Spain’s RGIAJ: How the DGOJ Self-Exclusion Register Works and What Operators Must Do

Every federally licensed online gambling operator in Spain must query the Registro General de Interdicciones de Acceso al Juego (RGIAJ) before activating a user account. That obligation is not a policy recommendation from the DGOJ, it is a statutory requirement rooted in Ley 13/2011 and operationalised through Real Decreto 1614/2011 and Orden EHA/3080/2011. Operators that allow an inscribed person to gamble commit a infracción grave (serious infraction) under the relevant provisions of Law 13/2011, exposing the licensee to fines between €100,000 and €500,000 and to potential licence suspension. Understanding precisely how the register works, who can be inscribed and under what circumstances, and what the operator must do at each trigger point is therefore operational-critical, not merely compliance hygiene.

Legal Architecture: From Ley 13/2011 to Orden EHA/3080/2011

The RGIAJ’s statutory foundation is Article 22(b) of Ley 13/2011, de 27 de mayo, de regulación del juego (the Gambling Act). That article places the register under the management of the Comisión Nacional del Juego (now absorbed into the DGOJ) and defines its purpose: to give effect to citizens’ right to prohibit their own participation in gambling activities requiring identification, and to record judicial prohibitions and legal incapacitation orders.

The procedural framework is set out in Chapter III of Real Decreto 1614/2011 (Articles 55 through 62), which establishes the register’s object, the data fields it must hold, the inscription and cancellation procedures, the validity periods, and the obligation on autonomous-community registers to forward compatible data to the national register. Orden EHA/3080/2011 provides the implementing architecture: the standardised request forms, the data-exchange protocols between operators and the DGOJ, and the query obligations at each point of the customer journey.

Article 22(b) of Ley 13/2011 establishes the Registro General de Interdicciones de Acceso al Juego “to give effect to citizens’ right to have their participation in gambling activities prohibited,” and requires that the information in the register be made available to gambling operators for the purpose of preventing access by inscribed persons.

Who Is Inscribed in the RGIAJ?

Article 57 of Real Decreto 1614/2011 identifies five categories of persons whose data must or may be entered in the RGIAJ. Understanding these categories matters operationally because the inscription pathway affects the duration of the record and the cancellation rights available.

Voluntary self-inscription by the individual (a instancia del interesado) is the most common pathway. Any adult may apply to the DGOJ for inscription using the standardised form approved by the Comisión Nacional del Juego. The application may be submitted directly to the DGOJ or through any licensed operator, which is then required to forward it promptly.

Third-party inscription (a instancia de tercero interesado) applies where a family member or other legitimately interested party requests inscription on behalf of an individual, subject to procedural requirements including evidence of standing. Judicial orders constitute a separate category: where a court has issued a final judgment restricting gambling access, the DGOJ must complete the inscription within the timeframe specified in Article 57(1), third paragraph. Minor status and legal incapacitation orders also trigger mandatory office-initiated (de oficio) inscription.

Finally, Article 57(3) of Real Decreto 1614/2011 establishes that data received from autonomous-community exclusion registers under bilateral coordination agreements must be inscribed in the national RGIAJ within three calendar days of the communication being received. This mechanism is what gives the RGIAJ its cross-channel, cross-territory reach, regional casino self-exclusions that have been notified to the DGOJ under a coordination agreement become enforceable across all federally licensed online operators.

Data Held on the Register

Article 56 of Real Decreto 1614/2011 prescribes the mandatory data fields for each RGIAJ entry. At minimum, the register must hold the inscribed person’s name and surnames, national identity document number or equivalent, date of birth, the date of inscription, the validity period of the inscription, and the cause of the inscription.

Where inscription was requested by a third party, the register must additionally contain the third party’s identity data and the legal basis establishing their standing. Where inscription was ordered by a court, the identifying details of the judicial resolution, its date, and the issuing court must also be recorded. Where the data originates from an autonomous-community register, the community of origin is recorded.

This granular record structure serves a dual purpose. For the DGOJ, it provides an auditable trail supporting sanctions proceedings. For operators, it is the data set against which the Player Verification Service query is matched at account opening.

What Operators Must Do: The Query Mandate

At Account Opening

Article 6 of Ley 13/2011 establishes the categories of persons subject to prohibición subjetiva, that is, persons who are legally prohibited from gambling, including those inscribed in the RGIAJ, minors, judicially incapacitated persons, and certain categories of individuals connected with licensed operators. Before activating any user account, and before allowing a participant to gamble in any game requiring identification, the operator must verify that the applicant is not subject to any of these subjective prohibitions.

The DGOJ provides online operators with a tool to discharge this obligation: the Player Verification Service (Servicio de Verificación de Identidad). A single API query against this service returns four checks simultaneously: identity verification against the national identity register, RGIAJ inscription status, whether the data submitted matches a person recorded in the Civil Registry as deceased, and whether the data corresponds to a minor. Operators that integrate this service at account registration therefore address the full suite of subjective prohibition checks in a single transaction.

Ongoing Monitoring and Prize Payment

The query obligation does not end at account opening. Article 38(2) of Real Decreto 1614/2011 addresses the specific situation where a participant inscribed in the RGIAJ has obtained a prize. The operator must verify RGIAJ status before paying any prize to a participant, and may only pay a prize to a participant who is not subject to a subjective prohibition. The DGOJ is required to establish the procedure by which operators notify it of any case in which a prohibited person has obtained a prize, along with the measures to be adopted in such cases.

This provision has material operational implications. It means that prize payment workflows, not merely registration workflows, must include a RGIAJ check as a mandatory gate. Operators whose payment systems trigger automatically on game completion without a pre-payment prohibition check are non-compliant with the relevant code provision of Real Decreto 1614/2011.

Marketing Prohibition and the Day-Two Rule

Article 21 of Real Decreto 958/2020 on commercial communications, in its consolidated form, creates a strict prohibition on sending any commercial communication by electronic means to three categories of persons: those whose RGIAJ inscription has been notified to the operator by the regulator, those who have exercised their right of self-exclusion at operator level, and those detected as exhibiting risky gambling behaviour under Article 34 of the same decree.

Critically, the prohibition takes effect at 00:00 on the second day after the inscription, self-exclusion, or risk detection event becomes effective. There is no additional buffer or implementation window. An operator that sends a marketing message to an RGIAJ-inscribed person on day one of notification is already in breach. Conversely, the prohibition ceases on the day after the person’s RGIAJ inscription is cancelled, their self-exclusion lapses, or they are no longer classified as a risk-behaviour participant.

Validity Periods and Cancellation

Article 60 of Real Decreto 1614/2011 establishes the validity rules for RGIAJ inscriptions. A voluntary inscription made at the request of the individual concerned (a instancia del interesado) is effective for an indefinite period by default. However, the inscribed person may apply for cancellation once six months have elapsed from the date of inscription. The six-month minimum period is a hard rule, not a default that operators or the DGOJ can waive at their discretion.

Inscriptions made at the request of a third party remain in force for the period specified in the underlying resolution. Where no period is specified, the inscription is also indefinite. Cancellation in these cases requires either a judicial resolution authorising cancellation or an application by the originating third party accompanied by evidence that the circumstances that gave rise to the inscription have changed.

Inscriptions made following judicial orders remain in force for the duration specified in those orders. The court that issued the original order must notify the DGOJ of any modification to the terms, which the DGOJ is then obliged to process and propagate to the register.

Article 52 of Real Decreto 1614/2011 requires that any change in the data of a registered inscription, including changes arising from judicial modifications, must be notified to the DGOJ within one month. The DGOJ then amends the register entry accordingly. Operators are reliant on the DGOJ notifying them of these changes through the Player Verification Service, they have no independent obligation to poll the register except at the defined trigger points.

Cross-Channel Scope: Online, Land-Based, and Autonomous Communities

The RGIAJ operates at the federal level and its scope covers all gaming activities requiring identification that are regulated under Ley 13/2011. For online operators, that means all licensed product verticals: sports betting, casino games, poker, bingo, and the other games categories. The check must be applied regardless of whether the game session originates from a desktop, mobile, or app environment.

The cross-regional dimension adds compliance complexity. Autonomous communities regulate land-based gambling and, in some cases, online gambling at a regional level. Each community may maintain its own exclusion register. Where a community has entered into a coordination agreement with the DGOJ under Article 62(1) of Real Decreto 1614/2011, the data from the regional register is transmitted to the national RGIAJ and inscribed within three calendar days. Once inscribed at national level, the exclusion binds all federally licensed operators, including online operators who had no connection to the original regional gambling activity.

In practice, this means a player who self-excludes at a regional casino in Valencia or Catalonia, where a coordination agreement is in place, can expect their exclusion to migrate to the RGIAJ and thereby block their online accounts with federally licensed operators. Operators cannot limit their monitoring to self-exclusions that originate from their own channels or from federal-level applications.

Operators cannot limit their RGIAJ exposure monitoring to self-exclusions originating from their own platforms. The coordination mechanism under Article 62 of Real Decreto 1614/2011 routes regional exclusions to the national register, binding all federally licensed operators within three calendar days of the regional notification.

The Autoexclusión Layer: Operator-Level Controls Alongside RGIAJ

The RGIAJ coexists with a distinct operator-level self-exclusion mechanism, autoexclusión, which is separately mandated under the responsible gambling provisions of Royal Decree 176/2023. Under Article 176/2023’s framework for safer gambling environments, operators must maintain their own account-suspension procedures for self-exclusion and must treat the two mechanisms as complementary, not interchangeable.

A player who requests operator-level autoexclusión is not automatically inscribed in the RGIAJ, and an RGIAJ inscription does not replace the operator’s obligation to maintain its own self-exclusion programme. The practical implication: compliance teams must maintain two parallel processes, with clear internal workflows distinguishing a player’s RGIAJ status from their operator-level self-exclusion status. Royal Decree 176/2023 also introduces risk-profiling obligations under Article 24, requiring operators to detect risky gambling behaviour through objective indicators and implement proactive customer interaction, which operates as a third, behaviour-triggered layer of protection sitting alongside the other two.

The DGOJ published a Draft Resolution on 28 August 2025 that would, once finalised, introduce a mandatory standardised risk-detection mechanism to replace the individual mechanisms operators currently apply. That draft derives from Final Provision Three of Royal Decree 176/2023, which required the DGOJ to develop such a mechanism within two years of the Decree’s entry into force. Compliance teams should monitor the BOE for the final Resolution, as it will impose uniform criteria and thresholds applicable to all licensed operators.

Sanctions for Non-Compliance

The sanction exposure for RGIAJ-related failures sits in the infracción grave category under Ley 13/2011. Permitting access to gambling by persons who are prohibited from participating, which includes RGIAJ-inscribed individuals, minors, and judicially incapacitated persons, is explicitly classified as a serious infraction. Serious infractions attract fines between €100,000 and €500,000 per the relevant provision of Law 13/2011, and the DGOJ may additionally impose temporary activity suspension.

Non-compliance with the requirements and obligations regarding responsible gambling and player protection established in the regulations in force is also a serious infraction. This means that failures in the marketing prohibition workflow (the day-two rule), failures to implement the prize-payment RGIAJ check, or failures to maintain the operator-level autoexclusión programme alongside the RGIAJ query can each independently ground a serious-infraction finding.

The DGOJ’s recent enforcement record underlines that these are not theoretical risks. In 2024, the DGOJ’s total enforcement actions exceeded €142,000,000, and in the first quarter of 2026, the regulator imposed over €10,000,000 in penalties across nine cases. The 2025 round included €3,500,000 in fines against 26 licensed operators for a range of regulatory breaches. Operators that have not fully integrated the RGIAJ query into their registration, prize-payment, and marketing workflows should treat a DGOJ inspection as a near-term probability rather than a remote contingency.

Infraction type	Classification under Ley 13/2011	Fine range	Additional sanction
Permitting access by an RGIAJ-inscribed person	Serious (infracción grave)	€100,000, €500,000	Activity suspension
Non-compliance with RG and player protection obligations	Serious (infracción grave)	€100,000, €500,000	Activity suspension
Operating without a licence (unlicensed supply)	Very serious (infracción muy grave)	€1,000,000, €50,000,000	2-year ban + website closure
Promoting or facilitating illegal gambling access	Very serious (infracción muy grave)	€1,000,000, €50,000,000	Licence revocation

The Identity Theft Problem and the PACS Protocol

A practical complication that emerged prominently in 2025 is identity theft on gambling platforms, where individuals use third-party identity data to open gaming accounts, including accounts where the stolen identity belongs to a person inscribed in the RGIAJ. The DGOJ developed the PACS Protocol in collaboration with the Spanish Tax Agency (Agencia Estatal de Administración Tributaria, AEAT) and the State Security Forces specifically to address this risk.

Separately, the DGOJ has integrated a phishing alert service into the Player Verification Service ecosystem. This service allows operators to flag and communicate to the DGOJ any attempt to activate a user registration where the identity data submitted matches that of an individual registered with the service. This provides an additional data-quality safeguard, particularly relevant for RGIAJ compliance: a query that returns a clean result on stolen identity data will not detect the actual RGIAJ inscription held against the true identity document holder.

In practice, operators should consider layering enhanced identity verification procedures, including the video identification now required under SEPBLAC guidance since 2016 for AML purposes, as a cross-cutting control that also reduces the risk of RGIAJ circumvention through identity fraud.

AML and RGIAJ: Dual Supervision Convergence

Spain’s gambling operators operate under dual regulatory supervision for AML/CFT purposes: the DGOJ retains gambling-specific oversight, while SEPBLAC (the Servicio Ejecutivo de la Comisión de Prevención del Blanqueo de Capitales e Infracciones Monetarias) acts as the primary AML supervisor. SEPBLAC clarified in 2025 that video identification has been mandatory since 2016 under its official authorisation. That video identification requirement, combined with the RGIAJ query obligation, means operators are effectively required to conduct two independent identity checks at account opening: one for AML/KYC verification (video ID) and one for RGIAJ and prohibition-status verification (Player Verification Service query).

These are not redundant. The AML check establishes the customer’s identity and risk profile for financial crime purposes. The RGIAJ check establishes whether the identified person is legally permitted to gamble. Both must clear before the account can be activated. Operators that have structured their onboarding as a single identity check should review whether their workflow separately satisfies the AML obligation and the RGIAJ prohibition check as distinct procedural steps.

For context on how national self-exclusion registers compare across European jurisdictions, the Responsible Gambling Compliance hub covers the two-model framing of national register systems (Spain’s RGIAJ, France’s Interdiction Volontaire, Sweden’s Spelpaus, Denmark’s ROFUS, Germany’s OASIS) against operator-level exclusion models in Malta, Curaçao, and US states.

Forthcoming Reforms: Cross-Operator Deposit Caps and the Detection Mechanism

Two regulatory developments underway will materially affect the responsible gambling compliance environment that the RGIAJ operates within. Both derive from the broader ambition of Royal Decree 176/2023 and the subsequent draft amendments to Royal Decree 1614/2011.

A draft Royal Decree proposing a cross-operator deposit cap was progressing through the EU TRIS notification process as of early 2026, with the DGOJ proposing limits of €700 per day, €1,750 per week, and €3,300 per four-week period across all licensed operators combined. The DGOJ’s proposal envisages a centralised technical system monitoring aggregate deposits across the market. This is distinct from the RGIAJ but sits within the same player protection architecture, adding a financial control layer to the access control layer the RGIAJ provides.

The Draft Resolution of 28 August 2025 on the standardised risk-detection mechanism would require all licensed operators to implement a uniform set of behavioural indicators and response thresholds, replacing the individual systems currently in place. When finalised, this mechanism will interact with the RGIAJ indirectly: operators that detect risky behaviour and escalate the matter may ultimately trigger a voluntary or third-party RGIAJ inscription.

The ANJ’s Interdiction Volontaire register in France operates on broadly comparable principles to the RGIAJ, national scope, operator query obligation, marketing blackout on inscription, but applies to a narrower licensed market (sports betting, horse racing, and poker only, with no licensed online casino). The ANJ licence requirements article covers the French framework, including the Unibet €800,000 fine in January 2025 for self-exclusion system failure, which provides a comparative enforcement precedent for the consequences of inadequate national register compliance.

Compliance Implementation Checklist

Operators licensed by the DGOJ should map their systems against the following obligations derived from Ley 13/2011, Real Decreto 1614/2011, and Real Decreto 958/2020, as the minimum baseline for RGIAJ compliance.

Account registration must include a Player Verification Service query returning RGIAJ status, minor status, and Civil Registry deceased-person status before the account is activated. Any positive RGIAJ match must result in refusal of account creation. The query result must be logged with a timestamp for audit purposes.

Prize payment workflows must include a RGIAJ status check as a mandatory gate before any prize is disbursed. Where a prohibited person has obtained a prize, the operator must follow the notification procedure established by the DGOJ and must not pay the prize to that individual.

Marketing suppression must apply from 00:00 on the second day after RGIAJ inscription is notified to the operator. The suppression must cover all electronic communications, including email, push notifications, and SMS. The suppression ceases on the day after inscription cancellation is notified.

Operator-level autoexclusión must be maintained as a separate programme under Royal Decree 176/2023, distinct from the RGIAJ query obligation. A player who self-excludes at operator level should be informed of their right to also request RGIAJ inscription for cross-operator effect.

Regional register data arriving via DGOJ coordination-agreement notifications must be treated identically to direct RGIAJ inscriptions in all compliance workflows. There is no procedural distinction from the operator’s perspective.

Identity verification at onboarding should be designed to satisfy both the SEPBLAC video identification requirement (AML) and the RGIAJ prohibition check (player protection) as independent compliance steps, not a single consolidated process. Compliance counsel with expertise in Spanish gambling and AML law should be engaged to confirm the specific interaction between these two frameworks as they apply to each operator’s account-opening architecture.

Key Resources

Ley 13/2011, de 27 de mayo, de regulación del juego (consolidated), statutory foundation for the RGIAJ and prohibition categories. Available at: boe.es (BOE-A-2011-9280).

Real Decreto 1614/2011 (consolidated), Articles 55, 62 contain the full RGIAJ procedural framework. Available at: boe.es (BOE-A-2011-17836).

Real Decreto 958/2020 on commercial communications (consolidated), Article 21 establishes the marketing prohibition and the day-two rule. Available at: boe.es (BOE-A-2020-13495).

Real Decreto 176/2023 on safer gambling environments, Article 24 on risk-detection mechanisms and the operator autoexclusión framework.

DGOJ Player Verification Service, technical access and integration documentation available through the DGOJ’s operator portal at ordenacionjuego.es. To begin integration, contact the DGOJ’s technical compliance team or review the official integration guide available on the portal to ensure your systems meet current specification requirements.