The Ordinance also provides that the electronic channels used by the operator to offer fixed-odds bets in virtual environments must use the domain registration "bet.br"
On May 2nd, the Department of Prizes and Betting (SPA) published Ordinance SPA/MF No. 722, which sets technical and security requirements for systems and platforms used by operators for sports betting and online gaming. The Ordinance complements the provisions outlined in Law No. 14,790/2023.
Among such requirements, the Ordinance establishes that operators must keep the betting systems and respective data in centers located in Brazil. Exceptionally, such systems and data may be located in foreign territories, provided that the corresponding countries have an International Legal Cooperation Agreement with Brazil. In both cases, the data centers used must have ISO 27.001 certification.
For data centers located abroad, in addition to the Cooperation Agreement, the following requirements must be met cumulatively:
- (i) The data subject must explicitly authorize the international transfer of their personal data, with the operator providing clear information about the purpose of this transfer;
- (ii) The technical area of the Ministry of Finance must have secure and unrestricted access to the systems, platforms, and data of the operation, both remotely and in person;
- (iii) The operator must replicate its database and information in Brazil, ensuring continuous updating and consistency among all instances of the database, as well as conducting periodic tests;
- (iv) The operator must present a Business Continuity Plan for Information Technology to address critical situations that may threaten the operation and the data.
It is important to highlight that the betting systems in question must be certified by a certifying entity whose operational capacity has been recognized by the Department of Prizes and Betting (SPA). Such certifications must attest that the systems are fully compliant with the technical requirements defined in the annexes of the Ordinance.
The Ordinance also provides that the electronic channels used by the operator to offer fixed-odds bets in virtual environments must use the domain registration "bet.br", following the guidelines to be outlined in specific regulations.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.