Corporate work

The MGA Sandbox for DLT Based Gaming

Following the first phase of the Malta Gaming Authority (MGA) Sandbox Framework which was launched on the 1st January 2019 and aimed at the acceptance of Distributed Ledger Technology (DLT) Assets by gaming operators, the MGA has announced the launch of the second phase of the sandbox which has the scope of incorporating Innovative Technology Arrangements (ITAs) onto gaming platforms. The sandbox has now been extended to the 31st December 2021.

Phase 1

During the first phase of the sandbox, the MGA was accepting applications from operators wishing to accept  DLT Assets as a means of payment either directly or through third parties. In order to participate in the sandbox, applicants were required to be in possession of a gaming license issued by the MGA, thus the full licensing procedure still needed to be undertaken. The MGA’s Licensee Relationship Management System (LRMS) allowed the following types of applications to be submitted:

  1. New operators could apply for approval through the ‘New License Application’ function; or
  2. Existing licensed operators could apply for approval through ‘New or Change in Payment Methods / Financial Management Information’.

Phase 2

During the second phase of the sandbox, applications will be also be accepted by gaming operators wanting to incorporate Innovative Technology Arrangements (ITAs) including Distributed Ledger Technology (DLT) and smart contracts as the underlying technology of their gaming operation. Similarly to the first phase, applicants are still required to be in possession of a gaming license. The LRMS has been updated to accept the following types of applications:

  1. New operators may apply for the approval of use of DLT assets through a ‘New License Application’;
  2. New operators may apply to incorporate ITAs within their platform through a ‘New License Application’ and upload the relevant technical setup in the ‘Policies and Procedures’ section;
  3. Existing licensed operators may apply for the approval of use of DLT assets through ‘New or Change in Payment Methods / Financial Management Information’; or
  4. Existing licensed operators may apply to incorporate ITAs within their platform through the application type ‘Change in Technical Setup’.

The Guidance Document issued by the MGA sets out certain requirements which operators must satisfy to obtain approval for accepting DLT assets as a means of payment or incorporating ITAs within their platform.

Accepting DLT Assets on a Gaming Platform

Operators must conduct the Financial Instrument Test to determine the legal classification of the DLT Asset, and the respective legal opinion must be submitted together with the application.

If the DLT Asset is classified as a Virtual Financial Asset (VFA), the VFA Act and the regulations issued thereunder are applicable. Furthermore, VFAs must be regulated by the MFSA, an EU/EEA regulator or another regulator in a jurisdiction recognised by the VFA Act.

If the DLT Asset is classified as a financial instrument, e-money, or a virtual token, approval by the MGA is granted on a case-by-case basis.

The wallet storing VFAs must have an address linked to an individual player.

Deposits in VFAs may only occur upon verification of the wallet address, both when withdrawing to and from a wallet.

Fiat currencies and individual VFAs must be segregated and no exchange may take place, neither between fiat currencies and VFAs nor between different VFAs.

Operators may outsource the acceptance of VFAs to third party exchanges while dealing solely in fiat currencies.

Deposits in VFAs are calculated in Euro to combat the volatility of cryptocurrencies.

Incorporating Innovative Technology Arrangements on a gaming platform

ITAs must be audited by auditors registered with the Malta Digital Innovation Authority (MDIA).

Games and game components may be hosted either partially or fully on a DLT platform, however components hosted on separate platforms will be subject to pertinent regulations.

Smart contracts may be executed when the technical setup is partially or fully hosted on DLT, however the Guidance Document sets out minimum criteria which must be observed when smart contracts are executed within a gaming DLT platform to execute transactions, particularly when player’s funds held in escrow are transferred to or from the player’s wallet based on the outcome of a game. Such criteria include:

  1. Verification of the player’s wallet;
  2. Compliance with the maximum deposit amount;
  3. Possibility of revocation or neutering of the smart contract in the case of faults in the code;
  4. Auditing of the smart contract by an auditor registered with the MDIA.

Thus, in order to participate in the MGA sandbox, prospective and existing gaming operators must be in possession of a gaming license, gain approval by the MGA, and satisfy the requirements outlined above. Operators must also be aware of any requirements under the VFA Act and the regulations issued thereunder which might be triggered through the employment of DLT Assets on gaming platforms.


Legal Nodes would like to thank Blockchain Advisory for sharing this useful regulatory insight about DLT gaming in Malta. We are looking forward to future regulatory developments in this sphere. 

If you are looking to receive a DLT license or any other service in Malta, we would be delighted to help you.


Disclaimer: the information in this article is provided for informational purposes only. You should not construe any such information as legal, tax, investment, trading, financial, or other advice.

Alexia Pollacco, Legal Intern at Blockchain Advisory Limited


Legal Nodes Blog

For Startups
Ultimate guide to connecting Virtual Data Protection Officer

Connecting Virtual DPO can greatly reduce start-up’s data protection costs. This article explains who the Data Protection Officer is, why you should consider outsourcing DPO services, and how to pick one that matches the needs of your business....

Legal Nodes Team
Privacy (GDPR)
Cookie Policy: How to Track Website Users Lawfully

The recent study of the Nederlandse Omroep Stichting (the ‘NOS’), a Dutch news media, showed that more than 1,300 Dutch websites violate the privacy of their users. The violation found by the NOS is simple - the users cannot use the websites wit...

Legal Nodes Team
For Startups
Why Your Startup Needs a Founders' Agreement + Template 2021

Founders Agreement – the key step to set clear intentions for you and your partners and to avoid misunderstandings in the future. In a new post on the Legal Nodes blog, we explain what a Founders Agreement is, reasons for your startup to prepare...

Legal Nodes Team
For Startups
Terms of Use that your users will actually read

In this article Legal Nodes Team talks about Terms of Use, how to write them effectively and why you need them in the first place. You could find a FREE template at the end of this article....

Legal Nodes Team
Privacy (GDPR)
How Can You Leverage a Privacy Kit More Effectively?

In this article, Punit Bhatia, a leading privacy expert, shares how small businesses can become privacy compliant by using Privacy Kits in an effective and why just branding the documents and templates in name of your company is not a good idea....

Punit Bhatia
Legal Nodes Updates
Legal Nodes in 2020: A Year in Review

Despite the fact that for many 2020 will be strongly associated with the coronavirus pandemic and lockdown measures, it would be a mistake to forget all the good things that happened this year. Especially when the festive season approaches, and ...

Legal Nodes Team
Privacy (GDPR)
Internet data mining. Is it legal in the EU?

Data mining is the process of collecting and analyzing human-readable data for own purposes. More and more businesses are built on that concept, scientists and medics also use automatically combined data from different sources to spawn predictio...

Ewa Wojnarska-Krajewska
Privacy (GDPR)
11 simple (but complete) steps towards the GDPR compliance in 2020

The GDPR can be a wake-up call to sort out your processes, procedures and technology and thereby run a more successful organisation. Data is now more essential than ever, regardless of your activities or market sector. Not only will efficiencies...

Thomas Hayes
Contract Work
Force Majeure Clauses and the Effect of Coronavirus on Businesses

The coronavirus pandemic has made force majeure clauses one of the hottest legal topics worldwide. To help businesses navigate this issue, we asked Tom Bohills, an English qualified lawyer and the Founder of Chronos Law, to explain the backgrou...

Tom Bohills