One of the basic features in the Regulations is the requirement that the core part of the online gaming/betting operations (i.e. the control system) must be physically located on servers that are co-located in Malta.
Other components of the system, for example, front-end of the games or customer support operations, may be situated outside Malta at the location of choice of the licensee.
The online gaming system (which is defined as a computer system deployed by a licensee and including all its components, the operating system and application software) must be certified for compliance to the satisfaction of the Lotteries & Gaming Authority.
Certification is only necessary for those components of the system the functioning of which directly impacts the operation of the games or the reporting of gaming and financial transactions.
Certification also involves audit as to whether the gaming system is compliant with the requirements of ISO-17799:2000 Information Technology – Code of Practice for Information Security. A ISO-17799 gap analysis audit will be carried out by experts approved by the Lotteries & Gaming Authority. Certification costs are chargeable to the licensee; such audit fees approximate to 2,500 for a standard, well documented gaming system.