PROG Rules 2026 & Online Gaming Authority of India (OGAI): The Definitive Compliance Guide

PROG Rules 2026: Understanding India’s Unified Gaming Framework

April 22, 2026, marked a turning point for India’s online gaming industry. On that day, the Ministry of Electronics and Information Technology (MeitY) issued a Gazette Extraordinary notification that brought the Promotion and Regulation of Online Gaming Act, 2025 (PROGA) and the Promotion and Regulation of Online Gaming Rules, 2026 (PROG Rules) into operation. Both officially came into force on May 1, 2026.

For years, the sector operated amid legal uncertainty, with different states adopting different approaches and no single national framework governing the industry. The new regime changes that landscape entirely. Rather than introducing a minor regulatory update, the government has created a comprehensive system that affects how online gaming businesses are built, operated, funded, and monitored.

The implications extend well beyond gaming companies. Investors, payment service providers, technology platforms, advertisers, and developers must now navigate a new set of compliance obligations and enforcement risks.

This guide explains the key elements of the framework in practical terms. It examines the role of the Online Gaming Authority of India (OGAI), how games are classified under the PROG Rules, what the ban on online money games means in practice, how the grievance redressal system works, and the compliance measures operators must implement to continue operating within the law.

At A Glance: OGAI & PROG Rules 2026 Compliance

• New National Regulator: The Online Gaming Authority of India (OGAI) is now the central body for all gaming classification, grievance redressal, and enforcement under the PROG Act 2025.
• Absolute Money Game Ban: As of May 1, 2026, online money games (OMG) involving monetary stakes are prohibited, with no exceptions for skill-based arguments.
• Mandatory Game Classification: Operators cannot self-certify; all games must undergo an OGAI determination process within a 90-day window to distinguish between money games, e-sports, and social games.
• Stricter Compliance Obligations: Platforms must implement robust age-gating, KYC, and data localisation on Indian servers to remain operational and avoid penalties up to ₹1 crore.
• Dual-Tier Grievance System: Unresolved user complaints can now escalate directly to OGAI and subsequently to the Secretary of MeitY, shifting grievance handling from customer support to a formal regulatory process.
• Financial Enforcement: Banks and payment gateways are now mandatory compliance gatekeepers, required to block transactions for any game deemed an illegal money game by OGAI.

What is the Online Gaming Authority of India (OGAI)?

The Online Gaming Authority of India (OGAI) is the central regulator created under Section 8(1) of the Promotion and Regulation of Online Gaming Act, 2025. It is India’s first dedicated national authority for regulating the online gaming sector under a single framework.

Before PROGA, the regulatory landscape was fragmented. Operators often had to navigate a mix of state laws, court rulings, and policy interpretations. The self-regulatory model proposed under the 2023 IT Rules also failed to gain traction because no self-regulatory body was ultimately registered. OGAI is intended to replace that uncertainty with a unified regulatory structure.

The authority has been entrusted with some of the most important functions under the new regime. It maintains the public list of prohibited online money games, determines how individual games should be classified, hears user grievances, issues directions to payment service providers and banks, and works with enforcement agencies to ensure compliance with the law.

One of the most significant changes introduced by PROGA is that operators can no longer decide for themselves whether a game falls into a particular category. The authority to determine whether a game qualifies as an online money game, an online social game, or an e-sport rests exclusively with OGAI. Any platform seeking regulatory certainty must ultimately rely on OGAI’s determination process rather than its own assessment.

Also Read: What is the PF Ceiling Limit for 2026? A Complete Guide to the ₹25,000 Shift

The Structure and Composition of OGAI

Rule 3 of the PROG Rules 2026 establishes OGAI as an attached office of MeitY headquartered in the National Capital Territory of Delhi. Although relatively compact in size, the authority brings together representatives from several key ministries whose responsibilities intersect with online gaming regulation.

Position	Role
Additional Secretary, MeitY (or JS-level nominee)	Chairperson, ex officio
Joint Secretary, Ministry of Home Affairs	Member, ex officio
Joint Secretary, Department of Financial Services, Ministry of Finance	Member, ex officio
Joint Secretary, Ministry of Information and Broadcasting	Member, ex officio
Joint Secretary, Ministry of Youth Affairs and Sports	Member, ex officio
Joint Secretary, Department of Legal Affairs, Ministry of Law and Justice	Member, ex officio

The Chairperson may also invite subject-matter experts whenever specialised expertise is required. Their allowances and compensation are governed by applicable Ministry of Finance norms. In addition, the Central Government may appoint a Director-level officer from MeitY to serve as OGAI’s Secretary on deputation.

The Rules also lay down clear procedures for decision-making. Meetings require a quorum of at least half of the authority’s functional strength. Decisions are taken through majority voting, and in the event of a tie, the Chairperson has the casting vote.

Importantly, the law includes safeguards to ensure continuity. OGAI’s actions and decisions remain valid even if vacancies exist or if procedural defects arise in the appointment of members. This provision helps prevent regulatory processes from being stalled because of administrative issues.

OGAI’s Jurisdiction and Digital-First Regulatory Approach

One of the most distinctive aspects of OGAI is that it has been designed as a digital-first regulator from day one.

Under Rule 3(6) of the PROG Rules 2026, proceedings are expected to be conducted, as far as practicable, without requiring individuals to appear physically.

This approach reflects the digital nature of the industry itself and aims to make regulatory interactions faster and more accessible.

OGAI’s jurisdiction extends across India and covers every category of game that falls within the framework established by PROGA. Its powers under Rule 6 include:

• Issuing directions and orders to game service providers, advertisers, and financial intermediaries
• Investigating user complaints and initiating proceedings on its own motion
• Coordinating with banks, payment gateways, and UPI networks to block transactions linked to prohibited games
• Issuing guidelines, advisories, and codes of practice in consultation with the Central Government
• Hearing appeals arising from platform-level grievance decisions
• Maintaining and publishing the official list of online money games that have been prohibited

The framework also contains confidentiality protections. Information submitted by operators during applications, investigations, or compliance proceedings is treated as confidential and may only be disclosed when required by law or pursuant to a court order.

Overall, OGAI sits at the centre of India’s new online gaming regime. It is not merely a registration authority. It functions as the sector’s regulator, adjudicator, enforcement coordinator, and policy administrator, giving it a pivotal role in shaping how the industry evolves under the PROG framework.

The Promotion and Regulation of Online Gaming (PROG) Rules, 2026

The PROG Rules, 2026 form the operational backbone of India’s new online gaming regulatory framework. While the Promotion and Regulation of Online Gaming Act, 2025 established the legal foundation, the Rules provide the procedures, standards, and enforcement mechanisms needed to make that framework work in practice.

Issued through a Gazette Extraordinary notification on April 22, 2026, the Rules are divided into six parts comprising 26 individual rules. According to the Press Information Bureau’s official release, the framework introduces “a clear, transparent and time-bound mechanism to determine whether an online game is an online money game.”

For operators, the Rules are where compliance obligations become concrete. They define how games are classified, how registration works, what responsibilities platforms must fulfil, and how enforcement actions are carried out.

The Transition from the PROG Act 2025 to 2026 Rules

The Promotion and Regulation of Online Gaming Act, 2025, was passed by Parliament in August 2025. However, the Act intentionally left many operational details to be specified through subordinate legislation.

Over the following months, MeitY conducted consultations with multiple ministries and sought legal vetting before finalising the PROG Rules, 2026.

Several important changes emerged between the Draft Rules published in October 2025 and the final version that ultimately came into force.

One of the most significant changes concerns grievance redressal. The draft framework proposed a Grievance Appellate Committee that would have acted as an intermediary layer between operators and OGAI. That proposal did not survive into the final Rules.

As noted in the legal analysis published by King, Stubb & Kasiva unresolved user complaints can now move directly to OGAI. This effectively places operators under closer regulatory scrutiny because customer disputes can escalate into formal proceedings much more quickly.

The second major shift involves how games are tracked and regulated.

The draft framework envisioned a national registry of approved online money games. In effect, operators would have relied on a positive list identifying games that were permitted to operate.

The final Rules adopt the opposite approach. Instead of maintaining a list of approved games, OGAI maintains a public register of games that have been classified as online money games and are therefore prohibited.

This transition from an allow-list model to a prohibition-based system signals a clear regulatory preference. The emphasis is less on approving market participation and more on identifying and restricting activities considered high risk.

May 1, 2026: What Changes for Operators and Players

May 1, 2026 marked the date when the new framework became fully operational. According to the PIB notification, several major changes took effect simultaneously.

For operators, the most immediate development was the prohibition of online money games. The ban came into force without a transition period, grace window, or carve-out for games claiming to be skill-based while involving monetary stakes.

At the same time:

• OGAI became operational as the sector’s central regulator.
• Cyber cell officers received authority to investigate offences under the Act.
• Banks, payment gateways, and financial intermediaries became active compliance participants responsible for verifying game status before processing transactions.
• Offering, advertising, or facilitating payments for online money games became cognisable and non-bailable offences carrying penalties of up to three years’ imprisonment and fines reaching ₹1 crore.
• E-sport operators became subject to dual requirements involving both NSGA recognition and OGAI registration.
• Platforms were required to maintain functioning grievance redressal systems, with users gaining the right to approach OGAI directly when complaints remain unresolved.

For players, the practical impact is substantial.

Many real-money gaming models that previously operated in India now face serious regulatory uncertainty. Games involving cash buy-ins, entry-fee-funded prize pools, monetary wagers, or similar stake-based structures may fall within the prohibited category unless they successfully navigate OGAI’s determination process and receive a favourable classification.

The result is a fundamentally different regulatory environment from the one that existed before May 2026. Operators can no longer rely on historical court interpretations, state-specific approaches, or industry assumptions. Compliance now revolves around the statutory framework created by PROGA, the PROG Rules, and OGAI’s determinations.

Game Classification Under the New 2026 Framework

Under PROGA, every online game offered in India must fit into one of three categories. Determining where a game falls is not simply a regulatory exercise. It is often the single most important compliance question an operator must answer because the classification directly affects whether a game can legally operate in the country.

The framework creates a clear distinction between online money games, e-sports, and online social games, with each category subject to a different regulatory treatment.

Also Read: Salary Payment Rules in India (2026): 7th Day Deadline, 48-Hour FnF & 50% Wage Rule Explained

Online Money Games (OMG): The Complete Ban Explained

An Online Money Game (OMG) is broadly defined as a game in which a player pays fees, deposits money, or places other stakes with the expectation of receiving a monetary benefit or something of equivalent value in return.

The breadth of this definition is deliberate. According to the analysis by King, Stubb & Kasiva, the prohibition is absolute. Since May 1, 2026, there has been no licensing route, no transition period, and no special exemption for games that claim to involve a high degree of skill.

Section 2(j) of PROGA expands the concept of “other stakes” beyond traditional cash wagers. The definition includes anything of value, whether real or virtual, that is purchased directly or indirectly in connection with participation in a game.

This broader approach has significant implications for modern gaming models.

For example:

• Play-to-earn ecosystems where tokens acquire real-world market value may fall within the scope of an OMG.
• NFT-based reward systems that can be monetised outside the game environment may attract regulatory scrutiny.
• Virtual currencies that can be exchanged for real-world value are potentially covered by the definition.
• Fantasy sports contests funded through entry fees are likely to face classification risks.
• Betting products linked to e-sports events are generally considered incompatible with the framework and may qualify as online money games.

The law treats violations seriously. Offering, promoting, or facilitating payments for online money games can result in criminal liability.

Offence	Imprisonment	Fine
Offering or operating an online money game	Up to 3 years	Up to ₹1 crore
Facilitating payment flows for an OMG	Up to 3 years	Up to ₹1 crore
Advertising an online money game	Up to 2 years	Up to ₹50 lakh
Repeat offenders	Mandatory minimum sentences	—

The message from the legislation is clear: any product involving stakes and an expectation of monetary gain should be reviewed with extreme caution.

E-Sports: Recognition, Rules, and Registration

Unlike online money games, e-sports are permitted under the new framework, but only when operators satisfy a strict regulatory pathway.

PROGA defines e-sports as competitive, multiplayer, skill-based games that have received formal recognition under the National Sports Governance Act, 2025 (NSGA). Prize money awarded on the basis of performance remains permissible. However, betting and wagering connected to e-sports events remain prohibited.

As noted by King, Stubb & Kasiva, fantasy leagues or betting products built around e-sports competitions are likely to face classification challenges under the Act.

For operators, compliance follows a mandatory sequence.

1. Obtain recognition under the NSGA from the Ministry of Youth Affairs and Sports.
2. Apply to OGAI for determination and registration.

This order matters. OGAI cannot register an e-sport unless the game has already received NSGA recognition. Once a complete application is submitted, OGAI’s 90-day determination timeline begins.

Rule 12(3) of the PROG Rules 2026 also makes it clear that an online money game cannot be reclassified as an e-sport to avoid the prohibition. If a game qualifies as an OMG, it is ineligible for both NSGA recognition and OGAI registration as an e-sport.

For operators hoping to enter the competitive gaming market, this distinction is critical.

Online Social Games (OSG): Entertainment and Safe Harbor

Online Social Games (OSGs) occupy the least restrictive category under the framework.

These are games designed primarily for entertainment, recreation, or educational purposes, where users pay only a subscription fee or a one-time access fee and do not participate with any expectation of winning money or obtaining an equivalent financial benefit.

In most cases, OSGs do not require mandatory OGAI registration. However, there are exceptions. The Central Government may notify specific categories for mandatory classification, and OGAI retains the authority to review individual games where necessary.

To remain within the OSG safe harbour, operators must ensure that:

• Gameplay does not involve fees, deposits, or stakes linked to outcomes.
• Users have no reasonable expectation of monetary gain.
• Rewards cannot be transferred, redeemed, or monetised outside the game ecosystem.
• Revenue comes from subscriptions or access fees rather than stake-based participation.

The distinction may seem straightforward, but operators should be careful when introducing new monetisation features.

Rule 10(2)(b)(iii) of the PROG Rules 2026 requires operators to notify OGAI before implementing changes that affect payment facilitation mechanics. A seemingly minor modification to how users pay, earn rewards, or interact with in-game assets can invalidate an existing determination and trigger a fresh classification review.

For many operators, maintaining OSG status will depend not only on how a game is launched but also on how it evolves over time. Even features added months after release may alter the regulatory position and require renewed scrutiny from OGAI.

The OGAI Determination Process

The determination process is the mechanism OGAI uses to formally classify a game under the new regulatory framework. Whether a game is ultimately treated as an online money game, an e-sport, or an online social game depends on the outcome of this process.

The framework is governed by Part III of the PROG Rules 2026 (Rules 8-11).

For operators, the determination process is not a one-time procedural formality. It is the foundation on which regulatory certainty rests. Without a valid determination, businesses may struggle to demonstrate compliance to regulators, financial institutions, and commercial partners.

Triggers for Suo Motu and Operator-Initiated Determination

Rule 8 provides three different pathways through which a determination process can begin.

1. Suo Motu Action by OGAI

OGAI can initiate proceedings on its own if it believes a game requires examination. In such cases, the authority issues a written notice to the operator outlining the reasons for the proposed review.

The notice may require the operator to submit information, supporting documents, and representations relevant to the classification exercise. Operators must be given a reasonable opportunity to respond before a determination is made.

2. Operator-Initiated Applications for E-Sports

Operators intending to offer a game as an e-sport must proactively approach OGAI through the prescribed digital application process.

Applications are submitted through OGAI’s website or mobile application, after the operator has obtained the necessary NSGA recognition. This route is particularly important for competitive gaming businesses seeking regulatory approval before launching or scaling operations.

3. Central Government Notification

The Central Government also has the authority to require specific categories of games to undergo determination.

This mechanism allows regulators to respond to emerging gaming formats or business models. If a new genre begins attracting substantial participation or financial activity, the government can mandate a classification exercise to clarify its regulatory status.

An important detail often overlooked by operators is found in Rule 10(2). A determination granted to one company does not automatically extend to another.

Even if two games appear virtually identical, each operator must stand on its own merits before OGAI.

As noted in this analysis, this creates a significant compliance burden for businesses managing multiple brands, derivative products, or large gaming portfolios. In addition, a determination remains valid only while the game’s payment mechanics remain unchanged.

The 90-Day Timeline for Game Classification

The Rules establish a defined timeline for regulatory certainty.

Under Rule 10(3) of the PROG Rules 2026, OGAI must complete the determination process within 90 days.

The clock begins running from:

• The date a complete application is received in operator-initiated cases, or
• The date OGAI issues a notice in suo motu proceedings.

However, the timeline can be paused under certain circumstances.

If OGAI finds that an application is incomplete, it may seek additional information from the operator. The period taken by the operator to provide the requested material is excluded from the 90-day calculation.

Where submitted information remains insufficient, OGAI may return the application while recording its reasons.

According to the PIB release, the determination process generally leads to one of two outcomes:

• If a game is classified as an online money game, OGAI issues a determination order and may initiate enforcement action.
• If the game is not classified as an online money game, OGAI may issue an order recognising it as an online social game and direct the operator to notify the authority before making future changes to payment-related features.

Operators should remember that a determination is not permanent.

Any material modification involving payments, deposits, rewards, or the authorisation of funds can invalidate the original determination and require a fresh review under Rule 11.

Factors Determining “Skill vs. Chance” in 2026

One of the most important shifts introduced by the 2026 framework is the move away from the traditional “skill versus chance” debate that dominated Indian gaming litigation for years.

Instead of relying on a single legal test, Rule 9 of the PROG Rules 2026 requires OGAI to evaluate every game using five objective factors.

Factor 1: Payment Involvement

The authority examines whether players pay fees, deposit money, or place any other form of stake during participation.

The terminology used by the platform is largely irrelevant. What matters is the economic substance of the transaction.

Factor 2: Expectation of Monetary Return

OGAI assesses whether users reasonably expect to receive money, rewards, enrichment, or other valuable benefits in exchange for what they contribute.

Even indirect expectations may become relevant under this analysis.

Factor 3: Purpose of Fees or Deposits

The Rules distinguish between several different payment structures:

• Entry or registration fees linked to competitive events and performance-based prizes
• Subscription fees or one-time access charges for game access
• Amounts staked with the expectation of winning money or other valuable rewards

This distinction is central because the same payment may be treated differently depending on how it functions within the game’s ecosystem.

Factor 4: Revenue Model Structure

The authority evaluates the broader commercial model underpinning the game.

This includes how the operator earns revenue, how rewards are distributed, and whether the platform’s economics rely on stake-based participation.

Factor 5: Transferability of Rewards

This may prove to be the most consequential factor for many modern gaming businesses.

OGAI examines whether rewards, assets, benefits, or in-game items can be transferred, redeemed, monetised, or used outside the game environment.

As highlighted in the analysis, a game does not necessarily need a direct cash prize to attract regulatory attention. If in-game tokens, NFTs, virtual assets, or digital rewards can acquire real-world value through secondary markets, the game may still fall within the scope of an online money game.

For operators experimenting with blockchain-based rewards, play-to-earn systems, virtual economies, or tokenised ecosystems, this factor deserves particularly close scrutiny.

Ultimately, the determination framework reflects a broader policy shift. Rather than focusing solely on whether a game is predominantly skill-based or chance-based, regulators now look at the complete economic structure surrounding the game and the incentives it creates for players.

Mandatory User Safety and Platform Requirements

User safety sits at the heart of the PROG Rules 2026. Rather than treating player protection as a secondary compliance obligation, the framework makes it a core regulatory requirement for operators seeking to offer online social games or e-sports in India.

Rule 2(1)(i) of the PROG Rules 2026 introduces the concept of “user safety features,” a broad category that covers technical, operational, behavioural, and procedural safeguards tailored to a game’s risk profile.

In practical terms, operators are expected to build safety measures into their platforms from the outset rather than adding them later as compliance afterthoughts. These safeguards must also be disclosed when applying for determination or registration.

Strict Age-Gating and KYC Protocols

One of the clearest messages in the PROG Rules is that age verification cannot be treated as a box-ticking exercise.

Operators must implement meaningful age-gating mechanisms that actively prevent underage users from accessing content or services intended for adults. Simple declarations such as clicking “I am over 18” are unlikely to satisfy the spirit of the framework if they are not backed by effective verification measures.

The PIB release identifies several mandatory user safety features, including age verification, age-gating, parental controls, time restrictions, grievance redressal tools, counselling support, and fair-play monitoring systems.

To meet these expectations, operators should implement:

• Age verification during account creation rather than waiting until a user attempts a payment.
• Technical age-gating mechanisms that restrict access when age requirements are not met.
• Parental control features that allow guardians to monitor or limit access for younger users.
• User reporting tools that enable players to flag suspected underage users, inappropriate content, or other concerns.

The framework recognises that not all games carry the same level of risk. As a result, the specific design of these controls may vary depending on the nature of the game and its user base. OGAI may also issue additional guidance on verification standards through future directions, guidelines, or codes of practice under Rule 6(4)(c) of the PROG Rules 2026.

Deposit Caps and Mandatory Self-Exclusion Features

Unlike some international gaming frameworks, the PROG Rules do not currently prescribe specific deposit limits or spending caps.

Instead, they establish a flexible structure that allows OGAI to introduce detailed requirements through future directions and codes of practice.

Even without fixed numerical limits, operators must still implement several player-protection mechanisms as part of their mandatory safety framework under Rule 2(1)(i) of the PROG Rules 2026.

These include:

• Time restriction tools that limit continuous gameplay or cumulative usage over specified periods.
• Counselling support resources that provide users with access to responsible gaming information and self-help tools.
• Fair-play and integrity monitoring systems capable of detecting suspicious behaviour, collusion, manipulation, or other forms of abuse.

The significance of these requirements should not be underestimated.

Once OGAI issues detailed directions on spending controls, deposit caps, or self-exclusion measures, compliance becomes mandatory. Rule 14(3)(b) specifically identifies repeated non-compliance as a potential ground for suspension or cancellation of a registration certificate.

For operators, this means user-protection systems must be treated as ongoing compliance infrastructure rather than static features that can be ignored after launch.

Data Localisation: Storing Indian User Data Onshore

Data governance is another major pillar of the new framework.

Rule 17 of the PROG Rules 2026 requires operators to comply with OGAI’s directions regarding the retention and storage of traffic data, metadata, and other information connected to the operation of their games on computer resources located in India.

In effect, this introduces a data localisation requirement for the online gaming sector.

The obligation applies regardless of where an operator is headquartered. Companies serving Indian users will need to ensure that relevant gaming data is stored within the country.

The practical implications are significant:

• Gameplay data, transaction records, and associated metadata relating to Indian users may need to be maintained on infrastructure located in India.
• Operators relying entirely on overseas cloud or server infrastructure may need to establish domestic storage arrangements.
• Retention periods and specific categories of data subject to localisation requirements will be clarified through future OGAI directions.

Foreign operators should pay particular attention to this aspect of the framework.

Rule 12(1)(a)(v) of the PROG Rules 2026 identifies the country of origin of a game service provider as a factor that may trigger mandatory registration requirements. As noted in the practitioner analysis, overseas operators should assume a higher likelihood of regulatory scrutiny and plan their India-focused infrastructure accordingly.

Taken together, the user-safety and platform requirements signal that compliance under the PROG framework extends far beyond game classification. Regulators are increasingly focused on how platforms protect users, manage data, and maintain responsible operational practices throughout the lifecycle of a game.

The Two-Tier Grievance Redressal Mechanism

The PROG Rules 2026 place considerable emphasis on user grievance handling. Rather than treating complaints as routine customer support matters, the framework establishes a formal dispute-resolution process with regulatory oversight built into it.

Under Rule 20 of the PROG Rules 2026, every operator offering an online social game or e-sport must have a functioning grievance redressal mechanism in place before making the game available to the public.

The system operates through two distinct levels, giving users a clear pathway to seek review if their concerns remain unresolved.

Tier 1: Service Provider Internal Resolution

The first stage of the process takes place within the operator’s own grievance handling system.

Every platform must establish a mechanism capable of receiving complaints through written, digital, or other electronic channels. The process must cover complaints relating to any act, omission, service issue, operational decision, or business practice connected with the offering of the game.

Once a complaint is received, the operator is expected to examine the issue and communicate its decision within timelines prescribed by OGAI directions.

For many companies, this requirement represents a significant shift in mindset.

Historically, grievance handling was often managed as a customer service function focused on user satisfaction and retention. Under the PROG framework, however, grievance management has become a compliance responsibility that may later be scrutinised by regulators.

As a result, operators should ensure that their internal systems include:

• Clearly documented complaint-handling procedures
• Defined escalation pathways
• Recordkeeping and audit trails
• Timely communication with users
• Evidence supporting grievance outcomes and decisions

The stakes are higher because dissatisfied users no longer reach a dead end if they disagree with the operator’s response.

A user whose complaint is rejected, inadequately addressed, or left unresolved within the prescribed timeline automatically gains access to the second tier of the process.

As noted in the analysis , businesses that continue treating grievance handling purely as a customer service function may be underestimating the compliance risks associated with the new framework.

Tier 2: Appellate Review by OGAI

The second tier moves the dispute directly into the regulatory sphere.

Under Rule 20(2) of the PROG Rules 2026, users may file an appeal with OGAI through the authority’s website or mobile application if:

• They are dissatisfied with the operator’s decision, or
• The operator fails to resolve the complaint within the prescribed period.

The appeal must generally be filed within 30 days of the operator’s decision.

Once an appeal reaches OGAI, the authority is expected to make reasonable efforts to dispose of the matter within 30 days of receipt. During the review process, OGAI may hear both parties, examine relevant evidence, and issue directions it considers appropriate.

Those directions may include corrective actions, remedial measures, or other orders necessary to address the complaint.

Importantly, OGAI’s decision is not always the final step.

Rule 7 of the PROG Rules 2026 provides a further appellate remedy before the Secretary of MeitY. Users who remain dissatisfied may file a second appeal within 30 days of OGAI’s order.

The Secretary is expected to dispose of the appeal as expeditiously as possible, preferably within 30 days of receiving it.

The timeline structure can be summarised as follows:

Stage	Deadline
User files appeal with OGAI after Tier 1	Within 30 days of operator’s decision
OGAI disposes of appeal	Within 30 days of receipt (target)
User files second appeal with Secretary MeitY	Within 30 days of OGAI’s order
Secretary MeitY disposes of second appeal	Within 30 days of receipt (target)

The overall framework reflects a broader regulatory objective: ensuring that users have meaningful avenues for redress while holding operators accountable for how complaints are handled. For gaming companies, the message is clear. Effective grievance management is no longer simply a matter of customer experience. It has become an essential part of regulatory compliance under the PROG Rules 2026.

Financial Enforcement and UPI Blocking

The PROG Rules 2026 significantly expand the role of banks, payment gateways, UPI intermediaries, and other financial institutions in regulating the online gaming ecosystem.

Under the previous regulatory environment, financial intermediaries largely functioned as transaction processors. The new framework changes that dynamic. They are now expected to play an active compliance role and may face serious consequences if they fail to meet their obligations.

For operators, this means compliance is no longer limited to their own platforms. Their ability to receive payments and process transactions now depends heavily on the willingness and ability of financial partners to satisfy regulatory requirements.

The Role of Banks and Payment Gateways as Gatekeepers

Rule 19 of the PROG Rules 2026 places two core responsibilities on banks, payment service providers, financial institutions, and payment gateways.

Obligation 1: Verify Before Processing

Before facilitating any transaction or authorising funds related to an online social game or e-sport, financial intermediaries must verify that the relevant game possesses a valid determination order or Certificate of Registration from OGAI.

The exact verification process will be detailed through future OGAI directions. However, the underlying obligation is already in force.

For operators, this creates a practical reality: even if a platform believes it is compliant, payment partners may refuse to process transactions unless they can independently verify the game’s regulatory status.

Obligation 2: Immediate Blocking Upon OGAI Direction

The second obligation is even more stringent.

Under Rule 19(2), when OGAI determines that a game qualifies as an online money game and issues a direction, financial intermediaries must immediately suspend, restrict, or terminate associated financial transactions.

The Rules do not provide for:

• A review period
• A grace period
• An internal appeals pause
• Additional compliance consultations before implementation

The expectation is immediate action.

Once OGAI publishes its list of prohibited online money games under Rule 26, continuing to process payments for those games may expose financial institutions to significant compliance risks.

This enforcement approach reflects a broader trend already visible in government action.

According to this report, authorities have already blocked thousands of illegal betting and gambling websites, with cumulative takedowns exceeding 7,800.

The financial sector is now expected to serve as a key enforcement partner in preventing prohibited gaming activities from accessing payment infrastructure.

Penalties for Violating the Real-Money Gaming Ban

The consequences of non-compliance extend beyond corporate entities.

According to this analysis, personal liability can attach to senior executives responsible for relevant business functions.

This may include:

• Heads of Payments
• Chief Compliance Officers
• Senior managers responsible for payment operations
• Other executives overseeing affected business units

The principal defence available is demonstrating a lack of knowledge or showing that adequate due diligence measures were in place.

The enforcement process itself is governed by Part V of the PROG Rules 2026

When a complaint is received, or when OGAI initiates action on its own, the authority issues a formal notice outlining the alleged violation. The notice includes supporting material and specifies the date of the hearing, which is generally conducted through digital means unless physical attendance becomes necessary.

Operators then have two options:

• Admit the violation, allowing OGAI to record the admission and impose penalties.
• Contest the allegations and explain why a formal inquiry should not proceed.

The Rules require OGAI to hear and decide complaints within 90 days of receipt.

When deciding the appropriate penalty, Rule 21(8) directs OGAI to consider several factors:

• The amount of unfair gain derived from the violation, where measurable
• The losses suffered by users
• Previous instances of non-compliance
• The seriousness and duration of the violation
• The number of affected users
• The degree of harm caused
• Steps taken by the operator to mitigate the consequences
• Whether the penalty is proportionate and effective

The available enforcement measures under Section 12 of PROGA include:

• Monetary penalties
• Suspension of registration certificates
• Cancellation of registration certificates
• Temporary prohibitions on offering, facilitating, or promoting a game

The framework gives OGAI substantial discretion to tailor enforcement actions to the nature and severity of the violation.

In addition, Rule 22 of the PROG Rules 2026 provides that all penalties collected under the framework are deposited into the Consolidated Fund of India.

Taken together, the financial enforcement provisions reveal how seriously regulators intend to approach compliance. The focus is no longer limited to gaming operators. Banks, payment processors, executives, and financial intermediaries are now woven directly into the enforcement architecture, making compliance a shared responsibility across the entire ecosystem.

Step-by-Step OGAI Compliance Checklist for Operators

For operators, compliance under the PROG Rules 2026 is not a single filing exercise. It is an ongoing process that touches product design, payment systems, user protection measures, data infrastructure, and internal governance.

The most effective approach is to treat compliance as a structured programme rather than a collection of isolated requirements. Operators that conduct early reviews and build safeguards into their platforms are likely to face fewer regulatory challenges as the framework matures.

Assessing Your Game Portfolio Against PROG Rules

The starting point for every operator should be a comprehensive review of its entire game portfolio.

This review should be conducted against the five-factor determination framework outlined in Rule 9 of the PROG Rules 2026.

The objective is to identify features that could trigger regulatory concerns before they become enforcement issues.

A thorough portfolio assessment should include:

• Mapping every payment touchpoint across each game, including entry fees, deposits, subscriptions, in-game purchases, and staking mechanisms.
• Evaluating whether users have any realistic expectation of receiving monetary value or equivalent rewards.
• Documenting how fees and deposits are used within the game’s commercial structure.
• Reviewing the revenue model against the Rule 9 determination factors.
• Examining whether rewards, tokens, virtual currencies, or in-game assets can be transferred, redeemed, traded, or monetised outside the platform.
• Conducting legal reviews of NFT-based rewards, play-to-earn systems, blockchain integrations, and secondary-market economies.
• Recording the operator’s country of origin and principal place of business, given the relevance of these factors under Rule 12(1)(a)(v).

Where uncertainty exists, operators should proceed cautiously.

The new framework does not permit self-classification. A game that appears compliant from a business perspective may still raise concerns during an OGAI review. In ambiguous situations, seeking legal advice and preparing for formal determination is generally the safer course.

Setting up the Required Technical Safeguards

Once the portfolio review is complete, operators should focus on the technical and operational safeguards required under the framework.

Rule 2(1)(i) of the PROG Rules 2026 requires platforms to implement and disclose user safety measures before seeking registration or determination.

These safeguards should be operational before any application is submitted.

Key implementation steps include:

• Deploying robust age-verification systems during user onboarding.
• Implementing age-gating controls that restrict access where necessary.
• Providing parental control features for monitoring and limiting access by younger users.
• Introducing gameplay time-management tools, including session limits and cumulative usage controls.
• Establishing user-reporting mechanisms for inappropriate content, misconduct, or suspected underage activity.
• Making responsible gaming resources and counselling support readily accessible.
• Implementing fair-play monitoring systems capable of identifying suspicious behaviour, collusion, or manipulation.
• Building data-localisation infrastructure capable of storing required traffic data, metadata, and gameplay records within India under Rule 17.
• Appointing a designated Point of Contact (PoC) responsible for communications with OGAI.
• Establishing a formal internal grievance redressal system with documented procedures, timelines, and audit records.
• Preparing detailed disclosures covering safety features and grievance mechanisms for submission during the application process.

These measures should not be viewed solely as regulatory requirements. Many also serve as risk-management tools that can improve platform governance and user trust.

Submitting for the 10-Year Digital Certificate

After completing the portfolio review and implementing the required safeguards, operators can proceed with the application process.

Applications must be submitted through OGAI’s digital portal, either through its website or mobile application.

Under Rule 23 of the PROG Rules 2026 operators are expected to provide a comprehensive set of information, including:

• Operator identity and contact details.
• Information relating to licences, registrations, or authorisations held under other laws.
• A description of the game and its proposed category.
• Details regarding the intended user demographic and age group.
• Documentation explaining the revenue model.
• Information on user safety measures.
• Details of the grievance redressal framework.
• Formal assurances regarding the accuracy of the information provided.
• Any additional information requested by OGAI.

Upon successful completion of the process, OGAI issues a digital Certificate of Registration containing a unique registration number.

According to Rule 14 of the PROG Rules 2026 and the PIB release, the certificate may remain valid for up to 10 years, depending on the terms specified during registration.

Operators must prominently display their determination or registration details through the interface used to provide the game to users.

It is also important to remember that compliance does not end once a certificate is issued.

Any material change affecting payment mechanisms, monetisation structures, deposits, rewards, or the facilitation of funds must be reported to OGAI before implementation. Such changes may invalidate an existing determination and require the operator to undergo a fresh review.

For most businesses, obtaining registration should therefore be viewed as the beginning of an ongoing compliance relationship with OGAI rather than the final step in the process.

OGAI Rules vs. State Gaming Laws

Before the introduction of PROGA, India’s online gaming sector operated within a fragmented legal landscape. Since “betting and gambling” falls under the State List in the Constitution, individual states adopted their own approaches to regulation. This resulted in a patchwork of laws, varying enforcement practices, and frequent legal disputes over what constituted a permissible game.

The analysis by Shardul Amarchand Mangaldas helps explain why policymakers ultimately moved towards a central framework. The absence of uniform standards created uncertainty for operators, investors, payment providers, and users alike.

PROGA seeks to bring greater consistency to online gaming regulation at the national level. However, the relationship between the new central framework and existing state laws remains one of the most closely watched legal questions in the industry.

Overcoming Federal Challenges and State-Level Bans

Long before PROGA came into force, several states had already taken their own regulatory positions on online gaming.

As highlighted in the analysis by King, Stubb & Kasiva:

• Nagaland created a licensing framework for certain online skill games.
• Sikkim permitted licensed casino and skill-based gaming activities within its jurisdiction.
• Tamil Nadu enacted the Tamil Nadu Prohibition of Online Gambling and Regulation of Online Games Act, 2022, targeting real-money games of chance.
• Telangana and Andhra Pradesh adopted broad prohibitions covering staked games, including those involving skill.
• Haryana expanded gambling restrictions to explicitly cover online platforms in 2025.

The emergence of these differing approaches created a challenging compliance environment for operators seeking nationwide reach. A game considered lawful in one state could face restrictions or prohibitions in another.

PROGA attempts to establish central regulatory authority over the categories of online gaming covered by the Act. In doing so, it seeks to create a more uniform framework for classification, registration, enforcement, and oversight.

However, the legal picture is not entirely settled.

According to the same King, Stubb & Kasiva analysis, several constitutional challenges to PROGA have already been filed before different High Courts. These cases have since been consolidated before the Supreme Court, which is expected to decide important questions regarding the extent of Parliament’s authority in this area.

Until the Supreme Court delivers a final ruling, operators should remain cautious.

A favourable determination from OGAI does not automatically eliminate every legal risk at the state level. Businesses with users across multiple jurisdictions should continue monitoring local laws and obtaining jurisdiction-specific legal advice where necessary.

In practical terms, compliance may require a layered strategy that considers both the national framework and the possibility of state-level restrictions.

The Future of Physical Casinos in Regulated States

PROGA is focused exclusively on online gaming and does not directly regulate physical casinos.

As a result, casino operations in states such as Goa, Sikkim, and Daman continue to be governed primarily by their respective state laws and licensing frameworks.

That said, the new framework may still affect physical casino operators that have digital components within their business models.

Several areas deserve particular attention:

• Online versions of casino games involving real-money wagering are likely to fall within the online money game category and face prohibition under PROGA.
• Loyalty programmes that allow digital points or rewards to be redeemed for cash or real-world value may require careful analysis under Rule 9’s transferability criteria.
• Hybrid business models combining physical and digital gaming experiences may need to maintain strict separation between their online and offline monetisation systems.

The transferability of rewards is especially important. Under Rule 9(e) of the PROG Rules 2026, OGAI evaluates whether rewards, assets, or benefits can be transferred, monetised, or used outside the game environment. Even programmes that were not originally designed as gambling products could attract regulatory attention if rewards acquire real-world economic value.

As reported by the Economic Times , MeitY has made it clear that OGAI’s jurisdiction is confined to online gaming activities. However, the concept of “online” is interpreted broadly enough to encompass websites, mobile applications, internet-based platforms, and digital extensions of traditional gaming businesses.

For operators, this means the line between physical and digital gaming is becoming increasingly important. Businesses that successfully separate their online offerings from activities that could trigger an online money game classification will likely be in a stronger compliance position under the evolving framework.

Frequently Asked Questions (FAQ): PROG Rules 2026

OGAI & PROG Rules 2026: Quick Reference Summary

Aspect	What the 2026 Rules Say
Effective date	May 1, 2026
Primary legislation	PROG Act 2025 + PROG Rules 2026
Regulator	OGAI, attached office of MeitY, headquartered in NCT Delhi
Operating model	Digital-first, with no mandatory physical presence for proceedings
Banned category	Online Money Games, subject to an absolute prohibition with no skill-based exception
Permitted category 1	Online Social Games, limited to subscription or access-fee models with no monetary stakes
Permitted category 2	E-sports, requiring both NSGA recognition and OGAI registration
Determination timeline	90 days from receipt of a complete application (Rule 10)
Certificate validity	Up to 10 years (Rule 14)
Tier 1 grievance	Internal operator-level resolution
Tier 2 grievance	Appeal to OGAI within 30 days, with disposal targeted within 30 days (Rule 20)
Second appeal	Secretary, MeitY, within 30 days, with disposal targeted within 30 days (Rule 7)
Bank or payment gateway duty	Verify status before processing and block transactions upon OGAI direction (Rule 19)
Data localisation	Traffic data, metadata, and gameplay records to be stored on Indian servers (Rule 17)
Criminal penalty for operating an OMG	Up to 3 years’ imprisonment and a fine of up to ₹1 crore
Enforcement window	90 days from complaint receipt (Rule 21)

The PROG Rules 2026 represent one of the most significant regulatory shifts the Indian online gaming industry has seen. Rather than relying on a fragmented mix of state laws, court rulings, and evolving interpretations, the sector now operates under a central framework with clearly defined obligations, enforcement mechanisms, and oversight structures.

For operators, compliance is no longer limited to understanding whether a game involves skill or chance. The focus has broadened to include payment structures, reward systems, user protection measures, grievance handling, data storage practices, and ongoing engagement with the regulator. Every aspect of a platform’s design and operation now carries potential regulatory implications.

Businesses that proactively review their portfolios, strengthen their compliance infrastructure, and engage with OGAI early are likely to be better positioned as the framework matures. Those that delay may face not only operational disruption but also significant financial penalties and, in certain circumstances, criminal liability.

As the industry adapts to this new environment, regulatory preparedness is likely to become just as important as product innovation and market growth.

Disclaimer

This article is for informational purposes only and does not constitute legal advice. Operators should consult qualified legal counsel before making compliance decisions under the PROG Act 2025 and PROG Rules 2026.