Why regulatory AI has to become core infrastructure for iGaming compliance

Continent 8 Technologies’ Cristopher Kuehl says the old model of scaling compliance by adding more people is breaking under the weight of diverging technical standards. For high-risk operators, the practical issue is simple: if compliance is still a manual layer at the end of the process, launch cycles slow down and operational risk goes up.

1. Kuehl, chief data, information and AI officer at Continent 8 Technologies, says the industry is carrying “a massive disconnect”: 2026 product cycles are being pushed through a compliance pipeline built for the 2010s. In his view, the old playbook was to hire more people whenever a new market opened, bring in local counsel, and absorb a six-month “certification tax” as the cost of expansion. He says that model is “officially broken.”
2. The pressure point is the volume of technical standards. Kuehl points to diverging rules around event-level telemetry and session triggers, and says the load has gone beyond what human teams can manage manually. His warning is blunt: if operators still try to “out-hire” the problem, they are creating systematic risk rather than reducing it.
3. His alternative is “compliance throughput” — the ability to interpret, implement and validate regulatory requirements quickly without increasing operational risk. That, he argues, means treating regulatory AI as core infrastructure rather than a back-office tool. In other words, compliance is no longer just a legal review step; it becomes part of the operating system.
4. Kuehl is also dismissive of much of what is currently sold as regulatory AI. In his view, a lot of it is just a polished search layer on top of a PDF library: useful for finding a statute, but not for removing the bottleneck. He says many operators now spend more on normalising data for regulators than on their core game engines, which he calls an infrastructure failure.
5. The direction he wants is “compliance as code”: regulatory logic moved out of legal memos and into the data packets on the network. With that setup, infrastructure becomes an active validator. Kuehl gives the example of a developer build that violates a session limit rule in Ontario being flagged automatically during the CI/CD process, before it reaches a human auditor. The result, he says, is a launch window closer to real time instead of six months.

The other point worth noting for operators and PSPs is that compliance cost does not scale linearly. Kuehl says the math breaks because complexity grows exponentially: every new jurisdiction brings its own data residency laws, reporting schemas and audit cadence. That is the part that usually gets missed when teams assume five people can handle two markets and 50 people can handle 20.