The Isle of Man regulator has formally notified licensed operators: deepfake technologies are already used to bypass standard customer identification procedures. According to FATF, artificial intelligence and synthetic videos are increasingly used in fraud schemes, money laundering and identity spoofing.
How risks transform
🔵 Deepfake helps you pass video-KYC and biometric checks
🔵 Synthetic audio- And video materials used to imitate a real person
🔵 Scaling fraudulent schemes has become faster and cheaper
🔵 Simplified customer onboarding can turn into an attack tool against operators
Why is this critical for gambling?
🔴 Dependence on facial recognition increases the vulnerability of the identification stage
🔴 Cross-border checks through different systems complicate control
🔴 Deepfake generation technologies are developing faster, than methods for identifying them
🔴 AML risks and threats of illegal financing
🔴 FATF characterizes the situation as a technological “arms race”
What do regulators expect?
🔵 Transition to a multi-level verification model instead of one control point
🔵 Implementation of synthetic content detection tools
🔵 Training employees to identify AI fakes
🔵 Active exchange of information between regulators and industry
🔵 Taking into account AI risks in the overall system for assessing business risks of operators
Isle of Man position
🔴 The regulator warns licensees in advance, formally establishing deepfake as a recognized risk
🔴 Citing “new technology” will no longer be considered an excuse
🔴 B 2026 year, the jurisdiction is checked by MONEYVAL - the actual effectiveness of control will be assessed
🔴 Public rhetoric around AI is being considered as part of the preparation for this assessment
Bottom line
Deepfake turns fake identity into a scalable tool. This opens the way to massive KYC bypass, age restrictions and self-exclusion mechanisms, as well as to cheaper legalization of funds through formally “clean” accounts.
Resistance to AI attacks is becoming a mandatory element of operator infrastructure. Regulators will increasingly evaluate the non-formal existence of procedures, and their ability to withstand real technological attacks.
