GH GambleHub

Ukraine - KRAIL: market and bans

(Section: "Markets and Jurisdictions")

1) Market picture and role of KRAIL

Ukraine formally regulates gambling through the Commission for the Regulation of Gambling and Lotteries (KRAIL). The Commission is responsible for licensing, monitoring compliance with legislation, maintaining registers, verifying advertising and enforcing sanctions. The market includes offline casinos, slot machine halls, betting points and an online channel (casino/betting/poker, etc., within the permitted types).
In wartime conditions, security, compliance and marketing/payment/domain restrictions have been strengthened; the regulator and related departments have expanded tools to suppress illegal activities.

2) Mandate and interaction of bodies

KRAIL - licensing, tolerances, supervision, registers, prescriptions, fines, suspension/cancellation of licenses.
Tax authorities - administration of payments and fiscal reporting.
National bank/payment systems - execution of orders to block transfers to illegal operators.
Cyberpolice/communication - blocking domains/mirrors, fighting "gray" traffic.
Antitrust/consumer/advertising regulators - consumer protection, advertising control.
Sanctions bodies - execution of decisions against persons/structures associated with the aggressor country.

3) Licensing: offline and online

Offline

Casinos - address permits in licensed hotels/facilities, requirements for halls, CCTV, cash discipline.
Halls of slot machines - separate conditions of accommodation and security, personnel training.
Betting points - address permits, cash discipline, customer identification.

Online

Remote services (casino/betting/poker, etc.) - with an appropriate license, certified platform and integrations for supervision.
Legal entity and owners - fit & proper verification, disclosure of beneficiaries and sources of funds.
IT circuit - unchangeable logs, reporting uploads, test accesses of the regulator, data storage on time.

💡 Note: specific lists of documents/fees/technical specifications and terms of license renewal are updated with acts and clarifications. The design should be based on current forms and instructions.

4) Taxes and payments (high level)

Special payments/fees for gambling activities - by type of products and channels; the base is usually pegged to GGR/NGR or set rates/charges.
Corporate income tax - according to the general regime; VAT on bets/winnings usually does not apply, but related services (IT, marketing) are subject to general rules.
Reporting - monthly/quarterly declarations, annual audit; separate accounting offline/online, by products and bonuses/void/cashout.

5) Key prohibitions and restrictions

1. Prohibition on the participation of persons associated with the aggressor state and on the ownership/financing of operators with appropriate connections/sanctions status.
2. Advertising: strict restrictions - prohibition of targeting minors, aggressive offers and "guaranteed wins"; mandatory RG markings and correct T&C bonuses.
3. Payment and domain blocking: instructions to PSP/banks to block transfers in favor of illegal sites; domain/mirror block lists.
4. Wartime restrictions: reduced communication windows, increased control over the locations of offline objects and their mode of operation, increased security requirements.
5. Affiliates and media: responsibility for promoting unlicensed brands; obligation to keep a log of compliance evidence (screenshots/URL/dates/geo-targeting).

6) AML/KYC and identification

KYC/KYB: identification (18 +), address, beneficiaries; sanction/PEP screening; source of funds by triggers.
Transactional monitoring: limits of deposits/rates/losses, behavioral signals (pursuit of losses, night activity, quick-word deposits), connections of accounts/means of payment; STR/SAR escalation.
Data storage: KYC dossier, logs of checks and alerts, logging of financial transactions within the time frame established by acts and the military regime.
Training: regular training of AML personnel; verification of data providers (sanctions/PEP) for SLA and quality.

7) Responsible Gaming (RG) and self-exclusion

RG tools: deposit/loss/time limits, timeouts, "cooling," risk communication.
Self-exclusion (self-exclusion): centralized lists/registries; the operator is obliged to check the status during registration, entry and before key transactions; marketing communications to such persons are prohibited.
Vulnerable clients: early detection and escalation scenarios to the RG team; separate maintenance and blocking procedures.

8) Technical requirements

Certification of the platform, RNG/calculation modules, reporting showcases.
Logging (WORM): full tracing of the chain "rate → calculation → payment → adjustment," time synchronization.
Regulator access: API/uploads, test accounts, secure communication channels.
Reliability/IS: redundancy, DR/BCP with target RPO/RTO, encryption at rest/in transit, RBAC/SoD, pentests/scans on schedule.

9) Advertising, promo and affiliates

Prohibited: aggressive offers, misleading creatives, promotions for minors/self-excluded, hidden bonus conditions.
Mandatory: RG-markings, honest T&C (wagers/deadlines/caps), moderation and storage of creatives, selection of media channels with geo and age target filters.
Affiliates: contracts, white list of approved materials, compliance log, quick recall of violating placements.

10) Checks and sanctions

Office: comparison of reporting with payments, analysis of GGR/NGR anomalies, analysis of complaints.
Field/IT audit: inspection of logs/cash desks, sampling of transactions/sessions, staff interviews, verification of payment routes and advertising.
Sanctions: fines, orders to correct UX/RG/AML, blocking domains/payments, suspension/cancellation of licenses, transfer of materials to law enforcement agencies.
Mitigation: voluntary disclosure of errors, corrective plans, strengthening of internal controls.

11) Entry roadmap (operator & provider playbook)

1. Strategy: product matrix (casino/betting/poker), offline/online, partners and providers.
2. Legal structure: local legal entity, beneficiaries, bank accounts; verification of the absence of sanctions ties.
3. Application: license package (fit & proper, financial stability, platform technical description, RG/AML policies, reporting plan).
4. IT loop: RNG/module certification, immutable logs, reporting interfaces, API/uploads.
5. AML/KYC/RG: sanctions providers/PEP, source of funds procedures, limits/timeouts/self-exclusion, RG case log.
6. Marketing/affiliates: pre-moderation of creatives, self-exclusion filter, channel audit, evidence log.
7. UAT and pilot: test cases for calculating NGR/GGR/bonuses, exceeding limits, STR/SAR flow, unloading for the regulator.
8. Go-Live: freeze configurations, runbook incidents, SLA with PSP/providers.
9. First 90 days: rhythm of declarations, reconciliation of otchetnost↔billing (<0.5%), internal audit RG/AML/IS.

12) Compliance checklists

Licensing and Finance

  • License/tolerances obtained; responsible persons appointed
  • Calendar of declarations and payments; discrepancy control <0.5%
  • Separate accounting offline/online and by product

AML/KYC & RG

  • KYC/KYB Policies, Sanctions/PEP, Source of Funds Procedures
  • Deposit/loss/time limits, timeouts, self-exclusion
  • STR/SAR logs, KYC dossier and logs storage

Engineering and safety

  • RNG Certificates/Platforms; version control
  • WORM logs, time synchronization, DR/BCP tests
  • Encryption, RBAC/SoD, pentests/scheduled scans

Marketing & Affiliates

  • Approved creatives and compliance log (screenshots/URLs/dates)
  • Filters on self-excluded/minors; frequency caps
  • Quick Recall Procedure

Prohibitions/sanctions

  • Verification of the absence of ties with the aggressor State
  • Blocking payments/domains of illegal immigrants; control of partner placements
  • Incident and Prescription Registers; SLA for elimination

13) First year KPI

Fiscal: timely filing ≥99%; discrepancy otchetnost↔billing <0.5%.
AML/KYC: average verification time; share of false positives; SLA STR/SAR.
RG: proportion of players with active limits; Self-exclusion TTR <1 min; share of RG complaints.
Information security/reliability: MTTR incidents; execution of DR tests; closing critical vulnerabilities on time.
Marketing: 0 violations of advertising restrictions; 100% self-excluded filtering.

14) FAQ

Can I work online without a local license?
No, it isn't. Access to the online marketplace is only possible with a valid license and all integrations for supervision/reporting.

What are the main prohibitions now affecting the operation?
Ban on work/financing with the participation of persons from sanctions lists and associated with the aggressor country; restrictive advertising policies; blocking payments and domains of illegal immigrants.

Do I need a daily self-exclusion check?
Verification is mandatory at registration, entry and before key transactions; marketing to such persons is prohibited.

How to take into account bonuses in NGR/GGR?
According to local rules for reflecting bonuses, returns, void/cashout; incorrect accounting leads to additional charges and prescriptions.

Note

In Ukraine, regulation and practical mechanics (reporting forms, package composition, technical specifications, advertising restrictions and sanctions criteria) are periodically clarified and tightened, especially in wartime conditions. Before submitting applications and planning campaigns, check the current requirements and existing clarifications to avoid downtime and sanctions.

Contact

Get in Touch

Reach out with any questions or support needs.We are always ready to help!

Telegram
@Gamble_GC
Start Integration

Email is required. Telegram or WhatsApp — optional.

Your Name optional
Email optional
Subject optional
Message optional
Telegram optional
@
If you include Telegram — we will reply there as well, in addition to Email.
WhatsApp optional
Format: +country code and number (e.g., +380XXXXXXXXX).

By clicking this button, you agree to data processing.