The Secretariat of Prizes and Betting of the Ministry of Finance has consolidated another important step in the regulation of iGaming and betting in Brazil by establishing the technical and security requirements for betting systems, as well as their sports betting and online gaming platforms, to be used by fixed-odds betting lottery operators.
Here are the highlights:
1. Guarantee of data protection, in compliance with the LGPD:
a. The operators must keep the betting system and the respective data in data centers located in Brazilian territory or in countries that have an International Judicial Cooperation Agreement with Brazil, in civil and criminal matters jointly.
b. The user must provide specific and highlighted consent for the transfer of their personal data, and the operator must provide clear information regarding the purpose of the operation.
c. The technical area responsible for the Ministry of Finance must have secure and unrestricted access, both remotely and in person, to the systems, platforms, and operation data.
d. The operator must replicate its database and information in Brazil, which will be continuously updated, ensuring that all database instances have the same content and are periodically tested.
e. The operator must present a Business Continuity Plan for Information Technology in case of critical situations that may jeopardize the operation and data.
2. The electronic channels used by the operator to offer fixed-odds bets in a virtual environment must use the domain registration "bet.br", according to specific regulations.
3. The operators must have the betting systems, including sports betting and online gaming platforms, certified by a certifying entity whose operational capacity has been recognized by the Prizes and Betting Secretary of the Ministry of Finance, in accordance with MF/SPA Ordinance No. 300, of February 23, 2024.
The betting systems, including sports betting and online gaming platforms, must maintain valid certificates for the duration of the authorization granted and must be revalidated annually whenever there is the inclusion, exclusion, or alteration of critical resources of the systems or platforms. In this case, the new certificates must be submitted to SPA within five days of their issuance.
4. The operators must submit to the Secretariat of Prizes and Betting of the Ministry of Finance the data related to bets, bettors, bettor wallets, legal destinations, and other information regarding their operation.
Additionally, Annexes I and II present general requirements for the betting system and the sports betting platform, respectively.
Source: GMB
