An open standard for machine-readable, cryptographically verifiable digital gambling licences. Verify any operator, from any jurisdiction, in milliseconds.
// Operator hosts signed credential at well-known URI
GET https://operator.example/.well-known/gambling-licence
// Or verify via DNS
DIG _gambling-licence.operator.example TXT
// Or query the authority's API
GET https://verify.gamblinglicence.org/api/v1/domain/operator.example
Despite decades of gambling regulation across dozens of jurisdictions, there is no standardised, machine-readable protocol for verifying whether an operator is licensed. This gap has real consequences.
Licence badges are self-asserted. Any unlicensed operator can copy and display a regulator's logo. There is no cryptographic proof.
Regulator registries are not machine-readable. Every regulator presents licence information differently, on unstructured web pages that cannot be queried programmatically.
ISPs cannot efficiently implement blocking orders. Without a machine-readable source of truth, distinguishing licensed from unlicensed operators requires manual review.
Payment processors lack automated due diligence. Merchant onboarding relies on manual licence verification that does not scale and cannot detect real-time revocations.
Cross-border verification is fragmented. An operator licensed in Malta serving Irish consumers requires manual checks across multiple regulator websites.
Consumers are left unprotected. There is no reliable, instant way for a consumer to verify that a gambling site holds a valid licence before depositing money.
GL1 defines three complementary mechanisms. Each works independently. Together, they provide defence-in-depth verification that is resistant to forgery and instantly revocable.
Operators host a cryptographically signed JSON licence document at a standardised URI. The document is generated and signed by the regulatory authority using ECDSA P-384 — the operator cannot modify it.
Verifiers fetch the file over HTTPS, validate the signature against the authority's published public key, and confirm the licence is active and unexpired.
Operators publish a DNS TXT record containing a compact, signed licence assertion. This enables verification at the DNS layer — before any HTTP connection is established.
ISPs can check licence status in their DNS resolvers. Bulk scanning of thousands of gambling domains becomes a DNS enumeration problem.
Each authority operates a public REST API providing real-time, authoritative licence status. Supports single lookups, domain verification, bulk queries, and blacklist feeds.
ISPs and payment processors receive RPZ zone files and webhook notifications for instant blocking list updates.
Built entirely on existing open standards: RFC 8615, RFC 8785, RFC 7208, FIPS 186-4. No proprietary dependencies. Published under CC BY 4.0.
ECDSA P-384 signatures generated by the authority's HSM. Cannot be forged or self-asserted. Signature verification is offline-capable.
Any gambling regulator worldwide can issue GL1 credentials using their own signing keys. The Trust Directory enables cross-border verification.
Licence suspension propagates within minutes via API, hours via DNS and .well-known. Short-lived credentials available for high-risk operators.
Three independent verification layers. HTTP, DNS, and API. Each works alone. Together, they resist evasion and provide redundancy.
Algorithm agility from v1.0. Hybrid signature support (ES384 + ML-DSA-65) defined for seamless migration when quantum computers threaten ECDSA.
GL1 serves every participant in the gambling regulation ecosystem.
Join the GL1 federation. Sign credentials with your own keys. Operate your own verification API. Share intelligence via the Trust Directory.
Host a signed credential at a standard URI. Publish a DNS record. Differentiate yourself from unlicensed competitors with cryptographic proof.
Subscribe to RPZ feeds. Integrate GL1 DNS checks into your resolvers. Comply with court blocking orders efficiently and accurately.
Bulk-verify gambling domains against the API. Automate merchant due diligence. Block transactions to unlicensed operators in real-time.
Check any gambling site's licence status instantly. Know whether the operator is regulated, by whom, and whether the licence is current.
GL1's core infrastructure is operational. The Trust Directory lists recognised authorities. The Verification API provides real-time licence status.
// Registry of recognised GL1 authorities
GET https://gl1.gamblinglicence.org
// Look up authority by ID
GET https://gl1.gamblinglicence.org/authority/GRAI
// List by country
GET https://gl1.gamblinglicence.org/country/IE
// Verify a licence
GET /api/v1/licence/GRL-2026-001234
// Check a domain
GET /api/v1/domain/examplebet.ie
// Bulk verification (ISPs, payment)
POST /api/v1/verify/bulk