The Danish Gambling Authority (DGA), Spillemyndigheden, has amended certification requirements for land-based gaming, online betting, and online casino verticals, and has begun a consultation process with operators.
Because it prevented certification work according to the certification programme, the requirement that incumbents have three years of experience within a testing organisation was abolished.
Operators must also undergo a PCI-approved vulnerability scan to get a gaming licence, which must be repeated every three months. Only if the method is done in accordance with the required requirements can it be regarded a genuine quarterly vulnerability scan.
In addition, as a result of the upgrade, testing organisations in the Danish industry will no longer require ISO accreditation to do vulnerability checks and penetration testing, albeit firms must maintain their status as an Approved Scanning Vendor in compliance with PCI DSS.
The DGA also stated that the update is expected to be completed in 2022, though no particular deadline has been set.
When the revisions go into effect, they will be accompanied by an updated standard report, as well as many linguistic tweaks and changes to the guide materials.
On its website the regulator detailed: “Looking forward, the description of situations, where the DGA needs to give a prior approval of new and changed games, will only appear from the DGA’s technical requirements for online casino and betting, and not in the certification programme
“A new version of the technical requirements will be issued along with the updated certification programme. The prior approval ensures that the licence holder can report correct and sufficient game data.
“New games, which do not fit in the existing data reporting requirements, can give rise to extensive system development on the DGA’s side, which is why information must be given to the DGA in plenty of time before launching the game.”
The DGA stated in its consultation on the regulatory update that “interested parties are welcome to comment on the update before the final version is issued,” with the deadline for comments set for August 31, 2021.