Date: 20.01.2025

by Tomasz Jagodziński

Denmark Implements New Certification Programme for iGaming Industry

The Danish Gambling Authority (DGA) has introduced an updated certification programme for betting and online casino operations, marking important changes in compliance for licence holders and game suppliers. The updated regulations took effect on January 1, 2025, with a six-month transition period before becoming mandatory on July 1, 2025.

Purpose and Key Changes in the Certification Programme

The revised programme aims to clarify the responsibilities of licence holders and game suppliers, introducing distinct obligations for each. A pivotal change is the shift of certification responsibilities directly to game suppliers. Previously, licence holders were tasked with compiling certification reports from their game suppliers. However, starting January 1, 2025, each party must manage and submit their own certifications to the DGA, streamlining accountability.

To ensure clarity and compliance, certification reports must now be issued in the name of the relevant licence holder or game supplier. If certification work involves multiple entities—such as two game suppliers or a game supplier and a licence holder—separate reports are required for each entity. This adjustment emphasizes the independent responsibilities of all parties in maintaining compliance with DGA standards.

Updated Documentation Structure

The certification programme introduces three versions of requirements tailored to specific segments of the industry:

  • Online Betting
  • Land-Based Betting
  • Online Casino

Each category has distinct documentation and certification processes. New documents such as SCP.01.00 (‘Requirements for RNG’), SCP.02.00 (‘Requirements for Base Platform’), and SCP.07.01-03 (‘Requirements for Games’) delineate requirements for random number generators, base platforms, and games across various formats.

Additionally, the definition section in SCP.00.00 has been expanded to include terms such as ‘game certificate’ and ‘base platform.’ This restructured approach aims to enhance precision and ease of understanding for stakeholders.

Specific Updates in Testing and Security Standards

Key updates include:

  • Penetration Testing: Personnel conducting penetration tests must meet stricter qualifications, with recognized certifications like CREST accreditation becoming mandatory for testing organizations.
  • Vulnerability Scanning: CREST CPSA and CRT certifications are now required for personnel planning vulnerability scans.
  • Change Management System: Game suppliers no longer need prior approval from licence holders for system changes but must ensure proper integration between base and game platforms. The revised requirements aim to minimize additional burdens by formalizing existing practices.

The six-month transition period allows stakeholders to adapt to the updated programme, with both old and new certification frameworks permitted until July 1, 2025. After this date, adherence to the new certification programme becomes mandatory for all operators.