GH GambleHub

Test laboratories

1) Why test labs are needed

Test laboratories are independent organizations accredited according to international standards (ISO/IEC 17025) that verify and certify gaming systems, providing proof of their honesty, safety and license compliance.

For the regulator, it is a guarantee that the operator complies with technical standards;

for the player - proof of honesty and transparency;

for the provider - a legal pass to licensed markets.

2) Main laboratories and their specialization

LaboratoryHeadquartersSpecializationNote
GLI (Gaming Laboratories International)USARNG, RTP, platforms, terminals, lotteries, live systemsThe most recognized in the world; iTech Labs GLI-11/19 standards
BMM TestlabsUSA/AustraliaComprehensive platform and lottery certificationActive in America and Africa
QUINEL / SIQ / TrisigmaEURNG, RTP, platforms, mobile clientsUsed by MGA, Curaçao, Italy AAMS, etc.

3) Certification standards and framework

3. 1 GLI-11 — «Gaming Devices and Systems»

Basic standard for RNG, game engine and client-server interaction. Checks:
  • RNG and seed policy correctness;
  • the honesty of the mathematical model (RTP, volatility);
  • integrity of binars (CRC hashes, signatures);
  • protection against unauthorized interference.

3. 2 GLI-19 — «Interactive Gaming Systems»

Regulates online platforms: rate accounting, log storage, API security, operator reporting.

3. 3 ISO/IEC 17025

Defines laboratory requirements: testing methods, independence, personnel competence, equipment calibration procedure and data storage.

4) Certification process (stages)

1. Submission: the provider transfers the game, a description of the mathematical model, RNG documentation, hashes and RTP tables.
2. Preliminary verification: analysis of source code, seed/reseed mechanisms, encryption licenses.

3. RNG and RTP tests:
  • statistical batteries (NIST SP 800-22, Dieharder, TestU01);
  • 10⁷ simulation - 10⁸ rounds;
  • comparison with declared RTP/volatility.
  • 4. Verification of integration: API, control of the transfer of results, protection against manipulation.
  • 5. Report and certificate: includes versions, hashes, test results, recertification date.
  • 6. Recertification: every 12-24 months or when changing the version of the game/engine.

5) What is included in the laboratory report

Full description of RNG and sources of entropy;

Results of statistical tests and p-values;

Simulations of RTP and volatility (tables, confidence intervals);

Binary hashes and assembly metadata;

Deviation list (if any) and recommendations;

Auditor's signature, laboratory seal, certificate number.

6) GLI and iTech Labs differences

ParameterGLIiTech Labs
Geography of recognitionGlobal (UK, EU, US, Canada, Asia)Europe, Asia, LatAm
Certification typeRNG, platforms, live games, terminalsRNG, RTP, slots
DocumentationGLI-11/19 Standards, Systems AuditingProprietary methodology + ISO/IEC 17025
ReportingDeep granularity, standardized reportingLighter format available to SMB providers
Cycle time4-8 weeks2-4 weeks
Level of recognition by regulatorsHigh, mandatory in many jurisdictionsMedium/high, often as an alternative

7) Interaction with regulators

Certification results are sent directly to licensing authorities:
  • UKGC, MGA, AGCO, KGC, GRA, etc.
  • The regulator checks: the relevance of certificates, binary hashes, RTP data, retest dates.
  • Some regulators (for example, MGA) keep a public register of certified games, where the provider, laboratory, and report date are indicated.

8) Compliance Architecture

Compliance Hub - Stores certificates, hashes, metadata, and links to lab reports.
RNG Audit Service: RNG-health monitoring, automatic reconciliations with certified seed modules.
WORM archive: unchanging storage of laboratory reports.
Regulatory API: allows the regulator to verify the version and certificate in real time.

9) Operator and provider role

Provider: is certified by RNG and each game, publishes certificates.
Operator: ensures that only certified versions are hosted on the platform, updates metadata and reports with each release.

10) Metrics and quality control

MetricsPurpose
Cert Validity Rate100% active games on valid certificates
Re-Certification SLA≤ 14 days from the date of update
Audit Log Retention≥ 5 years (WORM)
Regulator Access Availability≥ 99. 9%
Transparency Coverage≥ 95% of games with published certificates

11) RACI (roles and responsibilities)

RoleResponsibility
Compliance OfficerVerification of certificates, communication with laboratories
QA/Audit TeamRNG/RTP Pre-Test Checks
Game StudioTransfer of builds, documentation support
DevOpsVersion control, hash and CI/CD integration
Legal/DPOMaintain report retention policy and DPIA
Operator SupportDisplaying Certificates and RTP in the UI

12) Compliance checklists

Before sending the game to the laboratory

  • RNG description and architecture are documented.
  • RTP/volatility tables are included.
  • CRC hashes and digital signatures are committed.
  • WORM Version Log enabled.
  • Seed/reseed and DRBG documentation prepared.

After receiving the report

  • The certificate and number are stored in the Compliance Hub.
  • Hashes are checked against the build on the prod.
  • Game page updated (RTP, date, lab).
  • The next recertification date has been added to the calendar.

13) Example: GLI certification of a game engine

1. Application: RNG description, sources, entropy sources.
2. RNG testing: NIST, Diehard, BigCrush.
3. RTP check: simulation of 100 million rounds.
4. Report: PDF with signature and binary hash.
5. Regulator: receives a report, updates the registry.
6. Operator: publishes a certificate on the site.

14) Roadmap for the implementation of the certification system

1. Definition of Laboratories: Selection (GLI/iTech Labs) by Market.
2. Creating an internal RNG and RTP audit loop.
3. Documentation of processes and seed policies.
4. Sending games and engines for primary certification.
5. Implementation of Compliance Hub + WORM archive.
6. Regular recertification and reporting.

15) Frequent mistakes and how to avoid them

Lack of an up-to-date RNG certificate → automatic license blocking.
Binary version mismatch → use hash control.
RTP update without lab notification → re-audit required.
Undocumented changes to seed/reseed logic → certificate disqualification.
Opacity for users → Publish certificates and RTP.

Result

Test laboratories GLI and iTech Labs are not a formality, but the basis of trust between the player, operator and regulator. Their reports prove that RNG works honestly, RTP meets the stated, and games are not susceptible to manipulation. Continuous certification, version control and transparency form the culture of responsibility and legal stability of iGaming platforms.

Contact

Get in Touch

Reach out with any questions or support needs.We are always ready to help!

Start Integration

Email is required. Telegram or WhatsApp — optional.

Your Name optional
Email optional
Subject optional
Message optional
Telegram optional
@
If you include Telegram — we will reply there as well, in addition to Email.
WhatsApp optional
Format: +country code and number (e.g., +380XXXXXXXXX).

By clicking this button, you agree to data processing.