GAMPROTECT — the cross-operator vulnerability data-sharing scheme operated by GAMSTOP for the Betting and Gaming Council — has reported on its progress as the Single Customer View framework moves from pilot into general industry adoption. The scheme has now flagged more than 5,500 vulnerable consumers across participating operators, with 88% matched by at least one other operator and 66% matched by two or more. The early data validates the cross-operator approach and reshapes how UK players engaging with multiple <a href="/online-casinos/">online casinos</a> are monitored for harm.
How GAMPROTECT works
GAMPROTECT enables a participating operator that identifies severe harm signals — for example, a customer pattern that triggers internal high-risk flags, attempted self-exclusion conversations, or evidence of escalating loss chasing — to securely share a fingerprint of that customer with other licensed operators. Receiving operators check whether the same customer is active on their platform and apply additional safeguards or interventions if so.
The scheme is operated by GAMSTOP, the existing not-for-profit national self-exclusion service, which already runs the cross-operator self-exclusion register that has logged more than 820,000 unique users since 2018. Building GAMPROTECT on top of GAMSTOP infrastructure was deliberate: GAMSTOP has the privacy framework, the operator integrations and the public trust to host the scheme without creating a parallel data warehouse.
Importantly, GAMPROTECT was approved by the Information Commissioner's Office in July 2023 and operates under a strict data-minimisation framework. Operators do not see each other's underlying customer data — only enough information to identify whether the same customer is active and to take appropriate action.
The Q1 2026 numbers in context
The 88% second-operator match rate is the most striking number in the latest data. It validates a hypothesis that single-operator harm monitoring has long had a blind spot: customers who are not catastrophically losing at any one casino but who are losing meaningfully across several simultaneously. The other striking number is the 66% three-or-more match rate — meaning two-thirds of flagged players are active on at least three licensed UK operators.
Those numbers feed directly into the regulatory case for embedding GAMPROTECT in the wider Single Customer View framework that the UKGC has been signalling for several years. Industry participation has expanded from an initial 8 operators at scheme launch in 2023 to 24 by the start of 2026, including Bet365, the Flutter brands, Evoke (888 / William Hill), Entain's Ladbrokes Coral, Sky Betting & Gaming and PaddyPower.
Operators flag roughly 60% of cases proactively from internal monitoring data and the remaining 40% from explicit customer-led signals such as deposit-limit lock-outs and self-exclusion attempts. Flag-out rates are not uniform across operators, with the largest brands accounting for the majority of inbound flags, broadly in line with their UK market share.
What it means for players, and what is next
For UK players, GAMPROTECT operates silently. There is no consumer-facing application, no badge, no notification. If a player is flagged at one operator and is active at another, the second operator may apply additional friction — earlier deposit prompts, lower bonus eligibility, more frequent reality checks, or in some cases account restriction. Players who have a flag applied have full subject access rights to find out and to contest it.
The next planned milestone is the move from voluntary BGC-led pilot to formal UKGC-endorsed scheme. The Commission has indicated that participation will become a self-exclusion.">responsible gambling tooling, intervention obligations and customer protection.">Social Responsibility Code requirement once the operational data set has reached a steady state, which could happen as early as the second half of 2026. After that, every UKGC-licensed operator would be required to participate.
There is one open political question. The previous government's broader Single Customer View ambitions — including a more comprehensive cross-operator deposit-aggregation framework — have been put on hold under the current administration. Whether GAMPROTECT remains the de facto SCV tool, or whether the Commission ultimately mandates something more comprehensive, is the biggest open question in UK harm-reduction policy. Our news desk will track every step.
