What is an “ITL certification”?
- An ITL certification is a form of written assurance that is issued by registered independent test laboratories (“ITLs”) to indicate that they have tested and confirmed that the types of technology captured by this policy meet the relevant AGCO Registrar’s Standards for Internet Gaming (the “Standards”).
- ITL certifications for Ontario’s igaming market can only be issued by ITLs that are registered by the AGCO.
- ITL certification provides the AGCO with reasonable assurance that the technology being tested complies with the relevant Standards.
What technology needs to be certified?
- The specific types of technology that must be certified by a registered ITL are:
- All games, random number generators and components of igaming systems that accept, process, determine outcome, display and log details about player bets. This includes, but is not limited to, slot games, table games, sport and event betting, poker and other card games,
What is required from a certification to be recognized by the Registrar?
- The technologies identified above must be certified by a registered ITL before they are deployed in the Ontario market. As noted in section 4, in certain low-risk circumstances and on a case-by-case basis, the Registrar will consider providing gaming-related suppliers with temporary approval for critical gaming systems to facilitate operations at launch. Requests for temporary approval should be discussed on a case-by-case basis with the AGCO Technology Regulation and igaming Compliance Branch.
- The AGCO does not prescribe which entity is required to request the ITL certification (e.g., operator, game manufacturer, etc.) although it is anticipated that it will most commonly be the game provider.
- A certification that contains a limitation on the Registrar’s use of the certification, or purports to disclaim the Registrar’s use of the certification, will not be a recognized certification by the Registrar.
When certified technology has been modified, does it need to be recertified?
- Recertification is required when any modification or subsequent discovery of an undetected issue impacts critical gaming system integrity, fairness, or security, or compliance with the Gaming Control Act, 1992, its regulation, and/or the Standards. The effect of the modification or discovery is to render the previous certification invalid.
- The gaming-related supplier is accountable for ensuring that all required certifications are obtained from AGCO-Registered ITLs. The GRS classifies the set of modifications (from the previous certified software to the current upgraded software) into one of three categories. All records of this classification shall be maintained and would be made available to the AGCO upon request. Based on the category of modifications, the supplier may or may not need to recertify the software with an ITL.
The 3 categories of modifications include:
- Non-Regulatory Modifications - modifications that are unrelated to compliance with the Standards (e.g., minor bugs that may impact user experience, cosmetic changes, new language added that is not used in Ontario, etc.).
Approach: These do not require recertification. The supplier can leverage the previous certification and confirm that all modifications between the two versions are non-regulatory in nature such that the previous certification holds and applies to the modified technology.
- Regulatory Modifications – modifications that are related to compliance with the Standards (e.g., modification to game design which could also impact a standard) OR modifications that address regulatory concerns but do not require immediate action to correct (e.g., previous version is not live or problem is fully mitigated through some other control or action).
Approach: These must be certified before deployment.
- Regulatory Fix (Emergency Fix) - Modifications that address regulatory concerns and require immediate action to correct a live issue (e.g., major impact to the Standards that question the integrity of the game).
Approach: To expedite regulatory fixes, they can be deployed prior to certification. The ‘fixed’ technology can be deployed immediately but must be submitted to an ITL for Ontario certification within 5 business days of release.
Against which Standards does certification need to be made?
- The scope of the certification is not “all” Standards, but rather those standards that are relevant to games, random number generators, remote gaming servers, and sport and event betting systems being tested.
- Each technology is different and so the AGCO cannot provide definitive direction that would cover all eventualities. However, AGCO’s Technology Regulation and iGaming Compliance Branch provides guidance to registered ITLs on specific Standards that will likely be of interest to the Registrar. Such guidance cannot be definitive in advance of a substantive review of the gaming equipment software under review for certification.
Will the AGCO permit “conditional” certifications by ITLs?
- As noted above, the technologies covered by this policy cannot be deployed in the Ontario market without an ITL certification.
- For regulatory purposes, an ITL may not issue a certification that is contingent on any future changes or modifications to the technology being carried out.
- An ITL may issue a certification that specifies one or more features that would need to be turned off or disabled in order for the technology to be compliant with the relevant Standards.
What information should an ITL certification instrument include?
For the purposes of documenting that the relevant Standards have been met, an ITL certification instrument must include the following information:
- AGCO-registered name of the registered ITL that completed the certification.
- AGCO-registered name of the registered operator or gaming-related supplier that requested the certification.
- Date the certification was issued.
- Some form of unique identifier that will allow the AGCO to track and follow-up on individual certifications with an operator, gaming-related supplier, or ITL.
- The name of the product, version number, and manufacturer.
- A list of the Standards against which the technology was certified.
- Whether any part of the certification was based on previous testing completed for regulatory requirements in another jurisdiction.
- For recertification of a previously certified product, a high-level description of the key changes made to the product that necessitated the recertification.
The following additional information must be made available by the registered ITL to the AGCO upon request:
- The results of any previous testing of the same product for the same registrant, including information about any previously identified areas of deficiency against the Standards.
- Information in response to AGCO inquiries about the testing environment, product configurations tests, and specific aspects of the testing methodology.
Are there additional requirements that ITLs need to meet, in addition to the Registrar’s Standards?
- In addition to complying with the relevant Registrar’s Standards for Internet Gaming, ITLs must comply with the following terms and conditions that will be attached to each ITL registration. In these Terms and Conditions, the “entity” is the ITL.
- “The entity” shall not contract out any services or conduct business with any company or person, which includes any parent, affiliated or subsidiary enterprise of “the entity”, for the provision of gaming-related goods and services to any gaming site in Ontario, unless the company or person is registered as a supplier under the Act.
- Prior to issuing certifications, “the entity” must provide the AGCO with independent confirmation (internal audit is acceptable) that their testing methodologies have been updated and validated against AGCO’s Registrar’s Standards for Internet Gaming.
- Following any relevant revisions to AGCO’s Registrar’s Standards for Internet Gaming, “the entity” shall ensure that their test methods are revised and validated as necessary prior to issuing any certifications to the new version.
- AGCO’s Registrar’s Standards for Internet Gaming must be added to the “entity’s” scope of ISO accreditation within one year of being Registered as a Gaming-Related Supplier in Ontario (within the next accreditation audit schedule).
- “The entity” shall identify any real or potential conflicts of interest and manage them appropriately to ensure independence and impartiality. The Registrar may require records related to identified conflicts of interest and actions taken to manage them upon request.
- Upon identification of any issues in certified games or game systems that materially impact the certification, “the entity” shall suspend any issued certifications and notify the affected Gaming-Related Supplier.