Stop-Killing-Games: I agree with the Intent, but not the Details.

Phew, this is going to be a long one. I've been working on this post for quite a long time, and finally found the time to complete the writeup after seeing the news that the European Commission formally declined to propose a binding legislation yesterday on June 16, 2026.

Instead, the Commission committed to a voluntary industry "code of conduct" by the end of 2026, citing IP rights, confidential business information, publisher costs, and cybersecurity risks as reasons binding legislation "would not be proportionate."

SKG isn't dead yet, the campaign is now pivoting to amend the EU Digital Fairness Act, and California's AB 1921 (the "Protect Our Games Act") is moving through the legislative process stateside. But the Commission's response is a useful moment to step back and ask: what should a law like this look like?

I want to be upfront: I agree with SKG's intent. The Crew getting permanently bricked in March 2024 is exactly the kind of consumer outcome that shouldn't be possible. Ubisoft's legal posture that players bought "limited access" rather than ownership of the product is, in my view, dishonest about what the receipt at checkout implied to buyers.

But I've watched what happens when a country writes the wrong words on paper while trying to do the right thing. I want to lay out some concerns about execution, because at the end of the day, that's what is going to matter.

Section 1: When Game Regulation Goes Wrong

I'm from South Korea, one of the only democracies in the world where a government entity directly rates and regulates video games. The Game Rating and Administration Committee (GRAC) is a quasi-governmental body that mandates classification for every game sold in the country. It's surprisingly not a private industry self-rating system like ESRB or PEGI. And to understand why Korea functions this way, we need a quick history listen regarding "Sea Story".

The Sea Story Scandal

In 2004, an arcade game called 바다이야기 (Bada Iyagi, or "Sea Story") was released in South Korea. On paper, it was a chance-based video game. In practice, it was a slot machine. It paid out in government-sponsored gift certificates, which were trivially cashable at exchange shops conveniently located next door to the arcades. Gambling is illegal in South Korea, but Sea Story was approved for all ages by the then-rating body, the Korea Media Rating Board.

At its peak, Sea Story machines reportedly generated around $15 billion annually for arcade operators, with the total gift-certificate gambling economy reaching $31.5 billion. Several people took their own lives over Sea Story losses. The scandal eventually reached the office of then-President Roh Moo-hyun.

The Korean government's response was to strip the Korea Media Rating Board of its game-rating authority and create a dedicated body, the Game Rating Board (later GRAC).

The Ricochet

GRAC became the gravitational center for adjacent regulatory pressures, such as child protection, anti-obscenity, anti-speculation laws. The rating system became a de facto censorship mechanism. Games that triggered any of those overlapping rules don't get a rating, and games without a rating cannot legally be sold in South Korea.

The most notorious example that is familiar to most Korean gamers: in July 2017, GRAC refused to rate Spike Chunsoft's Danganronpa V3: Killing Harmony, citing Game Law Article 32 Section 2-3 - "concern for societal disruption due to amplified portrayal of crime, violence, sex and etc which in turn would incite criminal behavior or copycat crimes."

The Korean version of V3 was already nearly localized, and a lot of investment was done to strengthen the IP in the Korean market. The publisher Sony Computer Entertainment Korea and the developer Spike Chunsoft lost a fortune due to this decision, and subsequently gave up on Korean market entry for new titles in the series for the risk of additional investment failure. Korean fans, Korean players, and the developers who would have sold them games were all worse off, because of a regulatory body that was originally created to stop a money-laundering slot machine.

Tangentially, South Korea is one of the only democracies where adult-only games, including ones legally sold and rated in Japan, the US, and the EU, are not legally accessible to Korean adults. In most countries, the decision of whether to buy Subverse or any number of legitimately adult titles is a parental and personal decision. In Korea, it is a governmental ban that applies to citizens of legal age.

But did it Stop the Bad Actors?

The irony though is that Sea Story-style gambling games never went away. They simply migrated to the internet, where the National Police Agency reported case counts ballooning from 64 in 2004 to nearly 6,000 by 2006 and remaining stubbornly high through the late 2000s.

Today, P2E and crypto-gambling adjacent games continue to find their way through the cracks. The actors GRAC was created to stop adapted and found loopholes, but the actors who were harmed along the way were honest developers such as Spike Chunsoft, Korean Danganronpa fans, and pretty much every other Japanese visual-novel studio that decided the localization cost wasn't worth the regulatory risk to enter the Korean market.

Korea is already treated as a second-class citizen when it comes to getting official localizations due to its relatively smaller console gamer population, but this regulation, which started out as "good intentions to protect gamers" ended up working against us. Korean players and civic representatives have been working hard to roll this back and to move the country toward a system more like PEGI or ESRB, where ratings are advisory and the censorship power doesn't sit with a government agency. Progress has been slow. The lesson here is that Law is easy to put in the books. But it is very hard to take out.

This is the lens through which I look at any proposal for government regulation of how games are made, sold, or supported, and also why I'm not blindly supporting SKG without fully understanding the details.

Section 2: Where Is the Right Line on SKG?

Now, I want to shift focus on the actual technical complexities, because the SKG conversation online has been weirdly devoid of them.

I work in the software industry with many colleagues working within various sized of game studios. And with that background, there are some concerns that I want to bring up, especially around technical complexities in the domain of online video game software. I'm not trying to pick sides or lobby - if SKG's initial role in this movement was to gain publicity, the organic next step is to iron out the actual details, and that's the direction I'm trying to head to.

Defining "EOL Planning"

The initial SKG's own ask is intentionally broad to the point of being undefined. The verbatim text of the Stop Destroying Videogames European Citizens' Initiative, as registered with the European Commission, reads:

"This initiative calls to require publishers that sell or license videogames to consumers in the European Union (or related features and assets sold for videogames they operate) to leave said videogames in a functional (playable) state. Specifically, the initiative seeks to prevent the remote disabling of videogames by the publishers, before providing reasonable means to continue functioning of said videogames without the involvement from the side of the publisher. The initiative does not seek to acquire ownership of said videogames, associated intellectual rights or monetization rights, neither does it expect the publisher to provide resources for the said videogame once they discontinue it while leaving it in a reasonably functional (playable) state."

Read that carefully. The ECI's verbatim ask does not require offline mode. It does not require open-sourcing of server code. It does not require private server tools. It does not require refunds. It does not specify a notification window. It demands that publishers provide "reasonable means" to keep games in a "reasonably functional (playable) state." Every load-bearing word in the ask is, for a lack of a better word, vague.

That is not an accident. It is a strategic choice, and the SKG team has been honest that they want to leave implementation to legislators. The advantage: a million signatures can rally behind "don't destroy games" without anyone having to agree on how. However, we should NOT leave it to the legislators. That's exactly why in section 1 tried to explain a real anecdote of "game legislation = bad". Vagueness ratchets in the direction of whoever has more lobbying power, and one wrong word can end up punishing good actors and opening loopholes for bad actors.

That ambiguity is the entire substance of my argument.

I'm not going to pretend I have a clean answer here. Anyone who claims they do, including the SKG team, the trade associations, and the lawmakers about to draft this, is either oversimplifying or lying. What I will insist on is that a binding instrument without explicit definitions of which games fall under which obligation, is not a law. It is a delegation of authority to whichever regulatory body is asked to interpret it later, and we already know how that goes.

AB 1921

California's AB 1921 is much more concrete. Publishers selling server-dependent paid games are required to:

1. Notify consumers at least 60 days in advance of an end-of-support date.
2. Stop selling the game in the final 60 days before discontinuation.
3. Provide one of three things at end of life: a patch that makes the game function independently of publisher servers, a separately distributed autonomous version, or a full refund to affected purchasers.

It's tempting to look at California's AB 1921 and say "great, this is the concrete version of SKG that should win." It's more honest than the EU ECI and more specific than the Commission's voluntary code. But specificity is not the same as harmlessness, and I want to be clear about who actually pays for AB 1921.

The bill's three remediation options - offline patch, autonomous version, or refund - are presented as a choice. In practice, there's only one option. Refunds across an entire user base are catastrophic for most studios. "Autonomous version" is just a fancy word for an "offline mode". This means that the realistic obligation is "design your architecture from day one to be capable of running without your servers." That is not a switch you flip at end-of-life. That is an architectural decision that has to be made before a line of game code is written.

Offline-capable architecture requires very expensive, technically strong engineers.

If a publisher builds the ability for a game to run without their servers, that capability is also an attack surface. Anti-cheat, anti-piracy, anti-economy-manipulation, and progression integrity all currently depend on server authority. A game that can be trivially detached from its servers is a game that can be trivially cheated, pirated, or have its economy poisoned during its commercial life. Designing the kill-switch correctly means designing it to be inert during normal operation and only activatable under some publisher-controlled condition. A game that gets hacked dies faster than those that are designed to be hack-resilient, which is, ironically, the opposite of what SKG wants. It's a whole new sub-discipline of game engineering, which may require engineers from more technical backgrounds (or billions of Claude tokens) to pull off.

The second food for thought is the actual engineering cost. These are illustrative, not measured, but they are not unreasonable. Suppose adding robust offline-capable architecture to a server-dependent game takes on the order of 20 developer-weeks (assuming that the studio has the engineering talent and expertise to design robust backend systems, or are paying for millions of claude tokens to help with security audits). That estimate would vary wildly by genre and scale, but it's a sane order of magnitude. Additionally, strong engineering talent usually do not stay within the gaming industry due to the weak pay incentives and job security compared to traditional software giants, and it will be a challenge of itself to attract such talent into a game studio.

For a well-funded studio with a five-engineer backend team, 20 developer-weeks is one extra month at the start of the project.

However, for an indie studio with one backend engineer, let alone the assumption that the engineer has the domain expertise around secure online game design, 20 developer-weeks is half an year. Half an year is the difference between shipping at all and running out of money before launch. And again, what might end up happening is actually killing games from even rooting in the first place.

This is exactly the dynamic I am most worried about. Regulation written to target the largest, best-funded actors will not stop the largest, best-funded actors. They have the engineering capacity to absorb the cost. It stops the smallest actors, who do not have the money nor talent, and impact them the most.

I am not saying AB 1921 is bad. I am saying the people writing it need to do a serious indie-impact analysis before the January 2027 effective date. That means surveys of indie studios about engineering capacity, market analysis of what gets shipped vs. what gets canceled under compliance pressure, and probably tiered compliance obligations based on studio size, publisher revenue, or game scope. None of that exercise has been done yet, and I think is critical before we proceed any further.

Section 3: The "Freemium" gap

Consider three real consumer models:

Model A: The ski pass. You buy a one-month pass to a ski resort. The pass expires. Two months later, the resort goes out of business. You are not entitled to a refund. You bought access for a window, you got the access, the window closed, end of transaction. World of Warcraft's subscription model is structurally identical. If Blizzard shuts WoW down six months after your last subscription lapsed, you don't have a complaint - you got what you paid for. SKG's actual ECI text and AB 1921's exemptions both correctly recognize this and carve out subscription services.

Model B: The free game with paid purchases. Fortnite, League of Legends, Genshin Impact, etc. The game itself is free, but you spent $400 over three years on skins, characters, battle passes, and currency packs. Is that an upfront purchase that triggers SKG-style obligations? The user never bought "the game." They bought goods within the game. When the game shuts down, the goods become unusable. But were they ever really "goods" in the property-law sense, or were they always service entitlements?

This is the genuinely hard question, and SKG's framing dodges it. The ECI text talks about publishers who "sell or license videogames" and "related features and assets sold for videogames they operate." That second clause is there for these transactions, but it doesn't answer what the obligation actually is. Preserving "playability" for a F2P game that no one paid an entry fee for doesn't really fit here... in an objective sense. Again, I'm not trying to argue the intention. And this introduces a loophole:

Model C: The NFT/blockchain loophole. Imagine a F2P game where, instead of selling cosmetics through a centralized server, the publisher sells them as on-chain NFTs that the player holds in their own wallet. When the game shuts down, the publisher's argument writes itself: "We didn't kill anything. Your sword NFT is still in your wallet. We just stopped operating the game it worked in. You still own the asset - go trade it, sell it, mint a new game around it."

This is not a hypothetical. Multiple Korean game companies such as Wemade, Netmarble, and Com2uS, have tried to release blockchain-based games with this exact model.

South Korea's GRAC has uniformly rejected them, classifying them as gambling under the existing post-Sea Story framework. But in jurisdictions without that framework, the NFT loophole is a credible end-run around SKG-style legislation: the publisher can plausibly claim they fulfilled their preservation obligation by leaving the asset in the consumer's custody, even though the asset is functionally a useless token of a dead game.

Is owning a JPEG of a sword you can't use "preservation"? Legally, under a vaguely-worded SKG implementation, it might be enough. Morally, obviously not. But that's exactly the gap that vague legislation opens.

Model D: All online games go Freemium, but you "pay" to create an account to actually access the game. To be fair, I think this one goes a bit too extreme and will actually piss off players and get a bad reputation. But we have services like Xbox Gamepass which is actually quite similar to this model. You pay for the "service that lets you play the game", and a game that might be in the catalog today might disappear tomorrow, similar to how Netflix rotates out shows which the licenses expired for. What if theoretically, The Crew was never a paid game, but a "Ubisoft Gamepass Exclusive" and then the server was shut down after a few years?

Right now, this is all food for thought. There are many edge-cases that larger companies will try to slip through, and adding more and more clauses to seal every single gap may end up hurting good actors even more. I don't have a solution to it, and I can't think of a viable one. But I hope you see where I'm going.

Private Servers

Community-driven private servers are something many SKG-adjacent YouTubers conflate with SKG itself. They're related, but not the same. But community-driven private servers may also be the only practical solution.

But we should address the challenges first:

Legal Grey Area of Private Servers

1. Many "illegal" private servers are based on leaked or stolen server source code.
   Such cases are objectively espionage and IP theft. The fact that the original is no longer commercially available doesn't change that.
2. During active service, there's a legitimate argument that private servers running concurrently with an official live game can deceive consumers into thinking they're getting an official experience, dilute the developer's player base, or interfere with active monetization. Takedown authority during the active life of a game is defensible.
3. The IP/trademark grey area needs explicit guidance. Private server operators shouldn't be hosting under the game's official name with the official logo, but they also shouldn't be sued out of existence for using the game's name factually - i.e., "this is a community server for [GAME]."

There's a beautiful real-world example of private servers done right: City of Heroes. NCSoft shut down the official servers in 2012. Underground private servers (the "SCORE" leak, later Homecoming) emerged. After years of legal grey area, NCSoft eventually granted Homecoming an official license in 2020 to operate as a community-run continuation. That's the model SKG should be designing toward.

I support private servers, but it should not be at the expense of IP and trademark laws. For the interest of SKG, I think what realistically makes sense is:

1. For private servers that were built with full community effort of reverse-engineering the games' protocols: developers should not be permitted to issue takedowns or cease-and-desist orders. This is fan labor on observable network behavior. There is decades of precedent here, from old-MMO emulators to console homebrew, and the law generally protects reverse engineering. SKG should protect the community from getting lawsuits or C&Ds as long as there is compliance with IP/trademark laws.
2. Developers should go a step further and be "consumer friendly" by providing a client-side mechanism to point at a non-official server (a config file, a URL field, a custom launcher). This is dramatically lower effort than re-engineering a game to be P2P or fully offline, and many older games already shipped with this.
3. Developers should provide official licensing of private servers as an EOL option. This legally allows communities to support online video games for the pure love of the game without harming the integrity of the IP (as long as they stay within the license agreement), thus aligning with the interests of both parties.

SKG-aligned framing of private servers as a player right has to come with player responsibilities. Players don't get to demand a developer's code, IP, or art assets. Developers, per SKG's spirit, should favor player interests. Players, in return, have to respect that developers still have legitimate IP and trademark interests. Both sides need this in writing.

Technicality of Private Servers: "Just Hand Over the Keys" Is Not As Easy As It Sounds

This is where I think a lot of SKG advocacy gets technically lazy. The reality of how modern games are operated has diverged hard from the 1990s "we ran our own server, here, take the .exe" model.

"Server binary" is not how it works. It implies there is a server, a discrete piece of software you could hand to someone. That hasn't been true for live-service games in over a decade. A modern game backend is typically a collection of microservices: login, matchmaking, core gameplay server, chat, telemetry, payments, anti-cheat, voice, social graph, content delivery, each of which may be:

• Running on a different cloud provider
• Owned by a different company entirely
• Communicating over internal protocols
• Depending on managed third-party services (a hosted Redis, a hosted Kafka, a hosted auth provider) the operator has no right to redistribute

As a quick example, MapleStory's login is not "the MapleStory login server." It's Nexon's centralized account system, used across many of their games, operated independently, and structurally indistinguishable from any other identity service Nexon owns.

"Handing over the keys" to MapleStory would require Nexon to also hand over a service that runs their entire account business, not just "MapleStory" servers. I do acknowledge that MapleStory private servers exist - the argument here is that the details within the regulation need to clarify this, or it again becomes a lobbying vector that will be used to shoot down SKG.

Who owns the "keys"?

Lost Ark, originally developed by Smilegate RPG in Korea, is published in the West by Amazon Games Studios. NCSOFT's Throne and Liberty is also published by AGS in North America, South America, Europe, and Japan. In these arrangements, the publisher typically handles localization, infrastructure operations, community management, and payment processing. The exact split of who literally controls the production server infrastructure varies by contract, and those contracts aren't public. It's structurally common that the developer who made the game does not solely own the server infrastructure their game runs on. They have a contractual relationship with the publisher; if that relationship ends, both parties may lose access to the live operational state.

So a law that demands "hand over the keys to the server" is met with a bunch of questions: which keys? Whose keys? What does the publishing contract permit either side to release? In some arrangements there may genuinely be no single party that can lawfully transfer everything required to run the game.

And lets also briefly talk about multi-regional services. If a game like Lost Ark is shutting down in US, but not in other regions, releasing server-side code will be detrimental to the servicing of the other regions. Hackers will be able to find attack vectors, players will identify droprates which can destroy economy dynamics, unreleased assets can be leaked, etc. Preservation that harms the servicing in another region isn't the type of preservation SKG should strive for, especially when it risks accelerating the death of the game in other regions. The moment SKG introduces any kind of "SKG might actually unintentionally kill games," the whole argument is severely weakened.

"Just open-source it"

Licensed middleware is a related problem. Modern games routinely depend on licensed libraries, SDKs, and services that the developer is contractually prohibited from sublicensing or redistributing. Vivox, Demonware, EAC, etc - any of these can be licensed in ways that prohibit redistribution to end users. The SKG response to California's AB 1921 acknowledges this, noting publishers can "replace licensed assets where necessary" when providing an end-of-life patch.

However, in practice, if there was a viable non-proprietary "replacement", the game probably would have already been using the non-proprietary version in the first place. The ask here is not practical: a rough analogy would be asking airlines to replace their Boeing and Airbus airplanes and instead make their own.

The point is: "hand over the server" treats the backend as a single artifact when it is, in reality, a system. And especially when entangled with licenses, contracts, and other financial and legal ties, "handing over the keys" may not be fundamentally possible even if the developers wanted to.

So What is My Stance?

The developers should release a protocol documentation. The API schema, communication stack, and sample request/responses, etc. Most development teams will already have some form of the documentation within their own respective knowledge bases. Distributing the documentation would be synonymous to providing schematics of electronic devices, where it's similar to "we can't sell or give you the parts due to our supplier agreements, but we'll give you the blueprints where you can make your own".

As a bare minimum, developers would be obligated to provide an official license and a protocol documentation which the community can utilize to build their own private server without the fear of legal threats or reverse engineering challenges. It's also generally applicable to all online video games, regardless of genre, studio size, regional laws, or engineering expertise.

And obviously on top of that, a "code of conduct" and "seals of compliance" for those that are willing to go one step further is probably my ideal version of SKG.

And regarding the freemium loopholes? I don't know 🤔...