Spelinspektionen
AI Regulation in Sweden iGaming
Spelinspektionen (Swedish Gambling Authority) (Spelinspektionen) — regulatory overview for AI use cases in Sweden's gambling market.
Regulator Overview
Sweden re-regulated its gambling market on 1 January 2019 under the Gambling Act (2018:1138), replacing the former state-monopoly model with a licensed, competitive framework overseen by Spelinspektionen. The regime imposes strict consumer-protection obligations on licensed operators, including a SEK 100 cap on bonus offers limited to a single welcome bonus per player, a prohibition on ongoing promotional offers, and mandatory deposit-limit tools. For operators deploying AI-driven marketing, personalisation or CRM systems, these constraints define hard guardrails that no algorithmic optimisation may circumvent.
Spelinspektionen has demonstrated a willingness to enforce aggressively, issuing penalty fees and licence revocations for breaches of bonus rules, responsible-gambling requirements, and duty-of-care obligations. The authority expects operators to demonstrate that automated decision-making systems do not undermine player-protection measures. Any AI model used in customer segmentation, reactivation campaigns, or VIP management must be auditable against these obligations.
Data protection in Sweden is enforced by Integritetsskyddsmyndigheten (IMY), the national supervisory authority under the GDPR. IMY has been active in scrutinising automated profiling and algorithmic decision-making, particularly where it affects individuals' rights. Operators using AI to process player behavioural data must ensure lawful bases for processing, conduct Data Protection Impact Assessments where required, and honour players' rights under Articles 21 and 22 of the GDPR, including the right to object to profiling and the right not to be subject to solely automated decisions with legal or similarly significant effects.
Key AI & Data Rules
Single welcome bonus cap (SEK 100)
Licensed operators may offer only one bonus per player, capped at SEK 100. AI-driven promotional engines, dynamic offer systems, and CRM personalisation tools must enforce this hard limit. Any algorithmic logic that circumvents or effectively re-issues bonuses — through segmentation, reactivation flows, or loyalty mechanics — risks regulatory action.
Prohibition on ongoing promotional offers
Swedish law prohibits promotional offers beyond the initial welcome bonus. AI systems used for retention marketing, churn-prediction targeting, or personalised incentive delivery must be designed so they cannot generate or distribute offers that Spelinspektionen would classify as promotional. Operators bear the burden of proving compliance.
Responsible gambling and duty-of-care obligations
Operators must identify and intervene with players showing signs of problem gambling. Where AI is used for behavioural monitoring or risk-scoring, the models must be demonstrably effective, regularly validated, and their outputs must trigger meaningful interventions — not merely flag players for marketing suppression. Spelinspektionen expects operators to show that AI enhances, rather than dilutes, duty-of-care outcomes.
Spelpaus self-exclusion integration
All licensed operators must integrate with Spelpaus, Sweden's national self-exclusion register. AI systems involved in player onboarding, reactivation, or communications must check Spelpaus status in real time and ensure no marketing, offers, or engagement activity reaches self-excluded players. Failure to respect Spelpaus exclusions is treated as a serious compliance breach.
IMY enforcement on automated profiling
IMY enforces GDPR requirements on automated decision-making and profiling. Operators using AI to segment, score, or profile players must maintain a lawful basis for processing, provide transparency to data subjects about how their data is used, conduct Data Protection Impact Assessments for high-risk processing, and enable players to exercise their rights under Articles 21 and 22 GDPR.
Regulatory Sources
Gambling Act (2018:1138) — English summary
Spelinspektionen
Spelinspektionen regulatory decisions and penalty fees
Spelinspektionen
Spelpaus national self-exclusion register
Spelinspektionen
IMY guidance on automated individual decision-making including profiling
Integritetsskyddsmyndigheten (IMY)
Government Offices of Sweden — re-regulation of the gambling market
Government Offices of Sweden
Frequently Asked Questions
Can AI be used for personalised marketing to Swedish gambling customers?
AI-driven personalisation is heavily constrained in Sweden. The single-bonus cap (SEK 100) and the prohibition on ongoing promotional offers mean that AI systems cannot dynamically generate or target players with incentive-based offers beyond the welcome bonus. AI may be used for non-promotional personalisation — such as responsible gambling messaging or interface customisation — but operators must ensure no element could be characterised as a promotional offer by Spelinspektionen.
What are the GDPR implications of using AI to profile Swedish players?
Profiling Swedish players with AI triggers obligations under the GDPR, enforced locally by IMY. Operators must identify a lawful basis (typically legitimate interest, subject to a balancing test), conduct a Data Protection Impact Assessment for high-risk processing, provide clear information to players about how profiling works and what decisions it influences, and enable players to object to profiling or request human review of automated decisions.
How does Spelpaus affect AI-driven player reactivation campaigns?
Any AI system involved in reactivation or win-back campaigns must perform real-time checks against the Spelpaus register before initiating contact. Players registered on Spelpaus must be completely excluded from all marketing and engagement activity. Operators should build Spelpaus checks into the earliest stage of any automated campaign pipeline, not as a downstream filter.
Does the EU AI Act apply to Swedish iGaming operators?
Yes. As an EU member state, Sweden will apply the EU AI Act once its provisions take effect. AI systems used for player risk-scoring, creditworthiness-adjacent assessments, or biometric identification could fall within high-risk categories requiring conformity assessments, human oversight, and detailed technical documentation. Operators should begin mapping their AI use cases against the EU AI Act risk taxonomy now.
What penalties has Spelinspektionen imposed for AI-related or bonus-rule breaches?
Spelinspektionen has issued penalty fees ranging from hundreds of thousands to tens of millions of SEK for breaches of bonus rules, responsible-gambling failures, and duty-of-care shortcomings. While enforcement actions have not yet specifically cited 'AI' as a root cause, the authority has made clear that automated systems do not reduce operator liability — if an AI system causes a breach, the operator is fully accountable.
Assess your AI use case in Sweden
Check whether your AI use case is low, medium, or high risk under Spelinspektionen regulation — with source-backed guidance.
Start Free AssessmentOperational guidance, not legal advice.