Sweden’s gambling regulator has moved to standardise how operators must technically connect to the country’s self-exclusion system. The new rules introduce clearer technical requirements that will reshape compliance obligations across the licensed market.

Spelinspektionen, the Swedish Gambling Authority, published updated regulations on 29 April following a decision made three days earlier. Operators get roughly 18 months to align their systems with the revised standards. The new framework takes effect from 1 August 2026.

Spelpaus and the Compliance Burden

Sweden’s national self-exclusion register, Spelpaus, has been a cornerstone of the regulated market since the 2019 gambling reform. Every licensed operator must integrate the system and block access for individuals who have opted out. Players can choose exclusion periods of one, three, or six months, or commit to 12 months or longer.

The new regulations reinforce a critical principle: licence holders remain fully responsible for compliance, regardless of whether they outsource technical implementation to third-party providers. Operators must ensure their assigned Actor ID and API Key are properly managed and used at all times. Put simply, regulatory accountability cannot be delegated away.

Incomplete Specifications Create Planning Challenges

While the regulations establish the overarching technical framework, they notably omit detailed API specifications, response formats, and service performance standards. This gap leaves operators with real ambiguity during the integration planning phase, particularly those relying on external vendors.

Spelpaus itself has undergone refinement in recent years. A 2023 update improved user access to guidance on gambling-related issues and introduced the ability to extend exclusion periods. The system proved resilient following scrutiny in 2024 when a documentary series alleged a data breach. The regulator firmly rejected those claims while emphasising the encrypted nature of all stored information.

Market Impact

The tightened requirements signal Spelinspektionen’s commitment to harmonising integration standards across Sweden’s licensed operators. For larger operators with established technical infrastructure, compliance will likely be straightforward. Smaller players and those running legacy systems may face more considerable adaptation costs.

The 18-month window is reasonable, to be fair. Operators should begin preliminary assessments immediately though, to identify any integration gaps or vendor readiness issues.

What the team thinks

Sheena McAllister says:

Philippa’s piece highlights an important regulatory evolution, though I’d argue the real story is how Sweden’s technical standardisation approach could become a blueprint for other European regulators still grappling with fragmented self-exclusion frameworks. The 18-month implementation window is generous by comparison to some UKGC rollouts I’ve observed, yet operators shouldn’t be complacent, as the devil will be in the technical specifications published closer to August 2026, and any operators with legacy systems will face genuine integration challenges that go beyond simple API updates. What’s particularly encouraging here is that Spelinspektionen appears to be prioritising interoperability and player protection outcomes over prescriptive technology mandates, an approach that could reduce compliance costs while actually improving self-exclusion effectiveness across the market.