Black plus white generally equals grey, or at least gray.

The arrest questioning of Norbert Teufelberger in Belgium on Tuesday seems as good a time as any to post about something that may seem obvious to many but still gets asked often enough (and perhaps too often): how to build an Internet gaming business that’s onside the laws of the jurisdictions in which it operates.

The detention of Teufelberger, co-CEO of Bwin.Party, concerns the continued operations of a publicly traded online gaming company in Belgium and its presence on that country’s so-called “blacklist.” Bwin.Party is “whitelisted” in other jurisdictions, and contends Belgium’s laws restricting foreign-based operators run afoul of European Union law. But with that matter yet to be resolved, people are already wondering what Belgium’s legal interpretations mean for Bwin.Party’s licensing prospects in Nevada — and its partnership with US casino companies, MGM and Boyd Gaming. (On that subject, I defer to @BrianPempus‘s tweets, comments, and queries.)

But the Teufelberger-Belgium affair raises the question I still get asked all the time: What jurisdictions should I stay away from if I’m an Internet gaming operator?

For the moment, let’s set aside some threshold questions about the games themselves or the betting options available. Let’s also ignore whether an operator has sufficient nexus to a place — from a criminal and regulatory perspective — if it merely accepts wagers from people in that location but otherwise maintains no presence there.

The way the question (i.e., what places should I avoid?) is phrased presumes that you can throw out your wares to the whole world, and then whittle down places that are ‘higher risk’ or ‘grey’ (whatever that even means) and come to some kind of acceptable exposure level.

That’s fine as far as it goes, but if the question is really trying to get at where the operation can be completely above-board and legitimate and operate consistent with applicable law, the formulation is completely backwards.

The only way to be completely secure in your legal position in Internet gaming is to start with one jurisdiction in which you’re completely licensed (if required) and legitimately offering services in that jurisdiction, and then to expand outwards into other jurisdictions as you are licensed (again: as required) and otherwise fully legitimate in those jurisdictions. It’s more inductive than deductive; there are no shortcuts in this approach. It’s time-consuming and expensive. But it’s the only way to be sure — or as sure as one can be — of your legal position in every market.

I’m not saying that starting big and slimming down is necessarily wrong. There are plenty of reputable gaming businesses taking that approach. There are also operators committed to a far more conservative methodology. It’s a question of risk and exposure.

But a prospective client asking for a list of states that are higher risk might want to rethink the question being put forward in the first place.