Guidance
Guidance to licensing authorities
The Gambling Commission's guidance for licensing authorities.
Contents
- Changes to the Guidance for Licensing Authorities
- Part 1: General guidance on the role and responsibilities of licensing authorities in gambling regulation
- Introduction
- Partnership working between the Commission and licensing authorities – shared regulation
- Co-ordination and contact
- Primary legislation
- Statutory aim to permit gambling
- The licensing objectives
- Codes of practice
- Licensing authority discretion (s.153 of the Act)
- Local risk assessments
- Licensing authority policy statement
- Limits on licensing authority discretion
- Other powers
- Part 2: The licensing framework
- Introduction
- Operating licences
- How operating licences are granted
- Operating licence conditions and codes
- Personal licences
- Premises licences
- Part 3: The Gambling Commission
- Introduction
- Main functions of the Commission
- Relationship between the Commission and licensing authorities
- Part 4: Licensing authorities
- Part 5: Principles to be applied by licensing authorities
- Licensing objectives
- Section 153 principles
- Codes of practice
- Good practice in regulation
- Human Rights Act 1998
- Other considerations
- Part 6: Licensing authority policy statement
- Introduction
- Fundamental principles
- Form and content
- Other matters to be considered
- Local risk assessments
- Local area profile
- Declaration by licensing authority
- Consultation
- Reviewing and updating the policy statement
- Advertisement and publication
- Additional information to be made available
- Part 7: Premises licences
- Introduction
- Premises
- Access to premises
- Multiple activity premises – layout and access
- Applications
- Application for premises variation (s.187): ‘material change’
- Consideration of planning permission and building regulations
- Part 8: Responsible authorities and interested parties definitions
- Part 9: Premises licence conditions
- Introduction
- Conditions and authorisations by virtue of the Act
- Conditions attached through regulations made by the Secretary of State or Scottish Ministers – all premises
- Conditions that may not be attached to premises licences by licensing authorities
- Part 10: Review of premises licence by licensing authority
- Introduction
- Initiation of review by licensing authority
- Application for a review
- Carrying out a review
- Part 11: Provisional statements
- Part 12: Rights of appeal and judicial review
- Part 13: Information exchange
- Underlying principles
- Information licensing authorities provide to the Commission
- Other licensing authority information requirements
- Part 14: Temporary use notices
- Part 15: Occasional use notices
- Part 16: Gaming machines
- Introduction
- Categories of gaming machine
- Age restrictions
- Maximum number of machines by premises type
- Multiple activity premises
- The meaning of ‘available for use’
- Machines other than gaming machines in gambling premises
- Part 17: Casinos
- Casino premises
- Casino games
- Protection of children and young persons
- The process for issuing casino premises licences
- Resolutions not to issue casino licences
- Converted casinos (with preserved rights under Schedule 18 of the Act)
- Casino premises licence conditions
- Mandatory conditions – small casino premises licences
- Mandatory conditions – converted casino premises licences
- Default conditions attaching to all casino premises licences
- Self-exclusion
- Part 18: Bingo
- Introduction
- Protection of children and young persons
- Gaming machines
- Self-exclusion
- Bingo in clubs and alcohol-licensed premises
- Bingo premises licence conditions
- Part 19: Betting premises
- Introduction
- Protection of children and young persons
- Gaming machines
- Self-exclusion
- Self-service betting terminals (SSBTs)
- Betting premises licence conditions
- Industry codes
- Part 20: Tracks
- Definition of a track
- Track premises licences – differences from other premises licences
- Betting on tracks
- Licences and other permissions for the provision of betting facilities
- Betting on event and non-event days
- Social responsibility considerations for tracks
- Gaming machines
- Self-service betting terminals (SSBTs)
- Applications
- Licence conditions and requirements
- Part 21: Adult gaming centres
- Introduction
- Protection of children and young persons
- Self-exclusion
- Gaming machines
- AGC premises licence conditions
- Part 22: Licensed family entertainment centres
- Introduction
- Protection of children and young persons
- Meaning of premises
- Licensed FEC premises licence conditions
- Part 23: Introduction to permits
- Part 24: Unlicensed family entertainment centres
- Introduction
- Applying for a permit
- Granting or refusing a permit
- Lapse, surrender and forfeiture
- Renewal
- Maintenance
- Part 25: Clubs
- Defining clubs
- Bingo in clubs
- Betting in clubs
- Exempt gaming
- Protection of children and young persons
- Permits
- Appeals
- Part 26: Premises licensed to sell alcohol
- Introduction
- Automatic entitlement to two machines
- Licensed premises gaming machine permits
- Exempt gaming
- Bingo
- Betting
- Commission codes of practice
- Scotland
- Protection of children and young persons
- Prohibited gaming
- Part 27: Prize gaming and prize gaming permits
- Part 28: Non-commercial and private gaming, betting and lotteries
- Introduction
- Non-commercial gaming
- Private gaming
- Private betting
- Incidental lotteries
- Non-commercial ‘casino night’
- Non-commercial race night
- Part 29: Poker
- Introduction
- Poker in casinos
- Poker as exempt gaming in clubs and alcohol licensed premises
- Poker as non-commercial gaming
- Poker as private gaming
- Advertising
- Part 30: Travelling fairs
- Part 31: Crown immunity and excluded premises
- Part 32: Territorial application of the Gambling Act 2005
- Part 33: Door supervision
- Part 34: Small society lotteries
- Small society lotteries
- The status of lotteries under the Act
- Licensing authority guidance
- Social responsibility
- External lottery managers’ licence status
- Lottery tickets
- Prizes
- Specific offences in relation to lotteries
- Application and registration process for small society lotteries
- Administration and returns
- Part 35: Chain gift schemes
- Part 36: Compliance and enforcement matters
- Fees
- Enforcement officers and authorised persons
- Powers of entry – England and Wales
- Powers of entry in Scotland
- Illegal gambling
- Test purchasing and age verification
- Primary Authority
- Prosecutions
- Other powers
- Case law, templates and case studies
- Appendix A: Summary of machine provisions by premises
- Appendix B: Summary of gaming machine categories and entitlements
- Appendix C: Summary of gaming entitlements for clubs and alcohol-licensed premises
- Appendix D: Summary of offences under the Gambling Act 2005
- Appendix E: Summary of statutory application forms and notices
- Appendix F: Inspection powers
- Appendix G: Licensing authority delegations
- Appendix H: Poker games and prizes
- Appendix I: Glossary of terms
4 - Remote gambling and software technical standards (RTS) security requirements
Security requirements summary
4.1 This section sets out a summary of the RTS security requirements that licence holders must meet. The Commission has based the security requirements on the relevant sections of Annex A to the ISO/IEC 27001:2022 standard.
4.2 This 2022 standard replaces ISO/IEC 27001:2013.
4.3 The Commission’s aim in setting out the security standards is to ensure customers are not exposed to unnecessary security risks by choosing to participate in remote gambling. The Commission has highlighted those systems that are most critical to achieving the Commission’s aims and the security standards apply to these critical systems:
- electronic systems that record, store, process, share, transmit or retrieve sensitive customer information, for example, credit/debit card details, authentication information, customer account balances
- electronic systems that generate, transmit, or process random numbers used to determine the outcome of games or virtual events
- electronic systems that store results or the current state of a customer’s gamble
- points of entry to and exit from the above systems (other systems that are able to communicate directly with core critical systems)
- communication networks that transmit sensitive customer information.
Organisational controls
5.1 Policies for information security
5.10 Acceptable use of information and other associated assets
5.15 Access control
5.16 Identity management
5.17 Authentication information
5.18 Access rights
5.19 Information security in supplier relationships
5.20 Addressing information security within supplier agreements
5.21 Managing information security in the ICT supply chain
5.22 Monitoring, review and change management of supplier services
5.23 Information security for use of cloud services
5.24 Information security incident management planning and preparation
5.25 Assessment and decision on information security events
5.26 Response to information security incidents
5.28 Collection of evidence
5.35 Independent review of information security
People controls
6.3 Information security awareness, education and training
6.5 Responsibilities after termination or change of employment
6.7 Remote working
6.8 Information security event reporting
Physical controls
7.8 Equipment siting and protection
7.10 Storage media
7.14 Secure disposal or re-use of equipment
Technological controls
8.1 User endpoint devices
8.2 Privileged access rights
8.3 Information access restriction
8.5 Secure authentication
8.7 Protection against malware
8.13 Information backup
8.15 Logging
8.17 Clock synchronisation
8.18 Use of privileged utility programs
8.20 Networks security
8.21 Security of network services
8.22 Segregation of networks
8.24 Use of cryptography
8.25 Secure development life cycle
8.26 Application security requirements
8.27 Secure system architecture and engineering principles
8.29 Security testing in development and acceptance
8.30 Outsourced development
8.31 Separation of development, test and production environments
8.32 Change management
8.33 Test information
Last updated: 4 November 2024
Show updates to this content
Temporary placeholder text removed.