NJ A5822

Casino licensees, sports wagering licensees, and their contracted operators must establish cybersecurity programs complying with NIST frameworks or ISO/IEC 27000 standards within 180 days of the act's effective date

Annual independent third-party cybersecurity audits are required at the licensee's expense, with findings certified and submitted to the Division of Gaming Enforcement and the Cybersecurity and Communications Integration Cell

Cybersecurity breaches affecting operations, compromising patron personal data, or exposing financial systems must be reported within 72 hours

Violations carry fines of $10,000 for the first offense and $20,000 for subsequent offenses, with each day of continuing violation constituting a separate offense; repeated violations may result in license suspension

A voluntary "Safe Gaming Seal" certification program will be established for operators exceeding minimum standards in encryption, fraud detection, AI/blockchain security, and responsible gaming tools, valid for three-year periods