The Nevada Gaming Commission ('NGC') announced, on 22 December 2022, that it had adopted regulations creating new cybersecurity requirements for certain gaming operators, which came into effect on 1 January 2023. In particular, the NGC stated that the regulations introduce new requirements for gaming operators including:

• taking all appropriate steps to secure and protect their information systems from the ongoing threat of cyber attacks;
• documenting in writing all procedures taken to comply with the regulations and the results thereof, and maintaining all such records for a minimum of five years from the date they are created, to be provided to the Nevada Gaming Control Board ('the Board') upon request;
• conducting an initial risk assessment and developing the cybersecurity best practices they deem appropriate;
• continuous monitoring of cybersecurity risks to their business and adopting appropriate modifications;
• providing written notice to the Board as soon as practicable but no later than 72 hours after becoming aware of a cyber attack; and
• investigating cyber attacks (or engaging a third party to do so), preparing a report documenting the results of the investigation, and informing the Board of the completion of the report and providing a copy thereof upon request. 

Notably, the NGC highlighted that covered entities have until 31 December 2023 to fully comply with these assessments and best practice requirements.

You can read the press release here.