Across Europe’s iGaming sector, non-compliance has become both a constant theme and a recurring cost. Across the continent, regulators are issuing fines at an unprecedented pace, targeting anti-money-laundering lapses, social responsibility failures and deficiencies in self-exclusion systems.
However, despite these frequent interventions, breaches persist. The pattern raises a difficult question: Why does non-compliance remain so endemic? The answer seems to lie in a complex mix of regulatory evolution, operational shortcomings, and commercial tension between growth and governance.
The numbers give an indication. A conservative estimate is that the total annual fines for regulated non‑compliance in the European gambling sector lie above €150 million per year. Spain is a leader among the European countries, both in number of non‑compliance cases and aggregate fines issued in recent years. The Spanish regulators imposed €142.7 million in fines on gambling and online gaming operators during 2024.
According to Vixio’s AML Fines Outlook, regulators across Europe imposed more than €36 million in AML-related penalties alone between March 2024 and March 2025, underscoring the sector’s struggle to meet compliance standards that are tightening by the month.
What’s happening across Europe?
In Britain, the Gambling Commission remains an assertive enforcer. Between April 2023 and March 2024, it issued £7.16 million in fines. Then for the period 1 April 2024 – 31 March 2025, the commission’s annual report revealed enforcement action against 24 operators led to £4.2 million in fines or regulatory settlements. A new seven-step process to calculate financial penalties was introduced by the Gambling Commission in October. They will now be based on a percentage of the offender’s GGY.
In the Netherlands, the Kansspelautoriteit (KSA) introduced a tougher fining matrix for 2025, where Category 5 violations now carry penalties of between €2 million and €4 million. Last year, Malta-based online casino Gammix Limited was fined €19.7 million for unlicensed operations one of the largest penalties ever imposed by a European regulator.
Elsewhere – from Malta to Finland and Denmark – regulators are taking similar tough stances against regulatory non-compliance. Belgium’s Gambling Commission, for its part, handed out a record €4.6 million in fines last year. And in Italy, the regulator ADM imposed €1.35 million fines in advertising-rule breaches.
The European Gaming and Betting Association (EGBA) has warned that such financial pressure risks driving operators to the black market if enforcement becomes “disproportionate” relative to revenues. Regulators, however, counter that deterrence requires precisely that degree of financial sting.
Compliance or competition?
Industry observers note the longstanding compliance dilemma stems from competing imperatives. Regulatory requirements are complex, and there is a tension between delivering commercial performance and meeting compliance obligations.
“It is clearly obvious that the bar has been raised by regulators both in the UK and across Europe. The sharp increase of regulatory action we are witnessing, particularly around AML and social responsibility, paints a picture that all may not be as it should be in the regulated market,” says Victoria Reed, chief executive of Better Change.
This friction is particularly acute in markets where margins are tightening. Melanie Ellis, a partner at Northbridge Law in London, argues that investment in compliance infrastructure often competes with initiatives that promise faster returns. “The cost of compliance has increased massively. Operators are unable to divert sufficient funds to this function. In the UK, this particularly relates to the increased expectations in relation to customer monitoring and action.”
She explains how it has become difficult to meet the GC’s expectations without significant investment in both software and personnel, particularly to enable immediate responses to indicators of money laundering or harm.
A challenge that is further complicated by demographic shifts – especially the rise of younger, digital-native gamblers – which puts further pressure on operators to deliver seamless, instant experiences without breaching consumer-protection thresholds.
Reactive to predictive
Britain’s Gambling Commission has sought to evolve from reactive enforcement to predictive oversight. Andrew Rhodes, its chief executive, told industry representatives at a briefing in November that nine operators had been suspended in recent weeks for “issues that we have repeatedly warned about – software provision and self-exclusion”.
The commission’s new approach to non-compliance relies heavily on real-time monitoring through its Regular feed of Operator Core Data (ROCD) “Over 73% of last year’s consumer-protection assessments were rated good or satisfactory,” Rhodes explained.
He credits the ROCD with allowing regulators to spot behavioural risk clusters – such as younger players who seldom set deposit limits yet reach thresholds of financial harm. The GC hopes this analytical capability will pave the way for “a truly risk-based regime”.
Signs of progress
Despite the headlines that non-compliancy makes in mainstream press, not everyone sees an unmitigated compliance crisis. Richard Williams, a specialist gambling, licensing and regulatory lawyer at Keystone Law, believes operators have made tangible progress. “If you go back five years and look at AML and social-responsibility compliance then versus now, the change has been huge – particularly around intervention when people are losing large amounts of money. Operators are far more responsible,” he says.
The GC’s evolving stance also reflects a wider trend toward collaboration rather than confrontation. “We recognise there will always be tension between regulator and regulated,” Rhodes says. “But it doesn’t have to be adversarial. Working together productively has delivered progress.”
Williams notes that regulators increasingly prefer structured action plans to outright licence reviews. “If improvement isn’t shown, then suspension or revocation can follow – but that’s becoming rarer,” he says. “It’s now more about raising standards than simply sanctioning operators.”
Non-compliance a fault of global expansion
Nevertheless, non-compliance remains a concerning issue. Tamsin Blow, a lawyer at CMS London, observes why instances continue to occur: “Enforcement often results from operators grappling to understand and keep on top of multiple differing legal systems across jurisdictions, balancing parallel – and sometimes competing – obligations under AML, social responsibility, data protection and equalities law.”
Breaches, in most cases, are not deliberate. “I’m sure it happens occasionally,” says Williams, “but I think it’s rare. If you look at the size of fines, which are often in the millions, and when you add legal fees, audits and licence conditions, it’s generally not profitable to be non-compliant. Most responsible operators don’t intend to breach rules,” he says.
According to him, the high number of compliance cases in the UK is a reflection of a particularly vigilant regulatory body. “Regulators in other markets doing only a handful of checks each year will naturally find fewer breaches.” Operators are being squeezed by rising duties, taxes and levies, he points out. “That pressure creates real challenges.”
The Dutch toddler
Taking a quick glance across Europe, if Britain represents regulatory maturity, the Netherlands is still finding its footing. Bjorn Fuchs, chairman of the Dutch trade body VNLOK, likens the market, which opened only four years ago, to “a toddler with a steep learning curve”.
“The speed with which the bar has been raised, combined with multiple possible interpretations, can lead to misunderstandings, loss of oversight and sub-par execution,” he says. Operators, he adds, face heavy fines for responsible-gambling lapses, particularly in self-exclusion and deposit-limit enforcement.
Fuchs worries that “when regulatory burdens grow exponentially fast and become disproportionate, the legal market as a whole is at risk”. Still, he insists that genuine errors should be seen as part of a maturing ecosystem, not disregard of rules: “Operators that knowingly and structurally aren’t compliant should lose their licence to operate.”
In Norway, where gambling remains a state monopoly, compliance takes a different form. Carl Fredrik Stenstrom, secretary-general of the Norwegian trade body NBO, says that “being the last-standing monopoly means the operator is under intense scrutiny. Even minor deviations are highlighted.”
That scrutiny intensified after PwC’s 2025 audit of Norsk Tipping found “poor control and unclear leadership”, with excessive emphasis on innovation over quality assurance. For Stenstrom, the episode reveals that even monopolies are vulnerable to governance drift. “It’s very interesting that PwC issued such criticism for a monopoly company, which is supposed to just supply Norwegians with gambling products,” he notes.
Trade bodies like NBO, he argues, are vital to maintaining accountability by providing a collective voice, engaging with politicians and communicating the industry’s perspective. He adds, too, that skilled regulators are essential. “Competent regulation ensures responsible and attractive markets.” Personal accountability for directors or turnover-linked penalties, he suggests, could complement strong institutional oversight.
Reputational damage is another risk
The financial cost of non-compliance is one thing, but reputational damage is another. Ellis warns: “when players, regulators or the public perceive repeated non-compliance, that can affect brand value and long-term profitability.”
In markets such as the UK, where gambling advertising and social-responsibility obligations are under constant political scrutiny, reputational harm can quickly translate into commercial risk, says Reed. “It is a huge reputational risk; we cannot portray the regulated industry as whiter than white and a safe place for people to play if the headlines continue to report huge fines as a result of failings,” she adds.
The direction of travel, many agree, is toward data-driven, risk-based compliance. The UK’s ROCD system is a case study in how analytics can identify and mitigate risks. Similar approaches are emerging elsewhere: Sweden’s Spelinspektionen now ties fines to turnover, while the KSA in the Netherlands is experimenting with behaviour-based enforcement triggers.
For operators, the challenge is to move to predictive oversight embedded in everyday operations. As Reed puts it: “The better operators understand the patterns regulators are monitoring, the better they can align their business practices and protect consumers – which benefits the industry as a whole.”
The long game
Looking ahead, Williams sees progress hinging on two fronts: “AML and social responsibility failings are often the same –in not properly establishing a customer’s means or source of funds. But now there are far more mandatory limits, vulnerability checks and automated monitoring systems. Technology and machine learning have reduced human error, which was often the weak point.”
He is skeptical about EU-wide harmonisation. “Each regulator wants its own rules. Harmonisation makes sense in principle, but in practice countries approach it differently.”
Meanwhile, Blow believes enforcement has already peaked in Britain: between 2018 and 2023, annual enforcement cases ranged from 15 to 23; in 2024, they fell to around a dozen. “The market and the clarity of the regulatory regime have matured,” she says. “We may now see similar developments across Europe as other markets evolve.”
Ellis adds that infrastructure will matter more than ever going forward. “Investment in compliance infrastructure would have the biggest impact on reducing non-compliance,” she says. “Unfortunately, this will be increasingly challenging if tax rates rise. Effective communication of expectations by regulators is also crucial.”
Bjorn Fuchs argues for better balance: “The most effective lever for reducing recurring fines is a combination of strong accountability for operators and an effective dialogue between legislators, regulators and the industry.”
After a decade of explosive growth and sporadic governance, Europe’s iGaming sector is learning that compliance must be built into the business model, hoping that compliance will shift from being a recurring headline to a quiet constant. Until then, the penalties – financial, operational, and reputational – will keep the conversation alive.
Regulators have never been more active, and operators have never been more aware – yet non-compliance, and the fines and suspensions that follow, remain continuous.