid a costly mistake.

Why This Confusion Is So Common in the UAE

Cloud services are often marketed as “secure,” “redundant,” and “always available.” While these claims are partially true, they are frequently misunderstood.

Most businesses use platforms such as:

  • Microsoft 365
  • Google Workspace
  • Cloud file drives and shared folders
  • Hosted accounting and ERP systems

Because these platforms are reliable, businesses assume they also function as backups. They do not.

What Cloud Storage Actually Is

Cloud storage is designed for access and collaboration, not recovery.

It allows businesses to:

  • Store files centrally
  • Share documents with teams
  • Access data from anywhere
  • Synchronize files across devices

If a file is deleted, overwritten, or corrupted, that change is usually synchronized instantly across all devices and users.

In simple terms:

Cloud storage mirrors your mistakes as efficiently as it mirrors your data.

What Cloud Backup Is (and Why It Is Different)

Cloud backup is designed for data recovery and business continuity.

A proper cloud backup system:

  • Creates independent, time-based copies of data
  • Retains multiple versions over defined periods
  • Protects against deletion, corruption, and ransomware
  • Allows restoration to a specific point in time

Backup systems operate separately from day-to-day file access and are governed by retention and recovery policies.

The Costly Risks of Relying Only on Cloud Storage

1. Accidental Deletions

Employees regularly delete or overwrite files unintentionally. In cloud storage:

  • Deleted files may sync instantly
  • Retention periods are limited
  • Recovery windows are short or nonexistent

Once the retention period expires, data is permanently lost.

2. Ransomware and Cyberattacks

Ransomware does not care whether data is on a local server or in the cloud.

When ransomware infects a synced device:

  • Encrypted files sync back to cloud storage
  • Clean versions are overwritten
  • Businesses lose access across all users

Without an isolated backup, recovery options are limited.

3. Insider Errors and Malicious Actions

Not all data loss is accidental.

Examples include:

  • Disgruntled employees deleting shared folders
  • Incorrect permissions exposing or removing files
  • Unauthorized changes made by third-party vendors

Cloud storage logs activity—but logs do not restore data.

4. Compliance and Audit Failures

Many UAE businesses are subject to:

  • Tax record retention requirements
  • Financial audit trails
  • Regulatory data retention obligations

If historical data cannot be restored when requested, businesses may face penalties, audit qualifications, or legal exposure.

Why “Built-In” Cloud Protection Is Not Enough

Cloud providers protect their infrastructure, not your business decisions.

They ensure:

  • Server uptime
  • Hardware redundancy
  • Platform availability

They do not guarantee:

  • Recovery from user error
  • Protection against logical data loss
  • Long-term retention for compliance

This responsibility gap is where many businesses get caught off guard.

Real-World Scenarios Seen in UAE Businesses

Common situations include:

  • Accounting data overwritten during year-end adjustments
  • Email archives lost during staff exits
  • Design files permanently deleted during project revisions
  • CRM data corrupted after system integrations

In almost every case, the business believed its cloud platform was “fully backed up.”

Backup Is Not an IT Luxury—It Is a Business Control

Cloud backup should be treated as a risk management and governance requirement, not a technical add-on.

A proper backup strategy includes:

  • Independent backup systems separate from production platforms
  • Defined retention policies aligned with legal requirements
  • Regular recovery testing
  • Restricted access to backup environments
  • Monitoring and reporting

Backup only works if it can be restored.

The Cost Argument That Backfires

Many businesses avoid backup solutions to reduce monthly costs. This is short-term thinking.

Compare:

  • Monthly backup cost: minimal and predictable
  • Cost of data loss: downtime, reputational damage, compliance penalties, lost clients

In almost every case, the cost of not backing up far exceeds the cost of doing it properly.

How UAE Businesses Should Approach Cloud Data Protection

To avoid this common mistake, businesses should:

  • Clearly separate cloud storage and backup functions
  • Implement third-party or independent backup solutions
  • Align backup retention with tax and legal requirements
  • Educate management—not just IT teams—on data risk
  • Periodically review backup coverage as systems change

Cloud adoption without backup planning is incomplete.

Final Thoughts

Cloud storage is an excellent tool for collaboration and efficiency. But it is not a safety net.

Many UAE businesses only realize the difference between cloud storage and cloud backup after something goes wrong—when recovery is no longer possible. At that point, the damage is already done.

Understanding this distinction and investing in proper backup architecture is not just an IT decision. It is a business continuity, compliance, and risk management decision that every organization must address.

Ransomware 1

Ransomware in 2026: Why Most Business Backups Fail When You Need Them Most

by with No Comment Cyber Security and Data Safety

Ransomware in 2026: Why Most Business Backups Fail When You Need Them Most

Introduction

Ransomware has evolved from an IT inconvenience into a business-critical threat. In 2026, attackers are no longer just encrypting files—they are targeting backups, exploiting recovery gaps, and applying double or triple extortion tactics.

Many UAE businesses believe they are protected because they “have backups.” Unfortunately, when an actual ransomware incident occurs, those backups often fail at the worst possible moment—leading to prolonged downtime, financial loss, regulatory exposure, and reputational damage.

This article explains why business backups fail during ransomware attacks and what organizations must do to ensure true recoverability.

What Has Changed in Ransomware Attacks?

Modern ransomware attacks are strategic, silent, and persistent:

  • Attackers infiltrate systems weeks or months before launching encryption

  • Backup repositories are identified, corrupted, or deleted in advance

  • Data is exfiltrated before encryption, enabling blackmail and legal pressure

  • Cloud and SaaS environments are now primary targets, not just on-prem servers

The result: businesses discover that their backups are incomplete, inaccessible, or compromised.

The Core Reasons Business Backups Fail

1. Cloud Storage Is Mistaken for Backup

Many organizations rely on platforms like cloud drives or SaaS platforms assuming they are “backed up.”

Reality:

  • Sync ≠ backup

  • Encrypted or deleted files replicate instantly across devices

  • No clean restore point exists

This is one of the most common and costly misconceptions.

2. Backups Are Not Isolated from the Network

If backups are:

  • On the same domain

  • Using the same admin credentials

  • Always online

Then ransomware can encrypt the backups first, eliminating recovery options.

3. Backup Credentials Are Compromised

Attackers frequently:

  • Steal admin credentials

  • Disable backup jobs

  • Delete historical restore points

Most businesses only discover this after the attack, when restoration fails.

4. No Regular Backup Testing

A backup that has never been tested is theoretical protection.

Common failures include:

  • Corrupted backup files

  • Incomplete system images

  • Missing databases or applications

  • Restore times exceeding acceptable downtime

During a ransomware crisis, testing is no longer an option.

5. Insufficient Backup Retention Policies

Short retention windows mean:

  • All clean restore points are overwritten

  • Infections that remain dormant go unnoticed

  • Businesses are forced to restore infected data—or none at all

6. No Disaster Recovery or Business Continuity Plan

Even when data is recoverable, businesses fail because:

  • Recovery timelines are undefined

  • Systems are restored in the wrong order

  • Critical dependencies are missed

  • Operations remain offline for days or weeks

Backups alone do not equal business continuity.

The Real Impact on Businesses

When backups fail during ransomware attacks, organizations face:

  • Prolonged operational downtime

  • Loss of customer trust

  • Regulatory penalties and compliance breaches

  • Contractual disputes and legal claims

  • Permanent data loss

  • Forced ransom payments with no guarantee of recovery

For SMEs, this can mean business closure, not just disruption.

What a Ransomware-Resilient Backup Strategy Looks Like

To survive ransomware in 2026, businesses must implement:

✔ Immutable Backups

Backups that cannot be altered or deleted, even by administrators.

✔ Offline or Air-Gapped Copies

At least one copy completely isolated from the network.

✔ Multi-Layer Backup Architecture

  • On-site

  • Off-site

  • Cloud-based (with immutability)

✔ Role-Based Access Controls

Separate credentials for production systems and backups.

✔ Regular Restore Testing

Scheduled recovery drills, not just backup verification.

✔ Defined RTO & RPO

Clear recovery time and recovery point objectives aligned with business risk.

Why This Matters for UAE Businesses

In the UAE, ransomware incidents increasingly intersect with:

  • Data protection obligations

  • Client confidentiality requirements

  • Financial reporting and tax record retention

  • Operational continuity expectations

A failed recovery can quickly escalate from an IT issue to a legal, financial, and reputational crisis.

Final Thoughts

In 2026, ransomware is not a question of if, but when.
The critical question is:

Will your backups actually work when everything else fails?

Businesses that invest in proper backup architecture, recovery testing, and continuity planning will survive ransomware attacks. Those that rely on assumptions will not.

Want to Strengthen Your Backup & Recovery Strategy?

If your organization has not:

  • Tested full data restoration

  • Reviewed backup isolation

  • Assessed ransomware readiness

Now is the time.

A proactive approach costs far less than recovery under attack.

Cyber Security

Cybersecurity Challenges for SMEs in the UAE: Why Small Businesses Are the Prime Target

by with No Comment Cyber Security and Data Safety

Cybersecurity Challenges for SMEs in the UAE: Why Small Businesses Are the Prime Target

Cybersecurity is often perceived as a concern only for large enterprises, banks, or government entities. In reality, small and medium-sized enterprises (SMEs) in the UAE are now the primary targets of cyberattacks. Attackers increasingly view SMEs as easier, faster, and more profitable entry points.

Many UAE SMEs believe they are “too small to be targeted.” This assumption is not only incorrect—it is one of the main reasons cybercriminals succeed.

This article explains why SMEs are prime targets, the most common cybersecurity challenges they face, and what practical steps can reduce risk.

Why Cybercriminals Prefer Targeting SMEs

Cyberattacks today are largely automated and opportunistic. Attackers are not always looking for high-profile victims; they are looking for weak defenses.

SMEs typically have:

  • Limited IT budgets
  • Minimal cybersecurity oversight
  • Overworked staff handling IT informally
  • No dedicated security policies or incident plans

From an attacker’s perspective, SMEs offer high success rates with low effort.

The UAE Context: Digital Growth Without Security Maturity

The UAE has aggressively promoted digital transformation, cloud adoption, remote work, and e-commerce. While this has accelerated business growth, security practices have not always kept pace—especially among SMEs.

Cybersecurity oversight and national awareness initiatives are supported by entities such as the UAE Cybersecurity Council and the Telecommunications and Digital Government Regulatory Authority (TDRA). However, implementation at the SME level remains inconsistent.

The Most Common Cybersecurity Challenges Faced by SMEs

1. Weak or Reused Passwords

Despite awareness campaigns, password hygiene remains one of the biggest vulnerabilities.

Common issues include:

  • Reused passwords across systems
  • Shared logins between employees
  • No multi-factor authentication (MFA)
  • Credentials stored insecurely

Once one account is compromised, attackers often gain access to multiple systems.

2. Phishing and Social Engineering Attacks

Phishing remains the most effective attack method against SMEs.

Attackers exploit:

  • Fake invoices and payment requests
  • Email impersonation of suppliers or management
  • WhatsApp and SMS-based scams
  • Urgent requests that bypass verification

Because SMEs often lack formal verification procedures, employees act quickly—and attackers succeed.

3. Lack of Endpoint Protection

Many SMEs rely solely on basic antivirus software—or none at all.

This exposes them to:

  • Ransomware
  • Spyware and keyloggers
  • Remote access trojans
  • Silent data exfiltration

Endpoints such as laptops and desktops are often the weakest link, especially with remote or hybrid work models.

4. Cloud Misconfigurations

SMEs increasingly use cloud platforms for email, accounting, storage, and CRM. However, cloud security is often misunderstood.

Common mistakes include:

  • Assuming cloud providers handle all security
  • Overly broad access permissions
  • No monitoring of login activity
  • No backup or recovery planning

Cloud services are secure—but only when configured correctly.

5. No Backup or Incident Recovery Plan

One of the most damaging gaps is the absence of proper backups and recovery procedures.

When incidents occur:

  • Businesses do not know what data is affected
  • There is no clean restore point
  • Operations are halted for days or weeks

Ransomware attacks are especially devastating for SMEs without isolated backups.

6. Unpatched Systems and Software

Outdated systems remain a major entry point for attackers.

SMEs often delay updates because:

  • Systems are “working fine”
  • Updates may disrupt operations
  • No one is assigned patch responsibility

Attackers actively scan for known vulnerabilities and exploit them at scale.

The Real Impact of a Cyber Incident on SMEs

Unlike large organizations, SMEs rarely have the resilience to absorb cyber losses.

Consequences often include:

  • Business downtime and lost revenue
  • Loss of customer trust
  • Legal and regulatory exposure
  • Permanent data loss
  • Reputational damage

In many cases, SMEs never fully recover from a major cyber incident.

Compliance Is Becoming a Business Requirement

Cybersecurity is no longer just an IT issue—it is a governance and compliance issue.

SMEs increasingly face:

  • Client cybersecurity questionnaires
  • Contractual security requirements
  • Data protection obligations
  • Audit and assurance expectations

Failing to meet basic security standards can result in lost business opportunities, even without an actual attack.

Why SMEs Delay Cybersecurity Investments

Common reasons include:

  • Viewing cybersecurity as a cost, not protection
  • Overconfidence in “common sense” controls
  • Assuming insurance will cover losses
  • Belief that attacks only affect large firms

Unfortunately, attackers rely on these exact assumptions.

Practical Steps SMEs Can Take to Reduce Risk

Cybersecurity does not require enterprise-level budgets to be effective.

SMEs should focus on:

  • Enforcing strong passwords and MFA
  • Training staff to recognize phishing attempts
  • Deploying basic endpoint security and monitoring
  • Implementing proper cloud backups
  • Restricting system access based on roles
  • Creating a simple incident response plan

Consistency matters more than complexity.

Final Thoughts

SMEs are not targeted despite being small—they are targeted because they are small. Cybercriminals know that smaller businesses often lack the controls, awareness, and recovery capability of larger organizations.

In the UAE’s increasingly digital economy, cybersecurity is no longer optional for SMEs. It is a fundamental requirement for business continuity, compliance, and long-term survival.

Investing in basic cybersecurity controls today is far less costly than responding to a serious incident tomorrow.

VAT Audits

VAT Audits in the UAE: Top Red Flags That Trigger FTA Scrutiny

by with No Comment Tax Agency And Taxation Matters

VAT Audits in the UAE: Top Red Flags That Trigger FTA Scrutiny

VAT audits in the UAE are no longer rare or limited to large corporations. The Federal Tax Authority (FTA) has significantly enhanced its audit capabilities, using data analytics, cross-verification, and third-party information to identify non-compliance.

Many businesses are surprised when they receive an audit notice—not because they intentionally avoided VAT, but because they were unaware that certain practices raise immediate red flags. In most cases, audits are triggered by patterns and inconsistencies, not by random selection.

This article outlines the most common red flags that attract FTA scrutiny and explains why they matter.

How VAT Audits Are Triggered in the UAE

The FTA uses a risk-based audit approach. This means:

  • VAT returns are analyzed electronically
  • Data is compared across multiple sources
  • Inconsistencies are flagged automatically

Triggers may come from VAT returns, customs data, bank records, or even customer and supplier filings.

Top Red Flags That Trigger VAT Audits

1. Frequent VAT Refund Claims

While VAT refunds are allowed, repeated or unusually high refund claims often attract attention.

Common causes include:

  • High zero-rated or export sales without strong documentation
  • Large input VAT claims with limited taxable output
  • Capital asset purchases without corresponding business activity

The FTA typically audits refund claims to verify eligibility and supporting evidence.

2. Mismatch Between VAT Returns and Financial Statements

One of the fastest ways to trigger scrutiny is inconsistency between:

  • VAT returns
  • Accounting records
  • Audited financial statements

Differences in revenue, expenses, or VAT balances raise questions about data integrity and reporting accuracy.

3. Errors in VAT Treatment of Zero-Rated and Exempt Supplies

Many businesses misapply VAT rates—especially for:

  • Exports
  • International services
  • Education and healthcare-related supplies
  • Financial services

Incorrectly treating standard-rated supplies as zero-rated or exempt is a high-risk area that frequently leads to assessments and penalties.

4. Late VAT Registration or Deregistration

Failing to register for VAT on time is a common compliance failure.

Red flags include:

  • Revenue exceeding the mandatory threshold before registration
  • Delayed deregistration despite ceasing taxable activities
  • Inconsistent turnover reporting across periods

Late registration often results in backdated VAT liabilities and penalties.

5. Input VAT Claimed on Non-Recoverable Expenses

Claiming VAT on expenses that are blocked or restricted is another major trigger.

Common examples include:

  • Entertainment and hospitality costs
  • Certain motor vehicle expenses
  • Personal or non-business-related costs

These claims are easily identifiable during audits and often lead to disallowances.

6. Weak or Missing Tax Invoices

FTA audits place strong emphasis on documentation.

Red flags include:

  • Missing tax invoices
  • Invoices that do not meet legal requirements
  • Supplier invoices with incorrect TRNs
  • Credit notes not properly linked to original invoices

Without valid documentation, input VAT claims are usually rejected.

7. Inconsistent VAT Reporting Patterns

Sudden changes in VAT trends often prompt reviews, such as:

  • Sharp drops in output VAT
  • Unexpected increases in input VAT
  • Fluctuating ratios without business justification

While changes may be legitimate, unexplained variations raise compliance concerns.

8. Poor Record-Keeping and Data Availability

During audits, the FTA typically requests:

  • Detailed transaction listings
  • Customs documentation
  • Contracts and agreements
  • Bank statements

Inability to produce records within the required timeframe is itself a red flag and can worsen audit outcomes.

9. Related-Party and Intercompany Transactions

Transactions between related entities are closely examined, particularly when:

  • VAT is not charged where required
  • Supplies are undervalued
  • Documentation is weak or informal

These transactions often attract deeper scrutiny due to higher risk of misclassification.

10. Discrepancies With Customs and Import Data

For trading and e-commerce businesses, VAT audits frequently involve:

  • Reconciliation between import VAT paid and VAT returns
  • HS code mismatches
  • Incorrect valuation of imported goods

Customs data is routinely cross-checked against VAT filings.

What Happens During a VAT Audit

A typical VAT audit may involve:

  • Formal audit notification
  • Detailed data requests
  • Onsite or virtual inspections
  • Clarifications and follow-up questions
  • Tax assessments or penalties (if applicable)

How a business responds during an audit often has as much impact as the underlying issue itself.

How Businesses Can Reduce Audit Risk

While audits cannot always be avoided, risks can be managed.

Best practices include:

  • Regular VAT reconciliations
  • Periodic VAT health checks
  • Proper documentation and record retention
  • Timely registration and filings
  • Professional review of complex transactions

Proactive compliance is significantly less costly than corrective action after an audit.

Final Thoughts

VAT audits in the UAE are becoming more structured, data-driven, and frequent. Most audits are triggered not by deliberate non-compliance, but by avoidable red flags arising from weak controls, poor documentation, or incorrect assumptions.

Understanding what attracts FTA scrutiny allows businesses to address issues early, reduce exposure, and approach audits with confidence rather than concern. In today’s regulatory environment, VAT compliance is not just a filing obligation—it is an ongoing governance responsibility.

UAE CT

UAE Corporate Tax Compliance Challenges in 2026: What Businesses Must Fix Now

by with No Comment Tax Agency And Taxation Matters

UAE Corporate Tax Compliance Challenges in 2026: What Businesses Must Fix Now

As UAE Corporate Tax moves from implementation into enforcement, 2026 marks a critical transition year. The initial phase of awareness and onboarding is over. The focus has shifted firmly toward compliance quality, data accuracy, and audit readiness.

Many businesses successfully registered and filed their first returns, but that does not mean they are compliant. In fact, some of the most serious corporate tax risks only become visible after the first filing cycle, when authorities begin comparing returns, financial statements, and related-party disclosures.

This article highlights the key UAE Corporate Tax compliance challenges businesses will face in 2026—and what must be fixed now to avoid assessments, penalties, and disputes.

Corporate Tax in the UAE Has Entered a New Phase

UAE Corporate Tax is administered by the Federal Tax Authority, and its approach is increasingly data-driven. Registration alone is no longer sufficient. The focus is now on:

  • Substance over form
  • Consistency across filings
  • Documentation and defensibility
  • Alignment between accounting and tax positions

Businesses that treated initial filings as a “trial run” may face difficulties going forward.

The Biggest Corporate Tax Compliance Challenges in 2026

1. Weak Accounting–Tax Alignment

One of the most common issues emerging is misalignment between:

  • Management accounts
  • Audited financial statements
  • Corporate tax computations

Temporary adjustments made “just for tax” without proper accounting support create audit risks. In 2026, tax computations are expected to be fully reconcilable and technically defensible, not spreadsheet-driven summaries.

2. Inadequate Documentation for Tax Positions

Corporate tax is not only about numbers—it is about evidence.

Many businesses:

  • Apply exemptions or reliefs without formal analysis
  • Rely on assumptions rather than documented positions
  • Cannot explain how taxable income was derived

In 2026, unsupported tax positions are likely to be challenged during reviews or audits.

3. Misunderstanding Free Zone Corporate Tax Conditions

Free zone benefits remain one of the most misunderstood areas.

Common issues include:

  • Assuming all free zone income is automatically tax-exempt
  • Failing to segregate qualifying and non-qualifying income
  • Inadequate substance or activity documentation
  • Incorrect treatment of mainland transactions

Free zone entities that do not actively monitor compliance conditions risk losing preferential treatment.

4. Related-Party and Transfer Pricing Gaps

Transfer pricing compliance is emerging as a major enforcement focus.

Many UAE groups:

  • Have related-party transactions but no formal pricing policies
  • Do not maintain benchmarking or comparability analysis
  • Treat intercompany charges informally

In 2026, transfer pricing documentation is no longer optional for qualifying businesses—it is a defensive requirement.

5. Underestimating the Role of Adjustments and Elections

Corporate tax calculations involve multiple elections and adjustments, including:

  • Interest limitation rules
  • Loss utilization
  • Group relief elections
  • Transitional provisions

Incorrect elections—or failure to document why an election was made—can materially impact tax exposure and invite scrutiny.

6. Poor Data Quality and System Readiness

Corporate tax relies heavily on clean, structured financial data.

Challenges include:

  • Inconsistent chart of accounts
  • Manual adjustments outside accounting systems
  • Lack of audit trails
  • Disconnected ERP, accounting, and reporting tools

As filings mature, the FTA will increasingly expect system-level accuracy rather than manual reconciliation.

7. Governance and Accountability Gaps

A critical but often overlooked issue is who owns corporate tax compliance internally.

Common problems:

  • No clear tax owner or responsible officer
  • Over-reliance on external consultants
  • Limited internal review or challenge process
  • Board-level tax oversight missing

In 2026, corporate tax is a governance matter—not just a compliance task.

Penalties and Exposure Are Becoming Real

While early enforcement was measured, penalty risks are increasing.

Non-compliance may result in:

  • Backdated tax assessments
  • Administrative penalties
  • Interest on unpaid tax
  • Increased audit frequency

More importantly, repeated issues can flag a business as high-risk for future scrutiny.

What Businesses Must Fix Now

To prepare for 2026 and beyond, businesses should act immediately on the following:

  • Perform a corporate tax health check
  • Align accounting policies with tax treatment
  • Document all major tax positions and assumptions
  • Review free zone and related-party compliance
  • Strengthen data quality and reporting systems
  • Assign clear internal responsibility for tax governance

Proactive remediation is significantly less costly than corrective action during an audit.

Corporate Tax Is Now a Continuous Process

Unlike transactional taxes, corporate tax is not a once-a-year filing exercise. It affects:

  • Business structuring
  • Pricing and contracts
  • Financing decisions
  • Group arrangements

Treating corporate tax as a periodic compliance task is one of the biggest risks businesses face in 2026.

Final Thoughts

UAE Corporate Tax compliance is entering a phase of maturity. Businesses that invested time only in registration and initial filing are now exposed. Those that build structured processes, documentation, and governance will be better positioned to manage audits, avoid disputes, and plan strategically.

2026 is not the year to “wait and see.” It is the year to fix gaps, strengthen controls, and treat corporate tax as a core business function—before enforcement does it for you.