REF · SR EN 18144:2025 · MARKERS OF HARM · ONLINE GAMBLING REFERENCE IMPLEMENTATION · MIT · DETERMINISTIC
EN 18144:2025 · Player protection · Compliance

The player-protection layer for your gambling platform.

MarkerLayer implements the nine behavioural markers of harm defined by the European standard EN 18144:2025 — verified clause by clause against the published text. Send the events you already have; get back explainable, auditable risk signals per player. Self-host the open-source engine, or point your events at the managed cloud.

npm i markerlayer · Docker image · OpenAPI 3.1 · zero runtime dependencies

PLAYER op-4711 · window 7dbaseline: self
M1_volume_of_stakeselevated
M3_depositing_behaviourhigh
M6_gambling_timenormal
M9_losseshigh
composite8 pts → high
evidencedeclinedDepositCountWeek=4 ≥ 3
lossEscalationRatio=3.10 ≥ 2 with rising trajectory (+61%/week)
01

Compliance in an afternoon.

Integration is one endpoint. MarkerLayer reduces the standard to a contract your platform already speaks: behavioural events in, standardized markers out.

STEP 1 — SEND

Seven event types you already have

Batched, idempotent, pseudonymous. No PII ever enters the schema.

wager · deposit · withdrawal
session · support_contact
safety_tool · bonus
STEP 2 — COMPUTE

Deterministic scoring, per the standard

Each player is compared against their own 90-day baseline (robust median/MAD statistics) and against the population — exactly the dual comparison §4.1 requires. Sessions follow the §3.6 five-minute rule; gambling time follows both §5.6.2 methods.

STEP 3 — ACT

Nine markers, evidence attached

Every marker returns a state and the exact rule that produced it. A point-based composite considers markers together per §4.2. The standard prescribes no trigger points; thresholds remain your documented policy.

02

The nine markers, as written.

MarkerLayer mirrors clauses §5.1–§5.9 of EN 18144:2025 in name, order, measurement, and required time spans — verified against the full published text.

M1

Volume of Stakes

§5.1

Cumulative bet amount and number of stakes, with trajectory and variability characterisation.

day · week · month · 90d · 180d
M2

Speed of Play

§5.2

Mean inter-bet interval within sessions, exactly as §5.2.2 measures it — plus in-session top-up detection.

session · day · week · month
M3

Depositing Behaviour

§5.3

Successful and declined deposits, amounts, methods, net deposits — and chase-deposit dynamics per §4.3.

day · week · month · 90d · 180d
M4

Cancelled Withdrawals

§5.4

Cancellation counts and the cancel-and-replay pattern: money on its way out, gambled instead.

day · week · month
M5

Player Initiated Contact

§5.5

Contact frequency categorized positive / neutral / negative. A responsible-gambling contact is never “normal”.

day · week · month
M6

Gambling Time

§5.6

Both mandatory methods: session minutes split across day boundaries, and hour-slots with activity per 24h.

session · day · week · month
M7

Gambling Products

§5.7

Distinct products per session and per span; breadth of engagement and new-vertical adoption.

session · day · week · month
M8

Responsible Gambling Tools

§5.8

All limit changes counted; self-exclusion tracked separately across the whole account history.

day · week · month · lifetime
M9

Losses

§5.9

Loss Calculation Method 2 — stakes minus winnings minus bonuses — with escalation and trajectory analysis.

day · week · month · 90d · 180d
03

Built to be audited.

Player-protection signals end up in front of regulators, auditors, and — sometimes — courts. MarkerLayer is engineered for that room.

DETERMINISMSame events in, same markers out

No machine learning in the scoring path. Every computation is reproducible from the event log — re-run any historical assessment and get the identical result, byte for byte.

EXPLAINABILITYEvery flag names its rule

A non-normal state always carries evidence like declinedDepositCountWeek=4 ≥ 3 — the feature, the value, the threshold. Your compliance team can defend every alert without reverse-engineering a model.

DATA MINIMISATIONNo PII in the schema

Pseudonymous player IDs, amounts in minor units, categorical fields only. Nothing MarkerLayer ingests can identify a person. GDPR posture by construction.

HONEST GAPSMissing data stays visible

All nine markers always appear in the output. If an event stream isn’t supplied — or a marker is legally unavailable in a jurisdiction, as §1 permits — it reports insufficient_data with the missing inputs named.

04

Run it your way.

The engine is open source under MIT — github.com/markerlayer/markerlayer. The cloud is for teams who want the layer without the operations.

Self-hosted · Open source

The engine, in your stack

TypeScript library and API server with zero runtime dependencies. Your events never leave your infrastructure.

  • MIT licensed — audit every line on GitHub
  • npm package or Docker image
  • OpenAPI 3.1 contract included
  • 51 automated tests, standard-mapped spec
# library npm i markerlayer # or the API, self-hosted docker run -p 3200:3200 -v data:/data \ -e MARKERLAYER_API_KEYS=<key> markerlayer
Managed cloud

The layer, as a service

EU-hosted ingestion and scoring with retention controls, monitoring, and support — send events, read markers.

  • One endpoint, bearer-key auth
  • Idempotent batched ingestion
  • Data minimisation and EU residency
  • Early-access pricing for pilot operators
# send what happened curl -X POST https://api.markerlayer.com/v1/events \ -H "Authorization: Bearer $KEY" \ -d @events.json # read the markers GET /v1/players/op-4711/markers
§
“The proposal for a standard on markers of harm cannot serve as a clinical assessment of gambling disorder.”
EN 18144:2025, clause 4.1

MarkerLayer is an identification aid. It tells your team which players warrant a human look and why — intervention decisions remain your regulated responsibility, and flag thresholds remain your documented policy. We think honesty about that line is what makes a compliance tool credible.

05

Talk to us before your next audit.

We work with online gambling operators and platform providers across the EU. A walkthrough takes thirty minutes: your event data, the nine markers, and what your regulator will ask.

Write to
hello@markerlayer.com
Built & operated by

Duomind — compliance software, Romania / EU.
duomind.eu