An Alderney gambling license is a remote gambling permission administered by the Alderney Gambling Control Commission (AGCC) under the Gambling (Alderney) Law, 1999 and the Alderney eGambling Regulations, 2009. It is generally considered by operators, B2B suppliers and investors that need a serious regulatory framework, but it does not create automatic access to the UK, EU or every other target market. The practical route, timeline and cost depend on whether the applicant needs a Category 1 license, Category 2 license, or an ancillary certificate such as an Associate Certificate, Hosting Certificate, Core Services Certificate or Key Individual Certificate.
This page is a legal-practical overview for 2026 and should not be read as a guarantee of approval, timing or market access. Licensing outcome depends on ownership transparency, source of funds, target markets, AML/CFT controls, technical architecture, hosting arrangements, testing readiness and AGCC review. Fees and procedural details should always be verified against the current AGCC forms, guidance and fee schedule before filing.
License structure, approval bottlenecks and post-license control obligations in one practical overview.
Define target markets, permission type, group structure, PSP model, hosting model, AML ownership chain and key individuals before filing.
Compile corporate, personal, financial, AML/CFT and technical materials; incomplete packs are a common source of delay.
Paper review and technical approval are separate workstreams. Game stack, ICS, hosting and change-management evidence often determine the real pace.
An Alderney gambling license is a regulatory permission for remote gambling activities issued within the Bailiwick of Guernsey framework by the Alderney Gambling Control Commission. In practice, the AGCC is the key authority for licensing, suitability review, technical approval, compliance supervision and enforcement in Alderney remote gambling. The regime is used by online casino, sportsbook, platform and gambling service businesses that need a credible regulatory base rather than a light-touch registration.
The legal architecture starts with the Gambling (Alderney) Law, 1999 and is operationalized for remote gambling through the Alderney eGambling Regulations, 2009. That means the Alderney gambling license should be understood as a structured compliance regime, not as a simple filing exercise. The AGCC typically examines ownership, governance, business plan, internal controls, AML/CFT arrangements, technical environment and operational integrity.
A frequent market mistake should be corrected at the outset: Alderney is not the same as the UK Gambling Commission regime. Being a Crown Dependency context does not make an AGCC license interchangeable with a UKGC license. If the business intends to target the UK or regulated national markets in the EU, local law in those markets remains relevant and may require separate licensing or market-specific restrictions analysis.
A practical nuance often missed by competitors is that the AGCC framework is not only about the operator entity. It can also require separate certification of key individuals and supporting service functions. For founders, this means the licensing perimeter should be mapped at group level, not just at applicant-company level.
| Law / Regime | Scope | Applies To | Why It Matters |
|---|---|---|---|
| Gambling (Alderney) Law, 1999 | Primary legislative basis for gambling regulation in Alderney. It establishes the legal authority for licensing, supervision, enforcement and regulatory control. | Applicants, licensees, certified persons and gambling-related activities falling within the Alderney regime. | This is the core statutory foundation behind the AGCC's powers. Every licensing strategy should be read against this law first. |
| Alderney eGambling Regulations, 2009 | Operational framework for remote and electronic gambling activity, including licensing structure and compliance expectations for eGambling businesses. | Remote gambling operators and service models using electronic channels, game platforms, hosting and related infrastructure. | This is the central regulatory layer for an online gambling license in Alderney and the starting point for understanding Category 1, Category 2 and related certificates. |
| AGCC rules, guidance, forms and technical expectations | Application forms, policy expectations, certification routes, technical review logic and ongoing compliance administration. | All applicants and licensees, including key persons and service providers where certification is required. | Many practical licensing issues are resolved at guidance and form level, including what evidence is expected for ownership, AML, ICS and technical controls. |
| Guernsey / Bailiwick AML-CFT framework | Anti-money laundering, counter-terrorist financing, sanctions and customer due diligence obligations relevant to gambling businesses and related financial flows. | Operators, payment flows, customer onboarding, enhanced due diligence cases, suspicious activity escalation and record keeping. | AML/CFT readiness is a licensing issue, not only an operational issue. Weak AML design can delay approval or create post-license enforcement exposure. |
The most important structural point is this: the AGCC regime uses both licenses and certificates, and they are not interchangeable. A license usually covers the regulated gambling activity itself, while certificates can apply to associated entities, key individuals, hosting arrangements or core services that support the licensed activity. This distinction affects contracting model, player-fund responsibility, infrastructure design and group structuring.
In broad commercial terms, Category 1 is the permission most closely associated with direct player-facing activity, while Category 2 is generally used for B2B or platform-side operational functions. Ancillary certificates then sit around that core model. The right architecture depends on who signs with players, who controls wallets and withdrawals, where equipment is hosted, and which persons are exercising material influence over the business.
A practical nuance often missed in generic guides is that an incorrect permission map can create downstream problems with PSP onboarding, game certification, contract allocation and tax/substance analysis. The licensing strategy should therefore be aligned with the actual operational model, not with a marketing label such as “casino platform” or “white-label provider”.
| Business Model | License Type | Scope | Notes |
|---|---|---|---|
| B2C operator | Category 1 license | Typically used where the licensed entity contracts directly with players, operates player accounts, manages onboarding, applies KYC and is responsible for gambling transactions and player-facing controls. | This is the core route for a direct-to-consumer online casino or sportsbook model. Player funds, withdrawal controls, complaints handling, responsible gambling and customer verification are central. |
| B2B platform / operational service model | Category 2 license | Generally used for business models providing gambling-related operational capability without being the primary contracting party with the end player in the same way as Category 1. | Useful for platform, software or operational structures, but the exact scope must be matched carefully to the real service chain. It should not be reduced simplistically to “software only”. |
| Foreign or associated group entity | Associate Certificate | Used for associated entities connected to the licensed structure where AGCC visibility and approval are required even though the entity is not itself the primary licensed operator in Alderney. | This is one of the most misunderstood parts of the regime. It can be relevant where non-Alderney group entities perform material functions or sit within the licensed operating chain. |
| Critical outsourced or group function | Core Services Certificate | Applies to core service providers whose functions are sufficiently material to the licensed gambling operation that separate certification is required. | This often matters for groups using outsourced operations, shared services or specialized technical and operational support. |
| Infrastructure and equipment environment | Hosting Certificate | Covers approved hosting arrangements and equipment environment relevant to the licensed gambling operation. | Hosting is a compliance issue, not only an IT issue. The AGCC will care about where critical systems sit, who controls them, how access is managed and how audit trails are preserved. |
| Controllers and senior decision-makers | Key Individual Certificate | Personal certification route for individuals in positions of significant influence, control or responsibility within the licensed business. | Founders often underestimate this. Licensing can be slowed if key individuals are identified late or if personal due diligence is incomplete. |
| Short-duration activity | Temporary license / temporary permission route | A time-limited route referenced in AGCC materials for specific short-duration cases. | Commonly cited limits are 29 consecutive days and 59 days in any 6-month period, but applicants should verify the current AGCC wording and applicability before relying on this route. |
An applicant for an Alderney gambling license must be able to pass a combined fit-and-proper, financial, operational and technical review. In practice, the AGCC is not only assessing whether a company exists; it is assessing whether the proposed business can be supervised safely and whether the people behind it are suitable to hold a regulated gambling permission.
The review typically covers the applicant entity, its ultimate beneficial owners, directors, senior managers, source of funds, business model, target markets, AML/CFT framework, player protection controls and technical stack. Where the structure includes foreign affiliates, outsourced functions or shared services, the regulator will usually want to understand how those entities interact with the licensed operation and whether separate certificates are required.
A practical point that founders often miss is that the regulator is not only looking for formal documents; it is looking for internal consistency. If the business plan, payment flow map, customer terms, game supply contracts and AML policy describe different operating models, the application will usually slow down because the AGCC must first determine what the applicant is actually asking to be licensed for.
Local incorporation questions should be analyzed by permission type, not by slogan. Some routes are linked to the licensed Alderney structure, while associated foreign entities may fall under certificate-based approval instead of holding the same primary license directly.
| Requirement | Details | Evidence |
|---|---|---|
| Transparent ownership and control | The AGCC will generally expect a clear ownership chart showing shareholders, UBOs, controllers and connected parties. Opaque nominee layers, unexplained trusts or inconsistent control rights are red flags. | Group structure chart, constitutional documents, shareholder registers, UBO declarations, control agreements and source-of-funds documentation. |
| Fit-and-proper review of key persons | Directors, founders, senior managers and other key individuals are typically subject to suitability review. This often covers integrity, competence, financial standing, regulatory history and criminal or litigation background. | Passports, proof of address, CVs, professional references, police or equivalent background documents where requested, regulatory questionnaires and personal declarations. |
| Credible business plan | The regulator usually expects a coherent business plan explaining products, target markets, customer acquisition, payment flows, outsourcing, responsible gambling, complaints handling and expected revenue model. | Business plan, financial projections, market strategy, product scope, terms and conditions, payment flow diagram and outsourcing map. |
| AML/CFT governance | The applicant should show how CDD, EDD, sanctions screening, PEP checks, transaction monitoring, suspicious activity escalation and record keeping will work in practice. | AML/CFT policy, risk assessment, onboarding procedures, sanctions workflow, MLRO role description, escalation matrix and sample monitoring logic. |
| Technical and operational readiness | The AGCC generally expects the operator to explain its gaming platform, wallet logic, game supply chain, hosting environment, access controls, logging, incident response and business continuity arrangements. | System architecture, ICS, hosting documentation, supplier agreements, security policies, change-management procedure, DR/BCP and testing materials. |
| Financial soundness | The applicant should be able to show that it can fund launch and ongoing operations, meet player obligations and maintain an appropriate control environment. | Bank statements, capitalization evidence, audited accounts where available, management accounts, funding documents and budget assumptions. |
| Correct permission mapping | The company must apply for the right mix of license and certificates. A mismatch between the actual business model and the selected permission route is a recurrent cause of rework. | Licensing matrix showing which entity contracts with players, who holds player funds, where hosting sits and which persons or service providers need certification. |
AML/CFT compliance under an AGCC license is an operating system, not a policy folder. The regulator will expect risk-based CDD, EDD, sanctions and PEP screening, transaction monitoring, suspicious activity escalation, record retention and clear ownership of AML responsibilities. For gambling businesses, the highest-risk failures usually arise where payments, bonuses, withdrawals and third-party funding methods are not aligned with the KYC and source-of-funds logic.
Player protection is equally material. A serious Alderney gaming license application should show how the operator handles age and identity verification, self-exclusion, responsible gambling triggers, complaints, account restrictions, withdrawal review and customer communication. A practical nuance is that AML and player protection should not be designed in isolation: for example, velocity checks, bonus abuse monitoring and unusual withdrawal patterns often sit at the intersection of fraud, AML and safer-gambling controls.
| Workflow Step | Control | Owner |
|---|---|---|
| Customer onboarding | Apply identity checks, age verification, jurisdiction screening and initial risk scoring before full account functionality is enabled. | Compliance / Operations |
| Deposit and gameplay monitoring | Review transaction patterns, payment instrument consistency, bonus behavior, unusual velocity and high-risk triggers requiring enhanced review. | AML / Fraud / Payments |
| Enhanced due diligence | Collect additional source-of-funds or source-of-wealth evidence for higher-risk customers, complex payment patterns or elevated exposure indicators. | Compliance / MLRO |
| Withdrawal approval | Check KYC completion, suspicious activity flags, payment method consistency, account restrictions and reconciliation before release of funds. | Payments / Compliance |
| Suspicious activity escalation | Escalate internal alerts to the MLRO or equivalent function, document rationale and preserve audit trail for decision-making. | MLRO |
| Responsible gambling intervention | Use behavioral triggers, limit tools, self-exclusion controls and customer contact procedures where risk indicators arise. | Safer Gambling / Customer Operations |
Technical approval under the Alderney regime is a separate workstream and often the real bottleneck. The AGCC is not only interested in whether the platform functions; it is interested in whether the platform can be supervised, audited and controlled. That means the applicant should be ready to explain the internal control system (ICS), hosting model, game supply chain, change management, access control, incident response, audit logging and business continuity arrangements.
For gaming products, the regulator will usually expect evidence around RNG integrity, game fairness, RTP disclosure or calculation methodology where relevant, version control and pre-launch testing. A practical nuance is that technical compliance often extends beyond the core platform vendor: wallet providers, bonus engines, affiliate systems, fraud tools and PSP integrations can all affect the control environment if they influence player balances, transaction records or customer risk decisions.
Another point often ignored in generic content is that hosting is not simply a server-location question. The AGCC will care about who administers the environment, how privileged access is controlled, where logs are stored, how backups are protected and whether the operator can reconstruct customer, game and payment events during an audit or incident review.
ISO/IEC 27001 certification is not a substitute for AGCC approval, but it can support the credibility of the information-security framework. The same is true for PCI DSS in payment-sensitive environments: it helps, but it does not replace gambling-specific controls.
| Area | Standard | Evidence |
|---|---|---|
| Internal Control System (ICS) | The ICS should describe governance, segregation of duties, approval flows, reconciliation, withdrawal controls, incident handling, change management and audit trail design. | ICS manual, control matrix, RACI chart, reconciliation procedures, exception reporting samples and escalation workflows. |
| RNG and game integrity | Games and randomization logic should be capable of independent verification and should not be changed without controlled release management and testing. | RNG test reports where applicable, game certification materials, release notes, version history and supplier attestations. |
| RTP and game rules transparency | The operator should be able to explain game rules, payout logic, RTP disclosures where relevant and how customer-facing information stays aligned with the certified build. | Game rules, paytables, RTP statements, content approval workflow and website/app publication controls. |
| Hosting and infrastructure | Hosting should sit within an AGCC-acceptable arrangement with documented control over equipment, environments, resilience, access and auditability. | Hosting contracts, environment diagrams, access-control policy, backup design, DR/BCP documents and infrastructure responsibility map. |
| Security controls | The environment should support encryption in transit, role-based access control, privileged-access management, vulnerability management and incident response. Where card data is handled directly, PCI DSS considerations may arise. | Security policies, penetration test summaries, vulnerability management process, access review logs and incident response plan. |
| Logging and retention | Critical events should be logged in a way that supports regulatory review, fraud analysis, AML investigations and player dispute resolution. | Audit log schema, retention schedule, immutable or protected log storage design and sample event traceability. |
| Third-party integrations | APIs with PSPs, KYC vendors, fraud tools and content suppliers should be governed by documented controls, fallback logic and monitoring. | Integration architecture, vendor due diligence, SLAs, incident ownership map and change-control records. |
The practical process starts before incorporation and ends after technical go-live approval. A realistic Alderney gambling license project usually includes structuring, due diligence preparation, drafting of AML and ICS documents, corporate setup where needed, filing, regulator questions, technical review, testing and final launch readiness. For a prepared group, the total window is often discussed in the range of 8-16+ weeks, but there is no safe fixed SLA because timing depends on ownership transparency, completeness of the file, technical complexity and AGCC follow-up.
Define the exact business model before any filing. The key questions are who contracts with players, who holds player funds, which entity owns the platform, where hosting sits, which target markets are intended and which certificates are needed for group entities or key individuals. This stage also tests whether Alderney is the right jurisdiction compared with Malta, Isle of Man or another regime.
Prepare the group chart, identify UBOs, controllers and senior decision-makers, and align constitutional documents with the proposed operating model. If the structure includes trusts, nominee layers or foreign affiliates, they should be explained early rather than after regulator queries arrive.
Draft or adapt AML/CFT policies, customer due diligence procedures, sanctions workflow, responsible gambling controls, complaints handling, player-fund logic and the internal control system. This is also the stage to allocate MLRO, compliance and operational ownership.
Compile architecture diagrams, hosting arrangements, supplier contracts, game certification materials, security controls, change-management process and testing evidence. Operators using multiple third-party vendors should ensure the data and control flows are internally consistent.
Submit the application pack with supporting corporate, personal, financial and operational documents. The AGCC will review the file and usually raise questions where clarification or additional evidence is needed.
Respond to regulator questions on ownership, funding, governance, outsourcing, target markets, policies or technical design. Delays often arise here if the business plan and actual contracts do not describe the same model.
Complete technical approval workstreams, including hosting, controls, game integrity, auditability and launch procedures. In some projects, this phase takes longer than the legal filing because unresolved platform or supplier issues surface only during testing.
After approval, the operator still needs a functioning post-license framework: reporting calendar, change-notification process, fee management, key-person updates, incident escalation and periodic control testing.
The file should read like one operating model, not like disconnected policy appendices.
| Document | Purpose | Owner |
|---|---|---|
| Corporate structure chart | Shows ownership, control, associated entities and the proposed licensed perimeter. | Applicant / Legal |
| Business plan | Explains products, target markets, revenue model, operations, outsourcing and customer journey. | Applicant |
| UBO and director due diligence pack | Supports fit-and-proper assessment of controllers and key persons. | Applicant / Individuals |
| Source of funds documentation | Demonstrates legitimacy of capitalization and funding flows. | Applicant / Shareholders |
| AML/CFT policies and risk assessment | Shows how KYC, EDD, sanctions, monitoring and suspicious activity escalation will operate. | Compliance |
| Internal Control System documentation | Explains governance, reconciliations, access, incident response, change management and auditability. | Operations / Compliance / Tech |
| Technical architecture and hosting pack | Maps systems, data flows, hosting, suppliers and control points. | Technology |
| Supplier and service agreements | Shows allocation of responsibilities across platform, games, payments, KYC and hosting vendors. | Legal / Procurement |
Pre-filing readiness checklist
These items define perimeter clarity, application readiness, and first-line control credibility.
Sequence these after the core perimeter, governance, and launch-control decisions are stable.
The total cost of an Alderney gaming license is never limited to the regulator fee. A realistic budget should separate official AGCC fees from legal structuring, corporate services, technical testing, hosting, KYC/AML tooling, banking or PSP onboarding and ongoing compliance payroll. That distinction matters because many first-time founders underestimate the non-regulatory spend and then discover that the real launch budget is driven by infrastructure and control requirements rather than by the filing fee alone.
Public market materials often cite figures such as £17,500 initial application fee references, £35,000 annual fee references, and higher annual exposure linked to NGY (Net Gaming Yield) with caps sometimes cited around £400,000 or £450,000 depending on category and schedule. Those figures should be treated as indicative only until checked against the current 2026 AGCC fee schedule, because competitor tables frequently mix currencies or collapse different permission types into one line.
Tax should also be handled carefully. Alderney is often discussed as a tax-efficient jurisdiction, but “low tax” is not the same as “no tax consequences.” Actual treatment depends on group structure, residence, substance, revenue flows, payment arrangements and the tax position of related entities outside Alderney. For many groups, the more important issue is not the headline rate but whether the structure can withstand banking, audit and cross-border substance scrutiny.
| Cost Bucket | Low Estimate | High Estimate | What Drives Cost |
|---|---|---|---|
| AGCC application and annual fees | Verify current schedule | Verify current schedule | Fee exposure depends on permission type, NGY-based bands where applicable and whether ancillary certificates are also required. |
| Legal structuring and application support | Variable | Variable | Cost depends on complexity of ownership chain, number of entities, target markets and whether the project includes certificates for associated entities or key individuals. |
| Corporate services and administration | Variable | Variable | May include incorporation, registered office, company secretarial support and ongoing corporate maintenance where relevant. |
| Technical testing and certification | Variable | Variable | Often underestimated. Multi-vendor stacks, custom wallet logic, game integrations and hosting complexity can materially increase cost and timing. |
| Hosting and infrastructure | Variable | Variable | Includes approved hosting arrangements, security tooling, backups, monitoring, log retention and resilience design. |
| KYC/AML and fraud tooling | Variable | Variable | Usually includes identity verification, sanctions screening, transaction monitoring, case management and fraud controls. |
| Banking, merchant and PSP onboarding | Variable | Variable | Gambling payment flows are high-risk from a banking perspective. Costs and onboarding friction can exceed initial expectations. See also High Risk and Merchant. |
| Ongoing compliance staffing | Variable | Variable | Includes compliance ownership, AML monitoring, reporting, internal reviews, audits, key-person administration and change-notification management. |
No, an Alderney gambling license does not automatically authorize gambling activity in every target market. It authorizes activity within the Alderney regulatory framework, but the legality of offering services into another country is determined by that country’s own gambling laws. This is the single most important commercial limitation for founders comparing Alderney with other jurisdictions.
In practical terms, the AGCC license can be a strong regulatory credential for business partners, investors, banks and B2B counterparties, but it is not a substitute for local market-entry analysis. The correct question is not “Is Alderney recognized?” but “Does the target market permit cross-border supply on the basis of an AGCC license alone?” In many regulated markets, the answer is no or only partially.
Alderney should be selected for regulatory quality and business fit, not on the assumption of universal distribution rights. For comparison with other jurisdictions, see Malta Gambling License, Isle of Man Gambling License and Curacao Gambling License.
| Market | What License Allows | Limits / Caveats |
|---|---|---|
| Alderney / AGCC-regulated activity | The license authorizes the approved gambling activity within the scope granted by the AGCC and subject to ongoing compliance with Alderney rules. | The permission scope still depends on the exact license or certificate held, technical approval, and compliance with any conditions attached to the authorization. |
| United Kingdom | An AGCC license may support credibility and group structuring analysis, but it is not the same as a UKGC license. | UK-facing gambling activity generally requires separate assessment under UK law. An Alderney license does not replace a permission from the UK Gambling Commission. |
| European Union member states | The AGCC license may help from a compliance and reputation standpoint when dealing with B2B partners or investors. | There is no automatic EU passport for gambling. Each member state has its own licensing and market-access rules, and some markets are strictly ring-fenced. |
| B2B cross-border supply | For technology, platform or service relationships, an AGCC-regulated status may be commercially valuable and sometimes easier to position than a purely offshore registration. | B2B acceptance still depends on the counterparty's jurisdiction, contract chain, product type and whether local law treats the activity as licensable. |
| Grey or restricted markets | The Alderney license does not sanitize a prohibited market strategy. | Operators still need market-by-market legal analysis, sanctions screening and geo-restriction logic. A regulator-grade license does not override local prohibitions. |
The strategic choice is not only whether Alderney is available, but whether the business should hold its own license at all. Some founders are better served by launching under a third-party licensed environment or white-label arrangement first, while others need their own AGCC-regulated structure from day one because they want direct control over player contracts, data, payments, IP and enterprise value.
A practical nuance is that white-label models can reduce time to market, but they often create hidden constraints around PSP access, customer ownership, game roadmap, exit value and future relicensing. For investor-backed businesses, the decision should be made against the intended end-state, not only against the cheapest launch path.
| Option | Advantages | Limitations | Best For |
|---|---|---|---|
| Own Alderney license | Direct regulatory positioning, stronger control over player relationship, greater flexibility over payments, compliance design, product roadmap and long-term enterprise value. | Higher upfront cost, longer preparation, more demanding AML and technical build-out, and direct responsibility for ongoing compliance and regulator interaction. | Well-capitalized B2C or B2B groups, serious founders planning long-term scale, and businesses that need direct control over contracts, data and governance. |
| White-label / third-party licensed environment | Potentially faster launch, lower initial build-out and less immediate regulatory administration for the brand owner. | Reduced control over customer terms, payments, risk appetite, platform changes, data access and strategic exit options. The brand may remain commercially dependent on the license holder. | Early-stage concepts, market testing, affiliate-led brands or teams that are not yet ready for full compliance ownership. |
| Hybrid migration model | Allows initial launch under partner infrastructure with a planned transition to own license once product-market fit, PSP relationships and compliance capacity are established. | Requires careful contract drafting, migration planning and customer-data governance to avoid lock-in or re-papering problems. | Founders who need speed now but want an eventual standalone licensed business with investor-grade governance. |
Most Alderney licensing problems are not caused by one dramatic red flag; they are caused by cumulative inconsistency. The AGCC is more likely to slow or challenge an application where ownership, funding, contracts, policies and technical reality do not match. The same logic applies after grant: post-license issues usually arise when the live operation drifts away from the approved control environment.
The risk scenarios below are the ones that matter most in practice for founders, general counsel, compliance leads and investors reviewing an AGCC application strategy.
Legal risk: Fit-and-proper concerns can delay review materially or undermine the application entirely, especially where beneficial ownership is layered through difficult-to-verify structures.
Mitigation: Prepare a clean ownership chart, supporting corporate records and documentary evidence for source of funds and, where needed, source of wealth before filing.
Legal risk: Applying for Category 2 where the actual model is player-facing, or ignoring certificate needs for associated entities or key individuals, can trigger rework and regulator concern.
Mitigation: Map contracting party, player-fund holder, hosting owner, platform operator and key decision-makers across the group before selecting the permission route.
Legal risk: Insufficient KYC, sanctions screening, monitoring or MLRO governance can affect both approval and later enforcement exposure.
Mitigation: Use a risk-based AML framework tailored to gambling payments, bonuses, withdrawals and cross-border customer behavior rather than a generic financial-services template.
Legal risk: Missing logs, poor change control, unclear hosting responsibility or weak incident response can delay go-live even if the legal filing is otherwise strong.
Mitigation: Prepare ICS, architecture diagrams, supplier responsibilities, logging model, release management and DR/BCP evidence before technical review starts.
Legal risk: Relying on the AGCC license as if it automatically covers the UK, EU or other regulated markets can create legal exposure and reputational risk.
Mitigation: Run market-by-market legal analysis, implement geo-restrictions and align commercial plans with local licensing reality.
Legal risk: Changes in ownership, key persons, suppliers, hosting or product scope can create compliance breaches if not handled through an appropriate notification and approval process.
Mitigation: Maintain a material-change register, board escalation path and compliance calendar after launch.
These are the questions most often asked by founders, operators, B2B suppliers and investors assessing an AGCC-regulated structure in 2026.
The regulator is the Alderney Gambling Control Commission (AGCC). It administers licensing, compliance supervision, technical approval and enforcement for the Alderney remote gambling regime.
The main legal instruments are the Gambling (Alderney) Law, 1999 and the Alderney eGambling Regulations, 2009, together with AGCC rules, forms and guidance.
Category 1 is generally the player-facing route where the licensed entity contracts with customers and manages player accounts and funds. Category 2 is generally used for B2B or operational models that support gambling activity without occupying the same direct player-contracting role. The exact perimeter should always be checked against the real operating model.
A license covers the regulated gambling activity itself, while a certificate can apply to associated entities, hosting, core services or key individuals connected to the licensed operation. This distinction matters because it affects who may perform which function and which persons or entities require separate approval.
The answer depends on the permission type and group structure. Some operating models are centered on the licensed Alderney structure, while foreign associated entities may instead require certification, such as an Associate Certificate, rather than holding the same primary license directly.
A realistic range for a prepared project is often 8-16+ weeks, but there is no guaranteed timeline. Ownership transparency, document quality, regulator questions, technical testing and hosting readiness all affect timing.
Hosting should be analyzed by permission type and AGCC-approved arrangement, not by a simplistic rule. The key issue is whether the hosting model is acceptable to the regulator and supports auditability, access control, resilience and supervision.
No. An AGCC license is not the same as a UK Gambling Commission license. UK-facing activity requires separate analysis under UK law.
No. Gambling is regulated nationally across the EU, and there is no automatic passport based on an Alderney license. Each target country must be assessed separately.
Operators should expect risk-based CDD, EDD, sanctions and PEP screening, transaction monitoring, suspicious activity escalation, record retention and documented AML governance. The exact design should reflect gambling-specific risks such as deposit patterns, bonus abuse, third-party payments and withdrawal behavior.
NGY means Net Gaming Yield. In Alderney fee discussions, NGY is relevant because some annual fee exposure is commonly described by reference to NGY-based bands or caps. Applicants should verify the current AGCC fee schedule for the exact 2026 treatment.
Yes, key persons can require a Key Individual Certificate. Founders, senior managers and controllers should be identified early because personal due diligence is often a critical part of the licensing timeline.
The total budget usually includes regulator fees, legal structuring, corporate services, technical testing, hosting, KYC/AML tooling, PSP onboarding and ongoing compliance staffing. For many projects, those non-regulator costs are the larger part of the first-year spend.
Not universally. Alderney is often chosen for regulatory credibility and structured oversight, but the best jurisdiction depends on the business model, target markets, budget, timeline, B2C vs B2B profile and banking strategy. Compare with Malta Gambling License, Isle of Man Gambling License and Curacao Gambling License.
The right question is not whether an Alderney gambling license is prestigious. The right question is whether the AGCC route fits the applicant's ownership profile, target markets, payment model, technical stack and compliance maturity. If the project is B2C, B2B, white-label, crypto-adjacent or multi-jurisdictional, the permission map should be reviewed before filing.
