Skip to content
Jurisdictions
Compliance
Insights
Tools
About
By Region
Regulator Profiles
Comparisons
Featured
Updated monthly
Ontario iGaming Market Dashboard
Live KPIs, product mix, anomalies + 3-month forecast from the latest iGaming Ontario release.
Data product · refreshed each month
 New cornerstone
Curaçao GCB Licence Regime
3,650 words on the post-LOK transition — explorer + cornerstone profile published this week.
19 jurisdictions · LATAM big-4 complete
 First three-way
Brazil vs Colombia vs Peru
Three LATAM regulatory philosophies side by side — fees, AML, RG, market entry.
Comparison · 3,650 words
2,151 standards indexed across 19 jurisdictions View the Atlas
Hubs
Standards & Frameworks
Top Topics
Featured Hub
Just launched
Responsible Gambling Hub
29 topics covering self-exclusion, deposit limits, RG officer training, treatment-helpline levies — daily fresh content via agentic generation.
Daily · 12:00 UTC pipeline
 62 topics
AML & Financial Compliance
PCMLTFA, BSA, FinCEN, AMLA, MGA-AML, UKGC-AML — statutory frameworks + jurisdiction-specific obligations.
Daily · 11:00 UTC pipeline
3 hubs live · 3 more in the pipeline See all compliance topics
By Category
Series
Browse
Latest
16 minutes ago
GLI-GSF-3: Security Controls Non-Gaming Vendors Must Satisfy to Integrate with a Gaming Enterprise
GLI-GSF-3 v1.0 defines binding VGIS security controls for vendors connecting non-gaming apps to a gaming production environment. Learn what payment processors and…
GLI Certification
 2 hours ago
Alberta iGaming Payment Processing Compliance: Deposits, Withdrawals, and Restricted Methods Under the AGLC SRIG
Alberta's SRIG bans cryptocurrency outright, permits credit cards, and splits AML oversight between AGLC and AiGC. Here's what payments teams must build…
AML & KYC
Daily news + multi-week series Browse all insights
Live tools
Directory
Interactive — Coming soon
New
Just launched
iGaming Tax Calculator 2026
All-in tax burden across 10 jurisdictions. Live recalc, animated Pressure Map, every rate one click from the statute it came from. UK 40% RGD, France 59.3%, Curaçao 0% — primary-source verified.
10 jurisdictions · Verified May 2026
Shortcut
Cmd-K to search
From anywhere on the site, hit ⌘ K to open the standards palette. 1,524 indexed.
3 tools live · 4 interactive tools in development Roadmap
New Jersey Division of Gaming Enforcement — Internet Gaming Regulations and Technical Standards

All 55 New Jersey standards,
organised by theme

A searchable, filterable index of every New Jersey Division of Gaming Enforcement standard that shapes Internet gaming, with the regulation's own words attached to every card. Standards are grouped into nine themes covering licensing, patron accounts, responsible gaming, technical integrity, game fairness, geolocation, advertising, financial reporting and enforcement. Every card shows the exact N.J.A.C. or N.J.S.A. citation it came from, the verbatim text that supports it, and the DGE source URL so you can read it yourself.

Editorial summary, not legal advice. Every card on this page is a plain-English summary of the regulator's own rule, cross-checked against the primary source. Always verify against the published text before filing, launching, or advising.
Comprehensive coverage
55 Standards
264 Requirements
0 RG priority
4 Categories
Theme 1: Licensing & Internal Controls 8 Theme 2: Player Accounts, KYC & MFA 7 Theme 3: Responsible Gaming & Self-Exclusion 8 Theme 4: Technical Standards & System Integrity 9 Theme 5: Game Integrity & Authorized Games 3 Theme 6: Geolocation & Player Location 1 Theme 7: Advertising, Bonuses & Promotions 3 Theme 8: Financial Reporting & Taxation 8 Theme 9: Exclusion Lists & Enforcement 8
Showing all 55 standards
1
Theme 1

Licensing & Internal Controls

Ensure that only suitable casino licensees with documented controls and licensed key personnel offer Internet gaming in New Jersey, under an active DGE-issued permit.

8 standards 3 player-flagged
38%
player-flagged
Regulatory risks this theme addresses
  • Unsuitable entities operating Internet gaming in New Jersey
  • Weak internal controls allowing undetected fraud or asset misappropriation
  • Key iGaming personnel operating without proper DGE key-employee licensing
N.J.A.C. 13:69O — Internet & Mobile Gaming 2
§ 69O-1.2(i)

Internet/mobile gaming manager and reporting

A casino licensee must appoint a key-employee Internet and/or mobile gaming manager responsible for operations, integrity, and review of suspicious-behavior reports. The manager must immediately notify the Division about cheating/illegal activity, excluded persons, and patrons prohibited from wagering.

Requirements
  • Appoint an Internet gaming manager (key employee) for Internet wagering and/or a mobile gaming manager for mobile wagering
  • Charge the manager with reviewing all reports of suspicious behavior
  • Immediately notify the Division of patrons engaged in or reasonably suspected of cheating, theft, embezzlement, collusion, money laundering, or other illegal activity
  • Immediately notify the Division of patrons required to be excluded under N.J.S.A. 5:12-71, 5:12-71.2, or prohibited under N.J.S.A. 5:12-119(a)
  • Immediately notify the Division of patrons prohibited by the licensee from Internet wagering
§ 69O-1.2(j)-(k)

Internal controls and credential reset security

Licensees must file internal controls covering all aspects of Internet and mobile gaming operations before implementation and upon change, including system security, operations, accounting, and problem-gambler reporting. Internal controls must describe secure methods for issuing, modifying, and resetting patron passwords, PINs, or other approved security features, with patron notification of any modification.

Requirements
  • File internal controls with the Division prior to implementation and on every change
  • Cover system security, operations, accounting, and problem-gambler reporting
  • Define secure procedures for issuing, modifying, and resetting passwords/PINs
  • Notify the patron of any credential modification via email, regular mail, text, or other approved method
  • Require at minimum proof of identity in person, correct responses to two or more challenge questions, or strong authentication
N.J.S.A. 5:12 Article 6C — Casino Control Act (Internet Gaming) 4
§ 5:12-95.17

Authorization of Internet wagering

The Casino Control Act authorizes Internet wagering only by casino licensees that hold an Internet gaming permit issued by the Division. All Internet gaming must be conducted in accordance with the Act and regulations, and only through systems approved by the Division.

Requirements
  • Operate Internet wagering only under a Division-issued permit
  • Offer only games authorized by the Act and Division regulations
  • Use only Division-approved Internet gaming systems
  • Conduct wagering through an affiliated casino licensee
  • Maintain ongoing compliance with Article 6C conditions
§ 5:12-95.19

Internet gaming permit fee and renewal

Each Internet gaming permit requires payment of an initial fee and annual renewal fees set by statute, in addition to any investigative costs. The permit is a prerequisite to operating any Internet wagering in New Jersey.

Requirements
  • Pay the statutory initial Internet gaming permit fee
  • Pay the annual Internet gaming permit renewal fee
  • Reimburse the Division for investigative and licensing costs
  • Maintain permit in good standing at all times
  • Cease Internet wagering if the permit lapses or is suspended
§ 5:12-95.22

Atlantic City server-location requirement

All equipment used to conduct Internet wagering — including servers used to accept wagers and determine outcomes — must be physically located within the territorial limits of Atlantic City, except as otherwise authorized by the Division. This anchors Internet gaming operations to the licensed casino jurisdiction.

Requirements
  • Host Internet wagering servers within Atlantic City limits
  • Obtain Division authorization before siting any equipment elsewhere
  • Document physical server locations and changes thereto
  • Provide Division access to equipment for inspection
  • Maintain inventory of Internet gaming equipment and its location
§ 5:12-95.23

Player geolocation within New Jersey

Player Rights

Internet wagers may be accepted only from patrons who are physically present within the State of New Jersey at the time the wager is placed. Operators must deploy geolocation technology capable of reasonably detecting and preventing out-of-state wagering.

Requirements
  • Verify via geolocation that the patron is within New Jersey before accepting a wager
  • Block wagers originating outside State boundaries
  • Re-check location periodically during a gaming session
  • Log geolocation check results for audit
  • Update geolocation technology to address circumvention techniques
N.J.A.C. 13:69D — Accounting & Internal Controls 2
§ 69D-1.3

System of internal controls

Player Rights

Every New Jersey casino licensee (including iGaming operators) must prepare and file an initial system of internal procedures and administrative and accounting controls at least 30 days before gaming operations commence. The system must cover administrative decision-making, accounting safeguards for assets and financial records, and security procedures. Licensees must conduct gaming operations consistent with those controls and file changes in a Division-approved manner.

Requirements
  • File the initial system of internal controls with the Division at least 30 days before gaming operations commence unless otherwise directed
  • Include administrative controls covering the decision-making processes that lead to management authorization of transactions
  • Include accounting controls that safeguard assets, ensure reliability of financial records, and provide reasonable assurance per (a)2i–iv
  • Conduct gaming operations in a manner consistent with the filed internal controls
  • Maintain a current version of the internal controls accessible through secure computer access to the casino accounting and surveillance departments, and retain superseded versions for at least three years
  • Make current and superseded internal controls available through secure computer access to the Division at its onsite offices
§ 69D-1.11

Internet and mobile games manager

RG Critical

A casino licensee offering Internet and mobile gaming must maintain an IT department located in New Jersey that includes an IT department manager, IT security officer, and an Internet and mobile games manager, each licensed as a casino key employee. The Internet and/or mobile manager reports to the IT department manager and is responsible for ensuring the proper operation and integrity of Internet and/or mobile gaming, including reviewing all reports of suspicious behavior. The internal audit department must also perform a quarterly review of IT data security of the gaming systems when Internet or mobile gaming is offered.

Requirements
  • Maintain an IT department with an IT department manager, IT security officer, and Internet and mobile games manager, all located in New Jersey and licensed as casino key employees
  • Have the Internet and/or mobile manager report to the IT department manager
  • Assign the Internet and/or mobile manager responsibility for the proper operation and integrity of Internet and/or mobile gaming
  • Require the Internet and/or mobile manager to review all reports of suspicious behavior
  • Have the internal audit department conduct a quarterly review of IT data security of the gaming systems
  • Ensure segregation of incompatible functions so no employee can both perpetrate and conceal an error or fraud
2
Theme 2

Player Accounts, KYC & MFA

Make sure every patron account is opened, authenticated, and maintained in a way that verifies identity, protects credentials, and keeps minors and unauthorized users out of the platform.

7 standards 6 player-flagged
86%
player-flagged
Regulatory risks this theme addresses
  • Minors or otherwise ineligible patrons opening accounts
  • Identity theft and account takeover via credential stuffing
  • Accounts created from deceased-person data or duplicate records
  • Patron funds handled insecurely or disclosed without authorization
N.J.A.C. 13:69O — Internet & Mobile Gaming 3
§ 69O-1.2(a)

Account required before play

Player Rights

A patron must establish an Internet or mobile gaming account before engaging in Internet or mobile gaming. Play without a registered account is not permitted.

Requirements
  • Restrict all Internet/mobile wagering to account holders
  • Block anonymous or guest wagering entry points
  • Tie every wager to an established patron account
§ 69O-1.3(b)

Account registration, KYC, and encryption

Player Rights

To open an Internet/mobile account the licensee must create an encrypted patron file, verify identity (via N.J.A.C. 13:69D-1.5A plus recorded credential number or an approved remote multi-source method), confirm age 21 and non-exclusion, record acceptance of terms and certifications, and notify the patron of account creation.

Requirements
  • Create an electronic patron file capturing legal name, DOB, SSN (full or last four, if voluntarily provided), address, email, phone, account number, verification method and date, and any additional ID data
  • Encrypt SSN/foreign equivalent, passwords/PINs, and financial account numbers
  • Verify identity per N.J.A.C. 13:69D-1.5A with recorded credential number, or an approved remote multi-source authentication method
  • Confirm the patron is 21+, not self-excluded, not on the exclusion list, and not otherwise prohibited
  • Record patron acceptance of terms, accuracy certification, and acknowledgement of legal age and anti-account-sharing rules
  • Notify the patron of account creation via electronic or regular mail
§ 69O-1.3(c)

One account per patron per intermediary

A patron may have only one Internet or mobile gaming account per Internet gaming intermediary, and the account must be non-transferable, unique to the patron, and distinct from other accounts with the licensee.

Requirements
  • Enforce one account per patron per Internet gaming intermediary
  • Prohibit transferring accounts between patrons
  • Keep the account unique to the registering patron
  • Keep it distinct from any other account the patron has with the casino licensee
N.J.A.C. 13:69D — Accounting & Internal Controls 1
§ 69D-1.37

Account-based wagering system procedures

Bonus & Ads Player Rights

A casino licensee may operate an electronic account-based wagering system that lets patrons upload and download efunds, subject to Division testing and approval of all hardware and software. The internal audit department must test a sample of transaction locations at implementation, after approved changes, and semi-annually. Non-cashable efunds must be automatically wagered before cashable efunds, and all restrictions on non-cashable efunds must be disclosed to patrons.

Requirements
  • Submit all hardware and software of the account-based wagering system to Division testing and approval
  • Have the internal audit department test a designated sample of transaction locations at implementation, after approved changes, and on a semi-annual basis
  • Have a casino accounting department employee review the reports required by N.J.A.C. 13:69E-1.37A and report daily revenue amounts per Division rules
  • Make a monthly statement of balance and account activity available to each patron upon request
  • Automatically wager all non-cashable efunds before any cashable efunds when both are available on a slot machine
  • Disclose on any slot machine, table game, written promotional materials, and application forms that non-cashable efunds cannot be converted to cash and are wagered first
  • Maintain complimentary efund internal controls covering audit programs, customer dispute handling, and any out-of-state affiliate access control
DGE Best Practices — Know Your Customer 2
nj-bp-kyc-account-creation

NJ DGE KYC Best Practices — Account Creation Data & Authentication

Player Rights

DGE guidance (not binding regulation) that operators authenticate core identity fields via multi-source authentication before any deposit or patron-initiated activity, and take reasonable measures to confirm the person creating the account is who they say they are.

Requirements
  • operators should require multi-source authentication of Date of Birth (MM/DD/YYYY), full SSN (or last four), and Last name with an exact match prior to any patron deposit or other patron initiated activity
  • operators should permit flexible match on First name and Address (street number, city, state, zip — PO Box not acceptable)
  • operators should require reasonable measures to ensure the person creating the account is who they say they are, using one of: three knowledge-based questions, device ID and phone number matched with KYC data, government issued ID, or another method approved by the Division
Applies at account onboarding. Multi-source authentication must occur prior to the first deposit or any patron-initiated activity; the accepted authentication methods are enumerated by the Division and are non-exhaustive where the Division approves an alternative.
nj-bp-kyc-manual-and-deceased

NJ DGE KYC Best Practices — Manual KYC Controls & Deceased-Person Blocks

Player Rights

DGE guidance (not binding regulation) that re-entered or modified KYC data trigger a fresh multi-source authentication as the final step, that manually verified accounts be logged weekly to compliance leadership, and that systems block account creation using the KYC data of a deceased person.

Requirements
  • operators should require multi-source authentication of all KYC fields following the re-entry or modification of any required KYC data field, with multi-source authentication of all fields as the last step prior to account creation
  • operators should require the casino IGM or racetrack compliance manager to receive a weekly log from their Internet gaming partner documenting instances where patron accounts were created using manually verified data that could not pass multi-source authentication
  • operators should require DGE notice via Incident Report, submitted by the casino IGM or racetrack compliance manager or their designee, when making changes to a customer's SSN and/or DOB once an account has been created
  • operators should require the system to recognize and block attempts to create an account using the KYC data of a deceased person, and require a fraud form be filed with the DGE whenever this occurs
Manual-entry pathways are a known KYC weakness; DGE expects logged oversight by the IGM/compliance manager plus an incident report to DGE for post-creation SSN/DOB edits. Deceased-identity attempts must both be blocked and reported via a fraud form.
DGE Best Practices — Multi-Factor Authentication 1
nj-bp-mfa-patron-logins

NJ DGE Cyber Security Best Practices — MFA for Patron Logins

Player Rights

DGE guidance (not binding regulation) that all Internet gaming operators implement multi-factor authentication for patron logins to defend against credential stuffing and account takeover, with a same-device exemption capped at two weeks and heightened scrutiny for accounts tied to more than three devices in 24 hours.

Requirements
  • operators should, at a minimum, implement multi-factor authentication for patron logins to protect New Jersey patrons from account takeover
  • operators should use two of the N.J.A.C. 13:69O-1.1 factor categories: information known only to the patron (password, pattern, challenge answers); an item possessed by the patron (electronic token, physical token, or identification card); or the patron's biometric data (fingerprints, facial or voice recognition)
  • operators may exempt subsequent logins to the same account on the same device from MFA for a period not to exceed two weeks once a patron has successfully logged in using MFA
  • operators should submit MFA plans to the Division for evaluation and approval prior to implementation, and as a DGE best practice should not allow an email address as the username since this is most susceptible to current credential stuffing attacks
  • operators should, if a patron's account is associated with more than three devices in a 24 hour period, perform all necessary due diligence to ensure the account is not associated with any fraud
DGE identifies credential stuffing as the most prevalent cyber-attack against online gaming providers and mandates MFA as a baseline control. The two-week same-device exemption is a ceiling, not a floor; email-as-username is discouraged; multi-device anomalies trigger operator due diligence.
3
Theme 3

Responsible Gaming & Self-Exclusion

Give New Jersey players working responsible-gaming tools, monitor play for at-risk behaviour, and honour every self-exclusion the state or the operator recognises.

8 standards 8 player-flagged
100%
player-flagged
Regulatory risks this theme addresses
  • Problem-gambling behaviour going undetected by the operator
  • Self-excluded patrons continuing to receive marketing or access
  • RG features missing, broken, or buried in the UI
N.J.A.C. 13:69O — Internet & Mobile Gaming 6
§ 69O-1.2(b)

1-800-Gambler message on log on/off

RG Critical

The problem-gambling helpline message must appear prominently on the log on screen and be transmitted to display on log off whenever the system detects a log off.

Requirements
  • Prominently display 'If you or someone you know has a gambling problem and wants help, call 1-800-Gambler' on the log on screen
  • Transmit a command to display the same message on log off when a log off is detected
§ 69O-1.2(h)

Session time display or periodic pop-up

RG Critical

Software must either continuously display current time and elapsed session time or show a prominent pop-up at least every half hour with time and elapsed session time since log on.

Requirements
  • Continuously display current time (in the server's time zone) and elapsed session time, or
  • Show a pop-up at least every half hour stating current time and elapsed session time
§ 69O-1.2(y)

Employee responsible-gaming training

RG Critical

Operators must train patron-contact employees at the start of employment and at regular intervals on recognizing problem gambling, assisting players, responding to disclosures, and responding to third-party reports. CCGNJ-aligned training is deemed sufficient.

Requirements
  • Train patron-contact employees at start of employment and at regular intervals
  • Cover recognizing problem gambling and directing players to help and self-exclusion
  • Cover responding to patrons who disclose a gambling problem
  • Cover responding to third-party reports (e.g., family members) about patrons who may have a problem
Training following Council on Compulsive Gambling of New Jersey standards is deemed sufficient.
§ 69O-1.4(j)-(m)

Account suspension (including 72-hour cool-off)

RG Critical Player Rights

The system must suspend an account when a patron requests (for at least 72 hours), when the Division requires it, or when the licensee has evidence of illegal activity, negative balance, or terms-of-service violation. While suspended, the system must block wagering, deposits, most withdrawals, account changes, and removal from the system, and must prominently display the suspension status and restoration path. Restoration occurs on expiration, Division permission, or licensee lift.

Requirements
  • Support patron-requested suspension of not less than 72 hours
  • Support Division-required and licensee-initiated suspensions on enumerated grounds
  • Block gaming, deposits, account changes, and account removal during suspension; block withdrawals unless patron-initiated
  • Withhold any funds removal from a suspended account without prior Division approval
  • Display suspension status, restrictions, and steps to restore to the authorized patron
  • Notify the account holder of closure or suspension via email, mail, or approved method
§ 69O-1.4(n)-(o)

Deposit/spend/time limits and automated blocks

RG Critical Player Rights

The system must let patrons set deposit, spend, and time-based responsible-gaming limits with asymmetric effectuation (decreases apply by next log in; increases only after the prior period expires and the patron reaffirms). The system must automatically block wagers by persons under 21, self-excluded persons, Internet self-exclusion list persons, excluded persons, closed or suspended accounts, and patrons exceeding spend or time limits.

Requirements
  • Offer daily/weekly/monthly deposit limits and daily/weekly/monthly spend limits
  • Offer daily time-based limits measured from log in to log off, permitting completion of the current round or tournament when reached
  • Effectuate decreases no later than next log in; effectuate increases only after the prior period expires and the patron reaffirms
  • Automatically block wagers by under-21, self-excluded, Internet self-excluded, and excluded persons
  • Automatically block closed, suspended, or limit-exceeding accounts from wagering
§ 69O-1.4(s)-(t)

$2,500 lifetime-deposit acknowledgement

RG Critical

When a patron's lifetime deposits exceed $2,500, the system must immediately block wagering until the patron acknowledges the deposit threshold, the ability to set RG limits or close the account, and the availability of 1-800-GAMBLER. The limits/hotline acknowledgement must then be repeated annually.

Requirements
  • Immediately block wagering when lifetime deposits exceed $2,500
  • Require the patron to acknowledge the deposit threshold, the RG-limits/account-closure option, and 1-800-GAMBLER
  • Re-acknowledge the RG-limits/account-closure option and 1-800-GAMBLER annually
DGE Best Practices — Responsible Gaming 2
nj-bp-rg-automated-triggers

NJ DGE Responsible Gaming Best Practices — Automated Trigger Minimums

RG Critical Player Rights

DGE guidance (not binding regulation) that each platform implement, at a minimum, automated triggers covering account activity and play behavior to identify potential problem gamblers, with recommended numeric thresholds.

Requirements
  • operators should implement account-activity triggers for total deposits over 24 hours (Division recommends $10,000), total deposits over 90 days (Division recommends $100,000), customers who access the Self Exclusion page but did not complete the process, requesting a second cool off period within a specific time period (Division recommends 45 days), a series of changes to increase the deposit or loss limit (Division recommends 3 change requests in 24 hours), and continuous cancellations of withdrawals
  • operators should implement play-behavior triggers for total turnover over a 90 day period (Division recommends $1,000,000), increase in time spent on the website (Division recommends 50% increase during the current week compared to previous 2 weeks), multiple sessions in the week ending with less than $1 in the account, and multiple sessions in the week with an increase in the amount of wagers
  • operators should treat the above as minimum standards and are encouraged to add additional automated triggers where experience in another jurisdiction suggests they would be beneficial
DGE requires each provider to appoint a Responsible Gaming Lead and dedicated RG staff, and to leverage technology to identify potential problem gamblers. The enumerated triggers are minimum standards; supplementary triggers from other jurisdictions are encouraged.
nj-bp-rg-phased-intervention

NJ DGE Responsible Gaming Best Practices — Phased Intervention Model

RG Critical

DGE guidance (not binding regulation) that providers implement a three-phase intervention approach when RG automated trigger alerts are identified, escalating from outreach to video tutorial to direct contact by an RG professional.

Requirements
  • operators should implement a phased approach when RG automated trigger alerts are identified, ensuring intervention occurs at each level
  • operators should in Phase 1 correspond with the patron to educate them on the availability of the various RG features offered by the platform as well as resources available
  • operators should in Phase 2 display a video tutorial (which may be separated into multiple videos) that educates the patron on the availability of the various RG features offered by the platform as well as resources available
  • operators should in Phase 3, when warranted, provide a more direct intervention by an RG professional from the provider to counsel and advise the patron on corrective actions necessary to address the at risk behavior
The phased model complements automated triggers: education first, structured video tutorial second, human RG-professional counseling when warranted. Each provider must also designate a Responsible Gaming Lead and dedicated RG staff for at-risk patron support.
4
Theme 4

Technical Standards & System Integrity

Keep the Internet gaming platform, its controlled computer systems, and its network secure, logged, recoverable, and available for DGE inspection.

9 standards 2 player-flagged
22%
player-flagged
Regulatory risks this theme addresses
  • Unapproved software changes reaching production
  • Outages or data loss with no recoverable backup
  • Network intrusions going undetected and unreported
  • Personal patron data compromised without Division notice
N.J.A.C. 13:69O — Internet & Mobile Gaming 7
§ 69O-1.2(f)-(g)

Client terminal integrity and data handling

Game Design

Client terminals used for Internet or mobile gaming may not hold patron account information or the game logic that determines outcomes, and client terminal software may not contain malware or any feature that compromises terminal integrity.

Requirements
  • Prohibit storage of patron account information on client terminals
  • Prohibit game-outcome logic on client terminals
  • Prohibit unauthorized data collection, file extraction, and malware in client terminal software
  • Block any feature that compromises client terminal integrity or its data
§ 69O-1.2(n)

Primary and backup gaming equipment location

Primary gaming equipment for Internet/mobile gaming must be located with Division approval in a restricted area of the Atlantic City casino hotel or a secure, inaccessible, licensee-controlled facility within Atlantic City. Backup gaming equipment must meet similar restrictions; backup equipment used only to restore data may be anywhere in New Jersey.

Requirements
  • Place primary gaming equipment in a restricted area of the Atlantic City casino hotel or a secure licensee-owned/leased facility within Atlantic City, with prior Division approval
  • Keep such secure Atlantic City facilities under complete licensee or Internet gaming affiliate control, inaccessible to the public
  • Permit backup gaming equipment in a restricted Atlantic City casino hotel area for up to 60 days (subject to Division approval) or in a secure Atlantic City facility
  • Locate backup equipment used solely to restore data within the State of New Jersey
§ 69O-1.2(o)

15-minute inactivity re-authentication

After 15 minutes of user inactivity as measured by the system, the patron must re-enter username and password.

Requirements
  • Measure user inactivity against a 15-minute threshold
  • Prompt re-entry of username and password after the threshold is met
§ 69O-1.2(q)

Annual independent system integrity and security assessment

Each casino licensee offering Internet gaming must conduct an annual system integrity and security assessment by an independent professional approved by the Division and submit the report annually.

Requirements
  • Engage an independent professional approved by the Division
  • Conduct the assessment annually
  • Submit a report with scope, assessor identity/affiliation, date, findings, recommended corrective action, and licensee response
§ 69O-1.4(a)-(i)

Access, session, and authentication controls

The system must enforce strong access controls: username plus complex password, optional strong authentication at account creation, account-access notifications, secure client-terminal handling of credentials, single-terminal association per session, unique session IDs, immediate session termination on defined events, prevention of negative balances, and three-failed-attempt lockout requiring strong authentication for recovery.

Requirements
  • Require a username and sufficiently complex password, with optional strong authentication
  • Send electronic notifications of each account access (patron may opt out)
  • Use Division-approved methodology for secure client-server communications
  • Detect and report suspicious behavior and excluded persons
  • Mask and encrypt credentials on mobile client terminals; clear the buffer on entry completion or after 1 minute
  • Associate one client terminal per session, assign a unique session identifier, and terminate the session on Division/licensee request, patron end, authentication failure, or system error affecting play
  • Prevent any patron-initiated activity that would produce a negative account balance
  • Disable the account after three failed log in attempts and require strong authentication to recover or reset credentials
§ 69O-1.7

Communications integrity and confidentiality

Gaming systems must ensure the integrity and confidentiality of patron communications and sender/receiver identification. Transmissions over public or third-party networks must be encrypted or use a secure protocol; wireless auth-to-server traffic must use a robust method (e.g., IPsec, WPA2); SSIDs must be masked; patron account numbers, user IDs, passwords, and PINs must use a Division-approved secure transfer method (e.g., 128-bit encryption); only Division-authorized devices may connect to a gaming system; and server-based systems must maintain a synchronized internal clock visible to logged-on patrons.

Requirements
  • Encrypt or use a secure communications protocol for any data traversing public or third-party networks
  • Encrypt wireless authenticator-to-server traffic using IPsec, WPA2, or an approved equivalent
  • Mask the gaming-system network SSID
  • Use an approved secure transfer (e.g., 128-bit encryption) for account numbers, user IDs, passwords, and PINs
  • Permit only Division-authorized devices to communicate with the gaming system
  • Maintain a synchronized internal clock on server-based systems, visible to the patron when logged on
§ 69O-1.8

Mandatory gaming system logging

Gaming systems must keep separate, independently administered logs of account creation/termination, software installations/removals, game availability changes, promotions issued, authentication attempts (retained 90 days), and stored-procedure adjustments. Patron game-play and account activity (including identity and location verifications) must be retained for no less than 10 years, and the Division must be able to query and export all gaming system data in the required format.

Requirements
  • Maintain logs on a separate, independently administered device (or a secure transaction file equivalent)
  • Provide Division query and export of all gaming system data in the required format
  • Log account creation and termination timestamps (Account Creation Log)
  • Retain all data needed to recreate patron game play, account activity, and identity/location verifications for no less than 10 years
  • Maintain Software Installation/Removal, Game Availability, Promotions, Authentication (90-day), and Adjustments logs with the specified fields
N.J.A.C. 13:69D — Accounting & Internal Controls 2
§ 69D-2.2

Controlled computer system controls

Player Rights

Before implementing a controlled computer system, a licensee's IT department must employ internal controls ensuring accuracy, reliability, and system integrity. Critical software and hardware require prior Division approval with Release Notes, systems must survive outages through redundancy and backups, and personal patron data must be protected. Licensees must notify the Division within 72 hours of a suspected personal patron data compromise and within 24 hours of critical malfunctions or security events.

Requirements
  • Employ internal controls ensuring accuracy, reliability, and system integrity before implementing any controlled computer system
  • Obtain Division approval and file Release Notes prior to installation of critical software and material modifications to critical hardware
  • Provide data redundancy, environmental protection, and off-site backup capability, and maintain a current disaster recovery plan
  • Protect the security, confidentiality, and release of personal patron data, and notify the Division in writing within 72 hours of any suspected compromise
  • Govern logical access via approved access requests, unique user passwords, least-privilege permissions, removal of unused accounts, no manufacturer default passwords, and monitored security event logs
  • Monitor critical computer systems for malfunctions and security incidents and notify the Division within 24 hours of awareness
  • Control remote access with identity validation, firewall protection, vendor account disabling after use, and independent logging of privileged remote sessions
Division best practice is to encrypt access codes associated with player accounts both in storage and during transmission.
§ 69D-2.4

Network security and annual assessment

Each licensee must maintain internal controls ensuring the security, integrity, reliability, and functionality of the network supporting its controlled computer systems. A current network diagram must identify all critical computer system connectivity, and the network must be protected from foreseeable risks. An annual system integrity and security assessment by an independent professional approved by the Division must be submitted each year.

Requirements
  • Maintain internal controls ensuring network security, integrity, reliability, and functionality
  • Maintain a current network diagram identifying all critical computer system connectivity
  • Protect the network from foreseeable risks and ensure network security
  • Perform an annual system integrity and security assessment by an independent professional selected by the licensee and approved by the Division
  • Submit the independent professional's report annually to the Division including scope of review, assessor identity, assessment date, findings, recommended corrective action, and the licensee's response
  • Synchronize all controlled and critical computer systems to Coordinated Universal Time (UTC) per NIST, adjusting transactions to Eastern Standard/Daylight Savings Time
Division best practice is to evaluate network risks, mitigate, test, and update the plan, and to maintain written firewall rule-set, functionality, and monitoring policies.
5
Theme 5

Game Integrity & Authorized Games

Ensure every authorised game, server-based system, and simulcast offering is demonstrably fair, approved by the Division, and played under published rules.

3 standards 3 player-flagged
100%
player-flagged
Regulatory risks this theme addresses
  • Unauthorised or uncertified games placed into production
  • Game outcomes manipulated through server-based or shared systems
  • Players uninformed of game rules, odds, or payout percentages
N.J.A.C. 13:69O — Internet & Mobile Gaming 3
§ 69O-1.5(a)-(d)

Server-based system integrity and software authentication

Game Design

Server-based gaming systems must comply with N.J.A.C. 13:69D-2 and include UPS, data-integrity preservation on shutdown, state recovery after outages, physical/logical hardware controls, and Division-approved software-installation gating. Software must be validatable via a GAT or equivalent, authenticated on demand and at least every 24 hours, with operator cessation and Division notification on any authentication failure.

Requirements
  • Provide Uninterrupted Power Supply to survive temporary power failure
  • Preserve hardware, software, and data integrity through shutdown and recover to pre-outage state
  • Implement physical and logical controls for authorized hardware and approved client-terminal software
  • Use a Division-approved method for gating all game software installations
  • Support GAT (or approved equivalent) software validation
  • Perform an authentication process on all control programs on demand and at least once every 24 hours
  • On authentication failure, immediately cease operation of the software and notify the Division
§ 69O-1.5(j)-(r)

Game fairness, play rules, and disconnect handling

Game Design Player Rights

Before and during play, patrons must be able to see game identification, play/payout rules (not reliant on sound), and all fees/rake/vigorish. Game play must begin only on an affirmative wager (no auto play without approval); server-based table games must replicate their non-electronic counterparts and show min/max wagers and help screens; peer-to-peer games must exclude bots and offer random-seating. Disconnect handling must follow Division-approved rules with defined behavior for no-input, single-patron, and multi-patron games, including game-recall for timed multi-patron games.

Requirements
  • Display game identification, rules (not relying on sound), and all fees/rake/vigorish before and during play
  • Require an affirmative wager to start play; permit no auto-play without Division approval
  • Make server-based table games represent their non-electronic layouts, rules, min/max, and include help screens
  • Prohibit bots in peer-to-peer games and offer a random-assignment seating option
  • Handle disconnects per Division-approved rules: finish no-input games via RNG; for single-patron games with input, return to state, cancel with forfeiture/return, or auto-select; for timed multi-patron games auto-select
  • Provide a game-recall feature showing the last five outcomes and wagers for timed multi-patron games
  • Hold wagers pending disposition in a pending wager account
§ 69O-1.6

Table game simulcasting controls

Game Design

Table game simulcasting requires Division approval and a simulcast control server that gives the patron real-time visual access, prevents pre-wager outcome disclosure, records dealer-verified results before posting, and can void results. Patrons must receive real-time wagering and game-play information (table number, minimums/maximums, decks, dealer actions, wager, outcome, vigorish, odds, win/loss) and, on the client terminal, game ID, rules (not reliant on sound), and all charges.

Requirements
  • Obtain Division approval to simulcast authorized table games
  • Operate a simulcast control server with real-time visual access, pre-wager outcome protection, dealer-verified result recording, and void capability
  • Provide real-time wagering information (table, min/max, decks, dealer actions, wager, outcome, vigorish, odds, win/loss)
  • Show game identification, rules (not reliant on sound), and all patron charges on the client terminal
6
Theme 6

Geolocation & Player Location

Accept wagers only from patrons physically located in New Jersey, with geolocation technology that can detect and block out-of-state or spoofed attempts.

1 standard
0%
player-flagged
Regulatory risks this theme addresses
  • Out-of-state wagers accepted in violation of Article 6C
  • Geolocation spoofing via VPN or emulator going undetected
  • Server equipment sited outside Atlantic City without Division approval
N.J.A.C. 13:69O — Internet & Mobile Gaming 1
§ 69O-1.2(e)

Geolocation verification and boundaries

The system must detect a patron's physical location at log in and at the frequency specified in the permit holder's approved submission, and must refuse wagers outside authorized areas. Mobile gaming is confined to approved casino hotel property boundaries (excluding parking) and Internet gaming is confined to New Jersey (or other jurisdictions where lawful or under a reciprocal agreement).

Requirements
  • Detect physical location on log in and at approved frequency thereafter
  • Refuse wagers when the patron is outside an authorized area
  • Confine mobile gaming to the approved casino hotel property boundaries, excluding parking garages/areas
  • Disable all gaming activity on a client terminal when removed from the property boundaries
  • Restrict Internet gaming to New Jersey unless Federal law, the patron's jurisdiction, or a reciprocal agreement permits otherwise
7
Theme 7

Advertising, Bonuses & Promotions

Keep iGaming advertising truthful, age-gated, clearly sourced, and free of claims the operator cannot substantiate; keep bonuses transparent with all restrictions disclosed up front.

3 standards 3 player-flagged
100%
player-flagged
Regulatory risks this theme addresses
  • Ads targeting minors or self-excluded persons
  • Bonuses advertised with hidden or retroactive wagering requirements
  • Affiliate creatives running without Division vendor registration
N.J.A.C. 13:69O — Internet & Mobile Gaming 3
§ 69O-1.2(l)

Terms, conditions, and patron protection page

RG Critical Player Rights

All terms and conditions for Internet or mobile gaming must be appended to the licensee's internal controls and cover the full operation — contractual parties, consent to age/identity checks, prohibitions (account sharing, out-of-state play, bots), fees, account statements, privacy, legal age, dormant account forfeiture, right to set RG limits and self-exclude, right to 72-hour suspension, disconnect handling, malfunction-voids-pays, withdrawal timing, and a patron protection page accessible during every session. The patron protection page must show the 1-800-Gambler message, links to CCGNJ and another U.S. problem-gambling organization, RG information, credential recovery, complaint methods, underage warnings, federal-law notices, and mobile boundary notice.

Requirements
  • Include terms/conditions as an appendix to internal controls
  • Disclose contractual parties, fees, privacy policy, and withdrawal time estimate
  • Disclose prohibitions on account sharing, out-of-NJ play, and bots; obtain consent to monitoring and New Jersey jurisdiction
  • Disclose dormancy forfeiture after one year, right to set RG limits and self-exclude, and right to suspend the account for at least 72 hours
  • Provide a patron protection page accessible during the session with 1-800-Gambler, links to CCGNJ and another U.S. problem-gambling organization, and RG information per (l)14iii
  • Include complaint procedures (licensee and Division Internet Dispute Form), password/strong-authentication recovery, underage criminal-offense notice, Wire Act/UIGEA notice, and mobile boundary notice
§ 69O-1.2(s)-(t)

Free-play and social-game rules

Bonus & Ads RG Critical

No-wager games offered through the gaming system must comply with payout-percentage caps (if similar to an approved game) or prominently disclose that the game is for entertainment only and is not Division-approved. The system must not induce continued wagering, and social games funded from the patron account must show a clear notice that they are not Division-regulated.

Requirements
  • Cap payout percentage of a no-wager game substantially similar to an approved game at or below the approved game's lowest payout percentage
  • Prominently disclose 'entertainment only', 'not approved', and 'outcomes may not be representative' for dissimilar free games
  • Display a clear notice on the initial screen and in terms that social games are not regulated by the Division
  • Do not induce the patron to continue placing wagers during play, on session end, or on a win/loss
§ 69O-1.4(q)

Bonus and promotional offer records

Bonus & Ads

All bonus and promotional wagering offers must be stated in clear and unambiguous terms, be accessible to the patron, and be maintained in an electronic file available to the Division, with offer metadata (date/time presented, active and expiry dates, eligibility, and redemption requirements).

Requirements
  • State all bonus/promo terms in clear and unambiguous language
  • Make the terms readily accessible to the patron
  • Maintain an electronic file of all offers readily available to the Division
  • Record for each offer the presentation date/time, active/expiry date/time, and patron eligibility and redemption requirements
8
Theme 8

Financial Reporting & Taxation

Report Internet gaming gross revenue accurately and on time, pay the 15% iGaming tax, and reconcile expired or unclaimed player funds to the Casino Revenue Fund.

8 standards 4 player-flagged
50%
player-flagged
Regulatory risks this theme addresses
  • Revenue misreported or filed late, triggering penalties
  • Unclaimed patron funds not escheated as required
  • Reconciliation gaps between operator, vendor, and DGE records
N.J.A.C. 13:69O — Internet & Mobile Gaming 5
§ 69O-1.3(d)-(g)

Permitted deposit and withdrawal methods

Player Rights

Accounts may be funded only via Division-approved methods including deposit accounts, credit/debit cards, cashier deposits of cash/chips/tokens, verified non-transferable reloadable prepaid cards, promotional or bonus credits, winnings, or documented adjustments. Withdrawals must occur only via approved channels, patron-to-patron transfers are prohibited, and credit/debit card deposits must be refunded to the originating card up to the deposit amount before other withdrawals are processed.

Requirements
  • Restrict funding to the enumerated methods in (d)
  • Refund credit/debit card deposits to the originating card up to the deposit amount before other withdrawals, if the issuer permits
  • Limit withdrawals to the channels listed in (f), including cage cash-out upon request and verified bank account transfers
  • Prohibit patron-to-patron transfers of funds
§ 69O-1.3(j)

Segregated patron-funds account

Player Rights

The licensee must hold patron funds in a separate New Jersey bank account at or above the sum of daily ending cashable balances, funds on game, and pending withdrawals. The casino controller or above must file monthly attestations with the Division that the funds are safeguarded.

Requirements
  • Maintain a New Jersey bank account separate from all operating accounts for patron Internet gaming funds
  • Keep the balance at or above daily ending cashable balances plus funds on game plus pending withdrawals
  • Provide unfettered access to all patron account and transaction data to verify sufficiency
  • File a monthly attestation with the Division signed by the casino controller or above
§ 69O-1.9(d)-(g)

Daily revenue reports and variance reconciliation

Internet and mobile gaming systems must generate daily Patron Account Summary, Wagering Summary, and Non-cashable Promotional Account Balance reports sufficient to calculate taxable revenue. Licensees must use the Wagering Summary to compute gross revenue daily, produce a Variance Report, document reasons, and record a manual adjustment increasing revenue whenever the Patron Account Summary total exceeds the Wagering Summary total unless the variance is adequately explained.

Requirements
  • Generate a daily Patron Account Summary Report with all enumerated balance/transfer/win fields
  • Generate a daily Wagering Summary Report by authorized game and poker variation
  • Generate a daily Non-cashable Promotional Account Balance Report
  • Calculate mobile and Internet gaming gross revenue daily from the Wagering Summary
  • Prepare a Variance Report, compute the variance, document the reason, and post a manual revenue adjustment where required
A licensee may accumulate daily Variance Report information into a monthly Variance Report under its internal controls.
§ 69O-1.9(h)-(l)

Dormant, performance, adjustment, and problem-gambler reports

RG Critical

Gaming systems must generate a daily Dormant Account Report beginning one year after the first account, a monthly Performance Report comparing theoretical to actual RTP, a daily Patron Account Adjustments Report reviewed by the permit holder or intermediary (with weekly permit-holder review if the intermediary performs daily review), and a weekly report identifying potential problem gamblers (including self-reporters) that the licensee reviews and documents. Completed wagering transactions may not be voided without Division approval.

Requirements
  • Generate a daily Dormant Account Report listing accounts (including the Pending Wager Account) with no activity for one year, with patron name, account number, last-transaction date, and balance
  • Generate a monthly Performance Report comparing theoretical RTP to actual RTP per game, with rounds-of-play totals
  • Generate a daily Patron Account Adjustments Report reviewed daily by permit holder or intermediary, with weekly permit-holder review if the intermediary conducts the daily review
  • Generate a weekly problem-gambler report identifying potential problem gamblers including self-reporters, and document any action taken
  • Generate a Pending Transaction Account Report itemizing all pending transactions per account
  • Prohibit voiding any completed wagering transaction without Division approval
§ 69O-1.9(o)

Test accounts: controls and auditing

Internet gaming operators may establish test accounts to exercise system components under internal controls covering issuance, single-person assignment, recordkeeping, auditing, and location-verification for any out-of-state test wagering. The Internet gaming system must disable any withdrawal of test-account funds without prior Division approval.

Requirements
  • Document procedures for test-fund issuance, authorized issuers, and maximum funding
  • Assign each test account to only one person and keep records of active periods, issuee, and employer
  • Audit testing activity to ensure fund accountability and proper gross-revenue adjustments
  • Disable withdrawals from test accounts without prior Division approval
  • Permit multiple test accounts per person only for peer-to-peer testing, without patron participation
  • For any out-of-state test wagering, document a method for ascertaining the location of test-account users
N.J.S.A. 5:12 Article 6C — Casino Control Act (Internet Gaming) 1
§ 5:12-95.21

15% tax on Internet gaming gross revenue

Internet gaming gross revenue is subject to an annual tax of 15 percent, payable to the Casino Revenue Fund. This is in addition to the standard casino gross revenue tax and applies to all authorized Internet wagering activity.

Requirements
  • Compute Internet gaming gross revenue separately from bricks-and-mortar revenue
  • Remit the 15% tax on Internet gaming gross revenue on the required schedule
  • File supporting returns and reconciliations with the Division
  • Maintain records sufficient to verify gross revenue calculations
  • Cooperate with Division audits of Internet revenue reporting
N.J.A.C. 13:69D — Accounting & Internal Controls 2
§ 69D-1.6

Monthly iGaming gross revenue reports

Casino licensees must file monthly, quarterly, and annual financial and statistical reports with the Division electronically. Monthly gross revenue reports and Internet gaming gross revenue tax returns are due by 9:00 A.M. on the 10th calendar day after month-end. Reports must be attested to by a senior financial officer; extensions require prior written Division approval.

Requirements
  • File monthly, quarterly, and annual reports of financial and statistical data using the Division's prescribed standard reporting forms
  • Submit monthly gross revenue reports and Internet gaming gross revenue tax returns no later than 9:00 A.M. on the 10th calendar day following the end of the month
  • Have reports attested to by the CEO, Chief Gaming Executive, CFO, Treasurer, Financial Director, Controller, or functional equivalent
  • Electronically file every report by the required filing date and obtain prior written Division approval for any filing extension
  • Report essential details of any loans, borrowings, installment contracts, guarantees, leases, or capital contributions no later than 10 days after the end of the month in which the transaction occurs
  • File interim reports when required by the Division after a license termination, entity change, or material ownership change
§ 69D-3.1

Expiration of unclaimed iGaming funds

Player Rights

Money owed to a patron as a result of a gaming transaction must be claimed within one year of the date of that transaction; otherwise the casino licensee's obligation to pay expires. When obligations expire, 25 percent of the total value must be paid to the Casino Revenue Fund and 75 percent retained by the licensee for exclusive use in marketing. Monthly reporting and payment to the Division are required by the 20th day of each calendar month.

Requirements
  • Treat gaming-transaction obligations as expired if unclaimed by the patron within one year of the gaming transaction
  • Pay 25 percent of the total value of expired gaming debts to the Casino Revenue Fund and retain 75 percent exclusively for marketing purposes
  • Maintain a record of all gaming-related obligations that have expired
  • Report on or before the 20th day of each calendar month the total value of gaming debts that expired during the preceding month in the Division-prescribed format
  • Submit a check to the Division payable to the Casino Revenue Fund equal to 25 percent of the total expired gaming debts with the monthly report
  • Accept imposition of penalties and interest under N.J.S.A. 54:48-1 et seq. if the payment to the Casino Revenue Fund is late
9
Theme 9

Exclusion Lists & Enforcement

Honour the statewide mandatory-exclusion list, enforce it in real time at the Internet platform, remit forfeited winnings, and accept the full scope of DGE enforcement authority.

8 standards 7 player-flagged
88%
player-flagged
Regulatory risks this theme addresses
  • Excluded persons continuing to wager via the Internet platform
  • Forfeitable winnings paid out instead of remitted to the Division
  • Unauthorised Internet wagering conducted outside a Division permit
N.J.A.C. 13:69O — Internet & Mobile Gaming 2
§ 69O-1.2(r)

Patron complaint investigation and escalation

Player Rights

Each patron complaint related to Internet gaming must be investigated with a response to the patron within five calendar days. Unresolved complaints about accounts, game outcomes, or illegal activity must be forwarded to the Division with all documentation; other complaints are reported biweekly or at a Division-approved frequency.

Requirements
  • Investigate each complaint and respond to the patron within five calendar days
  • Forward unresolved account/game-outcome/illegal-activity complaints and full documentation to the Division
  • Provide other complaint categories (passwords, chat, technical) biweekly or at a Division-approved cadence
§ 69O-2.1

Reciprocal agreements and non-permit-holder premises ban

Bonus & Ads

The Division may authorize New Jersey permit holders to accept wagers from patrons outside New Jersey under a state-level reciprocal agreement consistent with federal and foreign law. No organization other than a permitted Atlantic City casino or its Internet gaming affiliate (with all equipment located in Atlantic City) may make its premises available for Internet wagering or advertise such use; violations carry penalties of $1,000 per patron per day and $10,000 per advertising violation.

Requirements
  • Authorize out-of-state Internet gaming only under a New Jersey reciprocal agreement not inconsistent with federal or foreign law
  • Prohibit non-permit-holder organizations from making their premises available for Internet casino wagering
  • Prohibit non-permit-holder organizations from advertising such premises use
  • Expose violators to $1,000 per patron per day and $10,000 per advertising violation penalties
N.J.A.C. 13:69G — Exclusion of Persons 5
§ 69G-69G-1.2

Mandatory exclusion list — who qualifies

Player Rights

New Jersey maintains a list of persons required to be excluded or ejected from every licensed casino and from Internet gaming. A person qualifies based on a prior gaming-related conviction, a career/documented cheating or organized-crime affiliation, or conduct posing a threat to the integrity of casino gaming.

Requirements
  • Screen patrons against the Division's exclusion list before allowing play
  • Deny wagering access to anyone meeting the listed criteria
  • Maintain procedures to detect excluded persons attempting to register
  • Report suspected excluded persons to the Division
  • Retain documentation of screening and denials
  • Train staff on exclusion criteria and response procedures
Criteria are disjunctive — any one ground supports placement on the list.
§ 69G-69G-1.5

Operator duty to exclude listed persons

Player Rights

Once a person is placed on the exclusion list, every licensed casino and Internet gaming permit holder has an affirmative duty to prevent that person from gaming on its premises or through its online platform. The duty attaches upon notice of the listing.

Requirements
  • Deny entry and wagering to any person on the exclusion list
  • Block registered-account access for excluded persons on Internet platforms
  • Eject or close accounts upon discovery of an excluded patron
  • Maintain a current copy of the Division's exclusion list
  • Coordinate with security/compliance to enforce the list in real time
§ 69G-69G-1.6

Forfeiture of winnings by excluded persons

Player Rights

Any winnings accrued by a person on the exclusion list while wagering at a licensed casino or via Internet gaming are subject to forfeiture. Operators must withhold payouts to identified excluded persons and remit the funds as directed by the Division.

Requirements
  • Withhold payment of winnings to any patron identified as on the exclusion list
  • Report the withheld winnings to the Division
  • Remit forfeited funds in accordance with Division direction
  • Document the incident, including identification evidence
  • Close or suspend the account pending investigation
§ 69G-69G-1.7

Petition for removal from the exclusion list

Player Rights

A person placed on the exclusion list may petition the Division for removal after a fixed waiting period. The petitioner bears the burden of demonstrating that the original grounds no longer warrant exclusion.

Requirements
  • Recognize Division-issued removal orders and restore access promptly
  • Do not rely on expired exclusion entries after Division notice
  • Update internal exclusion databases upon Division notification
  • Preserve records of the individual's prior exclusion for audit
§ 69G-69G-1.8

Confidentiality of exclusion list data

Player Rights

The exclusion list and related investigative records are confidential. Licensees receiving the list must use it solely for compliance purposes and must not disclose it except as authorized by the Division.

Requirements
  • Restrict access to the exclusion list to authorized compliance staff
  • Do not publish, share, or republish list contents
  • Use list data only to enforce exclusion duties
  • Apply the same confidentiality to investigative materials received
  • Securely destroy outdated copies per Division guidance
N.J.S.A. 5:12 Article 6C — Casino Control Act (Internet Gaming) 1
§ 5:12-95.24

Penalties for unauthorized Internet gaming

Conducting Internet wagering without Division authorization, or violating Article 6C requirements, exposes operators to suspension or revocation of their permit and to civil penalties. The Division retains full enforcement authority over Internet gaming.

Requirements
  • Operate Internet wagering only within the scope of the Division-issued permit
  • Report suspected unauthorized activity to the Division
  • Cooperate with Division investigations and examinations
  • Remediate violations promptly upon Division notice
  • Maintain evidence and records to demonstrate compliance