The Malta Gaming Authority has printed the end result of a sector-wide supervisory evaluation centered on how on-line B2C operators implement self-exclusion and accountable playing measures in Malta. The train assessed whether or not safeguards function successfully in observe and clarified regulatory expectations regarding participant safety.
Authorities initiated the evaluation through the first half of 2025 following complaints that some gamers who had self-excluded had been nonetheless capable of entry different manufacturers working underneath the identical licence. The evaluation lined 20 licensees and 58 lively URLs, with investigators conducting thriller procuring to check real-world performance of controls quite than relying solely on documented insurance policies.
Evaluation Scope and Common Compliance
The regulator examined how operators utilized self-exclusion throughout manufacturers, how techniques responded to duplicate or related id particulars, and whether or not accountable playing data was clearly introduced at key levels of play. Investigators created accounts throughout three manufacturers per licensee to judge whether or not exclusions had been enforced persistently and whether or not controls could possibly be bypassed.
In response to the Authority, general compliance ranges had been broadly optimistic. Most licensees demonstrated practices aligned with regulatory requirements. Nevertheless, numerous operators had been discovered to fall quick in particular areas, prompting corrective motion necessities.
The regulator said that the evaluation “sought to determine any systemic weaknesses and make clear regulatory expectations referring to participant safety, highlighting areas performing nicely in addition to alternatives for licensees to strengthen their practices.” The findings reaffirmed the Authority’s dedication to safeguarding gamers and sustaining integrity within the on-line gaming sector, whereas figuring out sensible enhancements that operators should implement.
Self-Exclusion Delays and Cross-Model Weaknesses
One of many central points involved delays in activating self-exclusion requests. Two licensees didn’t shut accounts inside 24 hours when gamers submitted requests by electronic mail, whereas one other required id verification earlier than implementing the exclusion. The Authority reiterated that self-exclusion should take impact instantly and said that no extra necessities, together with KYC checks, might delay implementation. It doesn’t regard any interval exceeding 24 hours as compliant.
Investigators additionally recognized a case the place an operator revoked a self-exclusion with out making use of the required cooling-off interval. Laws mandate a minimal 24-hour delay earlier than lowering or lifting a particular exclusion and 7 days for an indefinite one. The regulator expects automated safeguards that stop instant reinstatement, no matter communications between operator and participant.
Cross-brand enforcement introduced additional challenges. Three licensees allowed a self-excluded particular person to register, deposit, and play on one other model underneath the identical licence through the use of related private data. The Authority expects techniques able to detecting an identical or materially related knowledge, together with identify, date of delivery, electronic mail deal with, IP deal with, or cost particulars. When indicators of drawback playing exist, exclusions should prolong throughout all manufacturers held underneath the identical licence.
Centralised exclusion databases and real-time knowledge matching instruments had been recognized as efficient approaches to strengthen controls. The findings highlighted the necessity for operators to boost detection techniques to make sure that participant safety mechanisms function persistently throughout company constructions.
Restrict-Setting and Actuality Verify Gaps
The evaluation additionally recognized shortcomings within the presentation of accountable playing instruments throughout account registration and gameplay. 4 licensees did not immediate gamers to set playing limits both throughout registration or earlier than their first deposit. Laws require operators to supply limit-setting instruments on the outset and be sure that they continue to be readily accessible. The Authority requires proactive prompts and instant enforcement as soon as limits are set.
Actuality Verify performance confirmed weaknesses at six licensees. Session pop-ups lacked necessary data in sure instances. Regulatory requirements require these alerts to droop gameplay and show time spent, quantities wagered, winnings, and losses. Timers should proceed throughout video games, and any exclusion of auto-play exercise from time calculations should be optionally available quite than mechanically utilized.
The regulator confirmed that it communicated its findings to the affected operators and required rectification plans. Supervisory follow-up will proceed, and enforcement measures might escalate the place needed. The evaluation types a part of a broader risk-based oversight technique designed to advertise constant requirements throughout the sector.
Via the accompanying steerage doc, the Authority inspired all licensees to attract on the evaluation’s findings to bolster inside procedures, strengthen accountable playing controls, and help a safer on-line gaming setting.
