UK gambling age verification: what it means for IAM teams

TL;DR: UK gambling is a £15.6 billion market, online gambling generated £6.9 billion GGY, and 37 million active online accounts now sit inside a tighter age-verification and compliance environment driven by the Online Safety Act and regulator expectations, according to SumSub. The programme challenge is no longer simple onboarding checks; it is continuous trust, fraud resistance, and defensible identity assurance at scale.

NHIMG editorial — based on content published by SumSub: a UK gambling age verification guide focused on regulation, fraud, and customer trust

By the numbers:

• The UK gambling industry stands as a £15.6 billion behemoth.
• over 37 million active online accounts

Questions worth separating out

Q: How should security teams design age verification for regulated digital services?

A: Security teams should define the required assurance level first, then match the verification method to that threshold.

Q: Why does age verification become an identity governance issue?

A: Age verification becomes an identity governance issue when the organisation must prove policy compliance, retain evidence, and defend decisions after the user has been admitted.

Q: What do teams get wrong about balancing compliance and user friction?

A: Teams often assume that stronger verification always means more friction, so they either overcollect data or weaken the check.

Practitioner guidance

• Define the assurance threshold first Map the minimum level of confidence required for each gambling or age-restricted journey, then select proofing methods that meet that threshold and preserve an audit trail.
• Layer fraud signals into verification decisions Combine document validation, device intelligence, velocity checks, and exception review so suspicious registrations are challenged without blocking all legitimate users.
• Automate evidence capture for every decision Store what was checked, why the user passed or failed, and which policy applied so compliance teams can answer regulator queries without reconstructing the workflow later.

What's in the full article

SumSub's full article covers the operational detail this post intentionally leaves for the source:

• Jurisdiction-specific verification expectations for the UK gambling market and adjacent age-regulated services
• Practical guidance on balancing onboarding speed with stricter age assurance and fraud checks
• A broader trend view on how online safety and age verification obligations are reshaping digital identity journeys
• Implementation considerations for turning compliance requirements into usable verification workflows

👉 Read SumSub's guide to UK gambling age verification and compliance →

UK gambling age verification: what it means for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →