Back to New Jersey

A1550 • 2026

Requires adoption and implementation of cybersecurity standards by casinos and sportsbooks; establishes safe gaming certification program.

Requires adoption and implementation of cybersecurity standards by casinos and sportsbooks; establishes safe gaming certification program.

Technology
Passed Legislature

This bill passed both chambers and reached final enrollment, even if later executive action is not shown here.

Sponsor
Calabrese, Clinton
Last action
2026-01-13
Official status
Introduced, Referred to Assembly Tourism, Gaming and the Arts Committee
Effective date
Not listed

Plain English Breakdown

Using official source text because the generated explanation was unavailable or could not be confirmed against the official bill text.

Requires adoption and implementation of cybersecurity standards by casinos and sportsbooks; establishes safe gaming certification program.

Requires adoption and implementation of cybersecurity standards by casinos and sportsbooks; establishes safe gaming certification program.

What This Bill Does

  • Requires adoption and implementation of cybersecurity standards by casinos and sportsbooks; establishes safe gaming certification program.
  • Topic: Tourism, Gaming and the Arts Fiscal note: This bill has been certified by OLS for a fiscal note.

Limits and Unknowns

  • This entry is temporarily using official source text because the generated explanation could not be confirmed against the official bill text during the last sync.

Bill History

  1. 2026-01-13 New Jersey Legislature

    Introduced, Referred to Assembly Tourism, Gaming and the Arts Committee

Official Summary Text

Requires adoption and implementation of cybersecurity standards by casinos and sportsbooks; establishes safe gaming certification program.
Topic:
Tourism, Gaming and the Arts
Fiscal note:
This bill has been certified by OLS for a fiscal note.

Current Bill Text

Read the full stored bill text
A1550

ASSEMBLY, No. 1550

STATE OF NEW JERSEY

222nd LEGISLATURE

�

PRE-FILED FOR INTRODUCTION IN THE 2026 SESSION

Sponsored by:

Assemblyman CLINTON CALABRESE

District 36 (Bergen and Passaic)

SYNOPSIS

���� Requires adoption and implementation of cybersecurity
standards by casinos and sportsbooks; establishes safe gaming certification
program.

CURRENT VERSION OF TEXT

���� Introduced Pending Technical Review by Legislative
Counsel.

��

An Act
requiring the adoption of cybersecurity programs by
casinos and sportsbooks operating in this State and supplementing Title 5 of
the Revised Statutes.

����
Be It
Enacted
by the Senate and General Assembly of
the State of New Jersey:

���� 1.��� This act shall be known
and may be cited as the �Gaming Industry Cybersecurity Act.�

���� 2.��� As used in this act,
P.L.��� , c.��� (C.������� ) (pending before the Legislature as this bill):

���� �Contracted operator� means an
Internet gaming affiliate, casino service industry enterprise, and any other
person or entity contracted by a casino licensee or sports wagering licensee to
perform gaming-related services.

���� �Cybersecurity� means the
practice of protecting networks, devices, and data from unauthorized access or
criminal use and the practice of ensuring confidentiality, integrity, and
availability of information.

���� �Cybersecurity and
Communications Integration Cell� means the New Jersey Cybersecurity and
Communications Integration Cell established pursuant to Executive Order No. 178
(2015) in the New Jersey Office of Homeland Security and Preparedness, or any
successor entity.

���� �Division� means the Division
of Gaming Enforcement in the Department of Law and Public Safety.

���� 3.��� a.� (1)� Within 180 days
of the effective date of
P.L. , c. (C. )
(pending before the Legislature as this bill), all casino licensees and sports
wagering licensees, and their contracted operators, licensed and operating in
this State under chapters 12 and 12A of Title 5 of the Revised Statutes, shall
establish and implement a cybersecurity program that substantially complies
with the most recent cybersecurity framework developed by the National
Institute of Standards and Technology or the 27000 family of standards for an
information security management system jointly published by the International
Organization for Standardization and International Electrotechnical Commission.�
�

���� (2)� Each casino licensee,
sports wagering licensee, or contracted operator, shall establish an employee
training program to familiarize their employees with the cybersecurity program
and industry best practices.

���� b.��� In every calendar year
following the implementation of a cybersecurity program in accordance with
subsection a. of this section, all casino licensees and sports wagering
licensees shall, at their own expense, arrange for the conduct of an audit of
their cybersecurity program, and that of their contracted operators, by an
independent third party of sufficient technical expertise.� The audit shall
ensure the cybersecurity program that has been implemented complies with
applicable regulations and current industry best practices.� The auditor shall
certify the findings of the audit, which shall be submitted to the division and
the Cybersecurity and Communications Integration Cell by a date to be
determined by the division. �

���� c.��� Whenever a final
revision to one or more of the frameworks listed in subsection a. of this
section is published, a casino licensee, sports wagering licensee, or
contracted operator whose cybersecurity program substantially complied with
that framework shall revise their cybersecurity program to substantially comply
with the revised framework, and submit a copy of the revised cybersecurity
program to the division and the Cybersecurity and Communications Integration
Cell, no later than 180 days after publication of the revised framework.�

���� d.��� The division, in
consultation with the Cybersecurity and Communications Integration Cell and
pursuant to the �Administrative Procedure Act,� P.L.1968, c.410 (C.52:14B-1 et
seq.), shall promulgate rules and regulations necessary for the implementation
of this act.� At a minimum, such rules and regulations shall:

���� (1)� identify classes of
employees that will require cybersecurity training or advanced training;

���� (2)� determine the frequency
and methods of certification for employee cybersecurity trainings;

���� (3)� identify specific aspects
of the cybersecurity program that should be assessed in the course of required
audits;

���� (4)� establish the necessary
forms for submitting audits and certifications, as required by this section;

���� (5)� require the reporting of
any cybersecurity breach that affects the operations of a licensee, compromises
the personal data of patrons, or exposes financial systems information within
72 hours of said breach; and

���� (6)� establish procedures for
reporting cybersecurity breaches and protocols for response.

���� Such rules and regulations may
be supplemented and updated as necessary to reflect new cybersecurity
standards, and to address new threats to cybersecurity in New Jersey�s gaming
industry.

���� 4.��� In addition to any fines
or penalties otherwise available under State or federal law, a casino licensee,
sports wagering licensee, or contracted operator who violates the provisions of
section 3 of P.L.��� , c.��� (C.������� ) (pending before the Legislature as
this bill), or any rule or regulation promulgated thereunder, shall be liable
to a fine of $10,000 for the first offense and $20,000 for the second and
subsequent offenses.� If the violation is of a continuing nature, each day
during which it continues shall constitute an additional, separate, and
distinct offense. �The division may collect such fines in a summary proceeding
pursuant to the "Penalty Enforcement Law of 1999," P.L.1999, c.274
(C.2A:58-10 et seq.).

���� If a casino licensee, sports
wagering licensee, or contracted operator repeatedly violates the provisions of
section 3 of P.L. , c. (C. )
(pending before the Legislature as this bill), or fails to pay fines pursuant
to this section, the division may suspend any permit or license to conduct
gaming activities or perform related services for which the division is
responsible for issuance or renewal.

���� 5.��� a.� Within one year of
the effective date of
P.L. , c. (C. )
(pending before the Legislature as this bill), the division, in consultation
with the Cybersecurity and Communications Integration Cell and experts in
cybersecurity and responsible gaming, shall establish a safe gaming
certification program.� Casino licensees, sports wagering licensees, and their
contracted operators that meet or exceed the program�s minimum standards shall
be certified and shall receive a �Safe Gaming Seal� which may be prominently
displayed on their Internet websites, mobile gaming applications, and
advertisements in this State.

���� b.��� The minimum standards
for the safe gaming certification program shall include:

���� (1)� the use of enhanced
encryption and fraud detection systems;

���� (2)� transparency measures;

���� (3)� performance of
independent audits exceeding those required by law;

���� (4)� adoption of appropriate
artificial intelligence and blockchain security features; and

���� (5)� readily accessible
responsible gaming tools such as deposit and time limits.

���� c.��� Casino licensees, sports
wagering licensees, and contracted operators may apply for certification no
more than once during any three-year certification period, unless otherwise
permitted by the division.� Once approved, the certification shall remain valid
for a period of three years, unless revoked for noncompliance, breach, or
failure to maintain applicable cybersecurity or responsible gaming standards.�
The division shall establish the necessary forms, procedures, and timelines to
oversee the issuance and renewal of the safe gaming certification.

���� d.��� The division shall have
the authority to investigate and audit any certified casino licensee, sports
wagering licensee, or contracted operator upon suspicion of noncompliance, and
to hire or contract with cybersecurity experts as may be necessary to perform
such investigations and audits, and may revoke the certification upon a finding
that the minimum standards established pursuant to this section have not been
met.

���� e.��� The division shall
maintain a list of all certified casino licensees, sports wagering licensees,
and contracted operators, and shall publish this list on its official Internet
website.

���� 6.��� The division and the
Cybersecurity and Communications Integration Cell, shall prepare an annual
report summarizing the progress made towards implementation of this act,
P.L. , c. (C. )
(pending before the Legislature as this bill), and identifying emerging threats
in the gaming industry.� This report shall be published online, and shall be
submitted to the Legislature pursuant to section 2 of P.L.1991, c.164
(C.52:14-19.1).

���� 7.��� This act shall take
effect immediately.

STATEMENT

���� This bill establishes the �Gaming
Industry Cybersecurity Act.�

���� The bill requires that every
casino licensee and sports wagering licensees, and their contracted operators,
adopts and implements a cybersecurity program that substantially complies with
current best practices.� As best practices evolve, these cybersecurity programs
will be required to be updated.� Employees will be required to undergo
cybersecurity training as well.

���� The bill also requires all
casino licensees and sports wagering licensee, at their own expense, to arrange
for the conduct of an audit of their cybersecurity program and that of their
contracted operators, by an independent third party of sufficient technical
expertise.� The auditor will certify the findings of the audit and submit them
to the Division of Gaming Enforcement and the New Jersey Cybersecurity and
Communications Integration Cell by a date to be determined by the division in
each year following the adoption of a cybersecurity program.�

���� To implement the requirements
of this bill, the division, in consultation with the Cybersecurity and
Communications Integration Cell, will establish regulations that:

���� (1)� identify classes of
employees that will require cybersecurity training or advanced training;

���� (2)� determine the frequency
and methods of certification for employee cybersecurity trainings;

���� (3)� identify specific aspects
of the cybersecurity program that should be assessed in the course of required
audits;

���� (4)� establish the necessary
forms for submitted audits and certifications, as required by this section;

���� (5)� require the reporting of
any cybersecurity breach that affects the operations of a licensee, compromises
the personal data of patrons, or exposes financial systems information within
72 hours of said breach; and

���� (6)� establish procedures for
reporting cybersecurity breaches and protocols for response.

���� The bill provides that
licensees and their contracted operators that fail to meet the new
cybersecurity requirements will be liable to a fine of $10,000 for the first
offense, and $20,000 for the second and each subsequent offense.� Continued
violations, or a failure to pay fines, may result in the suspension of licenses
to conduct gaming activities or perform related services.

���� The bill also establishes a
safe gaming certification program for licensees and contracted operators that
exceed minimum standards in cybersecurity.� The minimum standards will include:

���� (1)� the use of enhanced
encryption and fraud detection systems;

���� (2)� transparency measures;

���� (3)� performance of
independent audits exceeding those required by law;

���� (4)� adoption of appropriate
artificial intelligence and blockchain security features; and

���� (5)� readily accessible
responsible gaming tools such as deposit and time limits.

���� If these standards are met,
the licensee and contracted operator will be awarded a �Safe Gaming Seal� which
may be displayed prominently on their Internet gaming website, mobile
applications, and in advertisements.

���� Finally, the bill requires the
division and the Cybersecurity and Communications Integration Cell to complete
an annual report assessing the implementation of cybersecurity programs under
the bill and identifying emerging threats in the gaming industry.