The Danish Gambling Authority (DGA) has updated the certification programme for betting and online casino because of the introduction of supplier licences from January 1, 2025.

Interested parties can comment on the update. Comments must be sent to the DGA no later than August 19, 2024. Comments must be submitted by using the contact form.

The updated certification programme for betting and online casino will come into force on January 1, 2025. From July1, 2025, it is mandatory to use the new certification programme, but it is recommended that game suppliers and game operators adopt the updated certification programme as soon as possible.

Later this year the Danish Gambling Authority will issue updated standard reports along with the final version of the certification programme.

CHANGES

The purpose with the update is to make it more clear, which requirements licence holders and game suppliers respectively shall comply with looking forward. Furthermore, it is a part of the preparation for the introduction of the DGA’s games register, which will handle RNG- and game certificates.

Several linguistic adjustments have been made throughout the documents. In addition, the following significant changes and additions should be mentioned:

• In SCP.00 ‘General requirements’ the following new definitions have been added: ‘Licence holder’, ‘game supplier’, ‘base platform’, ‘game platform’ and ‘game certificate’. Furthermore, the definition ‘Testing’ has been renamed to ‘Test’ and rephrased, and the definitions ‘inspection’ and ‘gambling system’ have been rephrased.
• Looking forward licence holders and game suppliers are responsible for their own certification. This means that each actor is responsible for having certifications done and reported to the DGA. The licence holder’s former obligation to compile reports from game suppliers has been removed, because looking forward game suppliers will have their own licence and responsibility. Licence holders must still be aware of suppliers of their base platform.
• A general change has been made to the role as supervisor, who is amongst other responsible for signing the standard reports. Looking forward the requirements for a supervisor is based on requirements for a supervisor in e.g., ISO, PCI, or CREST (see section 2.3 in SCP.00).
• Looking forward the deadline for submitting standard reports is 1 month across all documents. Today the deadline is 2 months in several certification areas. This change is made because the licence holder’s obligation for compilation of reports from supplier licences has been removed, which the DGA considers will make the documentation and reporting of the certification process less complex and time consuming.
• The testing- and inspection standards are omitted, and the following new documents are added:

1. 01 ‘Requirements for RNG’ is based on requirements from the previous testing standards, but looking forward the document only contains requirements for RNG. The rest of the requirements from the testing standards are moved to SCP.07.01-03 ‘Requirements for games’, which are 3 new documents, which only contains requirements for games. See further information below.
2. 02 ‘Requirements for base platform’ is based on requirements from the previous inspection standards, but looking forward the document only contains requirements for the base platform, which primarily covers handling of the player account. The rest of the requirements from the inspection standards are moved to SCP.07.01-03 ‘Requirements for games’. It is only the licence holder who shall be certified in accordance with the requirements in SCP.02.
3. 07 ‘Requirements for games’ are based on requirements from the previous testing- and inspection standards, but only contain requirements for games – online betting (SCP.07.01), land-based betting (SCP.07.02) and online casino (SCP.07.03) respectively. Games suppliers shall be certified in accordance with requirements in these documents. If a licence holder produces games for their own game offer, then the licence holder is also obligated to be certified in accordance with these requirements.

• According to SCP.01 ‘Requirements for RNG’ it is possible to postpone the certification up to 1 month. This option is also added to the new documents SCP.07 ‘Requirements for games’. RNG- and game certificates shall be uploaded to the games register 1 month at the latest after the test- and inspection have been completed. Postponing the certification means, that the certification can be completed 1 month later, but the certificate shall still be uploaded to the games register within the same deadline.
• In SCP.04 ‘Requirements for penetration testing’ CREST accreditation is added as a recognized accreditation for companies, who perform penetration testing (see section 2.2.1).
• In SCP.05 ‘Requirements for vulnerability scanning’ CREST accreditation is added as a recognized accreditation for companies, who perform vulnerability scans (see section 2.2.1). Furthermore, CREST CPSA and CRT certifications are added as recognized personal certifications for personnel, who plans vulnerability scans (see section 2.2.2).
• In SCP.06 ‘Change management system’ section 4.3 about the process for approval of system changes has been changed. Since game suppliers will have their own licence looking forward, and thereby have the responsibility for their certifications themselves, they shall no longer seek approval from the licence holder ahead of making a system change. The game supplier must still be aware of situations, where it can be necessary to involve the licence holder and vice versa.
• In SCP.06 ‘Change management programme’ a new section with a requirement about system changes, which include integration between the base- and game platform, has been added. The requirement means, that the licence holder and game supplier shall establish a business process which ensures, that the base- and game platform functions correctly after integration. The DGA do not think, that this requirement will entail further burdens on the licence holder and game supplier, since it must be expected that measures have already been taken today to ensure, that the gambling system functions correctly. The business process shall be approved by the testing organisation in connection with the annual certification of SCP.06.

The DGA draws attention to, that a consequence of the update is, that the certification programme for betting and online casino no longer has the same structure as the certification programme for lotteries and land-based casino.