Europe is building two radically different regulatory models for the gambling industry. While Balkan countries are trying to contain the expansion of the illegal market through reforms, regional coordination and fiscal adjustments, France has raised the compliance bar by publishing new guidelines that turn personal data protection into one of the sector’s main regulatory battlegrounds.
The first move comes from the Balkan Gaming Federation (BGF), created in March 2026 and bringing together associations from Bosnia and Herzegovina, Bulgaria, Croatia, Romania, Montenegro, North Macedonia and Serbia. The organization decided to establish its legal headquarters in Croatia and create a working group led by Filip Jelevic, Secretary General of HUPIS, with the goal of coordinating responses to black-market growth, tax pressure and regulatory changes affecting licensed operators.
In Croatia, HUPIS warned that reforms introduced by the ruling HDZ government could put up to 15,000 jobs at risk, as they introduce new player identification requirements, a national self-exclusion system and revised taxation on gambling winnings. In Serbia, the Games of Chance Administration, a division of the Ministry of Finance led by Siniša Mali, authorized new jackpot mechanisms from January 2026 to strengthen the competitiveness of licensed operators against illegal platforms.
Siniša Mali
Romania, meanwhile, is considering raising the minimum gambling age to 21, tightening advertising restrictions and expanding regulatory powers over land-based venues in a market that generates approximately €1 billion annually in tax revenue.
More than 1,500 kilometers away, France is moving in a different direction. The Autorité Nationale des Jeux (ANJ), chaired by Isabelle Falque-Pierrotin, and the Commission Nationale de l'Informatique et des Libertés (CNIL), led by Marie-Laure Denis, published a 59-page compliance guide for gambling operators based on the General Data Protection Regulation (GDPR) of 2016. The document applies to casinos, online operators, technology providers, payment processors and entities such as FDJ and PMU, establishing obligations covering consent management, marketing, data storage, Data Protection Impact Assessments (DPIAs) and the handling of sensitive information. The guidance states that identifying problem gamblers may constitute the processing of health-related data under Article 9 of the GDPR, triggering enhanced controls, human review requirements and strict access limitations.
Isabelle Falque-Pierrotin
The move comes as the French gambling market reached €14.1 billion in Gross Gaming Revenue in 2025, representing 3% growth year-on-year. The online segment generated €2.617 billion, online sports betting produced €1.766 billion, online poker reached €525 million, land-based casinos generated €2.816 billion, and monopoly activities operated by FDJ contributed €6.95 billion.
Together, these developments highlight Europe’s new gambling challenge: while the Balkans seek to prevent excessive regulation from driving players toward illegal operators, France is betting on data compliance, AML controls and consumer protection as competitive advantages for the regulated market.
