By Callum 
When people say “Comoros iGaming,” they almost always mean the Anjouan framework, since Anjouan (Ndzuwani) is the Comoros island that issues online-gaming approvals, often marketed online as a comoros gambling license. In 2025 the regime tightened and clarified several points that matter to smaller teams: who runs licensing, how licenses are issued (B2C vs B2B), hosting expectations, and market-access rules. Here’s what changed, what didn’t, and a concrete plan to adapt.
What actually changed
Administration and structure. Anjouan Licensing Services Inc. (ALSI) presents itself as the exclusive license administrator for the island’s gaming approvals, working with the Anjouan Offshore Finance Authority and the Anjouan Gaming Board. That shift, which began earlier, is reflected in 2025 materials and in the authority’s own site.
Direct license types. Messaging from 2024–2025 guides now describes direct B2C and B2B licenses, not a master/sub-license model. For operators, that means your entity is the licensed party, and vendors can also be licensed on a B2B basis.
Excluded territories and geo-blocking. Current guidance highlights a short but strict list of prohibited markets (e.g., USA, UK, France, Germany, Netherlands, Spain, Australia, Austria, Comoros itself) plus FATF “black-list” countries, with operators expected to enforce geo-blocking and payment blocking accordingly. Always check the latest list and align it to the current FATF statements.
Hosting and data location. One notable operational point in 2025 materials: the player database and servers are expected to be hosted in Anjouan. That is unusual compared to other offshore regimes and affects architecture, latency, and vendor selection.
Timelines and costs. Public guidance and integrator content still emphasize relatively fast issuance (often quoted as 2–4 weeks after a complete pack) and comparatively low fees versus mature EU regimes, though renewals and key-person fees apply. Treat timelines as estimates and build slack into your launch plan.
Reality check: Some commentators dispute the overall standing of Anjouan/Comoros in the wider legal context. If you plan to rely on this license for critical banking or major-market distribution, perform your own legal assessment and keep contemporaneous evidence of regulator communications.
What did not change
You still own market-access risk. No license is a passport. You must exclude jurisdictions that require a domestic approval you do not hold, and you must be able to prove effective geo-blocking and payment controls for restricted countries. Payment partners will test you on this.
AML, fairness, and player safety expectations remain. Even outside the EU/UK, counterparties and PSPs expect written AML/KYC, sanctions screening, wallet/transaction monitoring if you take crypto, responsible gambling tooling, and a predictable complaints/ADR flow. Anjouan-focused materials stress AML and player-protection baselines as part of the framework.
A 30–60–90 day action plan for small teams
Days 1–30: stabilize compliance and architecture
Write your perimeter memo. One page that states the business model (casino/sportsbook), the countries you will not serve, and why. Attach your market-access matrix referencing the restricted list and the current FATF statements. This document is what banks and PSPs ask for first.
Decide your hosting model. If you must host the player DB and core services in Anjouan, lock vendors that can meet that requirement and run a latency test from target markets. Document how you’ll keep PII safe and how you’ll replicate logs for investigation without breaching data-location promises.
Assemble an AML/RG starter pack. Create a short, practical AML/CTF program: KYC tiers, sanctions/PEP screening, transaction monitoring rules, and escalation to a compliance owner. Pair it with responsible gambling controls (deposit limits, time-outs, self-exclusion) and clear Terms/Risk disclosures. These artifacts are often required for application and are essential for payment onboarding.
Map license type to reality. If you are an operator, confirm B2C scope. If you supply content/platform, confirm B2B scope and your upstream obligations. Keep copies of regulator correspondence or portal screenshots in your evidence pack.
Days 31–60: harden payments and player protection
Banking and PSP readiness. Prepare a partner-ready evidence folder: corporate docs, clean cap table, UBO/KYC files, AML/CTF program, RG policy, market-access matrix, and uptime/security notes. Expect enhanced questions if you enable crypto rails; specify blockchain-analytics rules and Travel-Rule handling if applicable.
Geo- and pay-blocking tests. Run and record test attempts from restricted countries via VPN and with BINs from blocked territories. Save screenshots and gateway logs to prove enforcement. Keep a change log whenever your restricted list updates with FATF movements.
Player dispute and ADR process. Publish a simple complaints flow with SLA timelines and name the independent ADR route you accept. This reduces churn and helps with PSP diligence. (If you need a template, reuse the intake-to-ADR framework you already built.)
Days 61–90: prove controls and plan renewals
Internal audit lite. Sample 20 KYC files, 20 deposits, 20 withdrawals, 10 bonus grants, and 10 complaints for evidence completeness and consistency with your policies. Fix any gaps, then log remediation dates.
Responsible-marketing check. Remove “risk-free/guaranteed” language and add prominent risk notices and bonus conditions next to headlines. Keep a record of claims substantiation. Payment partners increasingly scan this.
Renewal calendar and fees. Add reminders for annual license renewal and key-person authorization fees; make sure your budget includes extra domains if you operate multiple sites under one certificate.
Payments and crypto: set expectations
Many Anjouan-licensed brands market to crypto-friendly audiences. If you use crypto rails, write down wallet-screening rules, deposit/withdrawal thresholds, and abnormal-pattern alerts. Be explicit about how you stop restricted-country users from transacting via VPN plus alternative payment routes. Where your acquiring PSPs are conservative, maintain a fiat-only fallback flow per market.
Risk management notes for founders
- Do not oversell the license to partners. Present it plainly, with your controls and restricted-market enforcement. Counterparties care more about your operational discipline than the brochure.
- Watch for conflicting info. In fast-moving offshore regimes, public sources can disagree. Keep a dated file of regulator pages, guidance, and emails to defend decisions made in good faith.
- Track FATF cycles. If a country moves lists, your restricted matrix should update and your blocks should follow. Save evidence of the change.
Bottom line
For small operators, 2025’s Anjouan/Comoros updates are manageable if you move quickly on four fronts: confirm your direct B2C/B2B scope, implement real geo-/pay-blocking against the restricted list, honor the hosting in Anjouan expectation in your architecture, and arrive to PSPs with a tidy AML/RG and dispute-handling pack. Do that, and you get a fast route to launch with fewer surprises—while keeping the flexibility to add additional licenses as you scale.