SREN Law: Regulating Games with Monetizable Digital Items

SREN Law: Regulating Games with Monetizable Digital Items

Key Takeaways

The French Security and Digital Space Regulation Law (“SREN Law”), enacted on May 21, 2024, aims to regulate games involving monetizable digital items (Web3 games). A key focus of the legislation is safeguarding players, particularly minors, from potential risks associated with these games.

The scope of the SREN Law is extensive, addressing various digital issues, from protecting minors and regulating content to fighting cybercrime, facilitating easier cloud service provider transitions, and aligning national regulations with the DSA and DMA standards. (1) Given the breadth of topics covered, each will be discussed in separate articles.

* * * * * * * * * *


The rise of blockchain technology and the growing integration of NFTs and crypto-assets in the gaming industry have led to the development of Web3 games, including those featuring monetizable digital items. (2) These games, which allow players to acquire and monetize virtual items, represent a major turning point in the online entertainment industry. (3) The Security and Digital Space Regulation Law (“SREN Law”), enacted on May 21, 2024, introduces a new regulatory framework to govern these emerging types of games.

The regulation of Web3 games addresses several critical issues: ensuring proper oversight for these games and their operators, protecting players and minors, preventing addictive behaviors, and ensuring in-game transaction security. However, the full implementation of this regulatory framework depends on the publication of several decrees.

The following is an overview of the key provisions governing the operation of Web3 games.

1. Regulating Companies Operating Games with Monetizable Digital Items

With the enactment of the SREN Law, companies that develop and operate Games with Monetizable Digital Items (JONUM) are subject to a series of strict obligations. These measures aim to regulate an innovative and rapidly growing sector, where players can not only acquire digital items within the game but also derive economic benefits through “play-to-earn” mechanisms.

    1.1 What is a Web3 Game or JONUM?

The SREN Law defines games with monetizable digital items as games “offered through an online public communication service that allow players aged 18 or older, who have made a financial commitment, to obtain monetizable digital items through a mechanism involving chance, excluding any monetary gain (...).

Monetizable digital items are defined as “game elements that grant players one or more rights associated with the game and that can be transferred, directly or indirectly, to third parties for a fee.” (4)

The integration of monetizable digital items in games raises ethical and security concerns similar to those found in gambling. To ensure the compliance of their activities, JONUM operators must adhere to the obligations outlined in the SREN Law.

    1.2 What Types of Games Are Covered?

The SREN Law applies to online game operators that allow the monetization of virtual items, under specific conditions. More precisely, the games must meet the following criteria:

    - Online Accessibility: The game must be accessible to the public via an online platform;

    - Element of Chance: The game includes random elements that affect progression, acquisition of virtual items (such as avatars, weapons, or rare accessories), or rewards. These elements, whether linked to draw mechanisms, random rewards, or other gameplay features, distinguish JONUM from simple item-trading games;

    - Player Financial Investment: The acquisition of virtual items involves a financial cost. These items can then be resold or traded by players;

    - Rewards in Monetizable Digital Items: While not directly convertible to legal currency, rewards hold economic value in the form of crypto-assets or virtual items that can be monetized within the game or on external platforms.

These criteria distinguish Web3 games from traditional gambling, though the boundary between the two is not always clear in practice.

    1.3 Which Operators Are Concerned?

Only operators with a registered office in France or in a European Union member state are authorized to operate Web3 games accessible in France. (Art. 40-I D) (4)

    1.4 Mandatory Prior Declaration

Web3 games operators must undergo a prior declaration process with the National Gaming Authority (Autorité Nationale des Jeux - ANJ). (Art. 41-I A)

The declaration must include a comprehensive description of the game’s mechanisms to determine whether it qualifies as a regulated JONUM.

Operators must also promptly notify the ANJ of any significant changes to the game’s operation, such as new monetization features or updates to security systems. However, the specific procedures for the declaration will be clarified in an upcoming decree.

    1.5 Sanctions for Non-Compliance

The National Gaming Authority (ANJ), as the designated regulatory body, is tasked with ensuring that gaming companies comply with the regulation. To fulfil this role, the ANJ is empowered to conduct administrative compliance investigations. (Art. 41-XVII and subsequent articles).

The ANJ may issue formal warnings to gaming companies that fail to comply with their legal obligations. In more severe cases, it can issue a compliance notice, requiring immediate corrective action. In urgent situations, companies may be given as little as 24 hours to rectify their non-compliance.

Additionally, the ANJ’s Sanctions Committee may impose penalties on operators found in violation of the regulations. Depending on the severity of the infraction, these penalties may include:
     - A warning;
     - Temporary suspension of the game’s operation for up to three months;
    - Prohibition from operating the game for up to three years; And banning the operator from engaging in any Web3-related activities for the same period;
    - Financial penalties of up to €100,000 for submitting inaccurate information, failing to provide requested data, or obstructing the investigation process (Art. 41-XXIII and subsequent articles).

Sanctions of up to €100,000 may also be imposed on individuals, such as influencers, who promote illegal games with monetizable digital items. This amount can be increased to four times the amount spent on advertising for the activity in question.

Finally, the ANJ can request that hosting providers, search engines, or online directories block access to or delist websites engaging in illegal gaming activities. (Art. 41-XXVIII)


2. Player Protection: Integrity, Reliability, and Transparency of Gaming Operations

According to Article 40 of the SREN Law, “Companies operating games with monetizable digital items must ensure the integrity, reliability, and transparency of gaming operations and the protection of minors. They must prohibit minors from accessing the games, prevent excessive or pathological gambling, and counter fraudulent or criminal activities, including money laundering and terrorist financing.”

To meet these requirements, Web3 game operators must implement preventive and security measures designed to mitigate the risks associated with these games. These obligations specifically target vulnerable groups, including minors and individuals at risk of addiction.

    2.1 Protecting Minors

Game operators are required to block minors’ access to Web3 games, thereby protecting them from the financial and social risks associated with these monetizable digital items.

To comply, operators must establish robust age verification systems and take technical measures to prevent minors, including emancipated minors, from accessing monetizable games. This obligation includes:

    - A warning message on the game interface, clearly stating that the game is restricted to adults players;
    - Creation of a player account: Players must create a personal account to verify their age and identity, ensuring that only adults can access the game. Each player is limited to one account. (Art. 41-II and III) (5)

Additionally, influencers may only promote Web3 games on platforms that can exclude minors from viewing their content. (Art. 41-XIII)

    2.2 Combating Gambling Addiction

To address the risks of excessive or pathological gambling, the SREN Law includes a set of measures aimed at promoting responsible gaming. Key provisions include:

    - Self-exclusion mechanisms allowing players to temporarily or permanently suspend their activity;
    - Tools for setting limits on spending and playtime;
    - An activity monitoring interface to help players avoid compulsive behavior; (Art. 41-XI)
    - Warning messages about the risks of excessive or pathological gaming.

These preventive measures, while similar to those applied to traditional gambling, are adapted to the specificities of Web3 games. The detailed implementation of these provisions will be outlined in a future decree.

    2.3 Fraud Prevention and Data Security

Given the financial nature of transactions in Web3 gaming, players are at risk of fraud, particularly when using external platforms or engaging in peer-to-peer transactions. To mitigate these risks, the SREN Law subjects gaming operators to anti-money laundering (AML) and counter-terrorist financing (CTF) regulations.

Operators must be able to provide the ANJ with data concerning players, in-game events, and financial transactions associated with the games. (Art. 41-V)

Gaming companies have a grace period of 18 months from the law’s enactment, i.e. until November 22, 2025, to comply with this requirement. (Art. 41-XVI) (6)


3. Implementation Timeline

The rollout of the provisions related to Web3 games follows a phased schedule to allow gaming operators to comply with the new regulatory requirements and adapt their practices. This timeline includes key stages, from the law’s entry into force to its full application, subject to the publication of several implementing decrees.

    3.1 Implementation Contingent on the Publication of Decrees

The effective application of the SREN Law depends on the publication of several decrees, which will provide details on:
    - The categories of authorized games;
    - The information required for submission to the ANJ;
    - The procedures for managing players accounts, including account opening and closure;
    - The data that gaming companies must collect and retain for potential ANJ review;
    - The mechanisms for implementing self-exclusion and self-limitation tools, etc.

    3.2 Evaluation and Adjustment Phase

The provisions governing Web3 games will be implemented on an experimental basis for a period of three years i.e. until May 22, 2027.

During this phase, an evaluation process will assess the regulations’ impact. A mid-term review will take place 18 months after the law’s entry into force to evaluate the effectiveness of player protection measures, the prevention of risky behaviors, and compliance by gaming operators.

This review will also analyze the economic impact of the regulation on the Web3 games market and on gambling games in general.

Six months before the end of the experimental phase, the government will present an evaluation report to Parliament, based on the findings of the mid-term review.


    The regulatory framework for Web3 games (JONUM) represents a significant step forward, enabling the growth of this innovative digital activity within a legal environment that ensures a secure and transparent gaming experience. However, the implementation timeline relies heavily on the timely publication of decrees, which could potentially shorten the effective duration of the experimental phase.

* * * * * * * * * *


(1) Law No. 2024-449 of May 21, 2024, “Security and Digital Space Regulation” (Loi Sécurité et Régulation de l’Espace Numérique). See specifically Title IV (Articles 40 and 41) dedicated to Web3 Games or JONUMs.

(2) These games are identified as Web3 Games, free-to-play (F2P) games or blockchain-based games. In France, they are identified as Web3 Games or “JONUM” (i.e. Jeux à Objets Numériques Monétisables). We’ll use “Web3 games” in this article.

(3) Examples of games with monetizable digital items: Sorare (Football player cards as NFTs); Gods Unchained (Card game featuring NFTs); Axie Infinity (Game featuring creatures as NFTs and rewards in crypto tokens); F1 Delta Time (Racing game with cars and drivers as NFTs, offering crypto-based rewards).

(4) Extended to European Economic Area (EEA) member states outside the EU, i.e. Iceland, Liechtenstein, and Norway.

(5) Age verification and account controls must be conducted in compliance with the General Data Protection Regulation (GDPR).

(6) Provisions included in the Monetary and Financial Code.


Bénédicte DELEPORTE
Avocat

Deleporte Wentz Avocat
www.dwavocat.com

November 2024

Go back to News and Publications

Mots clés :

ai (15) arcep (3) arcom (7) artificial intelligence (6) audiovisual (1) blockchain (5) children (3) cjeu (2) cloud computing (2) communication (6) compliance (12) confidentiality (1) consumers (1) contract (2) copyright (3) cross-border data transfers (4) cybercrime (2) cybersquatting (1) data privacy (8) data privacy framework (2) database (1) domain names (2) dpf (2) drones (1) e-commerce (9) employee (2) encryption (1) eu (8) europe (6) france (7) gdpr (19) general data protection regulation (4) indexing (2) information technology (3) intellectual property (7) internet (27) ip (4) liability (4) nft (3) privacy (6) privacy shield (2) regulation (1) robotics (5) safe harbor (2) search engines (2) security (3) singapore (3) social media (3) software (3) tax (1) trademark (1) uas (1) unmanned aircraft (1) us (2) video game (2)