INTERVIEW

The rising complexity of fragmented compliance

Rickard Vikström, Internet Vikings on regulation: ‘The real headache isn’t stricter rules — it’s that every country and state has its own rulebook.’

Interview with Rickard Vikström

Over the past decade, regulation and what “reasonable measures” actually mean have changed almost beyond recognition.

Our editor speaks with Rickard Vikström, Founder & CEO of Internet Vikings, about three linked questions: how fragmentation has become the defining regulatory challenge, how “reasonable measures” have evolved, and why getting the system right matters more than getting every single decision right.

Portrait of Rickard Vikström in a beige blazer and white shirt, standing in an office setting.

Rickard Vikström, founder of Internet Vikings. Photo courtesy of Internet Vikings

Box-out: Rickard Vikström – Executive Bio

Current Title: Co-Founder & CEO

Company: Internet Vikings

Previous Roles: Co‑founder and CCO, Internet Vikings; co‑founder of IT‑security firm Stay Secure (later sold to a listed US technology group); and an active board member in multiple Swedish technology companies.

Sector Experience: 20+ years in hosting and infrastructure; 15+ years as serial entrepreneur in domains, web hosting, IT security and iGaming; hands‑on experience building and scaling specialised hosting for regulated online gambling and sports betting across Europe and North America

Expertise: Regulated iGaming and sports book hosting; in‑state infrastructure for US online gambling; ISO 27001‑style cloud and bare‑metal architectures; DDoS‑protected, compliant hosting tailored to licensing, data‑location and technical requirements in multiple jurisdictions

Recognised Projects: Co‑founded Internet Vikings in 2007 and grew it from a domain and generic hosting provider into a leading iGaming and sports‑betting infrastructure partner, now live with licensed in‑state hosting in more than 20 US states and serving clients across Europe and the Americas.

Recognition: Named European CEO of the Year in the hosting industry; recognised for leadership in in‑state hosting solutions for iGaming and online sports betting; selected for the Emerging Leaders of Gaming 40 Under 40 list; and recognised for leadership in in‑state hosting solutions for iGaming and online sports betting.

Built for rules that keep changing

We chose to speak with Internet Vikings because they are one of the few infrastructure providers built specifically around the needs of licensed iGaming operators, with hands‑on experience hosting in multiple regulated markets across Europe and the US.

Founded in 2007 as a hosting and domains business, the company has evolved into a specialist provider of compliant, in‑state hosting for regulated operators, giving them a front‑row view of how fragmented rules shape day‑to‑day operations.

Abstract illustration of a cloud computing network between server racks, symbolising complex, interconnected infrastructure and data flows.

Cloud infrastructure and data flows between server environments – a visual analogy for the fragmented, constantly changing compliance requirements facing regulated iGaming operators.

Abstract compliance and legal icons over a cityscape, including scales, checklists, books and warning symbols, representing complex regulatory requirements.

A decade of regulatory whiplash: overlapping legal and compliance requirements across jurisdictions have turned “reasonable measures” into a moving target for iGaming operators.

A decade of regulatory whiplash

Recent years have brought waves of change to gambling regulation across Europe and North America, driven by stricter compliance requirements, higher taxes, and evolving interpretations of “reasonable measures.”

Several countries have revised their gambling acts—or introduced entirely new ones—with fresh limits on advertising, payment methods, data retention, and tax rates.

Even established markets like the UK, Netherlands, and Malta continue to adjust core frameworks, raising the bar for player protection and financial oversight.

When we sat down with Rickard at Internet Vikings to discuss this landscape, he quickly pinpointed the heart of the issue: fragmentation. Almost every country that has legalized gambling—and, in the US, every state that is legalizing gambling—now applies its own regulatory and compliance framework.

Operators and suppliers no longer face a single strict rulebook, but dozens of partially overlapping ones that can pull in different directions. The same product may need different technical controls, logging standards, and risk thresholds depending on where the player sits, even when the underlying policy goal is similar.

EU patchwork, US mosaics

In Europe, the story has largely been one of incremental tightening. Early‑moving countries built licensing systems that shifted responsibility from the player to the operator: suddenly, it mattered exactly how KYC and AML were implemented, how marketing was targeted, and how safer‑gambling tools were embedded into the product experience. Data location, audit trails, and technical standards moved from IT hygiene topics to core regulatory questions.

In the US, the change looked more like a jump cut. State after state legalised some form of online wagering, but each did so on its own terms, with its own rules for servers, backups, logs, disaster recovery, and oversight.

What can appear, from a distance, to be a single US market is, at the infrastructure level, a cluster of small sovereign territories. For hosting providers, that has meant building state‑specific stacks and in‑state data centres in places like New Jersey, Michigan, Pennsylvania, and Nevada, then replicating and adapting that model as new states open – exactly the niche Internet Vikings has chosen to occupy.

Judge’s gavel resting on a computer circuit board, symbolising the intersection of law, technology and online regulation.

Legal standards meeting technical reality: defining “reasonable measures” in an environment where every control can be bypassed, yet regulators demand stronger barriers and better detection.

“Reasonable measures” and the limits of blocking

Few phrases have caused more disagreement between operators and regulators than “reasonable measures”.

On paper, the concept is simple: licensees must take reasonable steps to prevent underage, excluded, or out‑of‑jurisdiction players from accessing their sites.

In practice, Rickard argues, there is always a way around any single technical barrier if a player is determined enough and technically capable.

The challenge, then, is not to create perfect walls but to spot patterns.

Infrastructure can flag when a thousand players suddenly appear behind the same VPN endpoint, or when suspicious clusters behave in ways that differ from the ordinary customer base.

Rickard compares the situation to Netflix: in the early days, it was relatively easy to watch a foreign series while on holiday, but as rights and obligations tightened, so did the geofencing.

The difference is that gambling carries higher stakes — financial, social, and political — and therefore attracts more aggressive attempts at circumvention.

The only way to make access nearly tamper‑proof, he notes, would be to demand precise geo‑coordinates from every player device and lock play to those coordinates in real time. Technically, this is increasingly possible.

Legally and ethically, it collides with privacy laws and with a basic sense of proportionality in how far a state should go to supervise an individual who is, at least on paper, playing on a legal site.

New rules are likely to push this debate further. Operators and their partners are increasingly expected to block access from sanctioned or high‑risk jurisdictions, and from customers caught by EU or US sanctions regimes, even though VPN use and proxy traffic can blur the line between ordinary travellers and prohibited players.

In Sweden, a new Sanctions Act and the government memorandum “Spellagens tillämpningsområde, Ds 2025:23” would expand the definition of illegal gambling and tighten payment‑blocking duties for firms that facilitate unlicensed play, again rewriting parts of the rulebook Rickard is responding to.

3D puzzle pieces sitting on a glowing circuit-board pattern, symbolising digital systems that must fit together across different technical and regulatory requirements.

When doing everything “right” is not enough: compliance depends on systems that can adapt to different logging, monitoring and audit requirements across regulators, not just on a single static rulebook.

When doing everything “right” is not enough

The goal, in his framing, is a system in which the overwhelming majority of activity is correct and where slips are containable, documented, and fixable rather than symptoms of deeper flaws.

For supervisors, the key question becomes whether they are seeing isolated, explainable issues or evidence of systemic weakness. This is where hosting and infrastructure turn political: they determine what is logged, how long data is retained, how quickly anomalies can be spotted, and how easily a regulator can reconstruct events years later.

Internet Vikings has positioned itself precisely in that space. Rather than acting as a generic cloud supplier, it tries to understand why one authority cares about one set of logs, another about a different audit trail, and a third about real‑time monitoring — and to build platforms accordingly.

In Rickard’s view, the only sustainable answer to fragmentation and shifting interpretations of “reasonable measures” is to engineer systems and partnerships so that they can be demonstrated under scrutiny, not just stated in a policy document.