MGA Report 2025: What It Means for AI in iGaming Malta

Most iGaming teams talk about AI as a growth tool. The MGA’s Interim Performance Report (January–June 2025) is a reminder that in Malta, AI is just as valuable as a compliance tool.

The numbers are the tell. In six months the regulator processed 28 new licence applications, issued 8 new licences, ran 723 criminal probity checks, concluded 7 full-scope compliance audits, and completed 87 thematic reviews across compliance, player protection, and sports betting integrity. Add 1,720 player assistance requests, 891 player funds reports, and 4,198 premises inspections, and you get a simple reality: the bar for operational discipline keeps rising.

This post sits within our series, “Kif l-Intelliġenza Artifiċjali qed tittrasforma l-iGaming u l-Logħob Online f’Malta”. Here’s the angle I care about: the most sustainable AI wins in Malta are the ones that make you easier to regulate, easier to audit, and harder to scam—while still improving player experience.

The MGA’s 2025 activity proves one thing: scrutiny is operational

The clearest takeaway from the MGA’s interim report is that regulation isn’t a once-a-year event. It’s continuous, measurable work—by the Authority and by operators.

Between January and June 2025, the MGA’s authorisation pipeline alone included:

• 28 new gaming licence applications received
• 8 new licences issued
• 6 renewal applications received and 5 renewals issued
• 723 criminal probity screening checks
• 34 Fit and Proper Committee decisions, with 4 cases failing the criteria
• 16 applications reviewed by the Supervisory Council, with 2 rejected for false/misleading/incomplete information

If you run operations, compliance, or product in iGaming Malta, this matters because every workflow you leave manual becomes a bottleneck under regulatory load.

AI doesn’t replace accountability (and Malta won’t let it). But it can make your compliance system faster, more consistent, and more defensible.

Practical AI use-case: “audit-ready by default” documentation

A common pain point I see is documentation that’s technically “there,” but not structured for quick verification.

AI can help by:

• Converting policy documents into structured control maps (control → owner → evidence → frequency)
• Auto-tagging evidence (tickets, logs, approvals) to the correct control
• Flagging missing artifacts before an audit week turns chaotic

The goal isn’t shiny automation. The goal is fewer surprises.

Licensing and fit-and-proper: AI helps you reduce preventable risk

The MGA report includes two uncomfortable data points for any operator expanding in Malta:

• 4 escalated cases failed fit-and-proper standards
• 2 licence applications were rejected due to false/misleading/inaccurate or materially incomplete submissions

Most companies get this wrong: they treat licensing as a legal submission rather than a data-quality project.

AI can be useful here in a very grounded way—by improving internal accuracy before anything reaches a regulator.

Where AI helps most in authorisations (without crossing lines)

Used correctly, AI can reduce the risk of inconsistency across the application pack:

1. Entity and people data reconciliation: detecting mismatches across org charts, UBO declarations, role descriptions, and KYC packs.
2. Narrative consistency checks: ensuring the same facts appear consistently across the business plan, compliance approach, and operational model.
3. Completeness scoring: automatically highlighting missing mandatory fields, attachments, or signatures.

One stance I’ll take: AI shouldn’t “write” your regulatory truth. It should pressure-test it. The operator still owns every statement.

Supervision: compliance, player protection, and integrity are becoming data problems

The MGA didn’t just license. It supervised—actively.

For January–June 2025, the Authority reported:

• 7 full-scope compliance audits concluded
• 87 thematic reviews (compliance, player protection, sports betting integrity)
• 1,720 player assistance requests resolved
• 891 player funds reports received and 9 data extractions carried out
• 75 URLs reviewed for unauthorised activity; 34 contained fraudulent references and were added to a public list

This cluster of work points to the real direction of travel: oversight is increasingly led by data signals (patterns, anomalies, repeated issues), not only by static documents.

Practical AI use-case: player protection that’s explainable

If you’re using machine learning for responsible gambling (RG), the model is only half the job. The other half is being able to explain:

• why a player was flagged,
• what intervention happened,
• and what evidence supports that decision.

A good AI-enabled RG workflow in Malta typically includes:

• Interpretable features (e.g., session length spikes, deposit frequency changes, chasing patterns)
• Human review loops for edge cases
• Reason codes stored alongside decisions
• Outcome tracking (did interventions reduce harm indicators?)

If your model can’t be explained to a compliance officer in plain language, it’s not production-ready in a regulated iGaming environment.

Practical AI use-case: player funds monitoring with anomaly detection

With 891 player funds reports in six months, the emphasis on safeguarding funds is clear.

AI can support finance and compliance by:

• detecting unusual player balance movements,
• spotting reconciliation anomalies,
• alerting on abnormal withdrawal clustering (while respecting legitimate behaviour patterns).

The win isn’t “catch everything.” The win is prioritisation: your team focuses on the 2% of cases that look genuinely odd.

AML/CFT: AI helps, but governance matters more than the model

The report notes that during the period:

• 11 AML/CFT Compliance Examinations were initiated
• 11 were concluded
• 3 licensees were subject to remediation measures under FIAU Remediation Directives
• The MGA carried out 16 interviews on prospective MLROs

This is where a lot of AI conversations go off-track. Teams want an automated “AML brain.” Regulators want controls, accountability, and traceability.

How to use AI in AML/CFT without creating new risk

AI can be strong in:

• alert triage and clustering (grouping similar patterns)
• entity resolution (matching related accounts/devices/payment instruments)
• narrative assistance for SAR drafts (with strict human approval)

But you need guardrails:

• Model governance: versioning, validation, drift monitoring
• Audit trails: who approved what, and why
• Bias checks: avoid proxies that create unfair outcomes
• Clear escalation paths: the MLRO remains accountable

Here’s what works in practice: treat AI outputs as recommendations, not decisions.

Enforcement and comms: AI reduces incidents—if you use it early

From January–June 2025, enforcement included:

• 23 cease and desist letters
• 15 warnings
• 23 administrative penalties totalling €139,360
• 1 licence cancellation

The Commercial Communications Committee also issued 4 decisions on possible breaches of gaming commercial communications rules.

Operators often react to enforcement after it happens. A better approach is to treat enforcement trends as input data for prevention.

Practical AI use-case: marketing compliance review at speed

In a multilingual, always-on marketing environment (very Malta), the risk is scale: too many creatives, too many markets, too many versions.

AI can help marketing and compliance teams by:

• scanning ad copy for prohibited phrasing or missing required disclaimers,
• checking landing pages for inconsistent terms,
• flagging risky targeting configurations,
• maintaining an approved-claims library (what you can say, where, and how).

This fits perfectly into the broader series theme: AI for multilingual content and automated marketing—but with compliance built in rather than bolted on.

Integrity and cooperation: AI is becoming a shared language

The report’s cooperation stats are a strong signal that iGaming Malta is tightly connected to global integrity networks:

• 149 suspicious betting reports received from licensees
• 88 alerts shared with licensees after risk-based filtering
• Participation in 30 investigations globally
• 41 data exchanges and 25 requests for information with relevant bodies
• 29 international collaboration requests received; 4 sent
• 31 official replies on operators’ regulatory good standing
• 110 information requests handled with local authorities

When integrity work becomes this networked, AI stops being a private competitive advantage and starts being operational infrastructure—especially for pattern detection and signal enrichment.

Practical AI use-case: suspicious betting signal quality

A realistic goal isn’t “predict match-fixing.” It’s improving the quality of signals you send and act on.

AI can:

• reduce false positives by learning normal market behaviour,
• detect coordinated patterns across accounts and geographies,
• enrich alerts with context (timelines, linked entities, stake anomalies).

Done properly, this helps your internal integrity team and also makes collaboration with regulators and partners more efficient.

What operators in Malta should do next (a practical checklist)

If you’re trying to align AI initiatives with the MGA’s direction of travel, focus on control, evidence, and player outcomes.

Here’s a practical starting checklist for Q1 2026 planning:

1. Map your compliance “evidence supply chain.” For every key obligation, know what evidence exists, where it lives, and who owns it.
2. Introduce AI for consistency checks, not creativity. Start with reconciliation, completeness scoring, and anomaly detection.
3. Build explainability into player protection. If you can’t produce reason codes and intervention logs, you’re underprepared.
4. Put governance around every model. Version control, monitoring, and sign-off workflows are non-negotiable.
5. Treat marketing as a compliance surface. Automate pre-publication checks for regulated claims across languages.

A simple rule: if an AI system can’t generate an audit trail, it doesn’t belong in a regulated iGaming workflow.

Where this is going in 2026—and why Malta stays competitive

The MGA has already indicated it will publish a full-year industry performance report during the second half of 2026 as part of its annual reporting. Between now and then, the direction is clear: tighter supervision, more data exchanges, and higher expectations for how operators manage risk.

For the “Kif l-Intelliġenza Artifiċjali…” series, this is the connective tissue: AI in Malta isn’t only about faster content, smarter CRM, or automated marketing. It’s about building an iGaming operation that’s measurably compliant and resilient under scrutiny.

If you’re building or scaling in iGaming Malta and want AI to drive leads and growth, start by making compliance and player protection your strongest story. That’s what regulators reward, and it’s what serious players trust.

What would change in your business if every key compliance process was audit-ready within 24 hours, not two stressful weeks?