UKGC: No Specific Rules on VPN or Location Checks
FOI response shows the regulator relies on broader AML and identity rules to ensure players are in the UK.
A Freedom of Information request has revealed the UK Gambling Commission holds no specific regulations mandating how operators must check a player's physical location or detect VPN use. The regulator stated that operators are still required to know their customers' locations under broader anti-money laundering and identity verification rules. This places the responsibility on individual operators to implement effective systems.
Article Content
UKGC Holds No Specific Regulations for Player Location Checks
A Freedom of Information (FOI) request has revealed that the UK Gambling Commission (UKGC) does not hold any specific, recorded regulations that mandate how licensed operators must verify a customer's physical location or check for the use of Virtual Private Networks (VPNs).
The response clarifies that while there isn't a single prescriptive rule, operators are still obligated to know where their customers are based to comply with their licence conditions and wider UK law.
Context: Why Location Matters
UK-licensed gambling operators are generally only permitted to accept wagers from customers physically located in Great Britain. This is a core condition of their operating licence. Consumers attempting to access their UK accounts from abroad, often using tools like VPNs to mask their location, risk having their accounts suspended and funds confiscated for breaching the operator's terms and conditions. This FOI disclosure sheds light on the regulatory framework underpinning how operators enforce this rule.
Details of the FOI Request
The request, dated 10 February 2025, asked the Commission to confirm the regulations regarding player locations and, specifically, what mandatory checks exist to detect VPN use or verify a player's physical location.
In its official response, the UKGC stated: "There is no specific recorded information falling within the scope of your request."
This outcome, 'Information not held', does not mean the topic is unregulated. Rather, it signifies that the UKGC does not have a dedicated document or a specific list of mandatory technical checks for operators to follow. Instead, the requirement is embedded within a combination of other legal and regulatory obligations.
The Commission's response pointed to several key areas that compel operators to ascertain a customer's location:
- Licence Conditions and Codes of Practice (LCCP): Specifically, Condition 17.1.1, which covers customer identity verification.
- Anti-Money Laundering (AML) Legislation: The Proceeds of Crime Act 2002 and the Terrorism Act 2000 require operators to conduct thorough due diligence on their customers, which includes understanding their location to assess risk.
In essence, while the UKGC does not dictate how an operator must check a location (e.g., via IP address checks, device data, or other technology), the operator must have effective systems in place to satisfy these broader 'Know Your Customer' (KYC) and AML requirements.
Significance for Consumers and the Industry
This disclosure highlights that the onus is firmly on individual gambling operators to design and implement their own robust geolocation and security checks. The lack of a prescriptive rule from the regulator gives them flexibility in their methods, but it does not absolve them of the responsibility.
For consumers, this means that the strictness of location checks can vary between different gambling websites. However, the underlying rule remains: using a UK-licensed platform from outside of Great Britain is a breach of the operator's terms. This FOI response underscores that operators are legally required to prevent this activity as part of their wider compliance duties, even if the specific technical methods are not dictated by the regulator.