The UAE's Personal Data Protection Law (PDPL) passed in 2021.
Any internet service that is used by UAE residents has to store data domestically within UAE borders.
Assuming zero days are being used to enable mass surveillance is much more conspiratorially minded - once a zero day is used, it's often detected within days and patched.
But wait, you sourced the trivial part of your claim (a law exists), but not that WhatsApp breaks E2E. The encryption part is the important part, right?
I'm no expert in the UAEs data protection law, but I did not immediately find any reference for a mandate for government backdoor access to encrypted content.
Also: compromising endpoints obviously does not require zero-day exploits. Otherwise, I'd assume, the services of the surveillance industry (Pegasus, Cellebrite, etc.) would be far more expensive.
There is probably no large conspiracy where Meta breaks E2E for a government and nobody involved ever leaks it. The more traditional threat is probably service blocking where users get pushed to less secure alternatives that the government can more easily monitor, like Russias new government messenger.
The UAE's Personal Data Protection Law (PDPL) passed in 2021.
Any internet service that is used by UAE residents has to store data domestically within UAE borders.
Assuming zero days are being used to enable mass surveillance is much more conspiratorially minded - once a zero day is used, it's often detected within days and patched.