Introduction
The Malta Gaming Authority, or MGA, is Malta's national gambling regulator. Its current core regime is built on the Gaming Act, Chapter 583 of the Laws of Malta, which entered into force in 2018 and reorganised Malta's licensing system around a smaller number of licence classes supported by sector-specific rules and directives.
Malta matters because it is an EU member state, its regulator publishes legislation, directives, and guidance centrally, and it maintains a public licensee-facing framework that is much easier to verify than offshore regimes. For remote gaming, Malta's framework is centred on B2C gaming service licences and B2B critical gaming supply or support-services licensing concepts.
Legal Framework
The primary legal source is the Gaming Act, Chapter 583 of the Laws of Malta. That Act provides the MGA's statutory footing and is supplemented by subsidiary legislation, directives, and guidance notes. In practical licensing work, applicants also need to look at the Gaming Authorisations and Compliance Directive and the Gaming Player Protection Regulations and directives, because these documents operationalise the high-level statute.
For editorial accuracy, it is useful to distinguish between the statute and the operational rulebook. The Act creates the framework, but the applications, fit-and-proper tests, system reviews, key role approvals, and player-protection controls are implemented through MGA directives, licence conditions, and published guidance.
Regulatory Authority
The MGA is the single gaming regulator in Malta. Its public materials describe licensing, compliance, player protection, and supervision as central parts of its role. The Authority's player-protection pages make clear that its overriding objectives include responsible gaming and safeguarding player rights, while its licensing pages structure the authorisation process on a staged basis.
The MGA also continues to publish technology-policy material. Its sandbox framework and later DLT policy publications show that the Authority has used consultation and transitional frameworks rather than informal case-by-case experimentation when dealing with innovative technology arrangements and virtual-financial-asset use cases.
Types of Licences
The current MGA framework is narrower and more function-based than older multi-class systems. The summary below is derived from the MGA's remote gaming and B2B application pages.
| Licence type | Activity authorised | Notes |
|---|---|---|
| B2C Gaming Service Licence | Offering or managing remote gaming services to players | Covers remote gaming activity and may span different game verticals under the MGA framework |
| B2B Critical Gaming Supply / game-provider activity | Supplying games or critical gaming components to licensed operators | Presented on MGA B2B pages for game providers and back-office functions |
| Support-services activity | Certain outsourced or operational functions linked to licensed gaming businesses | Scope depends on whether the function is treated as licensable support or part of another approval stream |
| Type 4-only supply cases | Certain lower annual-fee cases referenced by the MGA fee material | Relevant where operators provide solely Type 4 services under the fee guidance |
Application Process
The MGA describes authorisation as a staged process. Its authorisations material explains a five-stage workflow that includes:
- Fit-and-proper checks
- Business-plan and operational review
- System review
- Compliance review
- Final approval mechanics
The regulator indicates an approximate overall process length of 12 to 16 weeks, excluding the time taken by the applicant to resolve issues or complete prerequisites.
For B2C remote gaming, the applicant should expect to provide corporate information, ownership and control data, business planning documentation, and the system or operating information required for the MGA's review. For B2B applicants, the same logic applies but the emphasis falls more heavily on the supplied service, supplier controls, and technical or operational fit with the licensed ecosystem.
Key-function governance is part of the MGA model even where the exact approval path varies by role. The Authority's authorisation framework does not assess only the legal entity — it also evaluates the persons who own, control, and manage regulated activities.
Fees
The MGA publishes fee material directly. The remote gaming and B2B pages state the headline application and annual licence fees, while the fee guidance note explains annual-fee bands and the compliance contribution mechanics.
| Fee type | Amount | Notes |
|---|---|---|
| One-time application fee | EUR 5,000 | Non-refundable, stated on MGA remote gaming and B2B pages |
| Fixed annual licence fee | EUR 25,000 | Standard figure stated on MGA remote gaming material |
| Type 4-only annual fee | EUR 10,000 | For operators providing solely Type 4 services, as stated by the MGA |
| Compliance contribution | Variable | Calculated under MGA fee rules and depends on activity and revenue bands |
| Certain B2B annual fees | Revenue-based or category-based | See MGA licence-fees guidance for exact structure |
Where annual revenue bands or compliance-contribution calculations are material to a transaction, the official MGA fee note should be checked directly because the exact amount depends on the activity category and revenue profile.
Ongoing Compliance Obligations
Malta's compliance architecture is one of the reasons the jurisdiction is often treated as a high-documentation EU regime. Player-protection obligations are formally embedded in MGA materials, which require operators to ensure gambling is offered in a safe, secure, and sustainable manner. The Authority's FAQ on player funds states that player-fund protection is expressly covered in the Gaming Player Protection Regulations and emphasises segregation and separate identifiability of player funds.
The same is true for AML and governance. The MGA framework expects customer verification, governance controls, and auditable systems. In sandbox contexts involving virtual assets, the MGA has also published specific FAQ material on verification timelines and customer-due-diligence thresholds, showing that innovation is supervised through explicit rules rather than informal exemption.
Enforcement
Malta publishes directives, amendments, and performance reporting that shed light on supervisory priorities. In January 2023, the MGA announced amendments to its player-protection directive, expressly stating that the aim was to strengthen and clarify the current player-protection framework. In its 2025 interim reporting, the Authority also highlighted player-funds reporting and ongoing work against unauthorised URLs and fraudulent references to the Authority or its licensees.
That public documentation matters because it shows an active supervisory perimeter, not just a paper licensing regime. The noteworthy point is not a single fine or sanction alone, but the presence of directives, supervisory reporting, player-funds oversight, and fraud-reference monitoring in official outputs.
Upcoming Reforms
No wholly new MGA licence architecture for 2025–2026 was identified in the official sources reviewed for this article. The most visible recent official developments were continued implementation of the player-protection amendments, the Authority's ongoing reporting on supervision and player-funds monitoring, and the legacy closure or evolution of the sandbox framework into more settled policy around innovative technology arrangements and DLT use.
As of 2026-05-10, applicants should therefore monitor the MGA's consultations, directives, and policy publications rather than assuming that the sandbox-era documents represent a currently open-ended experimental track.
Verifying a Licence
Verification is straightforward by comparison with offshore jurisdictions:
- Start on the MGA website and use the Authority's licensee pages or public register tools to identify the operator's legal entity and licence status.
- Match the entity name, licence type, and any brand information against the operator's consumer-facing disclosures.
- Where player-fund protection or corporate role approvals are material, cross-check those obligations against the MGA's player-protection and fees/guidance materials rather than relying solely on marketing language.
A neutral editorial rule should be followed: say an operator is licensed by the MGA only where the official MGA records support that statement. Where a business is only a supplier, aggregator, or support-services provider, describe it according to its official approval status rather than using consumer-facing shorthand.
Summary
Malta remains one of the clearest and most documentable remote-gaming jurisdictions in Europe. The MGA regime is built on the Gaming Act and implemented through directives, fee guidance, player-protection rules, and technology-policy documents. The practical value of the regime lies not only in EU location but in the depth of public documentation and the relative ease of licence verification.
For applicants and counterparties, the key points are: understand whether the activity is B2C or B2B, follow the staged MGA authorisation path, verify fees and compliance contribution from official fee documents, and use the MGA's own public materials to confirm licence or approval status.
Sources
- Gaming Act, Chapter 583 of the Laws of Malta: https://legislation.mt/eli/cap/583/eng/pdf
- MGA B2C Remote Gaming Services applications: https://www.mga.org.mt/licensee-hub/applications/b2c-licences/remote-gaming-services/
- MGA Player Protection compliance: https://www.mga.org.mt/licensee-hub/compliance/player-protection/
- MGA Licence Fees and Taxation Guidance Note: https://www.mga.org.mt/app/uploads/Guidance-Note-Licence-Fees-and-Taxation-1.pdf
- MGA Player Protection Directive amendments (January 2023): https://www.mga.org.mt/the-authority-publishes-amendments-to-the-player-protection-directive/
This article was compiled from official and primary public sources only. Last reviewed: 2026-05-10.
Disclaimer: This directory is an independent informational resource. It does not constitute legal advice, endorsement, or recommendation of any operator or jurisdiction. Always verify licence status directly with the relevant regulatory authority.