Introduction

The Ministry of Electronics and Information Technology (MeitY) has announced a new set of regulations in a draft notification to safeguard online gamers from dangerous content, financial damage, and addiction. The rules were announced as a step to control the internet gambling market and further regulate games involving real money deposits and winnings.

 

A self-regulation model must be implemented to authorize online games that can function in the nation in conformity with the laws. This means that self-regulatory organizations (SROs) will be formed to approve online games offered by companies and gaming intermediaries, as long as they don’t involve wagering on outcomes.

In addition, SROs must also provide a structure for protecting consumers against gambling addiction, monetary loss, and fraud.

The rules will apply to all online gaming companies & online gaming intermediaries that host, publish or advertise games online in India. In other words, any company that offers games to users over a computer resource is subject to the new regulations notified by MeitY.

New Rules For Online Gaming – Summarized

The draft notification released by MeiTY consists of the regulations to be followed by online gaming companies and intermediaries. Here’s a summary of these rules –

  • Online games involving real money to be brought under the IT Rules, 2021
  • Online gaming companies & intermediaries to perform due diligence procedures before providing gaming services
  • Gamer identities to be verified via RBI-approved procedures
  • SROs to be created to approve online games before their release
  • Procedures to be created for processing complaints, non-compliance & for protection from addiction & harm

Breaking Down the Draft Guidelines For Online Gaming Intermediaries

As per the regulations stated in the notification, online games that are legal for individuals to engage in are those that do not contain gambling, user harm, or have any addictive effects on kids, whether they are played for real money or not.

Here are the key takeaways from the new guidelines issued for online gaming intermediaries.

  • Part 1: Due Diligence Rules

The new rules laid out by MeitY, online gaming intermediaries are required to observe additional due diligence practices while offering online games in India. The intermediary has to ensure to adhere to the following guidelines:

    • Display a visible registration mark on each of the online games registered by the self-regulatory body.
    • A user needs to be aware of the terms of service, privacy policies, rules and regulations, and user agreements of the online gaming intermediary.
    • The online gaming intermediary shall inform the user of –
      • All the online games they provide
      • Terms governing the withdrawal or refund of deposits made in anticipation of winnings 
      • The method used to calculate and hand out winnings
      • Fees and other costs that the user must pay for each such game played online
      • The likelihood of financial loss and addiction caused by the online game
      • The KYC or know-your-customer process used by the intermediary to register a user’s account
      • The precautions that are taken to protect a user’s deposit
      • The framework of the self-regulatory body, of which the intermediary may be a member
    • The intermediary has to prominently showcase on its website, mobile app, or both a random number generation certificate and a no-bot certificate from a reputable certifying body, together with the necessary information, for each online game it offers.
    • Identify the user and confirm his identification before beginning a user account-based relationship for an online game.
    • Users who register/use the online gaming intermediary’s services from India will be given the option to verify their accounts voluntarily. When they do, they will receive a verification mark that will be visible to all other users of the service.
    • In addition to these rules, online gaming intermediaries are also instructed to appoint a Grievance Officer, an employee of the intermediary, a Chief Compliance Officer, a senior employee or key managerial personnel of the intermediary, and a nodal contact person, all of whom are Indian residents.
    • The Chief Compliance Officer will be responsible for assuring adherence to the Act and its requirements and will be held accountable in any legal proceedings relating to any pertinent third-party information, data, or communication link made available or hosted by the intermediary.
    • The Officer will also collaborate with law enforcement authorities and their officers at all times to ensure adherence to their directives or requests.
    • To ensure that their instructions or requisitions are carried out in accordance with the provisions of the law or rules issued thereunder, the nodal contact person will be responsible for coordinating with law enforcement agencies and officers 24×7.
    • In addition to the above requirements, the intermediary must have a physical contact address in India that is made public on its website or mobile application, or both to receive any correspondence directed to it.
    • The intermediary must also set up a suitable system for complaints to be submitted, and it must give each complaint or grievance it receives a specific ticket number so that the complainant may trace its progress.
    • As long as it’s reasonable, the intermediary must explain to the complainant why it took or did not take a particular action in response to a complaint or grievance it received.
  • Part 2: Self-Regulation Rules

As per MeitY’s new regulations, online gaming intermediaries have to set up a Self-Regulatory Body or Self-Regulatory Organization (SRO) to approve games being offered to users over the internet. The self-regulatory organization must be one that the Ministry has registered.

The SRO must be created to develop a framework to ensure compliance with the objectives of the IT Rules, 2021.

Any online gaming intermediary that seeks to be registered as a self-regulatory body must take into account the following requirements:

  • The number of online gaming intermediaries that are its members 
  • Its proven record of supporting responsible online gaming
  • The relevance and suitability of the persons who comprise its Board of Directors or governing body.

The following individuals can serve on the board of directors or governing body of such SROs:

  • A distinguished independent individual from the online gaming, sports, or entertainment industries or another pertinent industry
  • A person who represents online gamers
  • An individual from the psychology, medicine, or consumer education industries
  • A person with practical experience in public policy, public administration, law enforcement, or public finance (to be nominated by the central government)
  • A specialist in information and communications technology:

The Core Functions & Responsibilities of SROs

The self-regulatory body must operate impartially and unbiasedly with its member online gaming intermediaries. It is given the ability to use technology, knowledge, and other appropriate resources to develop the needed framework, test and validate that online games adhere to it, and continuously update and further develop such framework, testing, and verification protocols.

The SRO may grant membership to an online gaming intermediary, taking into consideration the following factors:

  • The compliance displayed by an online gaming intermediary and all online games offered by it.
  • The compliance of such online gaming intermediaries with due diligence and additional due diligence.
  • The intermediary’s demonstrated history of offering online games responsibly and protecting the interests mentioned in section 69A of the IT Act.

The SRO can register an online game if it meets the following requirements:

  • The game is offered by an online gaming intermediary that is a member of the self-regulatory body and has been granted membership in accordance with the prescribed rules.
  • It does not contain anything that is detrimental to India’s sovereignty and integrity, defense, security, cordial relations with other countries, or public order or encourages the commission of any offenses.
  • It complies with all regulations now in effect in India, including those that address betting, gaming, and the legal age for signing contracts.

If the online game meets all these requirements, the body can enable the intermediary to display a demonstrable registration mark indicating that the said online game is registered with the self-regulatory authority.

The framework developed by the self-regulatory body may also include appropriate standards for:

  • Actions to protect users from harm, including self-harm based on the content of the online game, both registered or to be registered.
  • Measures to protect users from the risk of financial loss and gaming addiction, involve repeated warning messages at a higher frequency beyond a reasonable duration for a gaming session and the ability for a user to exclude themselves upon user-defined time and money spending limits.
  • Strategies to safeguard against the risk of financial fraud.

Every SRO registered following this rule is also required to inform the Central Government that it has recognized each online game registered with it as such and provide a report on the grounds upon which that recognition was made.

And it has to establish a mechanism for the timely resolution of user complaints that still need to be resolved by the grievance redressal mechanism of its member online gaming intermediary.

In a nutshell, a self-regulatory body will be able to:

      • Grant membership to a gaming intermediary
      • Register an online game
      • Evolve a framework
      • Interface with the Central Government
      • Resolve user complaints
      • Report non-compliance
      • And take appropriate action to protect online gaming users

How Does Digital KYC Help Gaming Intermediaries Conduct Due Diligence?

Online gaming intermediaries can use digital KYC solutions to verify users online and enhance their due diligence practices. According to the new rules, intermediaries must authenticate users and verify their identity when starting a user account-based relationship. They are directed to follow the same user identification and verification process prescribed by the Reserve Bank of India for any entity subject to it.

Digital KYC helps online gaming providers comply with Anti-Money Laundering or AML regulations through procedures like ID verification, transaction monitoring, screening against watchlists and sanctions, and performing enhanced due diligence when necessary.

Performing robust KYC on potential game users enables intermediaries to prevent the risk of fraud to a large extent. Leveraging digital KYC allows online gaming intermediaries to reduce any possibility of facilitating money laundering and terrorist financing activities.

Moreover, performing all the necessary know-your-customer checks helps online gaming companies preserve the interests of user safety by leveling up their user verification practices.

By streamlining procedures like user age verification, player self-exclusion, user data protection, and regulatory compliance, digital KYC contributes to creating a secure online gaming environment that safeguards players’ interests and increases their trust in the industry.

How Can Online Gaming Companies Conduct KYC?

Using platforms like SignDesk that offer RBI-compliant Video-Based Customer Identification Procedure, online gaming intermediaries can securely verify the identity of gamers online and ensure total compliance with the announced government regulations.

Process of Digital KYC for Online Gaming

Video-Based Customer Identification Procedure or VCIP allows online gaming intermediaries to verify gamers digitally before commencing an account-based relationship with them. The process takes place as follows:

  1. The user uploads an image or scanned copy of their ID document
  2. The relevant data from the uploaded document will be extracted
  3. The data will be verified online against trusted databases using ID verification APIs
  4. ML techniques match the photo on the ID to the user undergoing KYC
  5. Illegitimate users are filtered out and removed
  6. The user’s location is identified, and liveness checks are performed
  7. User verification is complete, and only approved users will be able to access the game

Verify Gamers Online With Digital KYC 

The IT Rules have been amended to accommodate new online gaming regulations and create a safe and responsible digital gaming space for users. Online gaming intermediaries can use SignDesk’s secure, RBI-compliant VCIP or video-based customer identification process to quickly verify users and eliminate the creation and usage of illegitimate online gaming accounts.

Get in touch with us to learn how digital KYC works and secure online gaming from end to end.