United States of America: Implemented Nevada Gaming Commission Regulations to create cybersecurity requirements for certain gaming operators

On 1 January 2023, the Nevada Gaming Commission (NGC) Regulations to create cybersecurity requirements for certain gaming operators entered into force. Gaming operators are required to take all appropriate steps to protect their systems from cyber attacks, protecting both their own information and their patrons and employees. Gaming operators are required to document all procedures undertaken and maintain these records for at least five years. In case of a cyber attack, defined as including acts and attempts aimed at disrupting, destroying or controlling a system or obtaining information, the operator must provide written notice to the Board within 72 hours of becoming aware of it. In addition, group I licensees are required to designate an individual responsible for cybersecurity, including audits, best practices and accounting. The requirement for operators to conduct an initial risk assessment, continuously monitor risks, and implement cybersecurity best practices will be implemented on 31 December 2023.