Table of Contents
The Malta Gaming Authority opened a targeted consultation on 8 May on a proposed AI Gaming Charter setting voluntary principles for how licensed operators deploy artificial intelligence across customer service, fraud prevention, compliance monitoring and marketing.
The charter was developed jointly with the Malta Digital Innovation Authority (MDIA) and is framed as voluntary, principles-based guidance. The MGA said it is designed to complement existing frameworks, including the EU Artificial Intelligence Act, while reflecting how AI is actually being used inside gaming businesses.
The authority stated explicitly that the document does not replace existing legislation. It targets the operational layer where operators integrate AI tools into customer service, anti-fraud controls, compliance monitoring and marketing.
Where AI is already running inside operators
AI systems have moved into mainstream operator infrastructure over the past two to three years. Companies licensed in Malta and elsewhere are running automated systems for customer interaction, anti-fraud controls, data analysis, responsible gambling monitoring and marketing personalisation.
MGA Chief Executive Officer Charles Mizzi has previously said that AI deployment is already widespread among MGA licensees and operators in other regulated markets, and that clearer guidance is needed to ensure the technology is applied responsibly.
The regulator acknowledged that AI can improve operational efficiency and risk management, while flagging risks around bias, transparency and consumer protection when automated systems are not properly supervised. This is consistent with the broader regulatory direction across Europe through 2025, where compliance and consumer protection dominated supervisory priorities.
Transparency and human oversight
Transparency is one of the central pillars of the proposed charter. The MGA said operators should be able to explain how AI systems influence significant decisions, particularly those affecting customers and regulatory compliance outcomes.
The draft also calls for continued human oversight in critical processes. Automated systems may assist decision-making, but the charter expects operators to maintain human review and accountability for material actions taken on the basis of AI outputs.
The approach mirrors the EU AI Act’s emphasis on accountability and transparency, applied to the specific context of gambling operations where decisions about customer treatment, risk scoring and intervention can carry regulatory weight.
Data, testing and third-party suppliers
Data protection is addressed directly. Because AI systems often process large volumes of customer information, the draft guidance asks operators to maintain safeguards around personal data handling and to remain aligned with existing privacy requirements.
Operators are also expected to conduct regular testing and monitoring of algorithms to identify errors, unintended outcomes or discriminatory patterns, with procedures in place to review performance and correct issues.
The charter pays particular attention to third-party technology providers. Many gambling operators rely on external suppliers for AI-driven services and software, including risk engines, fraud detection tools and recommendation systems. The MGA recommends that operators conduct due diligence to confirm that external systems meet the same regulatory and ethical standards expected of licensees themselves. The principle echoes recent B2B-focused supervisory work in the UK, where the Gambling Commission issued technical guidance on dynamic stake limits for software providers earlier this year.
Alignment with the EU AI Act
The charter is positioned in line with the EU AI Act, which establishes a risk-based framework for AI regulation and creates obligations for developers, providers and deployers of certain systems, with attention to accountability, transparency and consumer safeguards.
The MDIA has played a role in Malta’s implementation of the AI Act and in developing national oversight structures around AI governance. The charter sits within that broader national approach.
For operators, this means the Maltese framework is unlikely to introduce obligations that conflict with EU-level requirements. It does signal where the MGA intends to focus supervisory attention when AI-related issues arise during compliance reviews.
What stakeholders have been asked to weigh in on
The MGA has invited operators, compliance professionals, technology suppliers and other industry participants to submit feedback as part of the consultation. Malta has historically used consultation-based regulatory development in areas where technology moves faster than legislation, and the AI charter follows that pattern.
Other regulators are taking similar incremental routes. Ontario’s standards body, for example, recently updated its iGaming standards on self-exclusion, addressing player protection mechanisms that increasingly rely on automated detection. The MGA’s AI Charter sits in the same broader move toward codifying expectations on systems that already run unsupervised inside operator stacks.
The eventual shape of the final framework will indicate how prescriptive the MGA intends to become on AI oversight. Other European regulators are watching. With the EU AI Act now in force and gambling-specific guidance largely absent, the MGA’s approach could set a reference point for how other jurisdictions translate horizontal AI rules into sector-specific expectations.
Source: Malta Gaming Authority
