MGA B2C vs B2B Licence: Obligations, Exemptions, and Enforcement Patterns

Scope of This Article and What the Sources Cover

The Malta Gaming Authority issues two principal categories of gaming licence under the Gaming Act (Chapter 583 of the Laws of Malta): the B2C licence, authorising direct-to-consumer gaming operations, and the B2B licence, authorising the supply of gaming software, systems, platforms, or services to other licensed operators. Choosing the wrong category is not a technical error that the MGA overlooks. It defines the entire compliance framework a licensee operates under, the reporting obligations it must meet annually, the website disclosure requirements it must satisfy, and the enforcement risks it faces when obligations go unmet.

This article draws on three primary source categories: the MGA Compliance Audit Manual (version 1, MGA/G/001, August 2018), the MGA FAQs corpus (Part 2/27, dated 25 April 2026), and the MGA Enforcement Register across multiple published parts. Where the sources are silent on a specific technical requirement, including precise application fee schedules, formal approval timelines, and fit-and-proper testing procedures, this article flags those gaps explicitly rather than inferring from general knowledge. Compliance officers seeking specific fee quantum or processing SLAs should consult the MGA’s current published fee schedules and, where material decisions depend on interpretation, qualified Maltese legal counsel.

B2C vs B2B: Defining the Boundary

The distinction between B2C and B2B authorisations turns on the identity of the customer receiving the licensed service. A B2C licensee operates gaming services directly to end-users: players who register accounts, deposit funds, and participate in games. The licensee bears direct obligations to those players, including responsible gambling measures, player fund protection, and fair game conduct. The MGA licence number format for B2C authorisations follows the pattern MGA/B2C/[number]/[year], as seen across the enforcement actions discussed later in this article.

A B2B licensee, by contrast, supplies gaming-related products or services to other licensed operators, not to players directly. Platform providers, game studios, aggregators, and payment system suppliers typically fall into this category. The MGA licence number format for B2B authorisations follows the pattern MGA/B2B/[number]/[year], as confirmed by the cancellation of Join Games Malta Limited (MGA/B2B/321/2016) documented in the Enforcement Register (Part 44/108).

In practice, operators should assess whether their primary commercial relationship is with an end-user player or with another licensed gaming operator. Where a business model involves both activities, dual authorisation may be required, and the compliance obligations of each category apply independently to the relevant business lines.

B2B Licensee Obligations: Website Disclosure and B2C Consumer Oversight

The Compliance Audit Manual sets out the specific checks the MGA conducts against B2B licensees at section 7.1, titled “B2B Checks.” The manual requires auditors to verify three distinct conditions for a B2B licensee’s websites.

The auditor must check whether the licensee’s websites are: (a) displaying a statement that they are licensed by the MGA; (b) displaying the MGA’s licence number; and (c) clearly labelling products, services, and material supply licensed or authorised by the MGA.

This three-part disclosure requirement means a B2B licensee cannot simply reference its MGA status generically. Products, services, and material that carry MGA authorisation must be individually and clearly identified as such. This distinction matters operationally: a B2B supplier offering both MGA-licensed platform software and ancillary non-licensed services must ensure that only the licensed elements are labelled as MGA-authorised, avoiding any implication that the full product suite carries regulatory cover it does not have.

Section 7.1.2 of the Compliance Audit Manual introduces an additional B2B-specific obligation that has no direct parallel in the B2C audit framework. The MGA requires B2B licensees to maintain a compiled list of B2C operators consuming their services who are not licensed by the MGA, along with the relevant agreements or contracts for each such operator. This is a supplier-side oversight mechanism. The MGA uses it to map unlicensed operator relationships and assess whether a B2B licensee’s services are reaching non-compliant distribution channels. Licensees without structured contract registers for their B2C customers face meaningful audit exposure here.

B2C Licensee Obligations: AUPs Reporting and Ongoing Compliance

The most operationally significant difference in periodic reporting between the two licence categories is the treatment of Audited User Periods (AUPs). AUPs are audited financial statements prepared per defined reporting periods and submitted to the MGA as an ongoing compliance obligation.

Under Article 41(2)(b)(ii) and (iii) of the Gaming Authorisations and Compliance Directive, all B2B licensees are fully exempt from AUPs reporting. The MGA FAQs (Part 2/27) confirm this unambiguously: “All B2B licence holders are exempted from reporting the AUPs in terms of Article 41(2)(b)(ii) and (iii) of the Gaming Authorisations and Compliance Directive. All B2B licensees, whether or not they are offering a shared pooled jackpot, fall out of scope and are thus not required to prepare the AUPs.”

B2C licensees, by contrast, must submit AUPs for each financial year following the year in which they were granted a licence. The FAQs clarify a limited transitional exemption: a B2C licensee granted its licence during the financial year covered by the relevant Audited Financial Statements is not required to prepare AUPs for that year, but must do so for all subsequent years. Beyond AUPs, B2C licensees carry the full weight of player-facing obligations: responsible gambling tools, player fund safeguarding, fair and transparent game conduct, and mandatory website display of licence status and number. These obligations are monitored through the MGA’s audit programme and directly underpin most of the enforcement actions visible in the public register.

Fee Structure: What the Sources Confirm and Where Gaps Exist

The MGA’s fee framework for both licence categories is governed by the Gaming Licence Fees Regulations (S.L. 583.03). Multiple enforcement actions in the register cite Regulation 3(1)(b) of S.L. 583.03 as the specific breach where an operator has failed to pay amounts due to the Authority on time. However, the primary sources retrieved for this article do not specify the quantum of application fees, annual licence fees, or compliance contributions applicable to each licence category. Readers should not infer specific figures from this article.

What the sources do confirm is that the MGA operates a separate permit fee structure for Commercial Communication Games, being games organised to promote or encourage the sale of goods or services. The relevant application fee is €25 or 0.5% of the total monetary or retail value of the prize, whichever is higher, as confirmed by the MGA FAQs (Part 2/27). Commercial Communication Games are a distinct authorisation type from B2C or B2B gaming licences, but the fee mechanism illustrates the MGA’s general approach of tiering fees to business model and prize or revenue exposure.

In practice, compliance officers preparing licence applications or annual budgets should consult the MGA’s current published fee schedules directly, and should treat the Gaming Licence Fees Regulations (S.L. 583.03) as the governing instrument. Given that fee non-payment is the single most common enforcement trigger in the register, internal payment calendar controls aligned to the MGA’s billing cycles are essential operational hygiene.

Fit-and-Proper Assessment and System Review

The primary sources retrieved for this article do not contain specific provisions governing fit-and-proper testing timelines, system review processes, or technical certification requirements for either licence category. The Compliance Audit Manual (v1 MGA/G/001) addresses audit procedures at the post-licence stage and does not address pre-licence suitability assessment in the sections available to this corpus.

In practice, operators should be aware that the MGA conducts fit-and-proper assessments of beneficial owners, directors, and key function role holders as part of the authorisation process, and that changes to these roles post-authorisation require prior written approval, as confirmed by enforcement actions against licensees who failed to seek such approval. The cancellation of Join Games Malta Limited (MGA/B2B/321/2016) specifically cites failure to seek prior written approval of the Authority for a change in directorship as a breach ground. Compliance officers should ensure that internal governance change processes trigger a formal MGA notification review before any appointment or departure is executed.

Enforcement Patterns: What Triggers Suspension and Cancellation

The MGA’s Enforcement Register provides the most operationally valuable insight into which compliance failures the Authority treats as serious enough to warrant suspension or outright cancellation. Across the enforcement actions reviewed for this article, three failure patterns recur with significant frequency.

The first and most prevalent is failure to pay amounts due to the Authority in a timely manner. This breach appears in the suspension of Betago Ltd (MGA/B2C/355/2016, effective 22 August 2022) under Regulation 9(1)(l) of the Gaming Compliance and Enforcement Regulations (S.L. 583.06), in the cancellation notice issued to the holder of MGA/B2C/791/2020 under Regulation 3(1)(b) of the Gaming Licence Fees Regulations (S.L. 583.03), and in the B2B cancellation of Join Games Malta Limited (MGA/B2B/321/2016). The enforcement record makes clear that this is not a breach the MGA treats as administrative. It is a ground for the most severe sanctions available.

The second pattern is failure to designate or report Key Function Roles. The cancellation of Watch World Luxury Limited (MGA/B2C/589/2018) cites failure to designate Key Function Roles under Article 5 of the Gaming Authorisations and Compliance Directive (Directive 3 of 2018) as a cancellation ground. Join Games Malta Limited (MGA/B2B/321/2016) was similarly cancelled in part for failure to submit the key functional roles list and supporting documentation. Key Function Roles are not a tick-box administrative requirement. Failure to maintain and report them is treated as a fundamental breach of licence conditions.

The MGA cancelled the authorisation awarded to Join Games Malta Limited (MGA/B2B/321/2016) on the grounds that the authorised person had failed to submit the key functional roles list and the necessary supporting documentation, failed to seek prior written approval for a change in directorship, and failed to pay all amounts due to the Authority in a timely manner.

The third pattern is failure to comply with applicable regulatory obligations or maintain integrity of essential regulatory data. The suspension of Betago Ltd (MGA/B2C/355/2016) includes breach of Regulation 9(1)(c) for failure to comply with applicable obligations and Regulation 9(1)(d) for failure to discharge financial commitments. The cancellation of Watch World Luxury Limited cites failure to ensure the integrity and availability of essential regulatory data. These grounds are broader and can capture a range of systemic compliance failures beyond fee obligations alone.

Decision Framework: Which Licence Does Your Business Model Require

The starting point is the customer relationship. If the business offers gaming services directly to individual players who register accounts and play games, a B2C licence is required. If the business supplies gaming software, platform infrastructure, payment solutions, game content, or other gaming-related services to other operators who hold or will hold their own gaming licences, a B2B licence is the appropriate category. The distinction is the end-recipient of the licensed service: an individual player for B2C, a licensed operator for B2B.

If the business proposes to offer both models, for example a game studio that also operates a direct-to-consumer branded casino, separate authorisations covering each activity are required. Each authorisation carries its own compliance obligations, fee obligations, and key function role requirements independently.

Where a B2B supplier’s customer base includes operators not licensed by the MGA, the B2B licensee must maintain and produce on audit a register of those relationships with supporting contracts, per section 7.1.2 of the Compliance Audit Manual. This obligation exists regardless of whether those operators are licensed in other jurisdictions. It is a risk mapping exercise from the MGA’s perspective, and B2B licensees who lack systematic contract management processes will be exposed at audit.

Operators unsure whether a specific product or service model falls within B2C or B2B scope, or whether a combined model triggers dual authorisation, should seek a formal position from the MGA directly or obtain an opinion from Maltese legal counsel with gaming regulatory experience before submitting an application. Misclassification carries regulatory and financial consequences that are not easily corrected after authorisation is granted.

Key Resources

Malta Gaming Authority, Compliance Audit Manual, version 1, MGA/G/001, August 2018. Primary source for B2B audit checks (sections 7.1.1–7.1.3) and B2C audit scope.

Gaming Authorisations and Compliance Directive (Directive 3 of 2018). Governs AUPs reporting obligations, Key Function Role requirements (Article 5), and B2B exemptions (Article 41(2)(b)(ii)–(iii)).

Gaming Compliance and Enforcement Regulations (S.L. 583.06). The primary enforcement instrument governing suspension (Regulation 8) and cancellation (Regulation 10) grounds.

Gaming Licence Fees Regulations (S.L. 583.03). Governs all licence fee payment obligations, including Regulation 3(1)(b) cited in enforcement actions.

MGA Enforcement Register, published on the MGA website at mga.org.mt. Searchable by licence number and authorised person name. The primary public record of enforcement actions and breach grounds.

MGA FAQs (Part 2/27), dated 25 April 2026. Confirms B2B AUPs exemption and Commercial Communication Game permit fee structure.