ANJ

Our certifications
Standards & Directives ANJ

What is the ANJ?

The Autorité Nationale des Jeux (ANJ) is an independent French administrative authority responsible for regulating gambling and games of chance, both online and land-based, with the objective of ensuring safe, fair, and controlled gaming, combating illegal practices, and protecting players. It was established in particular by Article 34 of the French law of May 12, 2010 on the opening to competition and regulation of the gambling sector, which also grants it the power to define technical requirements applicable to licensed operators.

The ANJ technical reference frameworks aim not only to ensure regulatory compliance of slot machines, sports betting, or online poker, but also to guarantee the integrity and security of the information systems that support them.

Who is affected by the ANJ reference frameworks?

The operators concerned are those holding an authorization or license issued by the ANJ to operate online or land-based gambling activities in France. These operators are required to comply with the technical, functional, and security obligations set by the ANJ for any authorized gaming activity. This includes sports betting platforms, online poker, lottery services, and other licensed games.

Why are ANJ technical requirements a cybersecurity issue?

Cybersecurity is not an "option" in regulated gaming: it is embedded at the core of the technical reference frameworks and certification obligations. The ANJ requires operators’ information systems to guarantee the integrity of gaming operations, the reliability of results, the security of data flows, and protection against technical manipulation or fraud. This involves requirements related to platform security, software robustness, and the implementation of appropriate internal controls, aligned with recognized security best practices.

What are the main ANJ technical requirements?

01

Compliance with general technical requirements

The ANJ issues technical requirements relating to operators’ information systems through official decisions, covering both the integrity of gaming operations and IT security. These requirements form a set of mandatory measures designed to ensure data availability, confidentiality, authenticity, and traceability, as well as the overall resilience of gaming platforms.

02

Mandatory annual certification

Operators must produce an annual certification demonstrating compliance with all technical requirements set by the ANJ, particularly those related to information system security. This certification must be carried out by an independent organization listed as approved.

It must cover the compliance of information systems, internal controls, and security mechanisms, and be updated every year.

03

Prior approval of gaming software

Before deploying new gaming software or a significant update, the operator must obtain approval from the ANJ. This approval includes a review of the code, business logic, security mechanisms, and vulnerability assessments. It applies to any software component impacting the gaming offering and functions as a prior control for both security and functional compliance.

04

Technical audit and reporting

As part of the certification process, the operator must provide technical audit reports, which may include:

  • targeted penetration tests on critical interfaces
  • architecture and configuration audits
  • evidence of the implementation of continuous monitoring and control mechanisms

The ANJ may also conduct or request additional audits depending on its controls and the risks identified.

What are the operational implications for cybersecurity?

For a CIO or CISO of a gaming operator, the ANJ framework concretely means:

  • Securing the IT infrastructure: network hardening, segmentation, comprehensive logging, protection of APIs and user interfaces.
  • Protecting gaming chains: ensuring betting and gaming platforms cannot be manipulated or exploited by unauthorized actors.
Conduct a penetration test
  • Implementing access controls: robust IAM, MFA for sensitive interfaces, session and transaction monitoring.
  • Conducting regular audits: integrating required audits into a continuous approach, not only an annual one.
  • Embedding requirements into DevOps architectures: security testing within CI/CD pipelines for all deployments.

These actions are not only regulatory obligations: they form the foundation of a resilient information system for 24/7 services with high economic and reputational stakes.

How Ziwit supports operators under ANJ frameworks

At Ziwit, our expertise covers all cybersecurity needs of operators subject to ANJ frameworks:

  • Technical certification: support to prepare security audits, recognized penetration tests, and compliance documentation.
  • SOC & detection: implementation or strengthening of a SOC capable of integrating continuous monitoring requirements for gaming platforms.
Implement a Cybersecurity Operations Center
  • Security audits & testing: in-depth technical audits, penetration testing of critical components, analysis of the gaming software lifecycle.
  • Support for accreditation: structuring documentation and remediation plans to help obtain and maintain software accreditation.
  • Risk management methods: integration of regulatory obligations into a robust IS governance framework (ISO 27001, vulnerability management, risk mapping).
ZIWIT Virtual CISO

This approach not only meets ANJ requirements but also helps build truly operational cybersecurity, adapted to a highly exposed and regulated environment.

Conclusion

The ANJ technical reference frameworks are not a mere administrative formality: they constitute a concrete cybersecurity foundation for gaming operators, aimed at ensuring the integrity of operations, information system security, and player protection. For IT teams, this means organizing continuous security processes (audits, testing, monitoring, IAM), embedding these requirements into procedures, and demonstrating compliance through a robust annual certification.

Ziwit supports you at each of these levels with a pragmatic, risk-oriented, and results-driven approach.

A need for an IT security audit?

Our team of IT security experts is ready to offer you the audit that best suits your needs and your business.

Your satisfaction and security are our priorities. Contact us

Contact us!

+33 1 85 09 15 09
*required