EU REGULATION
operators are working with the same underlying concepts, divergence would narrow automatically, even if national implementation, risk thresholds and gambling policy may still differ. A concrete example within the gambling context already exists in Germany, namely TÜV certification scheme “Geprüfte Qualität in Spielhallen” (“Tested quality in gaming arcades”), under which specialized, accredited audit organisations assess compliance with defined standards on player protection, youth protection, and operational safeguards. These audits are conducted against structured criteria, follow standardized procedures, and result in comparable, verifiable certification outcomes that regulators can rely on without conducting the technical assessment themselves. One further step towards convergence would be procedural harmonisation. One of the most recent examples of procedural harmonization from “above” is the reform of cross-border GDPR enforcement procedures. Although the GDPR achieved full legal harmonisation, enforcement of cross-border cases relied on national procedures, coordinated through the “one- stop-shop” mechanism (Art. 56 ed seq. GDPR). Cross-border cases took years to resolve and procedural differences between the EU Member States blocked consistent enforcement. The EDPB and the EU Commission acknowledged that harmonized substantive law was not enough, if procedures remained national and divergent. The EU’s proposal of July 2023 lays down common rules on the admissibility of complaints, harmonized rights of defence for investigated entities, mandatory cooperation timelines, standardized procedures for information exchange and objections, and clearer rules for dispute resolution between the data protection authorities. Adopted on 21 October 2025 and entered into force on 1 January 2026, it becomes applicable on 2 April 2027. One of the clearest operational problems for online gambling entities operating in the EU is the lack of consistent processes across borders. However, voluntary harmonization of processes should not require a central EU gambling authority. Regulators could potentially agree on procedures for cooperation and mutual recognition at the administrative level: common triggers for information exchange, aligned investigation timelines, or structured escalation mechanisms.
A roadmap for harmonization in the online gambling industry Harmonization in the online gambling industry cannot follow the same path as financial services or product safety, because gambling laws touch national moral policy, public health priorities, and fiscal interests. The EU legal framework and case law make clear that EU Member States retain wide discretion in defining their gambling policy objectives. As a result, full legal harmonization of gambling rules at the EU level is neither politically nor legally realistic. However, experience from other sectors shows that harmonisation does not necessarily need to occur at the level of policy choice to be effective. Thus, in our opinion, the most viable route to harmonization in gambling is incremental, functional convergence that begins with technical and procedural harmonisation, supervisory convergence and market-facing clarity. One of the recent examples of the combination of technical and (partly) procedural harmonization in the EU can be found in the Digital Operational Resilience Act (DORA) mentioned above. A prominent example is DORA’s ICT incident reporting framework for financial services. Before DORA, they were already subject to incident reporting obligation; however, “major incidents” were defined differently across the EU. Financial institutions had to use different reporting templates, required different timelines and data fields. DORA addressed this by harmonizing technically and procedurally how incidents are identified, classified and reported. DORA itself sets the obligation in principle; decisive harmonization occurs through binding Regulatory Technical and Implementing Standards (RTS/ITS). Although in case of online gambling this process cannot take place top-down as described above, regulators can agree on certain common technical definitions and standards without having to agree on whether gambling should be more or less restrictive. Common harm markers, standardized player- risk indicators, shared intervention categories, interoperable reporting formats and the like would significantly reduce fragmentation in how risk is identified and assessed and how that of the operation itself is structured. Once regulators and
PAGE 10
IMGL MAGAZINE | MARCH 2026
Made with FlippingBook flipbook maker