The Gaming Industry Cybersecurity Act mandates that all casino and sports wagering licensees, along with their contracted operators, establish and implement a cybersecurity program that aligns with the latest standards set by the National Institute of Standards and Technology or the International Organization for Standardization. Within 180 days of the bill's enactment, these entities must also create employee training programs on cybersecurity best practices. Additionally, they are required to conduct annual audits of their cybersecurity programs by an independent third party, with findings submitted to the Division of Gaming Enforcement and the New Jersey Cybersecurity and Communications Integration Cell. The bill outlines specific regulations for employee training, audit assessments, and breach reporting protocols, including a 72-hour notification requirement for any cybersecurity breaches.

Furthermore, the bill introduces a safe gaming certification program for those who exceed minimum cybersecurity standards, which includes enhanced encryption, transparency measures, and independent audits. Certified entities will receive a Safe Gaming Seal for display on their platforms. Noncompliance with the cybersecurity requirements can result in fines of $10,000 for the first offense and $20,000 for subsequent offenses, with potential license suspensions for repeated violations. The Division of Gaming Enforcement, in collaboration with the Cybersecurity and Communications Integration Cell, is tasked with producing an annual report on the implementation of the act and emerging threats in the gaming industry.