EU Court Ruling on Online Gambling Liability: Players Can Sue Foreign Operators’ Directors Under Their Home Country Law (Case C-77/24 Wunner)

Published: 15 January 2026
Jurisdiction: Court of Justice of the European Union (CJEU)
Case: C-77/24 (Wunner)

A major ruling from the Court of Justice of the European Union (CJEU) is reshaping the legal landscape for cross-border online gambling in the EU. In Case C-77/24 (Wunner), the Court clarified that a player can, as a general rule, rely on the law of their country of residence when bringing a legal claim to establish tort/delict liability against the directors of a foreign gambling provider that did not hold the required local licence.

In plain terms: If an operator offers online gambling in a country without being licensed there, the player’s losses may legally be treated as “damage” occurring in the player’s home country—making it easier for the player to sue under the rules and protections of that local market.

This decision is likely to have significant implications not only for gambling operators, but also for directors, C-level executives, compliance leaders, and corporate legal teams, especially those managing cross-border growth strategies, grey-market exposure, or “EU passporting assumptions” that do not apply to gambling.

What Happened in Case C-77/24 (Wunner)?

The case centers around an Austrian resident who participated in online gambling offered by a Maltese provider called Titanium Brace Marketing Limited (“Titanium”), which was reportedly available across the European market.

Titanium held a gambling licence in Malta, but did not hold a licence in Austria.

The Austrian player filed legal proceedings in Austria against two directors of Titanium to recover losses incurred through online gambling activity, arguing that:

• the gambling contract was null and void, and

• under Austrian law, the directors were personally and jointly and severally liable because the company offered illegal games of chance in Austria without the required local authorisation.

However, the directors disputed the jurisdiction and the applicable law, claiming that:

• the event that gave rise to the damage occurred in Malta

• the damage occurred in Malta

• therefore Austrian courts should not have jurisdiction

• and Maltese law—not Austrian law—should apply

This created a critical conflict-of-laws problem that many cross-border online gambling disputes face: where did the “damage” actually occur in an online gambling transaction?

The Key Legal Question: Where Does the Player’s “Damage” Occur?

The CJEU examined the issue under the Rome II Regulation (Regulation (EC) No 864/2007), which sets the rules on which country’s law applies to non-contractual obligations (tort/delict) in cross-border situations.

Under Rome II, the general rule is:

the law applicable to a non-contractual obligation is the law of the country in which the damage occurs.

This rule applies:

• regardless of where the event giving rise to the damage occurred, and

• regardless of where indirect consequences occur.

This distinction matters enormously in online gambling, where the operator, bank accounts, infrastructure, licensing and corporate entity may sit in one jurisdiction, while the player plays from another.

CJEU Decision: The Damage Occurs Where the Player Resides

The Court ruled that in the context of a player seeking damages for gambling losses incurred via an online operator that lacked a licence in the player’s country, the damage sustained by the player is deemed to have occurred in the Member State where the player is habitually resident.

In this case:

✅ Player residence: Austria
✅ Operator jurisdiction: Malta
✅ Damage is deemed to occur: Austria

Therefore, Austrian law would apply as the default rule, because it is the law of the country where the damage occurred.

This is a powerful statement for cross-border enforcement because it significantly strengthens the position of the player in local legal proceedings.

Why This Is Bigger Than One Operator vs One Player

Operators and B2B suppliers often debate where online gambling “takes place”:

• Where the website is hosted?

• Where the operator is incorporated?

• Where the payment processor is located?

• Where the player clicks the spin button?

The Court recognized the reality of online gambling: it is not easily tied to one physical location.

Instead, the Court anchored the legal “place of damage” in the most relevant point of impact: where the player participates and is protected by local law.

This is not just a technical detail. It changes the legal risk profile for operators pursuing cross-border traffic without local authorisation.

Directors Can Be Targeted Personally Under Tort/Delict Claims

One of the most important elements in this decision is that the lawsuit was not only against the company (which was in liquidation), but also against the directors.

The Court clarified that Rome II applies to an action seeking to establish tortious liability aimed at directors for the infringement of a national prohibition on offering games of chance without a licence.

Crucially, the Court stated that this type of claim is not excluded under the category of “non-contractual obligations arising out of the law of companies.”

That matters because:

• directors may be pursued for external obligations under national law

• liability cannot automatically be pushed behind the corporate shield

• liquidation status doesn’t necessarily end the route to recovery

• plaintiffs may try to recover from individuals when the company can’t pay

For executive leadership, this decision amplifies the importance of cross-border compliance controls and licensing certainty before market entry.

What is Rome II Regulation and Why Does It Matter for iGaming?

The Rome II Regulation governs which national law applies when a tort/delict crosses borders inside the EU.

In iGaming, tort/delict claims can arise in scenarios such as:

• offering gambling without a licence in a player’s country

• breach of national consumer protections

• misleading marketing practices

• aggressive bonus or VIP retention practices

• AML/KYC failures causing financial harm

• payment disputes framed as “damage”

This ruling confirms that when the player’s alleged damage manifests in their home country, their home law may apply even if the operator is licensed elsewhere.

For operators, that’s a fundamental shift in predictability: you can be licensed and compliant in Jurisdiction A, but still face litigation under Jurisdiction B if you are not authorised there.

What About the Bank Transfer to Malta? Does That Change Anything?

In the case background, the player funded their account by transferring money from an Austrian bank account to a Maltese bank account connected to the operator, structured as a real account for the client.

This detail is important because many operators might assume that:

“Since the money went to Malta, the financial harm happened in Malta.”

But the Court’s logic places the relevant harm in Austria because:

• the player participated from Austria

• the Austrian prohibition existed to protect Austrian interests

• the alleged wrongdoing was the availability of unlicensed gambling to the Austrian public

• the loss actually “manifested itself” where the player played

This is a regulatory confirmation that payment routing does not automatically determine where damage occurs.

The “Manifestly Closer Connection” Exception: Is There a Way Out?

Rome II does allow a court to apply another law if the situation is manifestly more closely connected with another country.

This is not an automatic escape route, but it provides legal flexibility when circumstances clearly point away from the default rule.

However, for many online gambling cases, “habitual residence of the player” will likely remain the dominant factor, because:

• online gambling is consumed at home

• national gambling prohibitions are designed to protect local public policy

• consumer harm and addiction protections are domestic priorities

What This Means for Online Gambling Operators

For licensed operators, this ruling reinforces a simple message:

Having a licence somewhere in the EU does not mean you are safe everywhere in the EU.

Online gambling remains a regulated activity at national level. The court’s approach supports local enforcement actions, local consumer claims, and local standards for liability.

Key operator implications:

• Greater exposure to player claims in their home countries

• Increased likelihood of multi-jurisdiction legal disputes

• Stronger incentives for local licensing compliance

• Higher risk in “cross-border availability” strategies

• Potential personal liability pressure on management/directors

What This Means for Directors and Executive Teams

Directors and senior leaders should treat this ruling as a board-level issue, not just a legal memo.

Because once claims start targeting individuals:

• risk becomes personal

• reputational impact rises

• insurers and D&O coverage becomes critical

• governance and compliance documentation matters more

• market-entry decisions need formal defensibility

If an operator “knows or should know” a jurisdiction requires local licensing and still targets players, it can become harder to argue that leadership lacked responsibility.

What This Means for Compliance and Legal Teams

This ruling increases pressure on compliance departments to strengthen controls around:

• geo-blocking enforcement and logging

• affiliate and marketing restrictions

• local licensing checks for incoming traffic

• responsible gaming enforcement tied to jurisdiction

• internal “grey market” classification and decision logs

• audits showing intent to prevent unlicensed access

It also encourages compliance leaders to align more closely with the business side.

Because in many organizations, unlicensed market exposure doesn’t come from direct intent—it comes from:

• affiliate channels

• SEO traffic

• paid ads leakage

• influencer content

• “international” brand messaging

• insufficient enforcement of region-based access restrictions

What This Means for Casinos and Land-Based Brands Expanding Online

For land-based casino groups moving into digital, this decision is a warning against the “soft launch across Europe” approach.

Many casino brands assume cross-border digital rollout is comparable to hospitality marketing. It isn’t.

If a casino group launches online and traffic arrives from unlicensed jurisdictions, the legal risk may follow the player back home—even if the operational core sits in a licensed hub.

Potential Industry Impact: A Stronger Local Enforcement Future

This judgment fits into a broader trend across Europe:

• member states defending national gambling restrictions

• regulators pressuring operators on compliance and marketing

• increased litigation from players seeking loss recovery

• courts being less tolerant of grey market monetization

• stronger accountability mechanisms for leadership

In practice, it could accelerate:

• more local lawsuits by players

• more action against executives when companies dissolve or liquidate

• more demand for proof of compliance intent and enforcement

• more re-evaluation of licensing strategy in “borderline” markets

Strategic Takeaways for iGaming Operators

If you manage a regulated brand, this ruling supports three high-level strategic priorities:

1) Local licensing is the only stable long-term route

Short-term grey exposure may now bring long-term legal cost.

2) Geo-compliance must be demonstrable

It’s no longer enough to “have a tool.”
You need logs, enforcement, and proof of execution.

3) Executive governance matters

If leadership risk becomes personal, the organization must show that compliance decisions were not casual.

Final Thoughts: A Defining Ruling for Cross-Border Online Gambling Risk

The CJEU decision in Case C-77/24 (Wunner) gives players a major advantage in cross-border online gambling disputes: the ability, in general, to rely on the law of their country of residence when bringing tort/delict claims against the directors of a foreign provider that lacked the required licence.

This is not a symbolic ruling. It is a practical legal framework that:

• strengthens local consumer protection

• reinforces national licensing regimes

• increases compliance pressure

• and raises personal accountability risks for leadership

For operators with ambitions across Europe, the message is clear:

Cross-border growth must be built on compliance-first foundations, not geographic ambiguity.

FAQ: Quick Answers for Operators and Industry Leaders

Can players sue under their home country law?

As a general rule under Rome II, yes—if the damage is deemed to occur in their country of habitual residence.

Does a Maltese licence protect an operator across the EU?

No. Gambling is regulated nationally, and this ruling reinforces that reality.

Can directors be personally targeted?

Yes—especially where claims are framed as external tort/delict obligations, not just internal company law matters.

Can courts apply another country’s law instead?

Only where the case is manifestly more closely connected with another country, based on all circumstances.