Compliance Isn't What You Think
Dr. Aftab Rizvi, CEO of Gaming Associates, sat down with Jenny Ortiz-Bolivar at AIBC Eurasia in Dubai to talk compliance, culture, and what the next decade of certification really looks like.
When you’re at a conference built around artificial intelligence, blockchain, and crypto, you expect the conversation to be about technology. Dr. Aftab Rizvi flipped that expectation within the first minute.
It’s a statement that stops you in your tracks, and it sets the tone for one of the most honest conversations about compliance and certification to come out of AIBC Eurasia.
Why Culture Is the Real Compliance Problem
The innovation happening in AI and blockchain right now is extraordinary. But according to Dr. Rizvi, the industry’s relationship with compliance hasn’t kept pace, not because the technology is too complex, but because the mindset hasn’t caught up.
Companies building in this space aren’t trained to think about compliance as part of the creation process. And at the same time, regulators are struggling to define requirements fast enough to keep up with what’s being built.
The result is a gap, not in capability, but in culture. Innovators are focused on building the next big thing. Regulators are focused on protecting people. And somewhere in the middle, compliance gets treated as someone else’s problem.
But as Dr. Rizvi put it simply: the reason regulators exist hasn’t changed, regardless of the technology involved.
The Myth That Needs to Die
Ask a product team what they think of auditors and certifiers, and the answer is usually some version of the same thing, they slow things down. They’re blockers. They don’t get innovation.
Dr. Rizvi has heard it all before.
The reality is the opposite. Independent testing bodies aren’t trying to kill innovation — they’re trying to protect it. Their job is to ask the uncomfortable questions before the product reaches the public, before the regulator gets involved, and before something goes wrong in the market.
The problem, as Dr. Rizvi acknowledged, is that compliance is almost always brought in at the end of the development process. By then, it’s genuinely difficult to course-correct. The earlier compliance thinking enters the room, the better the outcome for everyone.
Compliant Is Not the Same as Secure
This is where the conversation got particularly sharp.
There’s a widespread assumption in the industry that if a product is compliant, it must be secure. Dr. Rizvi pushed back on this directly, and clearly.
In fast-moving technology environments, compliance frameworks are often still being defined. Standards lag behind the technology they’re meant to govern. A product can tick every available compliance box and still carry real vulnerabilities — because the moment it goes live, things change.
Security isn’t a certificate. It’s an ongoing commitment.
AI and Blockchain Are Changing How Testing Works
So what does compliance actually look like when the technology itself is constantly evolving?
For AI, the challenge is fundamental. Traditional testing worked because systems were deterministic, you could read the code, trace the logic, and know exactly what a product would do. AI doesn’t work that way.
Blockchain presents a different kind of challenge. In decentralised systems, trust shifts away from people and institutions and toward code and smart contracts. Decisions happen in milliseconds. The traditional model of reviewing and approving simply can’t keep up.
Test labs, regulators, and compliance bodies that don’t adapt to this reality risk becoming exactly what they’re accused of being: blockers. Not because they want to be, but because their methods haven’t evolved to match the technology they’re assessing.
What the Next Decade Looks Like
Looking 5 to 10 years ahead, Dr. Rizvi’s vision is clear, and it’s a significant departure from how things work today.
The annual penetration test is already becoming outdated. The six-month compliance report is on its way out. What replaces them is real-time monitoring, continuous certification, and live reporting that regulators can access at any moment.
Operators, regulators, testing bodies, and compliance companies will need to work much more closely together to make this a reality. And while machines will take on far more of the heavy lifting, because you can’t have a human observe a decision made in a millisecond, people aren’t going anywhere.
A Final Word to Operators and Regulators
If all of this sounds overwhelming, Dr. Rizvi’s message is straightforward: it doesn’t need to be.
The gaming industry has always been an early adopter. Operators and technology providers have the means and the motivation to embrace what’s coming. The shift toward continuous compliance isn’t a threat; it’s an opportunity for the businesses that get ahead of it.
Someone has to look at where this technology is going. Someone has to approve it. Someone has to make sure it’s heading in the right direction.
That conversation starts with culture.
The future of gaming won’t be won by who innovates fastest. It will be won by who builds trust most consistently. Gaming Associates has been helping the industry do exactly that for 25+ years, across 50+ jurisdictions worldwide. To learn more about our independent testing and certification services.




