Insights from the NEXT Sustainability Hub
By Millie Wilkinson
I spent last week at NEXT.io Valletta, sitting in on the Sustainability Hub sessions Crucial Compliance sponsored. Two and a half days of panels, conversations, and the occasional moment where someone said something that made me put my pen down.
If I had to summarise the whole track in one line, it’d be this: the conversation around compliance is shifting. It’s not the same conversation we were having two or three years ago.
It also felt fitting to be having that conversation in Malta, a market where gaming still contributes around 7% of GVA and over 6% of the workforce, and one that’s visibly shifting itself, from a B2C-heavy licensing base towards B2B. The themes we discussed in the Hub weren’t theoretical for the room. They were live.
TLDR – KEY TAKEAWAYS
Seven shifts I came away with from the NEXT Sustainability Hub. Each one points in the same direction: compliance is moving from a back-office function to a commercial lever.
- From ESG reporting to long-term resilience
- From cost to competitive advantage
- From harm prevention to positive play
- From data hoarding to data-led decisions
- From single-market thinking to multi-jurisdictional strategy
- From restriction to workable enforcement
- From PR to proof
1. From ESG reporting to long-term resilience
The first shift is in how we define sustainability itself.
Pontus Lindwall, CEO of Betsson AB, opened the day by framing sustainability not as ESG reporting or environmental commitments, but as the ability to keep going over the long term, through changes in technology, regulation, customer expectations and market pressures.
That framing reshapes everything that follows. A sustainable operator isn’t just one that can grow quickly. It’s one that can keep growing responsibly, with the right controls, customer protections and governance in place.
Responsible gambling and AML aren’t separate from business sustainability. They’re part of what helps operators build trust, retain customers properly, and avoid short-term decisions that create bigger risks later.
If sustainability is staying power, then compliance is one of the most important muscles you have.
2. From cost to competitive advantage
This was the most consistent theme of the Hub, and it ran straight through Paul Foster’s (Our CEO) “Show Me the Money” panel.
The old view of compliance, as a cost centre, a blocker, the team you only hear from when something’s gone wrong, is being replaced by something more useful. When compliance is built into product design, platform selection, customer journeys and market entry strategy, it creates real commercial value.
It helps operators scale more confidently. It builds stronger customer trust. It improves regulatory relationships. It supports more sustainable growth.
This isn’t a rebranding exercise. It’s a recognition that the operators getting compliance right early are the ones moving fastest into new markets. That’s not a coincidence.
3. From harm prevention to positive play
The RG 2.0 panel, exploring how responsible gambling is evolving from harm prevention towards a more positive, player-centric model, made a point that’s stuck with me.
For years, responsible gambling tools have been positioned as something negative, intrusive, or only relevant once a customer is already at risk. The panel asked: what if RG didn’t have to feel that way?
The comparison they reached for was fitness trackers. Customers get insight into their own behaviour in a way that feels helpful rather than punitive. Health, not harm. Wellbeing, not warnings.
That framing matters more than it might first appear. From a player protection point of view, the opportunity isn’t just to identify risk once it has escalated. It’s to help operators understand customer behaviour earlier and support healthier long-term play.
And practically, RG shouldn’t sit on its own. It shouldn’t be a separate journey that only kicks in when a player becomes high risk. It needs to be considered across the full customer journey:
- Onboarding
- CRM
- VIP
- Product
- Marketing
- Customer support
The more naturally it’s built into the customer journey, the less it feels like a punishment, and the more effective it actually is.
4. From data hoarding to data-led decisions
This one came up in almost every session, and it’s the one I’d most like to see the industry act on.
Operators have the data. That’s not the issue. The issue is that the data is rarely joined up, and even more rarely used to support better customer outcomes.
The discussion wasn’t just about using data to detect harm. It was about using it to understand positive play, safe customer behaviour, and what healthy engagement actually looks like. That’s a different question, and a much more useful one.
From where I sit, this is one of the bigger opportunities for the industry. Better use of data lets operators move from reactive reviews to proactive, evidence-led decisions. It supports clearer reporting, better interventions, and stronger oversight across multiple markets. It’s the foundation of pretty much everything else discussed at the Hub.
The data isn’t the problem. The connections between it are.
5. From single-market thinking to multi-jurisdictional strategy
Compliance has always been complex. What’s changed is the scale of the complexity.
Different markets have different requirements, regulator expectations, reporting obligations, intervention standards and customer protection rules. The compliance panel made the point that operators now need more specialist knowledge, better systems, stronger internal processes, and closer collaboration with product, legal, commercial and operational teams.
This is something we see daily at Crucial Compliance. Operators need flexible compliance frameworks that can adapt by jurisdiction, but still give them oversight at group level. The more markets an operator enters, the harder it becomes to manage risk through disconnected processes or manual workarounds.
It’s no longer enough to run a UK compliance approach, a Netherlands compliance approach, and a Brazil compliance approach in parallel and hope they hold together. The operators doing this well are looking holistically, at the systems, the people, and the way information flows between markets.
6. From restriction to workable enforcement
Several sessions touched on the black market, and the point that stayed with me is one I think the industry needs to make more often.
This isn’t an argument against regulation. It’s an argument for regulation that’s workable, proportionate, and properly enforced.
If licensed operators face increasingly restrictive requirements, high taxes or heavy operational burdens, but illegal operators aren’t properly challenged, there’s a real risk that customers move outside the regulated market. And the regulated market is where the protections live: the monitoring, the AML controls, the safer gambling processes, the customer support.
If players move to unlicensed operators, those protections are lost. That’s a player protection failure.
Tackling the black market isn’t a job for regulators alone. It needs collaboration between operators, suppliers, industry bodies and enforcement authorities. And the regulated operators, the ones doing the work, need to be part of that conversation, not just the target of it.
7. From PR to proof
The reputation panel made another point I think the industry needs to sit with for a while.
You can’t fix reputation through PR alone. Storytelling is important, but it has to be backed by action, evidence, and transparency.
The industry has good stories to tell, around jobs, tax contribution, innovation, safer gambling, investment in player protection. But those stories only land if they’re backed up by what’s actually happening operationally. That means systems, processes, reporting, and customer outcomes that prove the claims being made.
There’s also a real problem with how the industry is currently viewed. Responsible licensed operators get grouped together with illegal or irresponsible ones, and the difference rarely gets surfaced. The fix isn’t more PR. It’s clearer standards, stronger evidence, and more transparency about what’s actually being done.
This is where compliance and reputation start to look like the same conversation. If operators want to tell a stronger story externally, they need the internal evidence to support it. Otherwise it’s just noise, and the audience can tell.
What ties it all together
Looking back at my notes, the common thread across all seven shifts is this: compliance is moving from reactive to strategic, from siloed to integrated, from cost centre to growth lever.
Sustainability in gaming isn’t about ESG reporting or environmental commitments. It’s about whether operators can build businesses that grow responsibly, protect customers, evidence their decisions, maintain trust, and adapt to changing regulation.
That shift is showing up in markets too. Malta is the obvious example. The strength of the jurisdiction isn’t just the number of licences, it’s the wider ecosystem around gaming: technology providers, compliance specialists, payments, legal, advisory, product, regulatory expertise. The countries and operators getting this right are the ones building ecosystems, not just licences.
The conversations at NEXT Valletta made one thing clear: the operators who treat compliance as part of their commercial strategy, not separate from it, are the ones building businesses that can keep going.
That’s the shift. And from where I’m sitting, it’s been a long time coming.
