Malta - MGA licence
1) Summary of MGA mode
MGA regulates remote and ground gambling in Malta according to the Gaming Act (2018 +). There is a two-level model for online:- B2C - Gaming Service License (operators for players),
- B2B - Critical Gaming Supply License.
- Type 1 - RNG games against the house (roulette, blackjack, baccarat, lotteries, virtual sports);
- Type 2 - games against an event-based lodge (sports betting with operator risk management);
- Type 3 - P2P or commissions (P2P poker, betting exchanges, bingo, phantom bets, etc.);
- Type 4 - skill games with a controlled skill.
2) License structure: what to choose
B2C (Gaming Service) - for operators
Needed when a legal entity from Malta/EU/EEA offers gambling service from/through Malta (or to Maltese players). The license covers one or more types of games (Type 1-4) within a single permission.
B2B (Critical Gaming Supply) - for providers
B2B license for the supply and management of material elements of the game (RGS, RNG, client/back-office systems, etc.). For software, a fixed duty and a stepped annual fee for revenue are provided.
3) Cost: fixed fees, compliance contribution and tax
Single
Application fee (B2B/B2C): €5,000 (non-refundable).
Annual fixed
B2C: €25,000 (fixed), or €10,000 if the operator provides only Type 4.
B2B (software/software): €25,000 on revenue ≤ €5 million; €30,000 at €5-10 million; €35,000 at> €10 million. If only Type 4 supplies - €10,000.
Compliance contribution (B2C only, progressive revenue rates)
For Type 1 - from 1. 25% on the first €3 million with decreasing rates further (minimum €15k, maximum €375k/year).
For Type 2 - from 4. 00% for the first €3 million (min. €25k, max. €600k/year).
For Type 3 - from 4. 00% for the first €2 million (min. €25k, max. €500k/year).
For Type 4 - from 0. 50% on the first €2 million, grows stepwise to 2. 00% (min. €5k, max. €500k/year).
Start-ups that have passed under a special directive have a 12-month "pause" available on contribution.
Tax
5% Gaming Tax - on revenue from players who are resident in Malta.
4) Capital, key roles and due diligence
The requirements for share capital and financial stability depend on the model (B2C/B2B) and scale; Key Persons are assigned by "key functions" (including AML/CFT MLRO). A certificate is issued for each key function (admin fees are indicated in Fact Sheets 2025).
AML/CFT: Adherence to PMLA, PMLFTR and industry procedures (FIAU Part I/II for online gaming), including customer risk assessment, STR at FIAU and staff training.
5) Process of obtaining a license: stages and terms (high-level)
1. Preparation and submission (application + €5k). Package: corporate documents, business plan, financial model, RG/AML policies, IT description, key persons.
2. Fit & Proper + evaluation of business plan and operational readiness (policies, processes, technical circuits).
3. System Review (pre-go-live) is an independent system audit by an accredited provider prior to launch.
4. Authorization & Go-Live - inclusion in the registry and release of dynamic printing MGA (Dynamic Seal).
5. Compliance Audits (post-launch) - upon MGA notification, the approved auditor (s) must be audited within 90 days of the date of notification; scheduled checks are possible after the first year and further according to the supervision plan.
6) B2C commitments: Responsible play and player protection
The operator is obliged to ensure a safe and stable game: limits, self-exclusion, transparent T&S, prohibition of harmful incentives, correct communication of bonuses/probabilities, complaints/ADR. MGA requirements for Player Protection are detailed in manuals and a compliance hub.
7) Obligations B2B: Supplier Responsibility
Critical vendors (RGS/RNG/backfile) are responsible for software reliability, version control, logging, incident management, access and configuration changes; support audit trails and provide operator and MGA reporting upon request. The board and scales for B2B are fixed in the fee register.
8) Preparation checklist (B2C operator)
Corporate Legal Block
Legal entity (Malta/EU/EEA), authorized capital, beneficial ownership, Key Persons (incl. MLRO).
Policies and Procedures
RG/AML/KYC/KYB, complaints and ADR, T & C/bonus terms, VIP/affordability, data protection (GDPR).
Technologies
Architecture (RGS, RNG, PAM, payment gateways), idempotency, logs, monitoring, redundancy, DR/BCP. System Review before launch.
Finance and fiscal settings
Betting and limit card, GGR/NGR accounting by type, compliance contribution calculation and 5% Gaming Tax on Maltese players.
9) Preparation checklist (B2B provider)
Delivery model (critical gaming supply: engine/RNG/RGS/BO), versions and releases, SDLC/SoD.
SLA/SLO, incidents/PCI DSS (when storing cards), SOC 2/ISO 27001 (recommended), audit logs.
Table of annual revenue charges and scaling scenarios.
10) Typical timing and risks
Bottlenecks: Key Persons preparation, AML/RG maturity, IT readiness for system review, agreements with auditors.
After launch: respond to Compliance Audits on time (90 days), maintain a loaded RG/AML and incident metric, keep Key Function Certificates current.
11) Frequent Questions (FAQs)
What exactly does a B2B license provide?
The right to supply and manage material elements of the game/software for licensed operators (client/server parts, RGS, RNG, backoff, etc.).
How much to pay the operator annually?
A flat fee of €25k (or €10k for Type 4 only) plus progressive compliance contribution by game type and revenue (minimum/ceiling ranges given above).
Is there a tax on revenue?
Yes, a 5% tax on revenue from Maltese players; for non-residents of Malta, the tax is calculated according to their jurisdiction (for MGA - only contribution).
How long will the first audit be after launch?
MGA sends notification; you have up to 90 days to complete a compliance audit with an approved provider. A scheduled audit after the first year is also possible.
12) Short total
The MGA license remains the gold standard for iGaming operators and providers: clear B2C/B2B demarcation, transparent fees + contribution scales, strict RG/AML supervision and predictable system/compliance audits. Keep in focus when preparing: correct Type 1-4 mapping, contribution modeling, System Review readiness and resource plan for Compliance Audits 2025 +.