Cyprus Gambling License
NBA Class B Remote Betting — Regulated Sportsbook Market Entry in the EU
A Cyprus Gambling License is not a generic EU gaming approval and not a casino licence. It is a regulated Class B remote betting authorisation issued by the National Betting Authority, designed exclusively for operators running sports betting under continuous supervision, strict AML controls, and enforced player protection.
We provide end-to-end licensing and operating setup in Cyprus for international sportsbook operators and betting groups seeking a stable, EU-based regulatory framework with a clearly defined product perimeter. The engagement begins by locking scope and exclusions to eliminate regulatory drift from day one. From there, we design and implement the operating system the NBA actually evaluates in practice: corporate structure and local substance, fit-and-proper positioning of owners and management, bank guarantee planning, AML and responsible gaming governance, technical architecture with EU hosting and Cyprus data mirroring, integrity controls across bet acceptance and settlement, and inspection-ready records that reconstruct player activity, financial flows, and compliance decisions.
The objective is not formal approval.
The objective is an NBA-licensed Cyprus sportsbook that can operate under supervision, maintain stable banking and payment relationships, and scale without regulatory friction.
This service is designed for operators who require long-term licence durability, institutional credibility, and predictable regulatory oversight within the European market.
Who This Service Is For
This service is designed for operators who need regulated sportsbook market entry with a controlled product perimeter.
• Online sportsbooks offering fixed-odds betting on sports and racing
• Operators migrating to an EU-regulated base with strict AML and player protection
• Groups launching Cyprus-facing or EU-facing remote betting operations
• Businesses that require a bankable structure, auditable systems, and predictable supervision
What You Achieve
You receive a licensing outcome and an operating model built to hold under supervision.
• Correct licence perimeter and product restrictions locked from day one
• Cyprus entity structure with local governance and accountable management control
• Fit-and-proper evidence pack for owners, directors, and key persons
• Bank guarantee and fee planning aligned with licence duration
• AML system with decision accountability, training discipline, and reporting readiness
• Technical architecture meeting EU hosting and Cyprus data-mirroring obligations
• Player protection tooling and complaint-handling mechanics aligned with NBA expectations
• Post-licensing reporting and audit cycle built into operations, not bolted on
Licence Scope and Product Boundaries
Class A and Class B — What Is Permitted
Cyprus licensing is perimeter-driven. The NBA expects a clear statement of what you do, what you do not do, and how your platform prevents prohibited functionality from appearing through product drift or third-party modules.
Class A
Authorises betting in physical premises.
• land-based sportsbook shops
• NBA inspection of premises and ongoing on-site oversight
• operational scope tied to approved locations within Cyprus
Class B
Authorises remote electronic betting.
• online sports betting via web and mobile
• permitted betting on sports, racing, and qualifying virtual sports as betting products
• infrastructure obligations for EU hosting and Cyprus data availability
Prohibited Products Under the Class B Perimeter
These are not “grey areas” in practice. Operators must implement technical and product controls that make these offerings impossible.
• online casino-style games of chance
• RNG-driven casino content and casino-like side games
• betting exchange models
Regulatory Operating Reality
What the NBA Actually Tests
The NBA does not assess documents in isolation. It assesses whether the operator behaves as a controlled institution.
Key supervisory focus areas include:
• integrity of bet acceptance, settlement, and late-betting prevention
• traceability of player identity, deposits, withdrawals, and winnings
• AML decision-making and the functional independence of the AML role
• resilience of the platform, security controls, and incident handling
• accuracy and timeliness of GGR reporting and audit outputs
• marketing discipline and responsible gaming enforcement
Service Scope
Cyprus Betting Licence as a Regulator-Defensible Build
We structure the engagement as a controlled project with measurable outputs.
Licensing Strategy and Perimeter Fixation
• licence class confirmation and product scope lock
• operating model mapping: player journey, payments, wagering, settlement
• prohibited-feature removal plan and platform hardening against drift
• outsourcing and third-party dependency perimeter
Corporate, Governance, and Substance
• Cyprus entity or EU entity with Cyprus branch structure alignment
• board composition and accountability design
• key function mapping: AML, finance, IT security, player protection
• fit-and-proper evidence discipline for owners and key persons
Financial Readiness
• bank guarantee planning aligned with licence duration
• licensing fee budgeting and renewal calendar
• operational liquidity planning for player liabilities and tax cycles
• accounting model for GGR calculation and reporting consistency
AML, Player Protection, and Conduct
• AML framework build with risk assessment and escalation logic
• KYC/CDD/EDD process design with source-of-funds handling where required
• suspicious activity reporting workflow and record discipline
• responsible gaming tools and complaint resolution system
Technology, Hosting, and Audit Readiness
• EU hosting architecture aligned with regulatory access needs
• Cyprus data mirroring design and integrity logging
• platform certification coordination with approved testing providers
• security controls, incident response, and BCP/DR testing plan
Deliverables
You receive an application-ready and supervision-ready package.
• licensing perimeter memo and product boundary controls
• corporate governance file, org chart, and responsibility matrix
• fit-and-proper dossiers for shareholders, directors, and key persons
• business plan, operating model narrative, and financial projections pack
• bank guarantee execution checklist and renewal controls
• AML program pack: risk assessment, CDD/EDD logic, monitoring approach, training plan
• responsible gaming policy and player protection tooling specification
• technical compliance pack: hosting, data mirroring, logging integrity, security baseline
• reporting pack: GGR methodology, monthly reporting workflow, audit calendar
• submission management and regulator Q&A handling support
Process
We run the project in a sequence that prevents contradictions, gaps, and late-stage remediation.
Readiness and Design
• scope and product perimeter fixation
• gap analysis across governance, AML, tech, and financial readiness
• project plan with dependencies and evidence requirements
Build and Implementation
• corporate and governance build-out
• AML and player protection operating system implementation
• technical architecture alignment, data mirroring, logging integrity
• evidence assembly for fit-and-proper and operational capability
Submission and Review
• application pack compilation and consistency validation
• regulator-facing narrative control and response discipline
• remediation loop management if the NBA requires adjustments
Post-Licensing Stabilisation
• reporting cadence setup and internal audit readiness
• change management controls for platform updates
• ongoing compliance calendar: renewals, audits, training, certification
Typical Timelines
Timelines depend on readiness and platform maturity.
• perimeter fixation and readiness phase: 2–4 weeks
• build and pack preparation: 6–12 weeks
• review cycle and clarifications: variable by complexity and regulator queries
Common Failure Patterns We Prevent
Licensing delays in Cyprus usually come from structural issues, not from missing forms.
• unclear perimeter that drifts into prohibited products
• weak fit-and-proper evidence or opaque ownership/control
• AML function without real independence or escalation authority
• hosting/data architecture that cannot support regulatory access and auditability
• inconsistent GGR logic and reporting readiness gaps
• marketing and bonus mechanics that conflict with responsible gaming expectations
Request Gambling License Assessment
Supervisory Reality After Licensing in Cyprus
How the NBA Tests an Operator Once Class B Is Granted
A Cyprus Class B licence is not a one-time gateway. It is the beginning of a supervisory relationship where the NBA evaluates operational truth, not written intent. After authorisation, the regulator’s focus shifts from whether you understand the framework to whether your platform behaves as a controlled betting institution under stress, growth, and commercial pressure.
The NBA does not treat post-licensing obligations as routine administration. Monthly reporting, technical availability, responsible gaming enforcement, and AML decisions become measurable signals of organisational discipline. This is where many operators fail: not because they lack policies, but because their operating model cannot remain coherent at scale.
Supervision as a Continuous Control Loop
Once the licence is active, supervision operates as an ongoing loop of observation, reporting, and targeted review.
The NBA monitors:
• whether the platform continues to meet technical access and auditability expectations
• whether player protection tools are enforced rather than displayed
• whether AML escalation is applied consistently and independently
• whether financial reporting matches operational reality
Supervision intensifies when risk indicators rise and relaxes only when stability is demonstrated over time.
Regulatory Reporting as Proof of Control
In Cyprus, reporting is not a tax exercise. It is evidence of whether the operator can account for its activity without distortion or delay.
The NBA will pay attention to:
• timeliness of monthly submissions
• internal consistency across reports, ledgers, and platform logs
• clear reconciliation between stakes, payouts, and GGR
• credible explanations for anomalies and deviations
A disciplined operator can reconstruct every material metric from primary data. A weak operator relies on manual summaries that drift over time.
GGR Integrity and Reconciliation Discipline
Because the fiscal model is GGR-based, the NBA expects clean definition and reconciliation discipline.
A robust GGR control model typically includes:
• a formal definition of stake, voided bets, free bets, and promotions
• consistent treatment of cancellations, cash-outs, and partial settlements
• reconciliation rules between wallet movements and bet settlement outcomes
• independent review of reporting outputs before submission
Reporting quality problems are rarely “accounting issues.” They usually reflect weak system integrity or weak internal ownership.
The Bank Guarantee as a Live Supervisory Condition
The bank guarantee is not a filing requirement. It is a live condition of licence stability.
The NBA expects:
• uninterrupted validity of the guarantee at all times
• renewal planning well before expiry
• internal controls that detect any lapse risk early
A lapse is treated as a serious operational failure. It signals inability to maintain basic licence conditions and may trigger immediate intervention.
AML Oversight Is About Decisions, Not Policies
After licensing, AML compliance is judged by outcomes.
The NBA and the FIU interface expect to see:
• consistent risk-based treatment of customers
• documented escalation decisions and case outcomes
• effective monitoring that identifies suspicious patterns early
• reporting that is timely and analytically justified
The presence of transaction monitoring tools is assumed. What is tested is whether the organisation has the courage and discipline to act on what the tools reveal.
AMLCO Independence Under Commercial Pressure
The independence of the AML function becomes most important after the licence goes live.
Regulators watch for signals such as:
• overrides by commercial teams
• pressure to maintain VIP activity at the cost of due diligence
• delays in EDD because of revenue targets
• reduced escalation when marketing campaigns increase volume
An AMLCO who cannot stop activity is not independent in practice, even if independent on paper.
Customer Risk Lifecycle Management
Cyprus supervision expects risk profiling to evolve over time.
A credible lifecycle model includes:
• onboarding risk classification
• trigger-based EDD when behaviour changes
• periodic reviews based on activity and risk indicators
• exit and offboarding protocols
A common failure pattern is treating onboarding as the only compliance gate. Post-onboarding behaviour is where regulatory risk accumulates.
Payment Flows as an AML Risk Surface
Payment processing is not just a technical integration. It is a financial crime exposure point.
Supervisory focus includes:
• consistency between KYC verification and payment permissions
• controls over third-party deposits and unusual funding sources
• withdrawal controls, especially rapid withdrawal after deposit
• patterns of structuring across multiple payment instruments
Operators must be able to explain not only who paid, but why the payment behaviour is consistent with the customer’s profile.
Responsible Gaming as an Enforced Mechanism
Responsible gaming is not assessed by the existence of a policy page. It is assessed by whether tools are enforced, tracked, and acted upon.
The NBA expects:
• deposit, loss, and session limits to function reliably
• self-exclusion to be irreversible during the exclusion period
• forced cool-off mechanisms to work as designed
• evidence that risky player behaviour triggers interventions
If limits can be bypassed through alternate accounts, wallet resets, or customer support intervention, the operator is treated as non-compliant.
Complaints Handling as a Regulatory Signal
Complaints are treated as a consumer protection indicator.
Regulators evaluate:
• complaint volumes relative to customer base
• categories of complaints and recurrence patterns
• response times and resolution outcomes
• whether root causes are corrected structurally
A complaint process that merely closes tickets is not sufficient. The NBA expects evidence of systemic remediation.
Marketing and Bonus Controls After Licensing
Marketing is one of the most common sources of post-licensing regulatory trouble.
Regulators scrutinise:
• whether advertising is truthful and not misleading
• whether risk warnings are properly displayed
• whether promotions encourage harmful play patterns
• whether targeting controls prevent exposure to minors
Aggressive bonus mechanics often create AML and responsible gaming side effects. Operators must be able to show how promotions are controlled, monitored, and adjusted.
Platform Integrity and Late-Betting Prevention
The integrity of bet acceptance and settlement is core to Cyprus supervision.
Key expectations include:
• synchronised time controls across the platform
• prevention of bet acceptance after event start
• audit logs that show odds changes, acceptance decisions, and settlement logic
• controls preventing manual manipulation of outcomes
Integrity failures are treated as systemic risks, not operational hiccups.
Audit Trails and Historical Reconstruction
The NBA expects that every material event can be reconstructed.
Operators must be able to reconstruct:
• who placed a bet and when
• how the bet was priced and accepted
• how it was settled and paid out
• how the customer was verified at the time
• what monitoring alerts were triggered and how they were handled
When records cannot be reconstructed, the regulator assumes control failure.
Technical Availability and Data Accessibility
Cyprus remote betting supervision relies on reliable access to data.
Regulators expect:
• continuous availability of audit access paths
• stable data mirroring with integrity validation
• documented incident handling when access is disrupted
• tested recovery plans and defined RTO/RPO targets
Operators that treat mirroring as a one-time compliance setup often discover later that changes in infrastructure break regulatory access. That is viewed as governance failure.
Change Management as a Supervisory Requirement
After licensing, platform changes become a regulatory risk surface.
A compliant change management model includes:
• formal approvals before deployment
• documented testing and security review
• segregation of duties between development and production
• rollback capability and incident logging
Frequent changes without governance reduce supervisory confidence quickly, even if no user harm occurs.
Third-Party Dependencies and Outsourcing Risk
Many sportsbook operators rely on third parties for core functions.
The NBA expects control over outsourced dependencies:
• audit rights and monitoring of vendors
• incident response coordination
• exit plans and contingency options
• clarity on data ownership and access
Outsourcing does not reduce responsibility. It increases the need for oversight discipline.
Progressive Enforcement and Remediation Pressure
Enforcement in Cyprus tends to be progressive.
Typical escalation pattern:
• supervisory feedback and informal requests
• formal remediation plans with deadlines
• targeted inspections and technical reviews
• activity restrictions or licence suspension
• sanctions or revocation for systemic failure
Early cooperation and credible remediation reduce escalation. Defensive behaviour accelerates it.
Why Most Operators Fail After Approval
The most common post-licensing failures are structural.
• compliance autonomy collapses under growth pressure
• reporting and reconciliation become inconsistent
• platform changes undermine audit access
• responsible gaming tools are implemented but not enforced
• marketing practices conflict with player protection standards
These failures are not caused by missing documents. They are caused by weak operating architecture.
Institutional Discipline as a Commercial Advantage
In Cyprus, regulatory discipline is not only a cost. It is a competitive advantage.
Disciplined operators benefit from:
• more stable banking and PSP relationships
• lower incident frequency
• stronger regulator confidence during expansions or renewals
• improved brand credibility with sophisticated partners
A licence that survives scrutiny is more valuable than a licence that exists only on paper.
Strategic Scaling of a Cyprus-Licensed Sportsbook
How Class B Operators Expand Without Triggering Regulatory Drift
Growth after licensing is the most sensitive phase for a Cyprus-licensed sportsbook. The NBA does not treat expansion as a commercial achievement. It treats it as a structural stress test. Every increase in volume, geography, product complexity, or marketing intensity reshapes the operator’s risk profile and, with it, supervisory expectations.
This section explains how Class B operators scale in practice while preserving licence stability, banking confidence, and regulatory trust.
Growth Is a Regulated Event, Not a Business Milestone
From the regulator’s perspective, expansion is never neutral.
Growth typically increases:
• transaction velocity and settlement pressure
• exposure to higher-risk customer segments
• AML alert density and escalation load
• marketing-driven behavioural risk
• platform complexity and change frequency
The NBA expects operators to anticipate these effects structurally, not react to them after problems surface.
Expansion Planning as a Supervisory Expectation
Licensed operators are expected to demonstrate forward visibility.
The NBA expects management to be able to explain:
• where growth will come from
• which risks will increase as a result
• how controls will scale alongside volume
• when additional staffing or capital becomes necessary
Operators who expand opportunistically without documented planning signal weak governance, even if no immediate breach occurs.
Market Expansion and Geo-Targeting Discipline
Cyprus-licensed sportsbooks often operate across multiple markets.
Supervisors expect clarity on:
• which jurisdictions are actively targeted
• how geo-blocking and access controls are enforced
• how country-specific AML risks are assessed
• how marketing is restricted in prohibited territories
Using a Cyprus licence to passively accept traffic from restricted or high-risk regions creates regulatory exposure even without local advertising.
Client Segmentation as a Growth Control Mechanism
As customer numbers increase, segmentation becomes mandatory.
Effective segmentation distinguishes:
• casual retail players
• high-frequency bettors
• high-value accounts
• promotional-driven users
• long-term professional bettors
Each segment requires:
• different monitoring thresholds
• tailored responsible gaming triggers
• differentiated escalation timelines
Treating all customers uniformly is interpreted as a lack of risk awareness.
High-Value Players and Enhanced Oversight
VIP and high-stakes players receive disproportionate supervisory attention.
Regulators expect:
• enhanced source-of-funds verification
• documented affordability assessments
• stricter limit management
• proactive responsible gaming interventions
Revenue concentration around a small number of players is a recognised risk indicator. Operators must be able to show how that risk is managed, not ignored.
Promotional Strategy as a Risk Multiplier
Bonuses and promotions are a frequent source of post-licensing issues.
The NBA evaluates:
• whether promotions distort player behaviour
• whether bonus abuse is monitored and controlled
• whether wagering requirements create harmful patterns
• whether marketing triggers AML or RG side effects
Aggressive promotions without counterbalancing controls often lead to combined AML and responsible gaming failures.
Bonus Abuse and Financial Crime Exposure
Promotions can be exploited for illicit purposes.
Supervisory focus includes:
• detection of multi-account behaviour
• identification of low-risk arbitrage strategies
• linkage analysis across wallets and identities
• rapid deposit-bet-withdrawal patterns
Failure to control bonus abuse is treated as a systemic weakness, not a marketing oversight.
Scaling AML Operations Under Volume Pressure
As transaction volume grows, alert volume grows faster.
Regulators expect operators to:
• increase AML staffing proportionally
• adjust monitoring thresholds dynamically
• preserve escalation quality under load
• avoid backlog accumulation
An alert backlog is not neutral. It indicates loss of control.
Maintaining AMLCO Independence During Expansion
Growth increases internal pressure to relax controls.
The NBA observes:
• whether escalations are delayed during peak periods
• whether high-value customers receive preferential treatment
• whether marketing timelines influence compliance decisions
AML independence is tested precisely when it becomes inconvenient. Boards are expected to actively protect that independence.
Payment Method Expansion and Risk Re-Assessment
Adding payment methods is a regulated change.
Supervisors expect reassessment when introducing:
• new e-wallets or PSPs
• alternative local payment methods
• crypto-adjacent payment rails
• prepaid or voucher-based systems
Each method introduces different fraud, AML, and RG risks. Treating payment expansion as a purely technical decision undermines licence stability.
Withdrawal Controls Under High Load
Withdrawal behaviour becomes risk-sensitive at scale.
Regulators expect operators to monitor:
• withdrawal velocity after deposits
• repeated small withdrawals
• withdrawals following promotional play
• patterns inconsistent with betting behaviour
Operators must be able to explain why funds are being withdrawn, not merely that they are.
Platform Scalability and Control Integrity
Growth stresses systems before it stresses people.
The NBA expects:
• capacity planning tied to growth forecasts
• monitoring of latency and failure points
• safeguards against partial outages affecting integrity
• stability of audit logs under load
Scaling infrastructure without reinforcing governance is a common failure pattern.
Change Velocity as a Supervisory Indicator
Fast-growing sportsbooks deploy changes frequently.
Regulators assess:
• whether deployment frequency undermines control
• whether testing keeps pace with change
• whether audit access is preserved
• whether rollback capability is real
High change velocity without governance discipline signals loss of operational control.
Staffing and Organisational Resilience
As operations scale, reliance on individuals becomes a risk.
Supervisors expect:
• role clarity and separation of duties
• redundancy in compliance and finance functions
• succession planning for key roles
• structured training beyond onboarding
Over-centralisation around founders or single managers is a known supervisory concern.
Internal Audit as a Scaling Safeguard
Internal audit becomes critical during expansion.
The NBA expects internal audit to:
• identify emerging weaknesses early
• challenge growth-driven shortcuts
• track remediation to completion
An audit function that only confirms compliance adds little value. One that surfaces uncomfortable issues builds trust.
Data Consistency at Scale
Data integrity is harder to maintain as systems grow.
Supervisors examine:
• consistency between betting, wallet, and reporting systems
• ability to reconstruct historical states
• stability of identifiers across migrations
Fragmented data is interpreted as fragmented control.
Complaint Trends as Early Warning Signals
Complaint volume naturally rises with scale.
Regulators focus on:
• complaint growth relative to customer growth
• repeated complaint themes
• time to resolution
• corrective actions taken
Ignoring complaint trends is equivalent to ignoring operational warning lights.
Banking Relationships During Growth
Banks reassess risk as volume increases.
Regulators are aware of:
• enhanced due diligence by banks
• transaction monitoring feedback
• account freezes or delays
Stable banking relationships are treated as indirect evidence of institutional maturity.
Capital and Liquidity Planning Under Expansion
Growth changes liquidity dynamics.
The NBA expects operators to plan for:
• increased player balances
• peak withdrawal scenarios
• promotional liquidity strain
• tax and contribution cycles
Liquidity shortfalls, even temporary ones, raise consumer protection concerns.
Cross-Group Expansion and Control Boundaries
Many Cyprus sportsbooks are part of larger groups.
Regulators expect clarity on:
• which entity controls what
• how marketing and risk decisions are made
• whether Cyprus management can override group pressure
Shadow control from abroad undermines local accountability.
Communication with the Regulator During Growth
How operators communicate during expansion matters.
Effective communication is:
• proactive about material changes
• transparent about emerging risks
• technically precise
Surprises damage trust. Early disclosure preserves it.
Progressive Supervision and Trust Accumulation
Supervisory posture evolves based on behaviour.
Disciplined expansion leads to:
• smoother renewals
• faster acceptance of changes
• lower inspection intensity
Poorly managed growth leads to:
• enhanced reporting
• targeted inspections
• activity restrictions
Trust compounds slowly and evaporates quickly.
Why Disciplined Scaling Is a Competitive Advantage
In regulated betting markets, disciplined growth is rare.
Operators who scale cleanly benefit from:
• stronger banking and PSP confidence
• institutional partners and sponsors
• lower enforcement risk
• long-term licence durability
In Cyprus, regulatory stability is a commercial asset.
Strategic Outcome
A Cyprus Class B licence retains value only when expansion strengthens, rather than erodes, supervisory confidence.
That outcome is achieved through:
• forward planning
• controlled growth
• independent compliance
• enforced player protection
• disciplined technology governance
This is how a licensed sportsbook moves from initial authorisation
to sustainable, long-term market leadership.
FAQ
It's a license issued by the National Betting Authority (NBA) of Cyprus that allows operators to legally provide betting services within Cyprus and utilize Cyprus as a tax-efficient base for iGaming holding companies within the EU.
The NBA issues licenses only for fixed-odds betting and Betting Exchanges. Crucially: The NBA does not license online casinos, RNG games, slots, or poker for the domestic Cyprus market.
The main appeal is its financial and tax structure. Cyprus offers the lowest corporate tax rate in the EU (12.5%) and the powerful Notional Interest Deduction (NID) tool, making it an ideal jurisdiction for holding companies and managing Intellectual Property (IP) for global operations.
There are two main classes for operators:
Class A: For operating land-based (physical) betting shops.
Class B: For operating online betting (sports, betting exchanges).
You must provide:
Share Capital: (Requirements vary, but must be sufficient for the business plan).
Bank Guarantee: A mandatory, non-interest-bearing deposit of €550,000, held in an approved Cypriot bank. This acts as security against fines or failure to meet player obligations.
Annual License Fee: €30,000 (for a one-year license).
This is a mandatory certification required for all providers of core software, platforms, odds feeds, and other critical technological services to Class A and Class B operators. It guarantees the technical integrity of the market.
Critically important are:
AML/KYC: Strict adherence to EU Anti-Money Laundering (AML) and Know Your Customer (KYC) directives. Requires the appointment of a local AML Officer.
CMS Integration: Mandatory full integration of the operator's platform with the NBA's Central Monitoring System (CMS) for real-time transaction control.
Segregation of Player Funds: Mandatory separation of player funds from company operational funds in dedicated trust accounts in EU banks.
The Notional Interest Deduction (NID) allows companies to deduct a deemed interest expense on new equity (capital injected into the company). This tool can effectively reduce the 12.5% corporate tax rate to as low as 2.5% or less, making Cyprus extremely beneficial for IP and holding structures.
To qualify for tax benefits, the company must prove it is genuinely managed and controlled from Cyprus. This includes:
Holding the majority of Board of Directors meetings in Cyprus.
Having a majority of local resident directors.
Maintaining a functional physical office and sufficient local staff.
What penalty is imposed for violating NBA rules? Penalties range from administrative fines (for minor infringements) to the confiscation of a portion or all of the €550,000 Bank Guarantee and immediate license revocation for critical violations (e.g., related to AML or fraud).
Operational servers and player databases for Class B licensees must be physically located within the European Union (EU) or the European Economic Area (EEA) to ensure compliance with GDPR and NBA requirements.
Licensees are required to undergo an annual statutory audit by a Cypriot auditor, which confirms financial performance and adherence to all regulatory measures.
The application process, including the due diligence of key personnel and the technical audit, usually takes 3 to 6 months.