WinUpGo
Demo gamesTOP Casino
TOP CasinoSOFT CasinoWorld CasinoTelegram CasinoBOT CasinoSports CasinoHot Topics
SOFT CasinoWorld CasinoTelegram CasinoBOT CasinoSports CasinoHot Topics
Search
WinUpGo Wiki - encyclopedia of online casinos, slots and iGaming industry WUG WIKI
No deposit bonuses Bonuses
Slot machine providers Providers
Slot machines Top slots
CASWINO
SKYSLOTS
BRAMA
TETHERPAY
777 FREE SPINS + 300%
Personal account Office
Community Chat Australian Pokies
Live chat Chat
Online support Customer support
Cryptocurrency casino Crypto Casino Torrent Gear is your all-purpose torrent search! Torrent Gear

Increased control over licensing

After the "regulatory maturation" of the 2020s, Bulgaria switched to a licensing model through data: not only "who you are and where you are registered," but also how the processes are arranged - from anti-fraud and KYC/AML to telemetry of bets, logging bonuses and transparent advertising. Control affects not only B2C operators, but also B2B providers (platforms, studios, PSP, live studios), as well as affiliates.

1) What exactly strengthened

Applicants' due diligence. Beneficiaries, sources of capital, absence of sanction risks, register of related parties.

Technical circuit. Mandatory certification of RNG/games, version control, logs of game events and payments, change log.

KYC/AML. Multi-level identification, SoF/SoW at threshold amounts, transaction monitoring and suspicious transaction reports.

Real-time reporting. Transfer of aggregated metrics (bets, wins, bonuses, cancellations) and incidents.

Advertising and affiliates. Hard marking 18 +, prohibition of "fast money," responsibility for partner traffic.

Anti-gray outline. Blocking domains/payments, sanctions for promoting unlicensed operators.

2) License lifecycle: from application to renewal

1. Pre-screening. Set of constituent documents, ownership structure, financial plan, list of suppliers (platform, PSP, content).

2. Tehaudit. Laboratory certificates, infrastructure scheme (DC/cloud), SLA, fault tolerance plan and DR plan, security (WAF, keys, encryption).

3. Compliance package. KYC/AML policies, RG procedures (limits, timeout, self-exclusion), incident regulations, white-/black-lists.

4. Pilot/dry launch. Test reports, checking logs and correctness of calculations (payout, jackpots, bonus contribution).

5. License issuance. With reporting conditions, advertising restrictions, a list of approved providers.

6. Supervision and renewal. Quarterly/annual reports, spot inspections, re-cert games/studios, proof of financial sustainability.

3) Data and logging requirements

Game events: bet → calculation → payment, checksums, ID of sessions and devices, linking to an account.

Bonuses: accrual, vager, games contribution, cancellations/expirations, fairness journal.

Payments: deposit/withdrawal, PSP routes, commissions, velocity limits, fraud triggers.

RG metrics: limits, pauses, self-exclusion, behavioral risk triggers, and measures taken.

Retention/access: retention period, reservation, employee access audit (RBAC), export at regulator's request.

4) KYC/AML: "know your customer" as product standard

KYC-stages: basic verification at the input, extended at thresholds, re-KYC by risk events.

Liveness + document. Camera/biometrics, MRZ/visual zone verification, selfie and document matching.

SoF/SoW by risk. Earnings, business income, sale of assets - supporting documents for VIP/abnormal patterns.

Transactional monitoring: threshold events, deposit chains, card/device duplication, alerts and case management.

5) Technical certification and safety

RNG/game math: certified versions, hash sum control, deploy procedure.

Live studios: cameras, anti-interference, crash log, backup scripts.

InfoBase: data/channel encryption, KMS, key rotation, secret management, penetration tests, patch policy.

Observability: rate confirmation P95, feed delay, coupon error-rate, market freezing monitoring.

6) Advertising, affiliates and liability

Creatives: prohibition of hyperbole ("easy money"), visible 18 +, RG disclaimers, no appeals to minors.

Media chain: contracts with affiliates, white lists, prohibition of "gray" redirects, domain/landing log.

Sports sponsorship: labeling, age filters, compliance with time slots, transparent promo conditions.

Sanctions: warnings → fines → suspension of advertising/license in case of repeated violations.

7) Anti-gray contour and payment filters

Domain block lists: regular updates, fast execution by communication providers.

Payment locks: prohibition of acquiring/transfers to unlicensed operators, PSP alerts.

Media sanctions: fines for promoting "gray" brands, responsibility of nets/influencers.

8) What has changed for B2B providers

Content licensing/approval. Register of games/versions, regular re-cert, journal of mathematics changes.

RGS/aggregation: availability SLA, failover plan, protection against interventions.

Payment providers: onboarding with KYC, credit risk and operational stability, route reporting.

9) Practical checklist of the applicant (operator)

1. Beneficiaries and capital: transparent structure, KYC for all key persons.

2. Policies and procedures: KYC/AML, RG, advertising, incidents, DR plan - approved and implemented.

3. Technical dossier: architecture, RNG/live certificates, pentest reports, metric monitoring.

4. Reporting: download templates, API/data transfer channel, checksums.

5. Suppliers: confirmation letters from the platform/PSP/studios, a list of game versions.

6. Pilot: Test reports, payout/bonus reconciliation, incident log and handling.

7. Marketing: creatives with labeling, contracts with affiliates, white-list domains.

10) Frequent errors of applicants

Incomplete disclosure of beneficiaries or delayed updates.

Lack of a single "version register" of games and control hashes.

Crude KYC processes (no liveness, weak SoF).

"Small print" in bonus terms, the non-obvious contribution of games to the game.

There are no data access logs and RBAC by employee role.

Weak DR/BCP and incident management documentation.

11) For current licensees: how to prepare for inspections

Internal pre-audit once a quarter: KYC sampling, AML cases, sampling for bonuses and payment failures.

Re-cert games/studios on schedule, checksum comparison.

RG reporting: share of players with limits, active timeouts/self-exclusions, average support response time.

Access logs: who and when saw personal/payment data; RBAC test.

Incidents: Period list, how notified, how corrected, how prevented replay.

12) Social effect and balance of interests

Players: safe product, fast and honest payments, understandable terms, self-control tools.

State: projected tax revenues, protection of vulnerable groups, "whitewashing" the market.

Industry: fair competition, lower reputational risks, access to partnerships with media and sports.

13) Horizon 2025-2030: What's likely

More telemetry. Transition to almost real time reporting, risk-based checks on data signals.

UX-RG standards. Pre-configured "soft limits," uniform warning patterns, personal "pauses of care."

Supplier chain certification. Not only games and platform, but also anti-fraud/onboarding providers under uniform criteria.

Instant payouts 2. 0. Wallet-to-wallet with full KYC, with logging and automatic compliance checking.

Unified Register of Affiliates. Transparency of traffic sources and responsibility for creatives.

14) FAQ

Is it possible to "get by" with minimal KYC? No: for licensed operators, this is a violation and the risk of losing their license.

Do you need re-cert games? Yes: with updates, changes in mathematics and on the regulator schedule.

Who is responsible for the creativity of the affiliate? Brand operator - jointly: you need a contract, guidelines and placement control.

What is more important - technique or processes? Both blocks: without logs and procedures, even the "ideal" platform will not pass the audit.

How often are checks? Planned (annually/quarterly) and selectively by signals (complaint, data anomaly).

Increasing control over licensing in Bulgaria is a course towards transparency, observability and responsibility. Operators who build data and processes in advance win: content certification, mature KYC/AML, honest advertising, sustainable payouts and "default" RG. This architecture reduces risks for players and the state and gives the industry a predictable basis for growth until 2030.

× Search by games
Enter at least 3 characters to start the search.