Skip to content
2,151 standards indexed across 19 jurisdictions View the Atlas
3 hubs live · 3 more in the pipeline See all compliance topics
Daily news + multi-week series Browse all insights
3 tools live · 4 interactive tools in development Roadmap
Topic · cross-market

Data retention & record keeping

What the regulator can look back and see

Every indexed technical standard requires tamper-evident logging of wager events and configurable retention of account events. Retention periods range from five years (most European markets) to seven or ten years in US-state standards. The technical detail, hash-chained logs, offline snapshotting, regulator-accessible read endpoints, is broadly consistent across the GLI-19 / equivalent test suite used globally.

  • 20frameworks indexed
  • 14with matched standard
  • 70%topic coverage

Side by side

Best-match standard per framework. Scored against titles, requirements and editorial tags, click through for the full text.

Market Standard Excerpt Source
AGCO S 5.47 Logging and response to inappropriate use Inappropriate use of system accounts on the gaming system shall be logged, reviewed and responded to within a reasonable period of time. (Also applicable to Gaming-Related Suppliers) Open ↗
AGLC AGLC 4.3.3 There must be a mechanism in place to ensure that if logging is interrupted, compensating manual controls are … There must be a mechanism in place to ensure that if logging is interrupted, compensating manual controls are used, where reasonable Open ↗
Coljuegos Coljuegos — audit logs and integrity Comprehensive audit logging across the platform The platform must capture audit logs across registration, deposits, bets, prizes, withdrawals and administrative actions. Logs must be tamper-evident, retained for the period required and made available to Coljuegos on r… Open ↗
DGA AML — Records Record keeping and DGA audit access Operators must retain CDD records (identity and verification data, copies of ID documents), documentation and records of transactions, and records of § 25 investigations (§ 30, stk. 1); the default retention period und… Open ↗
DGOJ No standard directly indexed Open ↗
DIA AML/CFT retain [IN FORCE] 5-year record retention Reporting entities must retain customer-identification records, transaction records, training records and SAR-filing evidence for at least 5 years from the end of the customer relationship (for identification records) or… Open ↗
GCB Record-keeping five years Retention of identification and transaction records Identification documents, CDD records and transaction records must be retained for at least five years after the end of the customer relationship. Records must be retrievable promptly on supervisory or law-enforcement re… Open ↗
GGL No standard directly indexed Open ↗
MGA PPD 12-13 Pre-registration exclusion and record retention Individuals not previously registered who contact the licensee to be excluded from future gaming must not be allowed to register or play until they revoke the request in writing. Circumvention attempts by an already-excl… Open ↗
MGCB R TS-LOGGING System logging and retention The platform must log every wager, every session event, every account event (login, deposit, withdrawal, limit change), and every administrative action. Logs must be tamper-evident, replicated to a secondary store, and r… Open ↗
MINCETUR No standard directly indexed Open ↗
NJ DGE § 69O-1.8 Mandatory gaming system logging Gaming systems must keep separate, independently administered logs of account creation/termination, software installations/removals, game availability changes, promotions issued, authentication attempts (retained 90 days… Open ↗
OCCC No standard directly indexed Open ↗
PA PGCB 58 Pa. Code § 805.5 Account statements and transaction history Operators must provide players with real-time balance information and at least twelve months of itemised account history — deposits, withdrawals, wagers, and bonuses — together with a visible dispute-resolution conta… Open ↗
PAGCOR RA 10927 sec. 14 Five-year record retention for casino AML records Section 14 of RA 10927 fixes a five-year minimum retention period for all casino AML records including customer identification, transaction records, account files, business correspondence and STR/CTR working papers. Reco… Open ↗
SEGOB RLFJS art. 50 Record retention period Article 50 fixes the minimum retention period for operating books, player-account records and supporting documentation, aligned with tax and AML retention obligations. Records may not be destroyed before the retention pe… Open ↗
SGA Ch16 §5 Five-year data retention Records relating to individual gambling transactions, player accounts and the gambling system must be retained for at least five years and be made available to the authority on request. Open ↗
SPA/MF Portaria SPA/MF 722/2024 art. 28 Audit log of every bet and account event Every bet placed, every account event and every administrator action must be recorded in an immutable, time-synchronised audit log. The log must be retained for at least five years and made available to SPA/MF on demand. Open ↗
UKGC LCCP No standard directly indexed Open ↗
UKGC RTS No standard directly indexed Open ↗

The policy trend line

1

Hash-chained event logs are now the default

Denmark's SAFE and TamperToken standards make the integrity mechanism explicit. Ontario Standards 5.x require tamper-evident logging. UK RTS 17 sets out event-data recording requirements. The cryptographic integrity layer is no longer optional in any modern technical standard.

2

Ohio: logs sufficient to reconstruct wagers, accounts and integrity events

Ohio requires sports gaming systems to authenticate the patron for each session and preserve logs sufficient to reconstruct any wager, account transaction or integrity-monitoring event, under OAC 3775-9-01, with incident-relevant records preserved under OAC 3775-16-17. Our index does not name a specific retention-year count for the Ohio corpus; exact periods sit in the Commission's published internal-control requirements.

Frequently asked

How long must wager logs be retained?

Most European markets require 5-year retention as the baseline (aligned with AML rules). US-state standards often require 5–7 years; some extend to 10 for specific events. Always check the technical-standard document for your licence, exact periods vary by event type.

Primary sources

Every claim above traces to one of these citations. Matched standards link straight into the framework explorer; overlay facts link to the RG Observatory card with its audit note.

Indexed standards

Built 2026-07-14 from the same datasets that power the framework explorers. Not legal advice; verify against the issuing regulator.