GH GambleHub

Lithuania - Games Control Service

(Section: "Markets and Jurisdictions")

1) Market picture and regulator

Lithuania is an EU member with centralized gambling oversight. The relevant body is the Game Control Authority under the Ministry of Finance (hereinafter - GCA). It issues permits, maintains registries, monitors compliance with Responsible Gaming (RG) requirements, and initiates blocking of illegal operators and payments. Communications and reporting go through electronic channels of public services (e-services).

2) Roles and responsibilities

Parliament/Government - framework laws and by-laws.
Ministry of Finance - market policy, coordination and supervision of GCA.
GCA - licensing/permits, control and sanctions, RG, register of restrictions on participation, domain block lists.
Financial Intelligence/Police - AML/CFT control and investigations.
Advertising and consumer protection authorities - compliance with promotional restrictions and correct information.

3) Tolerance model: licenses and permits

Lithuania has a consistent access model:

1. License to organize the appropriate type of games (casino/betting/lottery/skill games, etc.).

2. Permits for activities on specific channels and sites: halls/points, remote channel (online) - site/application/domain.

3. Key persons and beneficiaries undergo fit & proper verification and source of funds.

4. Local presence: legal entity/branch, bank account, assigned AML/RG owners and interaction with the regulator.

5. Certification: RNG/platform/calculation modules, reporting interfaces.

Channels and Products

Offline: casino/gaming parlors, PPP bets - by address permissions.
Online: remote provision of games/bets with a valid license and a separate permit for the online channel.
Lotteries: separate tolerance and reporting frame.
Skill games: own admission and taxation conditions are possible.

4) Fiscal model and reporting

The fiscal base is built around a special game tax and corporate tax:
  • Game tax: calculated by product type; The base usually focuses on GGR/NGR (bets/contributions − winnings) with local rules for accounting for bonuses, void/cashout and cancellations.
  • Corporate income tax: at the national rate for legal entities.
  • VAT: bets/winnings, usually outside the scope of VAT; related services (IT, marketing) - according to general rules.
  • Taxes/deductions from individuals' winnings: the mode depends on the type of game and thresholds.

Frequency and format

Separate accounting offline/online, for each type of product.
Monthly/quarterly declarations and payments; annual audit of the financial statements.
Primary registers: billing, sessions, calculation and adjustment logs, bonus and deduction data.

💡 Current Rates, Payment Codes and Declaration Forms are updated periodically - reconcile requirements before starting.

5) e-Administration and interaction with GCA

Registration: tax number, access to e-services, qualified signature.
Submission of forms: game declarations, corporate reporting, responses to regulator requests.
Payments: bank/SEPA; strict deadlines and late penalties.
Communications: notifications, instructions, scheduled/unscheduled inspections - through a personal account and official correspondence.

6) AML/CFT and identification

KYC/KYB: verification of identity and age (18 +), beneficiaries, sanctions/POP; checking the source of funds in triggers.
Remote verification: allowed subject to procedures (video, eID, reliable providers).
Transactional monitoring: limits, atypical patterns, connections of accounts/means of payment; escalation of STR/SAR to financial intelligence.
Storage: KYC dossiers, logs of inspections and alerts within the established time frame.

7) Responsible Gaming and restriction registries

Register of self-restrictions/self-exclusions: a centralized database of persons who have restricted access to gambling; the operator is obliged to check the status at registration, entry and before key financial transactions.
RG tools: deposit/rate/time limits, timeouts, "cooling," prominent RG storefront and help contacts.
Vulnerable clients: RG escalation procedures, support training, case and solution logging.
Marketing: banning mailings and promos for the self-excluded; storage of filtering evidence.

8) Advertising, promo and affiliates

Bans: targeting minors, misleading promises of "guaranteed winnings," aggressive offers.

T&C bonuses: transparent wagers, deadlines and mouthguards, exclusion of "dark patterns."

Affiliates: contracts, approval of creatives, compliance log (screenshots/URL/dates), mechanism for quick recall of violating materials.

9) Technical requirements and certification

RNG/platform/coefficient calculators: certification by recognized laboratories; periodic recertification.

Logging: immutable logs (WORM), time synchronization (UTC), traceability of the chain "rate → calculation → payment → adjustment."

Regulator access: test accounts, API/uploads, secure channels.
Reliability: fault tolerance, redundancy, DR/BCP with specified RPO/RTO; regular DR tests.
Security: encryption at rest/in transit, secret management, RBAC/SoD, regular penetration tests and vulnerability scans.

10) Fighting illegal operators

GCA generates lists of illegal domains/resources and initiates their blocking from communication providers and payment institutions. Advertising of illegal immigrants from media/partners entails fines and other measures of influence.

11) Checks and sanctions

Office: comparison of reporting and payments, analysis of GGR/NGR deviations, analysis of player complaints.

Field and IT audits: inspection of logs/cash desks, sampling of transactions and sessions, staff survey, "secret buyers."

Liability: fines, additional charges, corrective orders, temporary suspension/revocation of permits, blocking of domains/payments.
Mitigating factors: voluntary disclosure of errors, corrective plans, strengthening of internal controls.

12) Entry Roadmap

1. Strategy: product matrix (casino/betting/lottery/skill games), offline/online, partnerships and providers.
2. Legal structure: Lithuanian legal entity/EU branch, beneficiaries, bank account.
3. Organization license: document package, key persons suitability, financial model, AML/RG policies.
4. Channel permissions: address objects and/or remote channel (site/application/domain).
5. Technical circuit: RNG/module certification, unchanging logs, reporting showcases, GCA access.
6. Marketing and affiliates: white list of creatives, RG labeling, review procedures.
7. UAT and pilot: reconciliation of GGR/NGR formulas, test uploads, integration with the register of self-restrictions.
8. Go-Live: freeze configurations, incident response plan, SLA with providers.
9. Operations (first 90 days): rhythm of declarations, reconciliation of deviations, internal audit AML/RG/IT.

13) Compliance checklists

GCA and e-services

  • Accesses and Responsible Persons Assigned
  • Organization License and Channel Permissions Apply
  • Declaration and Payment Calendar, SLA by Timeliness
  • Set up separate downloads per product/channel

AML/KYC & RG

  • KYC/KYB Policies, Sanctions/PEP, Funding Source Scenarios
  • Integration with self-restraint registry; status check logs
  • Limits/timeouts, RG showcase, support scripts for vulnerable clients
  • STR/SAR Procedure and KYC Dossier Retention Periods

Engineering and safety

  • RNG Certificates/Platforms; version control
  • Immutable logs, time synchronization, log retention
  • DR/BCP plan and regular DR tests
  • RBAC/SoD, encryption, secret management, pentests/scheduled scans

Marketing & Affiliates

  • Approved creatives with RG markings
  • Compliance log (screenshots/URLs/dates)
  • Procedures for quick recall and blocking offending partners

14) KPI and operational control

Fiscal: timeliness of declarations ≥99%, discrepancy otchetnost↔billing <0.5%.
AML/KYC: average verification time, false positives fraction, escalation SLA.
RG: share of players with active limits, blocking time when entering the registry (<1 min), support response time to RG cases.
Information base: MTTR incidents, pentest coverage, the share of closed critical vulnerabilities on time.
Marketing: the share of compliant creatives, the speed of reviews, the lack of communication with self-excluded.

15) FAQ

Do I need separate permissions for the online channel?
Yes I did. In addition to the organization license, permission for a remote channel (site/application/domain) is required.

Is it possible to work only online?
Yes, with a valid license, permission for a remote channel and compliance with those/fiscal/AML/RG requirements.

How to take into account bonuses in NGR/GGR?
According to local rules for reflecting bonuses, void and cashout; errors lead to additional charges and sanctions.

Is there a centralized register of self-restrictions?
Yes I did. The operator is obliged to integrate and check the player's status at registrations, logins and before key transactions.

Note

Tax rates, lists of documents, reporting formats and technical specifications are periodically updated. Before submitting an application and the first reporting period, check the current requirements in e-services and existing by-laws in order to exclude additional charges and stop operations.

Contact

Get in Touch

Reach out with any questions or support needs.We are always ready to help!

Start Integration

Email is required. Telegram or WhatsApp — optional.

Your Name optional
Email optional
Subject optional
Message optional
Telegram optional
@
If you include Telegram — we will reply there as well, in addition to Email.
WhatsApp optional
Format: +country code and number (e.g., +380XXXXXXXXX).

By clicking this button, you agree to data processing.