Appendix C: ITL Certification Policy
Last Updated
What is an “ITL certification”?
- An ITL certification is a form of written assurance that is issued by registered independent test laboratories (“ITLs”) to indicate that they have tested and confirmed that the types of technology captured by this policy meet the relevant AGCO Registrar’s Standards for Internet Gaming (the “Standards”). Additionally, for Live Dealer games in the igaming space only, the relevant “Casino Electronic Gaming Devices and Gaming Systems Minimum Technical Standards” are also applicable.
- ITL certifications for Ontario's igaming market can only be issued by ITLs that are registered by the AGCO.
- ITL certification provides the AGCO with reasonable assurance that the technology being tested complies with the relevant Standards.
What technology needs to be certified?
- The specific types of technology that must be certified by a registered ITL are:
- All games, random number generators and components of igaming systems that accept, process, determine outcome, display and log details about player bets. This includes, but is not limited to, slot games, table games, sport and event betting, poker and other card games. For Live Dealer games, the requirement for certified technology extends to physical random number generators with electronic elements and similar physical equipment with electronic elements used to determine game outcome. This includes, but is not limited to, physical wheels (roulette), physical dice tables, and card shufflers that have electronic components.
What is required from a certification to be recognized by the Registrar?
- The technologies identified above must be certified by a registered ITL before they are deployed in the Ontario market. As noted in section 4, in certain low-risk circumstances and on a case-by-case basis, the Registrar will consider providing gaming-related suppliers with temporary approval for critical gaming systems to facilitate operations at launch. Requests for temporary approval should be discussed on a case-by-case basis with the AGCO Technology Regulation and igaming Compliance Branch.
- The AGCO does not prescribe which entity is required to request the ITL certification (e.g., operator, game manufacturer, etc.) although it is anticipated that it will most commonly be the game provider.
- A certification that contains a limitation on the Registrar’s use of the certification, or purports to disclaim the Registrar’s use of the certification, will not be a recognized certification by the Registrar.
When certified technology has been modified, does it need to be recertified?
- Recertification is required when any modification or subsequent discovery of an undetected issue impacts critical gaming system integrity, fairness, or security, or compliance with the Gaming Control Act, 1992, its regulation, and/or the Standards. The effect of the modification or discovery is to render the previous certification invalid.
- The gaming-related supplier is accountable for ensuring that all required certifications are obtained from AGCO-Registered ITLs. The GRS classifies the set of modifications (from the previous certified software to the current upgraded software) into one of three categories. All records of this classification shall be maintained and would be made available to the AGCO upon request. Based on the category of modifications, the supplier may or may not need to recertify the software with an ITL.
The 3 categories of modifications include:
- Non-Regulatory Modifications - modifications that are unrelated to compliance with the Standards (e.g., minor bugs that may impact user experience, cosmetic changes, new language added that is not used in Ontario, etc.).
Approach: These do not require recertification. The supplier can leverage the previous certification and confirm that all modifications between the two versions are non-regulatory in nature such that the previous certification holds and applies to the modified technology. - Regulatory Modifications – modifications that are related to compliance with the Standards (e.g., modification to game design which could also impact a standard) OR modifications that address regulatory concerns but do not require immediate action to correct (e.g., previous version is not live or problem is fully mitigated through some other control or action).
Approach: These must be certified before deployment. - Regulatory Fix (Emergency Fix) - Modifications that address regulatory concerns and require immediate action to correct a live issue (e.g., major impact to the Standards that question the integrity of the game).
Approach: To expedite regulatory fixes, they can be deployed prior to certification. The ‘fixed’ technology can be deployed immediately but must be submitted to an ITL for Ontario certification within 5 business days of release.
Against which Standards does certification need to be made?
- The scope of the certification is not “all” Standards, but rather those standards that are relevant to games, random number generators, remote gaming servers, and sport and event betting systems being tested.
- For Live Dealer games only, the relevant “Casino Electronic Gaming Devices and Gaming Systems Minimum Technical Standards” are also applicable.
- Each technology is different and so the AGCO cannot provide definitive direction that would cover all eventualities. However, AGCO’s Technology Regulation and iGaming Compliance Branch provides guidance to registered ITLs on specific Standards that will likely be of interest to the Registrar. Such guidance cannot be definitive in advance of a substantive review of the gaming equipment software under review for certification.
Will the AGCO permit “conditional” certifications by ITLs?
- As noted above, the technologies covered by this policy cannot be deployed in the Ontario market without an ITL certification.
- For regulatory purposes, an ITL may not issue a certification that is contingent on any future changes or modifications to the technology being carried out.
- An ITL may issue a certification that specifies one or more features that would need to be turned off or disabled in order for the technology to be compliant with the relevant Standards.
What information should an ITL certification instrument include?
For the purposes of documenting that the relevant Standards have been met, an ITL certification instrument must include the following information:
- AGCO-registered name of the registered ITL that completed the certification.
- AGCO-registered name of the registered operator or gaming-related supplier that requested the certification.
- Date the certification was issued.
- Some form of unique identifier that will allow the AGCO to track and follow-up on individual certifications with an operator, gaming-related supplier, or ITL.
- The name of the product, version number, and manufacturer.
- A list of the Standards against which the technology was certified.
- Whether any part of the certification was based on previous testing completed for regulatory requirements in another jurisdiction.
- For recertification of a previously certified product, a high-level description of the key changes made to the product that necessitated the recertification.
The following additional information must be made available by the registered ITL to the AGCO upon request:
- The results of any previous testing of the same product for the same registrant, including information about any previously identified areas of deficiency against the Standards.
- Information in response to AGCO inquiries about the testing environment, product configurations tests, and specific aspects of the testing methodology.