On February 9th, 2025 an estimated 130 million Americans watched the Philadelphia Eagles beat the Kansas City Chiefs, 40-22, in Super Bowl LIX.
Because individual US states have legalized and regulated online sports betting, millions of these engaged fans were able to wager on anything from the final score to the color of the Gatorade poured on the winning coach.
However, ⅓ of the US population lives in states where online sports betting is prohibited. Depending on where you were in the United States on Super Bowl Sunday, opening a betting app would either give you dozens of potential wagering options or a pop-up explaining that gambling activities were restricted in your state.
Resourceful would-be bettors may try using a Virtual Private Network (VPN), a tool that allows users to spoof their location by altering their IP address, to circumvent geographic restrictions.
Co-Founder and Chair of GeoComply.
However, these attempts fail. The regulatory framework underpinning U.S. sports betting mandates robust location verification tools, capable of detecting and countering spoofing, ensuring that bets only occur where legal.
Operating in the background, these tools enable hundreds of millions of transactions annually while ensuring that the state-by-state legality of sports betting is respected.
Brits turning to VPNs
On July 25th, 2024 millions of Brits opened social media platforms, online chat forums, and pornography sites, and encountered a message explaining that they were required to undergo age verification to prove they were an adult in order to proceed to their desired content.
On that day, millions of Brits quickly turned to VPNs to evade restrictions, dramatically changing the way they interact with major online platforms.
Proton VPN, one of the world's largest, claimed an 1,800% spike in downloads. NordVPN reported a similar increase. Data from Google Trends showed widespread search interest in VPNs across the UK the hour the new law went into effect.
Adults irritated by the notion of age checks and minors seeking to circumvent the content restrictions used VPNs to change their virtual locations to jurisdictions without similar regulatory controls. Unlike their American counterparts, UK users easily circumvented the controls, undermining the Act’s purpose.
So, why are US gaming regulations effective against location spoofing when the UK online safety regulations are not?
Making it work
First, US gaming regulators recognize that IP addresses –the numeric identifiers internet services use to locate devices – are easily manipulated by VPNs. As already noted, UK VPN users seeking to evade the Act’s restrictions used VPNs to appear to be in a different location, even if they were thousands of miles away.
Second, US gaming regulators understand that more robust location data exists and can be effectively leveraged for compliance purposes. GPS, WiFi, and cellular data all provide a more accurate indication of an end user's location than an IP address. This data is already leveraged for applications ranging from mobile banking to rideshare apps and can easily be leveraged for compliance purposes.
Finally, when it came to regulating the gaming industry, US state policymakers decided that accurate location technology is necessary to ensure the effectiveness of jurisdiction-specific regulations in the absence of a universal standard.
Safety concerns
While Ofcom, the UK’s primary online safety regulator, and the UK government clearly agree that VPNs are a challenge, they haven’t taken any concrete steps to fortify their regulations.
Ofcom has only stated that encouraging the use of VPNs to circumvent the law is discouraged, but in a world where VPNs are near ubiquitous, this is hardly a robust standard.
Some have suggested that the government consider a ban on VPNs. This is neither realistic nor productive; millions already use VPNs for perfectly legitimate uses, such as cybersecurity. A ban would be overly draconian and something not consistent with democratic values.
The UK must chart a middle path. Ofcom should require relevant digital platforms to aggregate additional location data when a VPN is detected. If this technology can ensure compliance in the regulated betting market, it can certainly uphold the UK's online safety legislation.
While the UK’s Online Safety Act has attracted the most media attention, it is hardly a standalone piece of legislation. In December of this year, Australia’s Social Media Minimum Age law will go into effect, creating age verification requirements for social media sites.
In the United States, the Supreme Court’s recent ruling in Free Speech Coalition v. Paxton upheld the constitutionality of state-level age verification laws for adult content, all but guaranteeing the advancement of further state-level content restrictions.
Internet reality
The reality of the internet in 2025 is that while access to the web may be global, the regulations governing this access increasingly reflect the specific policy preferences of diverse democratic societies and their elected representatives.
Divergent standards resulting from this regulatory fragmentation create challenges for online digital platforms. Fundamentally, this is a compliance challenge; it’s a question about how platforms can effectively enforce rules for users located in one geographic area, but not for others.
However, more broadly, these rules require platforms to take concrete steps to build trust in societies that increasingly support protecting minors with novel online safety regulations.
Restoring the social compact between internet platforms and the public is not possible in a VPN-blind internet, where the laws and policies of the least regulated jurisdiction become the global default for anyone intent on circumvention.
Policymakers and internet companies must act if they want to uphold regulatory integrity and advance the cause of online safety. After all, if a "rule" can be circumvented by changing an IP address, it is not a regulation; it is merely a suggestion.
We list the best business VPNs.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.