Published on: 2023-09-04
Italy was one of the first EU member states to introduce remote gambling comprehensively in 2006 with Decree Law no. 223/2006 converted into Law no. 248/2006. It was however only with Law no.88/2009, which established the general conditions to obtain a remote gambling licence.
eCOGRA provide a full remote scope testing, inspection and certification solution for the Italian jurisdiction. The Italy online gambling market is lucrative for the iGaming industry, however, to successfully navigate the regulatory landscape, it is important to work with a testing agency who are well versed in the nuances of the licensing and certification requirements.
In this blog our in-house expert team provide an overview of regulatory requirements, details on licensing, certification and game testing elements.
Note: This blog is for informational purposes only and the reader should seek professional legal advice around licensing aspects.
Overview of Regulatory Requirements
In Italy, remote gaming certification involves obtaining a license to operate legally within the country. The regulatory requirements for remote gambling certification in the Italy online gambling market are governed by the Italian regulatory body known as “Agenzia delle Dogane e dei Monopoli” (ADM), the Authority of Customs and Monopolies.
The ADM is amongst other things, responsible for:
- Controlling and regulating the gambling industry.
- Issuing gambling licences, and checking and supervising due performance and compliance by the gambling sphere in Italy.
- Monitoring the offer of gambling services to ensure the fairness and safety of operations.
- Collecting gambling taxes.
- Tackling illegal gambling activities that are not regulated.
The regulatory framework aims to ensure fair play, consumer protection, and prevent issues like money laundering and underage gambling. Here is a general overview of the key steps and requirements for remote gambling certification in the Italy online gambling market:
- License Types: The ADM offers different types of licenses for various forms of online gambling activities, including sports betting, casino games, poker, and more. Operators need to apply for the specific license that matches their intended offerings.
- Corporate Requirements: The applying company needs to be registered and incorporated in a European Union (EU) member state or within the European Economic Area (EEA).
- Financial Requirements: Operators must demonstrate financial stability and meet minimum capital requirements. This is to ensure that the operator can cover potential winnings and operational costs.
- Technical Requirements: Online platforms and software must meet specific technical standards to ensure fairness, security, and player protection. This includes measures to prevent cheating, fraud, and unauthorised access.
- Player Protection: Operators must implement measures to prevent underage gambling and promote responsible gaming. This can include features like self-exclusion options, spending limits, and access to problem gambling resources.
- Anti-Money Laundering (AML) and Know Your Customer (KYC): Operators are required to have robust AML and KYC procedures in place to prevent money laundering and verify the identity of their players.
- Taxation: Italy has a taxation system for Online operators that varies depending on the type of game being offered.
- Advertising and Marketing: There are regulations surrounding the advertising and promotion of Online services. These rules aim to prevent aggressive or misleading advertising and to protect vulnerable individuals from excessive exposure to gambling content.
- Data Protection: Online operators must comply with European data protection regulations (GDPR) when handling players’ personal and financial information.
- Application Process: The application process involves submitting detailed documentation about the company, its owners, financials, technical specifications, and more. The ADM reviews the application and conducts background checks.
- Testing and Certification: Operators need to have their Online systems and software certified by approved testing labs to ensure compliance with technical and regulatory standards.
Licensing
There are different types of licenses relevant to online gambling in the Italian market:
- Skill games, games of chance with fixed-odds and card games in non-tournament mode with remote participation:
- Games of chance with fixed-odds such as slots, roulette, casino games
- Card games in non-tournament mode with remote participation such as single player poker against the house
- Fixed odds betting :
- Sports and horserace betting
- Pool betting
- Virtual and live betting
Important Facts to Know About Licensing in the Italian Market
Online Gambling in Italy is locally licensed for online betting, horse racing betting, casino games and poker with lottery being a private monopoly.
Gaming Machines, Betting and Racing are regulated with local licensing being required with Racing having aspects of private monopoly.
In some cases, companies must obtain a certain amount of capital to be eligible for a license. Additionally, different countries have different taxation policies for iGaming operators, so it is important to research before launching an iGaming business.
Operators do not need to establish a company in the Italian Jurisdiction, however, the operator needs to be incorporated in any of the EEA states.
Gambling servers are obliged to be located within an EEA jurisdiction.
Players must be 18 years or older to partake in gambling services.
Licensing Authorisation
In order to request the authorisation to offer the games in Italy, the licensee is required to submit to ADM the relevant request, together with the platform design and game, as well as the related certification issued by a testing house.
- This certification must be requested directly by the licensee who must contact a testing house.
- The gaming platform to be submitted for certification must be accompanied by a game application on which to perform tests.
- The testing house will then provide the licensee with the report containing the results of the compliance review performed.
Required Game Testing Aspects
Which online game types can be certified for the Italy online gambling market?
- Casino Games
- Slots
- Roulette
- Dice Games
- Live Dealer
- Skill Games
- Games with fixed odds
- Card games in non-tournament mode
- Sports bets
- Bingo
- Betting Exchanges
- Fixed odd betting
What services do eCOGRA provide for the Italian Jurisdiction?
- Core Games Testing
- Integration Testing
- Platform Functionality
- Games RTP Verification
- Change Management
- Information Security Management System (ISMS)
- Cyber Security Review / Vulnerability and Penetration Testing
- Live Dealer Studio
Core Game Testing
Core game certification is conducted after the game has been developed and submitted to a test house by the software provider. The purpose of core game testing is to ensure that the game:
- Meets all of the requirements of the regulated market
- Operates according to the rules of the game
- Ensure that the game operates according to the game math
- Has no other issues affecting it’s performance
Games Testing Aspects Specific to Italy
- Free Spins and Bonus Features are allowed in the Italian market.
- Autoplay is allowed in the Italian Market.
- Italy has specific RTP criteria for different game types:
- Games of chance with fixed-odds and card games in non-tournament mode –
- RTP of at least 90%
- Games of chance with fixed-odds and card games in non-tournament mode –
Only the Theoretical RTP is found in the game certificate.
Integration Testing
Once a game has undergone core certification, integration testing is required before the ADM approves the game for go-live. In the Italian online market, where regulations are stringent to ensure fair play and player protection, integration testing plays a vital role in ensuring compliance and preventing issues that could lead to legal or operational problems. Here’s how integration testing works and why it’s important:
- Component Interaction: An Online platform consists of various components, such as the user interface, the backend server, the payment gateway, the game engine, the database, and more. Integration testing involves testing how these components interact and exchange data.
- Data Flow and Integrity: Integration testing verifies the flow of data between different parts of the system. This includes ensuring that player data, financial transactions, game outcomes, and other critical information are accurately transmitted and stored.
- Regulatory Compliance: The Italian online market has specific regulations that platforms must adhere to. Integration testing ensures that the platform’s features, such as age verification, responsible gambling tools, and anti-money laundering measures, are working correctly and in accordance with the regulations.
- User Experience: Players expect a seamless and enjoyable experience when using an Online platform. Integration testing helps identify any glitches, slowdowns, or errors that could disrupt the user experience.
- Game Integrity: For online casinos and betting platforms, integration testing is crucial to verify that the games and betting systems produce fair and random results. This is especially important in ensuring compliance with Italian regulations that require fair play.
- Payment Processing: Payment transactions, deposits, withdrawals, and account balances are integral to Online. Integration testing ensures that these processes work reliably and securely, preventing any financial errors or discrepancies.
- Third-Party Integration: Online platforms often integrate with third-party services, such as payment processors and game providers. Integration testing confirms that these integrations are functioning correctly and do not compromise the platform’s integrity.
- Mobile and Web Platforms: Many Online platforms offer both web and mobile versions. Integration testing ensures that the user experience and functionality are consistent across different platforms and devices.
- Security: Integration testing helps uncover security vulnerabilities and potential points of unauthorised access or data breaches.
- Scalability: As Online platforms grow, they need to handle increasing traffic and user load. Integration testing assesses how well the platform scales under various conditions.
Games RTP Verification
RTP Games certification must be done bi-annually for the Italian jurisdiction. During these audits, the testing agency is required to recalculate the monthly RTP% for the operator, per game for the previous 12 months, and provide a report for all cases where a significant discrepancy is identified to the theoretical RTP%.
According to Italian regulations, the percentage for each game must meet the following minimum requirements:
- For skill games and tournament card games, it must be at least 80 percent of the total net amount collected from the jackpot.
- For fixed-odd games, the total RTP (including the RTP of the second phase of the games) must be at least 90 percent of the total net amount collected from the jackpot.
- For card games played between players, other than a tournament, the RTP must be at least 90 percent of the total net amount collected from the jackpot.
- For card games played by single players, the RTP must be at least 90 percent of the total net amount collected from the jackpot.
- For bingo, the RTP must be at least 70 percent of the amount collected from the jackpot.
Change Management
When it comes to Change Management in the Italian market there is a distinction between changes to Platforms and Games.
For Platform modification and addition the operator is required to provide a detailed description of the software changes and modules that are affected, from both a functional and source code perspective. Where applicable, updated gaming platform functional specification documents must be submitted. This has to be done when:
- Modifications to the gaming platform which are incompatible with what is set out in the platform project
- Modifications to hardware and/or software components relating to the RNG and to any software involved in the generation of symbols and game combinations
For Game modification the operator is required to provide a detailed description of the software changes and modules that are affected, from both a functional and source code perspective. Where applicable, updated game presentation documents must be submitted.
Information Security Management System, Cyber Security Review / Vulnerability and Penetration Testing
An Information Security Management System and Cyber Security Reviews involves a comprehensive assessment of the information technology infrastructure, systems, and processes employed by Online operators to ensure the security and integrity of their online gambling services. Given the sensitive nature of player data, financial transactions, and the potential for cyber threats, IT security is of paramount importance in the Online industry.
Here’s an overview of how a cyber security review is conducted in relation to iGaming in the Italian jurisdiction:
1. Scope and Objectives:
Define the scope of the cyber security review, including the systems, applications, networks, and processes that will be evaluated.
Establish the objectives of the review, which could include identifying vulnerabilities, assessing compliance with regulatory requirements, and ensuring the protection of player data.
2. Vulnerability Assessment:
Identify potential vulnerabilities in the IT infrastructure, such as weak points in networks, servers, databases, and applications.
Conduct penetration testing to simulate cyberattacks and assess the effectiveness of existing security measures in detecting and preventing unauthorised access.
3. Data Protection and Privacy:
Evaluate compliance with data protection regulations, including the General Data Protection Regulation (GDPR) in the European Union.
Assess how player data is collected, stored, processed, and protected, ensuring that proper consent mechanisms are in place.
4. Network Security:
Review the architecture and configuration of network devices, firewalls, and intrusion detection/prevention systems.
Verify that the network is properly segmented to prevent unauthorised access and data breaches.
5. Application Security:
Assess the security of web and mobile applications used for online gambling, including verifying secure coding practices, input validation, and protection against common vulnerabilities like SQL injection and cross-site scripting.
6. Authentication and Access Control:
Evaluate the mechanisms used for player authentication, ensuring strong and secure methods are in place.
Review access control mechanisms to prevent unauthorised personnel from accessing sensitive systems and data.
7. Incident Response and Disaster Recovery:
Review the plans and procedures in place to respond to security incidents, breaches, and cyberattacks.
Assess the effectiveness of disaster recovery plans to ensure business continuity in case of disruptions.
8. Compliance with Regulations:
Ensure that the IT security measures align with the regulatory requirements set by the Italian gaming authority, Agenzia delle Dogane e dei Monopoli (ADM).
Evaluate how IT security contributes to responsible gambling practices and anti-money laundering measures.
9. Employee Training and Awareness:
Assess the level of training and awareness among employees regarding IT security best practices and the importance of safeguarding player data.
10. IT Policies and Procedures:
Review the organisation’s IT security policies and procedures to ensure they are comprehensive, up-to-date, and effectively communicated to employees.
11. Reporting:
Provide a detailed report of the IT security review findings, including identified vulnerabilities, areas of concern, and areas for improvements.
In the Italian Online jurisdiction, conducting regular and thorough IT security reviews is not only a regulatory requirement but also a critical measure to protect the reputation of operators and maintain player trust. Collaborating with experienced IT security professionals or specialised firms is crucial to ensure a comprehensive and accurate assessment of security measures within the Online environment.
Live Dealer Studio
Live dealer studio testing in the context of the Italian Online market involves evaluating and certifying the live casino games that are offered to players. These games are hosted by real dealers in a studio setting and streamed to players’ devices, providing an immersive and interactive gambling experience. To ensure fair play, compliance with regulations, and the integrity of these games, live dealer studio testing is a crucial step.
This is an overview of how live dealer studio testing works in relation to the Italian market:
Game Fairness and Randomness:
Testing agencies assess the fairness and randomness of the live dealer games. This involves verifying that the outcomes of games, such as card shuffling or roulette spins, are genuinely random and not manipulated in favour of the operator or players.
Independent testing labs use advanced statistical methods and algorithms to analyse large sets of game data and ensure that the games meet the required standards for randomness.
Technical Infrastructure:
The technical aspects of the live dealer studio are examined to ensure the reliability and security of the streaming, communication, and data handling processes.
Testing covers the equipment used in the studio, including cameras, audio systems, streaming technology, and the software that manages the games.
Interaction and Communication:
Live dealer games rely on real-time interaction between players and dealers. Testing ensures that there are no delays, interruptions, or technical glitches that could disrupt the flow of the game.
The quality of audio and video streams, as well as the chat functionality, is assessed to guarantee smooth communication between players and dealers.
Regulatory Compliance:
Live dealer studio testing ensures that the games adhere to the specific regulations set by the Italian gaming authority, Agenzia delle Dogane e dei Monopoli (ADM). This includes requirements related to game fairness, responsible gambling, anti-money laundering measures, and more.
Game Integrity:
Testing agencies verify that the games are conducted honestly and transparently. This involves ensuring that dealers follow the established rules of the games and that no unauthorised access or cheating occurs.
Data Security and Privacy:
As live dealer games involve the exchange of sensitive player data, testing assesses the security measures in place to protect player information and transactions.
Studio Environment:
The physical studio where the live dealer games are hosted is evaluated for its security, professionalism, and compliance with regulatory standards.
Compliance Reporting:
After thorough testing, a detailed compliance report is generated. This report outlines the testing procedures, methodologies, findings, and whether the live dealer studio meets the required standards.
Conclusion
Italy’s current position regarding online gambling is that offering certain gambling opportunities is allowed, but only by companies that obtain an Italian license. Italy has arguably one of the largest gambling catalogues for remote gambling activities in Europe, and so is a valuable market for the online gambling industry, however it is important to work with an experienced test lab to ensure compliance with regulatory requirements.