There is a name for state-built compliance infrastructure that turns out to be reusable for political exclusion. The name is dual-use.
On May 1, President Lula announced the Novo Desenrola Brasil package on national TV. The headline was debt renegotiation: 1.99% monthly interest cap, 90% discounts, 20% FGTS withdrawal. The detail: participants in the programme are barred from licensed betting platforms for twelve months from the moment their contract is signed.
The SPA published Ordinance 1,237 and Normative Instruction 3 on May 5. Operators had ten days to plug into Sigap and start enforcing the block. The mechanism: every registration, every login, every periodic check, the operator queries the Sigap Barred Persons Module against the player's CPF. If the CPF matches a Novo Desenrola beneficiary, the system returns "Barred - Novo Desenrola Brasil Programme" and the operator denies the request.
The infrastructure that makes this possible is the same KYC architecture operators welcomed when the SPA launched the regulated market in January 2025. CPF-based registration. Centralised Sigap registry. Operator-side API obligations. Player protection by design.
The same architecture now serves a different purpose. Lula's national-TV pledge to shut down all online betting cannot pass Congress. The Sigap-driven CPF block on debt-program participants did pass, in ten days, by ordinance.
Operators in Nigeria, Kenya, South Africa, India, and any other market with a centralised national ID layer plus a regulator-built registry should read the Brazilian template carefully. The next political exclusion category is one ordinance away.
The regulated market is seventeen months old. The president who enabled it now says it should not exist. The infrastructure he built is being used to remove citizens from it.
Which exclusion category travels next — debt programme, welfare programme, age band, profession, geography? The platform answer is the same in every case. The political question is who decides.