United States of America: Adopted Nevada Gaming Commission Nevada Gaming Commission Regulations to create cybersecurity requirements for certain gaming operators

On 22 December 2022, the Nevada Gaming Commission (NGC) adopted the Nevada Gaming Commission (NGC) Regulation amendments on cybersecurity. Gaming operators would be required to take all appropriate steps to protect their systems from cyber attacks by protecting their own information and their patron's and employee data. The operators would be required to document all procedures undertaken and maintain these records for at least five years. Establishments would have to conduct an initial risk assessment, continuously monitor risks, and implement cybersecurity best practices. In case of a cyber attack, defined as including acts and attempts aimed at disrupting, destroying or controlling a system or obtaining information, the operator must provide written notice to the Board within 72 hours of becoming aware of it. In addition, group I licensees will be required to designate an individual responsible for cybersecurity, including audits, best practices and accounting. The provisions come into effect on 1 January 2023 with a grace period terminating on 31 December 2023 for the obligation to conduct a risk assessment and implement the best cybersecurity practices.