The Registrar is appointed under the Alcohol, Cannabis and Gaming Regulation and Public Protection Act, 1996 and has powers and duties under the Gaming Control Act, 1992 and its Regulations. Under the Interim Standards and Requirements Established by the Registrar pursuant to section 3.8 of the Gaming Control Act, 1992, the Registrar is authorized to establish certain standards and requirements for the conduct, management and operation of Gaming Sites, lottery schemes or businesses related to a Gaming Site or a lottery scheme or for goods or services related to that conduct, management or operation. The Registrar has established these Casino Electronic Gaming Devices and Gaming Systems Minimum Technical Standards (“Minimum Technical Standards”) as the minimum standards electronic Gaming Devices and Gaming Systems must meet for approval by the Registrar.  These Minimum Technical Standards are based on the principles of technical integrity, public interest and security of the Gaming Devices and the Gaming Systems, including their accounting capability. 

In order to minimize duplication, the Alcohol and Gaming Commission of Ontario is open to placing reliance on Gaming-Related Supplier’s internal quality assurance and testing.  Gaming-Related Suppliers are encouraged contact Ontario’s Gaming Lab to explore opportunities for reliance on their testing, as appropriate.  The Registrar may also decide to approve, with limited review, the Gaming Device or Gaming System, as the case may be, if it has been approved in another jurisdiction where gaming is legal and the jurisdiction has similar standards.  (Note: This is not meant to delay submission to Ontario – the objectives of “First-to-Market” and “Speed-to-Market” should be maintained).  The Gaming-Related Suppliers may provide the appropriate supporting information with the submission for consideration by the Registrar.

These revised Minimum Technical Standards will become effective July, 22, 2019.  Gaming-Related Suppliers may seek a waiver if their electronic Gaming Devices and Gaming Systems submitted for approval after the release of these standards are only in compliance with the previous version of the standards.

From time to time, as necessary, modifications will be made to these Minimum Technical Standards.

Other Standards and Requirements Applicable

Gaming-Related Suppliers and Operators of electronic Gaming Devices and Gaming Systems must comply with these Minimum Technical Standards.  These Minimum Technical Standards are a detailed set of requirements to which Gaming Devices and Gaming Systems must conform. In addition, server-assisted and server-based Gaming Devices and Gaming Systems must comply with the Server-Assisted and Server-Based Gaming Minimum Technical Standards. These Minimum Technical Standards are designed to be consistent with the Registrar’s Standards for Gaming, and as comprehensive as practicable; however, in the event of any conflict or inconsistency with these Standards and the Registrar’s Standards for Gaming, the Registrar’s Standards for Gaming shall prevail over the Minimum Technical Standards.   Please see the Registrar’s Standards for Gaming for additional information.

Note:  At this time the Registrar’s Standards for Gaming do not apply to the Gaming-Related Suppliers.  Requirements from the Registrar’s Standards for Gaming that apply to the Gaming-Related Suppliers have been incorporated into this document.

The AGCO is a modern regulator, committed to ensuring that gaming is carried out in the Province of Ontario in keeping with the principles of technical integrity, security, accounting capability, and the public interest.

Recognizing that the gaming sector continues to evolve and that the introduction of new technologies provides opportunities for regulated entities in Ontario, the AGCO affirms its desire to address new technologies affecting the gaming sector in an expeditious and open manner.

Therefore, where a Gaming-Related Supplier or Operator has questions about the application of these Standards to new technologies that seem to fall entirely or in part outside of the Standards, the AGCO is open to engaging with Gaming-Related Suppliers to understand the nature of those technologies and how and whether those technologies can be addressed by existing Standards, either through their application or in light of them through the principles of technical integrity, security, accounting capability, and the public interest.

Associated Equipment: Any internal or external equipment that is not part of the Gaming Device itself and is required for its complete operation, e.g. progressive controllers, Bill Validators, printers, etc.

Attendant Pay Limit: The value above which, or at or above which, all cash-outs will be paid by an attendant.

Bet:  An amount risked in a wager (as defined in the Registrar’s Standards for Gaming).

Bill Validator: An electronic device that accepts Vouchers, Coupons, or valid legal tender in the form of bills, or rejects those items when invalid.

Cashless Wagering System: The collective hardware, software and other equipment used to facilitate wagering without chips, tokens, or legal tender of Canada.

Casino:  A type of Gaming Site in which lottery schemes conducted and managed by OLG are played in a physical premises that is not a cGaming site (as defined in the Registrar’s Standards for Gaming).

Coin: Legal tender in the form of coins or other forms of consideration represented by tokens, which can be inserted into the Gaming Device by a player intending to place a Bet, or such coins or tokens when received as a payout from a Gaming Device.

Coin Validator: A Coin Acceptor or Coin Comparator used by the Gaming Device that accepts or rejects inserted Coin(s) or token(s) after validation.

Community Bonus:  A type of bonus Play where two or more Games are connected to a controller that allows players to collaborate or compete for a shared prize.

Control Program:  Any software, source language or executable code which controls Game operation, accounting, and interfaces with the Gaming System and peripherals.  This term includes, but is not limited to, software, source language or executable code associated with the random number generation process, mapping of random numbers to Game elements to determine Game outcome, evaluation of the selected Game elements to determine win or loss, payment of winning Bets, Game recall, Game accounting including the reporting of meter information to the slot accounting system, monetary transactions conducted with Associated Equipment, software verification and authentication functions which are specifically designed and intended for use in Gaming Devices, monitoring and generation of Game tilts or error conditions, and gaming operating systems which are specifically intended for use in Gaming Devices.

Controls: The individual policies, procedures, business processes, monitoring systems, structures, accountabilities, tools and instruments, etc., that comprise the control environment management establishes to address the regulatory risks identified by the AGCO and achieve the regulatory objectives reflected in the Standards and Requirements (as defined in the Registrar’s Standards for Gaming). 

Coupon: A printed Wagering Instrument that has a fixed dollar wagering value that can only be used to acquire non-cashable credits.

Critical Game Data: Stored data that is considered vital to the integrity, security and accounting for the continued operation and maintenance  of the Gaming Device. This includes, but is not limited to:

1. RNG outputs, results, or both;
2. Accounting meters;
3. Credit meters;
4. Gaming machine data, Game configuration data, or both;
5. Game history data;
6. Financial transactions;
7. Significant event logs;
8. Current game state (e.g. to enable recovery from unexpected interruptions).

Critical Game Options: Options and configurations of software, which, if configured incorrectly, would result in unintended operation or an integrity issue.  The following list contains some examples of Critical Game Options:

1. Game configurations (payout percentage, lines, denominations, etc.);
2. Progressive type (e.g. Standalone, Linked, Wide Area, etc.);
3. Jurisdiction, as applicable, when the jurisdiction controls one or more Critical Game Options;
4. Tournament mode.

Critical Memory: Memory locations storing Critical Game Data. 

Critical Software: Any software and data which affects the integrity or outcome of a Game, the interpretation of Game Play, or accounting or metering information.  This includes, but is not limited to, any software that comprises the Control Program; or is used to control Game functions, Game outcome, payout, security BIOS (where part of chain of trust), or accounting functions; and related data including fixed data and graphics files used to interpret Game Play or outcome.  It can also include Gaming System software such as that pertaining to maintenance of accounting, alarm information or software used to process gaming transactions.  Critical Software does not include Critical Game Data.

Cryptographic RNG:  An RNG which is resistant to attack or compromise by an intelligent attacker with modern computational resources, and who has knowledge of the source code of the RNG, its algorithm, or both. Cryptographic RNGs cannot be feasibly ‘broken’ to predict future values.

Cyclic Redundancy Check (CRC):  A software algorithm used to verify the accuracy of data during its transmission, storage, or retrieval. The algorithm is used to validate or check the data for possible corruption or unauthorized changes.

Disabled: Any condition when the Game is unplayable.

Eligible Individual:  Those persons who are not prohibited from accessing Gaming Sites or playing lottery schemes (as defined in the Registrar’s Standards for Gaming).

The following individuals shall not be permitted access to the Gaming Site:

a. An individual under 19 years of age where the Gaming Site is a Casino, except in the course of employment;

b. An individual under 19 years of age where the gaming site is an iGaming site, except where the individual is at least 18 years of age and is accessing the gaming site solely for the purpose of purchasing a lottery ticket, or in the course of employment;

d. Individuals who appear to be intoxicated if the Gaming Site is a physical premises;

e. Every individual who advises the Operator or OLG that the individual is participating in a self-exclusion process established by OLG that applies to the Gaming Site, unless the individual is accessing the Gaming Site in the course of their employment;

f. An individual who is known by the Operator to have been restricted from accessing the Gaming Site or playing a lottery scheme as a condition of a court order;

g. Individuals who the Operator or OLG have reason to believe have been excluded from the Gaming Site under subsection 3.6(1) of the Gaming Control Act

The following individuals shall not be permitted to play lottery schemes

a. An individual under 19 years of age where the Gaming Site is a Casino

b. An individual under 19 years of age where the gaming site is an iGaming site, except where the individual is at least 18 years of age and is accessing the gaming site solely for the purpose of purchasing a lottery ticket;

d. Individuals who appear to be intoxicated if the Gaming Site is a physical premises;

e. Every individual who advises the Operator or OLG that the individual is participating in a self-exclusion process established by OLG that applies to the Gaming Site;

f. An individual who is known by the Operator to have been restricted from accessing the Gaming Site or playing a lottery scheme as a condition of a court order;

g. Individuals who the Operator or OLG have reason to believe have been excluded from the Gaming Site under subsection 3.6(1) of the Gaming Control Act;

h. Officers, members of the board of directors or partners of the Operator;

i. Registered gaming assistants of an Operator or OLG employed at any Gaming Site operated by the Operator or OLG;

j. Executives or staff of a trade union who represent or negotiate on behalf of employees employed at the Gaming Site;

k. Employees of registered suppliers who maintain or repair Gaming Devices or Gaming Systems at the Gaming Site;

l. Members or employees of the AGCO;

m. Officers, members of the board of directors, or employees of OLG, unless they are within the description set out in subsection 22(6) of Ontario Regulation 78/12 (i.e. they are registered as category 2 gaming assistants or otherwise not required to be registered by the AGCO).

Gamble Feature: An option to allow a player to gamble the prize, or a portion of the prize, they receive from a winning wager in a Bet defined by the rules of the Game.  

Game: A wagering scheme with the outcome based on pure Chance, mixed Chance and Skill, or pure Skill.

Gaming Device:  Same as Gaming Supplies.  (Refers to gaming equipment that could influence or is integral to the conduct, management or operation of a lottery scheme, as defined in the Registrar’s Standards for Gaming).

Gaming Management System:  A Gaming System that includes one or more of a Slot Accounting System, Slot Monitoring System, or Cashless Wagering System.  The system interface devices deployed at the Gaming Site to communicate directly between the Gaming Devices and the Gaming Management System are considered part of the Gaming Management System.

Gaming-Related Supplier:  A person who manufactures, provides, installs, tests, maintains, or repairs gaming equipment or who provides consulting or similar services directly related to the playing of a lottery scheme or operation of a Gaming Site (as defined in the Registrar’s Standards for Gaming).

Gaming Session:  The period of time commencing when a player initiates a Game or series of Games on a Gaming Device by committing a Bet and ending at the time of a final Game outcome for that Game or series of Games and coincident with the opportunity for the player to retrieve their credit balance.

Gaming Site:  A premises or an electronic channel maintained for the purpose of playing or operating a lottery scheme (as defined in the Registrar’s Standards for Gaming).

Gaming Supplies:  Refers to gaming equipment that could influence or is integral to the conduct, management or operation of a lottery scheme (as defined in the Registrar’s Standards for Gaming).

Gaming System:  Includes hardware, software, applications and all associated components of Gaming Devices and the technology environment (as defined in the Registrar’s Standards for Gaming).

Hash: The value returned by a Hash function (a one-way algorithm that deterministically generates fixed-length output data based upon a set of input data).

Hopper: An electromechanical assembly inside the machine that receives, holds and dispenses Coins. When the Hopper is full, Coins are diverted to the drop box.

Jackpot Limit: The value above which all prizes require attendant intervention in order to be paid.

Kiosk: A device that is connected to at least one of a Kiosk backend system, Slot Monitoring System, Slot Accounting System, or Cashless Wagering System that is capable of accepting Wagering Instruments and providing cash redemption or automated jackpot redemption functionality, and potentially other gaming related functions. 

Metamorphic Game: A Game where free Games, feature Games or prizes (other than progressive jackpots) are triggered by the cumulative result of a series of Plays.

Example: a metamorphic Game may award tokens during Game Play which accumulate from Game to Game and trigger a prize once a certain number are accumulated.  When no tokens have been accumulated, it may not be possible to trigger the prize on the next Game; however, once a certain number of tokens have been accumulated, it would be possible to trigger the prize. 

Mystery Award:  An award that is not associated to any specific Game outcome, and is awarded randomly.

OLG:  The Ontario Lottery and Gaming Corporation.  For the purposes of these Standards, OLG is also an Operator (as defined in the Registrar’s Standards for Gaming).

Operator:  A person who operates a Gaming Site, and includes OLG (as defined in the Registrar’s Standards for Gaming).

Optimal Play or Strategy: The choice from among more than one option presented to a player by a Game which, if selected by the player, offers the greatest theoretical payout percentage to the player.

Persistence Game:  A Game that is associated with a unique attribute (e.g. player identifier, Game or Gaming Device identifier, etc.) and incorporates a feature that enables progress towards the award of Game play enhancements, bonuses, or both through the achievement of some designated Game outcome.  These additional offerings become available when the player has achieved specific thresholds defined for Game play.

Printed Circuit Board (PCB) - A hardware component of a computer or other electronic device, consisting of a flat piece of a non-conductive, rigid material to which Integrated Circuits (ICs) and other electronic components such as capacitors, resistors, etc. are mounted. Electrical connections are made between the ICs and components using a copper sheet that is laminated into the overall board assembly.

Play: All gaming events that may be initiated by the making of a specific Bet.  A Play includes the making of a Bet, the activation of the Game by the player and an indication to the player of the outcome of the Bet including, if an award is won, the payment of the award.

Printer Limit: The maximum amount that can be cashed out by printing a Voucher. 

Progressive Game: A Game that contributes to a jackpot award or other feature of the Game as defined by the Game rules.  

Randomness or Chance: Observed unpredictability and absence of a pattern in a set of events that have definite probabilities of occurrence.

Random Number Generator (RNG): Hardware, software, or both used to generate numbers which exhibit Randomness.

Registrar:  The Registrar of Alcohol and Gaming under the Alcohol and Gaming Regulation and Public Protection Act, 1996 (as defined in the Registrar’s Standards for Gaming).

Restricted Technical Procedure:  Refers to a procedure, tool or other mechanism that requires special software, special access identifier, or other information or technology that is restricted to specific staff members employed at a Gaming Site (e.g. supervisors).

Scripting: a programmed sequence of events included in a Game that is used to disclose a randomly pre-selected variable outcome to a player in a particular manner but does not otherwise affect the outcome.

Skill: The knowledge, dexterity or any other ability or expertise of a natural person.

Skill-Based Gaming:  Any Game where the expected payback of a committed Bet is dependent in whole or in part upon the player’s Skill.  To further clarify, a Game is considered Skill-Based when the ratio of the expected return from optimal Play to the expected return from worst Play is at least 1.005 when calculated using the overall theoretical return to player (RTP) of the Game.

Strategy: A choice, or set of choices, for how to proceed in a Game where the decision impacts the expected payback of a committed Bet.  To further clarify, a decision is considered strategy when the ratio of the expected return from optimal choice to the expected return from worst choice is at least 1.005 when calculated using the overall theoretical return to player (RTP) of the Game.

Slot Accounting System:  A Gaming System used by the Gaming Site to capture the accounting meters for Gaming Devices at the Gaming Site.

Slot Monitoring System:  A Gaming System used by the Gaming Site to monitor Gaming Devices and their events.

Tilt:  A programmed error state for a Gaming Device.

Top Award:  The highest displayed award. 

Voucher:  A printed Wagering Instrument that has a fixed dollar wagering value that may only be used to acquire an equivalent value of cashable credits or payment.

Wagering Account:  An electronic ledger for a Cashless Wagering System player deposit account wherein the following types of transactions are recorded:

1. Deposits and withdrawals of cash or cash equivalents at a designated area of accountability;
2. Deposits initiated with a debit instrument;
3. Wagering account transfers to and from Gaming Devices; and
4. Wagering account adjustments.

Wagering Account Transfer (WAT):  A transfer of funds between a Cashless Wagering System Wagering Account and Gaming Devices.

Wagering Instrument: Monetary Coins, tokens, currency, Vouchers, Coupons, or electronic payment mechanisms made within the Gaming Site accepted by Gaming Devices with intent to place Bets by the player or receive as a payout from the Gaming Devices.

Wide Area Progressive (WAP): A progressive jackpot that is available to be won at multiple Gaming Sites.

Per the Interim Standards and Requirements Established by the Registrar pursuant to section 3.8 of the Gaming Control Act, 1992, all Gaming Devices and Gaming Systems must be submitted to the Registrar for approval and approved for use in Ontario prior to being provided to any Gaming Site.  The Registrar has determined that some types of Gaming Devices and Gaming Systems may be pre-approved.  These types of products will not need to be submitted to the Registrar for approval and will be considered as pre-approved Gaming Devices and Gaming Systems, provided specified conditions are met.  This is based on these types of Gaming Devices and Gaming Systems being of low risk and reliance being placed on the Gaming-Related Supplier’s quality assurance and compliance with any applicable standards.  Two categories of pre-approved Gaming Devices and Gaming Systems have been determined; pre-approved Gaming Devices and Gaming Systems not requiring notification, and pre-approved Gaming Devices and Gaming Systems requiring notification.

 

The objective of the requirements in this section is to identify and establish the conditions under which Gaming Devices and Gaming Systems may be provided to the Gaming Sites in Ontario without seeking the Registrar’s approval.

1.1 Gaming Devices and Gaming Systems Pre-Approved for Use in Ontario without Requiring Notification

1.1.1 The following Gaming Devices and Gaming Systems are deemed to be approved by the Registrar for use in Ontario without notification required to the AGCO Gaming Lab by the Gaming-Related Supplier:

1. Bill Validator hardware;
2. Coin Validator hardware;
3. Coin Validator software;
4. Coin Hopper;
5. Button panel hardware and software;
6. Modifications to a previously approved Gaming Device cabinet that does not impact Game integrity or security
7. Modifications to previously approved motherboards or previously approved other printed circuit boards (PCB) that have the same architecture as the previously approved motherboard or PCB, and that does not contain any embedded Critical Software;
8. Any other PCB that does not include logic that could impact gaming integrity;
9. Printer hardware;
10. Printer software;
11. Display or sound controller firmware or software that only displays graphics, plays sounds, or both but does not store graphics or sounds that are integral to gaming nor have logic that could impact gaming integrity;
12. Display or sound controller hardware, including progressive displays;
13. Monitors;
14. Video and graphics cards;
15. Off-the-shelf networking infrastructure such as routers, switches, and cables not modified for the purposes of being used for gaming;
16. Off-the-shelf computers not modified for the purposes of being used for gaming;
17. Protocol conversion software for use with industry standard protocols;
18. Mechanical reel driver firmware;
19. Mechanical reel hardware (excluding reel strips for specific Games, which must be included with the submissions of those Games);
20. Power supplies;
21. Top box or Topper hardware that does not contain logic that could impact gaming integrity;
22. Storage devices (e.g. CF card, CFast card, hard drive, solid state drive, etc) excluding all data and files stored on the devices; and
23. Random access memory (RAM) modules.

1.1.2 The Gaming Devices and Gaming Systems listed in standard 1.1.1 must meet the following conditions:

1. The Gaming Devices and Gaming Systems when installed must meet these Minimum Technical Standards and must not suffer from nor introduce any integrity, security, public interest, and accounting capability concerns;
2. The Gaming Devices and Gaming Systems do not introduce functionality that is not currently in use in Ontario (e.g. Bill Validator incorporating Near Field Communication (NFC) is not currently in use as of the date of these standards);
3. Gaming Devices and Gaming Systems that are discovered to suffer from integrity, security, public interest, or accounting capability concerns at any time after deployment, including but not limited to those that are pre-approved, must be promptly removed from Play or have other action taken to mitigate the integrity, security, public interest, or accounting capability concern.  Additionally, the Registrar must be promptly notified of these concerns;
4. Gaming-Related Suppliers must not provide Gaming Devices and Gaming Systems to Operators if there are any known integrity, security, public interest, or accounting capability concerns with the Gaming Devices and Gaming Systems; and
5. Gaming Devices and Gaming Systems are only deployed with compatible Gaming Devices and Gaming Systems, and configured to ensure integrity, security, public interest, and accounting capability is maintained.

Notes:

1.  The Registrar may request an exact replica of this Gaming Device or Gaming System be provided to the Gaming Lab, as appropriate.

2. The Registrar may revoke this pre-approval for particular Gaming Devices, Gaming Systems, or a Gaming-Related Supplier when deemed necessary.

The objective of the requirements in this section is to identify and establish the conditions under which Gaming Devices and Gaming Systems may be provided to the Gaming Sites in Ontario without seeking the Registrar’s approval, with the AGCO’s Gaming Lab being notified at the same time or prior to the product(s) being sent to the Gaming Site.

2.1 Gaming Devices and Gaming Systems Pre-Approved for Use in Ontario Requiring Notification

2.1.1 The following Gaming Devices and Gaming Systems are deemed to be approved by the Registrar for use in Ontario:

1. Bill Validator software;
2. Game theme software that is a full source code clone of Game software  already approved for use in Ontario (i.e. only graphical symbols, sounds, or both change from another approved Game; all underlying Game framework and Control Program functionality, Game logic, math model, Game payouts, and Game rules are the same as another Game approved for use in Ontario); 
3. Software used at the Gaming Device, Gaming System, or both solely for the purposes of installation, licensing, or configuration of the Gaming Devices or Gaming Systems (e.g. optioning software, RAM clear software, etc., but excluding remote installation, licensing, and configuration software such as server-assisted or server-based software);
4. Modifications to a previously approved Gaming Device cabinet that could impact Game integrity;
5. Electronic card shoe software and hardware that does not have the capability to shuffle cards nor have other Game logic included;
6. Top box or Topper hardware that includes logic that could impact gaming integrity inside; and
7. Local area progressive controller software that does not include a random number generator as part of the determination of award.

2.1.2 The Gaming Devices and Gaming Systems listed in standard 2.1.1 must meet the following conditions:

1. Notification is provided to the Registrar include relevant information necessary for the Lab to review and confirm the receipt of the notification, in accordance with “AGCO Casino Gaming Lab Submission Requirements”;
2. The Gaming Devices and Gaming Systems when installed must meet these Minimum Technical Standards and must not suffer from nor introduce any integrity, security, public interest, and accounting capability concerns;
3. The Gaming Devices and Gaming Systems do not introduce functionality that is not currently in use in Ontario (e.g. Bill Validator incorporating Near Field Communication (NFC) is not currently in use as of the date of these standards);
4. For any modified Gaming Devices and Gaming Systems, all outstanding terms and conditions from the previous approval must be satisfied;
5. Gaming-Related Suppliers must not provide Gaming Devices and Gaming Systems to Operators if there are any known integrity, security, public interest, or accounting capability concerns with the Gaming Devices and Gaming Systems;
6. Gaming Devices and Gaming Systems that are discovered to suffer from integrity, security, public interest, or accounting capability concerns at any time after deployment, including but not limited to those that are pre-approved, must be promptly removed from Play or have other action taken to mitigate the integrity, security, public interest, or accounting capability concern.  Additionally, the Registrar must be promptly notified of these concerns;
7. Gaming-Related Suppliers must notify the Registrar when a pre-approval for a particular Gaming Device and/or Gaming System warrants being revoked;
8. Gaming Devices and Gaming Systems are only deployed with compatible Gaming Devices and Gaming Systems, and configured to ensure integrity, security, public interest, and accounting capability is maintained; and
9. For hardware items, an exact replica must be provided to the Registrar promptly upon request.

​Notes:

1. The Registrar may revoke this pre-approval for particular Gaming Devices, Gaming Systems, or a Gaming-Related Supplier when deemed necessary.

The objective of the requirements in this section is to ensure the integrity of the Critical Software and Critical Game Data during Game operation.

3.1 Critical Software Integrity

3.1.1 The integrity of the Critical Software on the Gaming Devices must be maintained at all times to ensure the Game operates as designed.

3.1.2 The Gaming Devices must verify the integrity of Critical Software as part of the boot up process prior to the Critical Software being executed. Detection of any compromised Critical Software must cause a tilt and place the Gaming Devices into an unplayable state.

Guidance:

1. This may be achieved by Gaming-Related Suppliers using industry good practices for software verification.
2. When Critical Software is copied from one medium or device to another in whole or in part, the integrity of the copied Critical Software should be verified prior to the Critical Software being loaded into Random Access Memory (RAM) for execution.

3.1.3 The integrity of Critical Software must be safeguarded from the point it is loaded into memory and during its execution.

3.2 Critical Game Data Integrity

3.2.1 The Game must accurately maintain the integrity of Critical Game Data to ensure the Game operates as expected and is auditable.

3.2.2 The Game must employ methods to detect corruption and unauthorized alteration to its Critical Game Data to prevent integrity issues from occurring.

Guidance:

This standard is intended to minimize any integrity issues arising as a result of corruption or unauthorized alteration of Critical Game Data.

3.2.3 Detection of corrupted or unauthorized alteration of Critical Game Data that cannot be recovered from must cause Game Play to be halted immediately and must cause the Gaming Device to enter into a tilt condition, and not resume Play until the condition has been addressed.

3.2.4 The Critical Game Data must be preserved when power to its storage media is lost to provide data loss protection in the event of power outages as well as time for transportation and examination of Critical Game Data storage devices.

3.2.5 Clearing of Critical Game Data must only be capable of being performed through a Restricted Technical Procedure.

3.3 On-Demand Critical Software Authentication

3.3.1 The Gaming Device must implement an authentication mechanism that meets industry good practices and provide one of the following methods to authenticate all Critical Software:

1. The Gaming Device must provide a mechanism to authenticate all Critical Software on demand via a communication port using Game Authentication Terminal (GAT); or
2. Another mechanism as approved by the Registrar.

Guidance:

It is most efficient and effective for the industry to standardize the method used for on-demand Critical Software authentication.  GAT appears to be the method that is most commonly used.

3.4 Remote Critical Software Authentication

3.4.1 All deployed Critical Software must be capable of being securely authenticated by the Slot Monitoring System when deployed at Gaming Sites to ensure only approved Critical Software is installed.

3.4.2 All Gaming Devices must be capable of calculating and providing cryptographic Hashes or CRCs of all Critical Software upon request from a Slot Monitoring System in accordance with the protocol implemented (e.g. a request from a Slot Monitoring System using SAS protocol LP21, Read-Only Memory Signature (ROMSig)).

The objective of the requirements in this section is to ensure appropriate information pertaining to Wagering Instruments is captured and maintained to enable audit and review of financial transactions.

4.1 Wagering Financial Transaction Logging

4.1.1 Appropriate information pertaining to Wagering Instruments must be captured and maintained to enable audit of these transactions.

4.1.2 Gaming Devices that accept bank notes must retain and be capable of displaying the denomination of at least the last ten (10) bank notes accepted.

4.1.3 Gaming Devices that accept Vouchers, pay out Vouchers, or both must retain and be capable of displaying the following information about the last thirty-five (35) Voucher transactions:

1. Date and time of issuance or acceptance;

2. Currency value; and

3. Sufficient information to uniquely identify the Voucher without displaying complete information that could be used to enable the Voucher to be counterfeited.

4.1.4 Gaming Devices that accept, pay out, or both via electronic payments or transfers made within a Gaming Site must retain and be capable of displaying the following information about the last thirty-five (35) electronic payments or transfers accepted or paid out by the Gaming Devices:

1. Date and time of issuance or acceptance;
2. Currency value; and
3. Sufficient information to uniquely identify the source and target of the payment or transfer without displaying complete information that could be used to enable theft.

 

The objective of the requirements in this section is to ensure audit and reconciliation of Wagering Instrument transactions, revenue and Game payout.

5.1 Accounting Meters

5.1.1 Appropriate information pertaining to Wagering Instrument transactions, revenue and payout must be captured and maintained to enable reconciliation of Wagering Instruments, payout calculations, and audits to be performed.

Guidance:

This standard may necessitate having separate accounting meters for separate Gaming Devices, e.g. separate meters may need to be available to account for the payout from different sources such as Game Play and external bonus, mystery, or progressive controllers.

5.1.2 For multi-game and multi-denomination Gaming Devices, accounting meters necessary in order to calculate payout must be maintained separately for each paytable.

5.1.3 For gaming devices that contain paytables with a  difference in theoretical return to player which is greater than four (4) percent between wager categories, accounting meters to enable calculation of the payout percentage for each wager category with a different theoretical payout percentage and a weighted average payback percentage must be maintained.

5.1.4 All accounting meters must be capable of being displayed on demand.

5.1.5 Accounting meters must be accurately communicated to the Slot Accounting System used to collect accounting information.

The objective of the requirements in this section is to ensure the integrity and security of transactions during communication between various interfaces, Gaming Devices and Gaming Systems.

6.1 General Communication

6.1.1 The integrity and security of all gaming-related transactions must be maintained during communication between all Gaming Devices and Gaming Systems.

6.1.2 Gaming Systems including infrastructure, data, activity logs and all other related components must be protected from threats, vulnerabilities, attacks or breaches. Requirements – At a minimum:

1. All users must be authenticated.
2. All components must be hardened in accordance with industry and technology good practices prior to going live and prior to any changes.
3. The appropriateness and effectiveness of steps taken to harden technology components must be regularly assessed.
4. Patches to correct any security risks must be updated regularly.

6.1.3 Mechanisms must be in place to prevent the unauthorized alteration of all gaming-related transactions and Critical Game Data communicated between Gaming Devices, Gaming Systems, or both.

6.1.4 Interruptions in communication between Gaming Devices, Associated Equipment and Gaming Systems must not impact the integrity or security of the Game nor gaming related transactions or information. 

6.2 Mobile Gaming Devices within Gaming Sites

6.2.1 Mobile Gaming Devices must be played by an Eligible Individual.

Guidance:
This can be achieved through Operator Controls or other mechanisms within the mobile Gaming System. 

6.2.2 Any mechanism to ensure the eligibility of the individual playing mobile Gaming Devices must be capable of being initiated both on demand and at regular intervals.

6.2.3 All critical functions, including the generation of the outcome of any Game, must be generated by the Gaming System.  The generation of the outcome of the Game must be independent of the end player device, except in cases where player input from the end player device (e.g. input related to a Skill-Based Game) is required to generate the outcome of the Game.

Guidance:
The intent is for the Operator to maintain control of all critical game functions, and that compromising the software on the mobile Gaming Device will not compromise the Game.

6.2.4 The gaming application and its data must be protected from unauthorized alteration and corruption by other applications or any other means on the mobile Gaming Devices to ensure integrity and security of the Game.

6.2.5 Operation of the mobile Gaming Devices must not be permitted if the mobile Gaming Device goes outside the boundary of the Gaming Site.

The objective of the requirements in this section is to ensure the integrity and security of the Wagering Instruments, peripherals and any associated software.

7.1 Bill and Coin Validators

7.1.1 Bill and Coin Validators must only accept valid Wagering Instruments and reject invalid Wagering Instruments when technically possible.

7.1.2 The Wagering Instrument must be rejected when technically possible when instructed by the Gaming Device.

7.1.3 Bill and Coin Validators must resist any tampering of their operation.

Guidance:

Tampering may be attempted in a number of ways, such as: fishing, stringing, altering communication, interrupting the acceptance process. 

7.1.4 Bill and Coin Validators must be automatically Disabled when:

1. A condition prevents the proper operation of the Bill or Coin Validator; or
2. The Gaming Device is not in a state to accept Wagering Instruments. 

Guidance:

Examples of such conditions are: Cashbox removed or full; hardware or software error; communication error; Gaming Device is in tilt, Disabled, slot tournament or administrative mode. 

7.1.5 Bill and Coin Validators must accurately communicate all relevant information and any abnormal conditions to the Gaming Device.

7.1.6 Bill and Coin Validators must act in accordance with all commands received from the Gaming Device.

7.2 Software Integrity of Bill Validators

7.2.1 Authentication must be able to be performed on Bill Validator software to ensure the contents of the installed version match with either the software approved by the Registrar or the software provided by the Gaming-Related Supplier under the pre-approved conditions listed in section 2 entitled, “Gaming Devices and Gaming Systems Pre-Approved for Use in Ontario Requiring Notification”.

7.2.2 The Bill Validator must provide the Gaming Device with the name and version of the software being utilized by the Gaming Device, or provide an alternate method that enables the Operator to determine whether the approved software name and version is being utilized by the Gaming Device

Note:  This standard will become effective July 1, 2020.

7.2.3 The Bill Validator must perform authentication at each power up to ensure the software has not been altered or corrupted.  In the event of a failure, the Bill Validator must automatically disable itself.

7.2.4 The Bill Validator must provide the Gaming Device or an external authentication program with the cryptographic Hash or CRC value of the software it runs on demand to allow verification that the installed software is approved for use in Ontario.

Guidance:

It is recommended that the Bill Validator software is capable of internally calculating its software’s cryptographic Hash or CRC value on demand based on a seed value provided by the Gaming Device, and return that calculated cryptographic or CRC value back to the Gaming Device.

7.3 Hoppers

7.3.1 The Hopper must dispense the correct number of Coins, resist tampering and cheating, and send and receive relevant communication to and from the Gaming Device in order to act appropriately to maintain the security and integrity of the Gaming Device.

Guidance:

Tampering may be attempted in a number of ways, including shaving, spooning, monkeypaws, lightwands, altering communication, interrupting the dispensing process. 

7.3.2 A Hopper must automatically become Disabled when:

1. A condition prevents the proper operation of the Hopper; or
2. Errors in Coin processing are detected.

7.3.3 The Hopper must accurately communicate all relevant information and any abnormal conditions to the Gaming Device.

7.4 Printers

7.4.1 The printer must completely and accurately print the information received from the Gaming Devices for printing, and send and receive all relevant communication to and from the Gaming Devices necessary for its operation.

7.4.2 The printer must accurately communicate all error conditions and any abnormal conditions with the Gaming Device.

7.4.3 The printer must communicate the status of printed Vouchers to the Gaming Devices.

Guidance:

This information is necessary for the Game to ensure that a Voucher has been printed and duplicate Vouchers are not printed (i.e. two Vouchers that contain identical and sufficient information to be redeemed), and that credits are only cleared following the successful printing of a Voucher.

7.4.4 T he printer must be automatically Disabled when:

1. A condition prevents the proper operation of the printer;
2. Errors in Voucher processing are detected; or
3. When instructed by the Gaming Device.

The objective of the requirements in this section is to ensure the physical security and integrity of the Gaming Device cabinets including any Critical Software and cash boxes contained inside the cabinets.

8.1 General Gaming Device Cabinet Construction

8.1.1 The cabinet must be secured to prevent unauthorized access to critical components that impact Game’s integrity, with the following items separately secured inside the main Gaming Device cabinet:

1. The CPU, any Critical Software and data storage equipment, and Critical Memory; and
2. The cashbox.

8.1.2 Door open and close conditions that allow access to Critical Memory, Critical Software, and areas within the Gaming Device storing Wagering Instruments must be detected and reported to the Gaming Device as well as the Slot Monitoring System. 

8.1.3 All Gaming Devices must display a non-removable unique identifier on the outside of the cabinet that is sufficient to allow for its monitoring and tracking.

8.2 Electromagnetic Immunity

8.2.1 All assembled Gaming Device cabinets intended for use at a Gaming Site must undergo an independent review to demonstrate electro-magnetic immunity.   The Gaming Device must comply with the following requirements related to electromagnetic immunity:

1. The Random Number Generator (RNG) and random selection process shall be impervious to influences from Electro Static Discharge (ESD);
2. Protection against ESD requires that the Gaming Device’s conductive cabinet be earthed in such a way that static discharge energy shall not permanently damage or permanently impact the normal operation of the electronics or other components within the Gaming Device. Gaming Devices may exhibit temporary disruption when subjected to a significant external ESD with a severity level of 27kV air discharge. The Gaming Device shall exhibit a capacity to recover and complete any interrupted play without loss or corruption of any control information or Critical Game Data following any temporary disruption; and
3. The results of this independent review must be included with the submission of new Gaming Device cabinets.

8.2.2 In conducting the independent review contemplated in standard 8.2.1, the independent review must be certified by an individual or group not directly involved in the development of the Gaming Device who is authorized by the Gaming-Related Supplier for such certification, or an independent test lab with ISO/IEC 17025 accreditation for such work.

The objective of the requirements in this section is to ensure functions typically performed by Gaming Device Control Programs operate in a manner that maintains the integrity of the Game.

9.1 Source Code Review

9.1.1 New Control Programs must undergo an independent review of the submitted source code, and the results of this review must be included with the submission of the new platform.  The review must include the following topics, as a minimum:

1. Control Programs must perform in a manner that complies with section 3 entitled, “Critical Software and Data Integrity”;
2. Flow of code from calling the RNG or gathering the skill-based player input to the determination of the Game outcome: the RNG result, skill-based player input, or a combination thereof must be the only result used to determine the Game outcome.  No other routines may exist that modify the outcome, or that bypass the RNG result or skill-based player input in exchange for something else;
3. All other procedures that use the RNG or skill-based player input: All calls to the RNG or to gather skill-based player input must be determined and accounted for, e.g. shuffling, pick both with and without substitution, pick from bonus table, input from a device based on the player’s Skill, etc.  Each call must use the output from the RNG, skill-based player input, or a combination thereof appropriately, without modification, so that the scaled output is as expected; and
4. Redundant code or implementation of cheat code: There must not be any code that can affect the proper operation of the software (e.g. cheating, “Easter egg”, etc.).

9.1.2 Modifications to Gaming Device Control Programs that impact on one or more of the topics in standard 9.1.1 may require that an independent source code review be performed on the modifications, depending on the complexity and number of changes.  These will be identified by the AGCO on a case-by-case basis.

9.1.3 The Registrar may require additional independent reviews of source code, as deemed necessary depending on the complexity of changes made, the timing of the last review, etc.

9.1.4 In conducting the independent reviews contemplated in standards 9.1.1, 9.1.2, and 9.1.3, the independent review must be certified by an individual or group not directly involved in the development of the Gaming Device who is authorized by the Gaming-Related Supplier for such certification, or an independent test lab with ISO/IEC 17025 accreditation for such work.

9.2 Game Randomness

Guidance:

This section applies only to the aspects of a Game that are chance-based.

9.2.1 Games must draw upon a random source to select, from the complete set of possible Game outcomes, which Game outcome is provided to the player.

9.2.2 Valid output from the random source must be used for Game outcome without alteration or secondary decision by the Game.

Guidance:

The output from the random source includes all necessary scaling performed such that the output is usable by the Game.

9.2.3 The random source output(s) used in the determination of the Game outcomes must be capable of producing all possible Game outcomes required by the Game design.

9.2.4 The outputs provided by the random source must pass applicable statistical tests of Randomness, and demonstrate:

1. Statistical independence;
2. Uniform distribution over their range, for intended Game(s); and
3. Unpredictability.

9.2.5 The random source and its outputs must not be capable of being influenced by any means (e.g. by the amount Bet, style or method of Play, Play history, etc.).

9.2.6 Gaming Devices must not alter any function of the Gaming Device based on the actual hold percentage.

Software-Based Random Number Generators (RNGs)

9.2.7 All software-based RNGs must be cryptographically strong such that the following requirements are met:

1. Given an initial state or a sequence of past values produced by the RNG, it must be computationally impossible to predict or estimate future values;  and
2. The RNG must periodically modify its state through use of an external source of entropy.

Note:  Early adoption of the above standard is encouraged.  Newly developed Control Programs submitted for approval after July 1, 2020 must meet this standard.

Guidance:

Cryptographic RNGs are only required for RNGs used in the exclusive determination of game outcome (E.g. not intended for RNGs to control a fan to blow a ball onto a roulette wheel).

Mechanical and Hardware-Based Random Number Generators (RNGs)

9.2.8 The Gaming Device must prevent RNGs used in electronic Games from being configured such that the RNG would violate standard 9.2.4 when deployed in that configuration.

9.2.9 RNGs used in electronic Games must be constructed of suitable materials and have appropriate measures in place to maintain Randomness throughout their operation, including replacement and calibration of necessary components.

Guidance:

Replacement parts may be required after a predetermined amount of time has passed in order for the RNG to comply with this requirement, and the device may require periodic maintenance to ensure the ongoing integrity of the RNG.

9.2.10 The player must not have the ability to physically interact with, come into physical contact with, or otherwise manipulate RNGs except where necessary to play the Game.

9.2.11 Gaming Devices must be able to determine if there is statistical evidence that a RNG is not performing as expected for the Game in question, and appropriately communicate this to the Operator for prompt action.

9.3 Game Options and Limits

9.3.1 Mechanisms must be in place, as applicable, to set Critical Game Options and limits in a manner that ensures and maintains Game integrity, enabling the Operator to control limits for internal Controls.

9.3.2 The Gaming Devices must have the capability to set the following limits:

1. Credit Limit;
2. Jackpot Limit;
3. Printer or Attendant Pay Limit; and
4. Maximum limit a player may Bet using a Gamble Feature, if applicable.

9.3.3 Total accumulation of all cashable credits from currency must not exceed three-thousand dollars ($3,000).

9.3.4 The Gaming Device must be designed so that setting and changing the limits specified in standards 9.3.2 and 9.3.3, and setting and changing Critical Game Options can only be performed by authorized personnel, through the use of a Restricted Technical Procedure.

9.3.5 Changes made to Game options (Game configurations) are considered significant events and these changes must be stored securely with the appropriate time stamp in one or more logs which maintain at minimum the last 100 significant events since the last memory clear was performed.

9.4 Diagnostic and Test Modes

9.4.1 Gaming Devices must provide the ability to view Game configuration and to verify proper operation of the Game without compromising Game integrity.

9.4.2 Gaming Devices must provide the capability to perform the following activities at minimum, as applicable:

1. Identify all Critical Software installed, including the name, version and cryptographic Hash or CRC value of the Critical Software;
2. Identify the Bill Validator software name and version installed as provided by the Bill Validator with the Bill Validator software name and version displayed by the Gaming Device required to be the same as was approved, or provide an alternate method that enables the Operator to determine whether the approved Bill Validator software name and version is being utilized by the Gaming Device; and
   Note:  This standard will become effective July 1, 2020.
3. Perform player input device (e.g. touch screen, joystick, etc.) calibration tests to enable the proper functioning of the device to be assessed against its intended operation.

9.4.3 The Game must limit entry into the diagnostic or test mode through a mechanism that is accessible only to the Operator’s authorized personnel.

9.4.4 When diagnostic or test mode is entered:

1. The operation of the Game must not be affected;
2. The security, integrity, and accounting capability of the Gaming Device must not be compromised;
3. The Gaming Device must clearly indicate when it is in diagnostic mode, test mode, or both; and
4. The Gaming Device must return to its original state upon exit from the diagnostic mode, test mode, or both.

9.5 Error Conditions

9.5.1 The Gaming Device must be capable of immediately detecting, recording, and displaying error conditions that could affect the Game’s integrity (e.g. door open, memory corruption, Critical Software authenticity check failure, cashbox removed, low Random Access Memory battery, reel spin errors, etc.).

9.5.2 Immediately upon an error condition from standard 9.5.1 being detected, the Gaming Device and all peripherals must be Disabled and may only be enabled after the error condition has been resolved.

9.5.3 The Gaming Device must be capable of immediately detecting, recording, and displaying appropriate error conditions that could affect the operational capabilities of the Game (e.g. Bill Validator jam, printer paper out, cashbox full, etc.).

9.5.4 Immediately upon an error condition from standard 9.5.3 being detected, the affected peripherals must be Disabled and may only be enabled after the error condition has been resolved.

9.5.5 Immediately upon an error condition from standards 9.5.1 or 9.5.3 being detected, the Gaming Device must accurately communicate the error condition to the Slot Monitoring System connected to the Gaming Device, if technically possible.

9.5.6 A mechanism must be in place to ensure when error conditions from standards 9.5.1 or 9.5.3 occur, that Gaming Site surveillance is alerted (e.g. via tower lights, etc.).

9.5.7 Error conditions from 9.5.1 and 9.5.3 are considered significant events and these error conditions must be stored securely with the appropriate time stamp in one or more logs which maintain at minimum the last 100 significant events.

9.6 Gaming Device Remote Disable Capability

9.6.1 Gaming Devices must be capable of being remotely Disabled by a Disable command issued from the Slot Monitoring System.

9.6.2 In the event the Slot Monitoring System communicates to the Gaming Device that the Gaming Device is to be Disabled (e.g. through the protocol), the Gaming Device must disable itself without impacting the integrity of the Gaming Device, and allow cash out of any credits

The objective of the requirements in this section is to ensure the integrity of credit play, wagering of credits, and redemption of credits with respect to the Gaming Device.

10.1 Credit Play, Wagering, and Redemption

10.1.1 All accepted Wagering Instruments must be accurately credited by the Game and available for wagering.

10.1.2 The Gaming Device must default to display the credit meter in dollars and cents for each new player, unless the player chooses to display in credit amounts.

10.1.3 The credit meter must be displayed to the player at the beginning and end of Game Play and anytime the player has an option to place a Bet.

10.1.4 The Bet options relevant to the Game (e.g. lines to be played, Bet amount, denomination being played, etc.) must be displayed to the player prior to the player committing a Bet, and at any time a Game outcome is displayed until the player interacts with the Game or a new Game commences.

10.1.5 When applicable, the winning conditions as a result of Game Play must be displayed to the player until the player interacts with the Game or a new Game commences.

10.1.6 Non-cashable credits must be debited prior to cashable credits by the Gaming Device.

10.1.7 Cashable credits must be available to be redeemed at all times, except during any error condition which prevents a valid collection of the available credits and during Game Play.

10.1.8 Upon cash out, the Game must clearly display the amount paid to the player.

The objective of the requirements in this section is to ensure the Game behaves with integrity.

11.1 Rules of Play and Information Display

11.1.1 Players must be provided with meaningful and accurate information to enable them to make informed choices.

Game Information Display

11.1.2 All paytable awards, Game rules, feature information, and automatic selection behaviour rules must be available to the player prior to the player committing a Bet.

11.1.3 All paytable awards, rules of Play and other information communicated to the player must be accurate, clear, and not misleading.  At a minimum:

1. All displays of potential Game outcomes, including any advertised awards, must be attainable on any given Bet unless clearly stated otherwise in the Game rules;
2. The units of the displayed paytable awards (e.g. denominational units, currency) must be clear;
3. When symbols are displayed during video animation of reel spins, symbol sequences and appearances must follow the reel strips as closely as technically possible; and
4. Game displays must not use language that suggests the probability of a particular outcome is more likely to happen than its actual probability.  Examples include the use of the terms, “Due”, “Overdue”, “Ready”, and “Ready to Hit”.

11.1.4 Demonstration and attract displays must not be misleading and must not interfere with the player’s ability to make informed decisions.

11.1.5 Changes to Play conditions including rules of Play, awards, and award probabilities (e.g. changes in reel strips) that may occur within the Game must be disclosed to the player prior to the player committing a Bet.

11.1.6 Gaming Devices must provide clear and sufficient information for players to be able to track their status within the current Game in progress, as well as their status as it relates advancing to the next Game state (e.g. for Metamorphic Games).

11.1.7 Games must not encourage a player to increase the total amount the player has decided to bet.

11.1.8 The Game must not provide audio messages, graphical messages, animations, nor provide other information that falsely indicates or implies that increasing the speed of Play will increase a player’s chances of winning or the win amount.

11.1.9 If a rake or fee is charged to play the Game, this information must be available to the player.

11.1.10 All paytable awards and Game rules that are made available for play in multiple languages must all contain the same information and must be consistent across all languages.

Display of Other Information on the Gaming Device or Gaming System

11.1.11 Non-gaming-related information displayed on Gaming Devices, such as advertisements or entertainment, must be clearly distinguishable from Game-related information and must not mislead nor affect the player’s ability to Play, see or interact with the Game.

11.2 Player Interface

11.2.1 Any mechanism available for a player to interact with the Game must operate in accordance with the applicable rules of Play.

11.2.2 Gaming Devices which utilize player interaction devices that impact Game outcome (e.g. a joystick for a Skill-Based Game) must provide a mechanism to ensure that any differences between such interaction devices do not provide an unfair advantage or disadvantage to any player.  

Guidance:

Depending on the circumstances, this may be achieved by a calibration algorithm to ensure adjustments are made when necessary.  This may also be achieved by providing the player with the opportunity to perform functionality check of the interaction device (e.g. to determine its responsiveness, etc.) before placing a Bet.

11.2.3 Gaming Devices must provide the player with a mechanism to contact the Operator for assistance that does not require the player to leave the Gaming Device.

11.3 Determination of Game Outcome

11.3.1 Game designs and features must be clear and must not mislead the player.

11.3.2 The probabilities of outcomes in Games which simulate live Games (e.g. virtual card Games, virtual roulette) must be the same as in the associated live Game, unless the differences are clearly set out in the rules of Play.

11.3.3 All Bets must be committed before the selection of the Game outcome.  Any Bet received after the selection of the Game outcome must be voided and returned to the player.

11.3.4 Games that generate a predetermined set of outcomes (e.g. a shuffled deck of cards) must keep the information secure to prevent knowledge of the outcomes.

11.3.5 Games that offer a player the opportunity to select their prize from multiple concealed outcomes may not substitute and reveal outcomes that were not available for the player to select.

11.4 Skill-Based Games

11.4.1 Prior to committing a Bet, it must be clear to players that the payback of the Game is affected by the player’s Skill.

11.4.2 Where Strategy or selection advice is provided to the player, it must be fair and not misleading.  Additionally, the player must be able to override automatic selection and reject any or all Strategy advice provided.

11.4.3 Games where the player makes Strategy decisions must provide sufficient information to allow the player to make an informed choice.

11.4.4 The Game design must prevent access to any data that could compromise the integrity of the skill element (e.g. a trivia game must prevent access to an answers database, etc.).

11.4.5 Features that automatically adapt the payout of a Game are not permitted.

Guidance:

This does not preclude the use of Persistence or Metamorphic behaviours within the Skill-Based aspects of a Game.

Note:

Consideration of the development of appropriate technical standards pertaining to automated features regarding adapting of payback, and other possible updates, will be made in the future once there is experience in the industry with Skill-Based Games.

11.4.6 Games where the player is charged additional amounts for specific actions through the course of the Game (e.g. in a high action shooting Game where the player is charged for each shot) must operate in accordance with responsible gaming principles.

Competitive Skill-Based Games

11.4.7 Prior to committing a Bet, it must be clear to players that the payback of the Game is affected by the relative Skill of other players, computerized opponent(s), house-sponsored opponent(s), or a combination thereof.

11.4.8 Computerized or house-sponsored opponents must not have access to information that is unavailable to the player (i.e. the opponent’s hole cards or upcoming events).

11.4.9 Games that contain a feature allowing players to gain an advantage over other players must advise all players of the existence of that feature and have a mechanism to achieve such a feature. Such features may include, but are not limited to, player purchased enhancements, randomly awarded enhancements or other advantages.

11.5 Linked Features

11.5.1 All progressive, mystery, and Community Bonus awards must be accumulated and awarded in a manner that does not disadvantage any player participating in the Game, and the integrity of such awards must be maintained.

General Requirements

11.5.2 There must be a mechanism to authenticate all Critical Software stored on linked feature controllers on-demand in accordance with section 3.3 entitled, “On-Demand Critical Software Authentication”.

11.5.3 Service interruptions that impact a player’s Gaming Session must be dealt with in a manner that does not adversely affect the player.  At minimum, the following must occur in the event of a service interruption that impacts a player’s Gaming Session:

1. The Game being Played with the current Bet must be completed when technically possible provided the integrity of the Game is maintained;
2. The current Bet must be voided and the wagered credits returned to the player if the Game cannot be completed;
3. A service interruption event must be recorded at the appropriate locations (e.g. at minimum at the source in the event of a communication or power loss);
4. The player must be notified of the service interruption;
5. The player must be provided with an option to cash out their credits when technically possible; and
6. The Gaming Device(s) affected by the service interruption (e.g. communication loss) must be immediately Disabled.

Shared Prizes

11.5.4 Linked Gaming Devices that have a shared prize (e.g. a linked progressive) must have at least the same chance of winning that shared prize proportional to the Bet amount, unless otherwise disclosed to the player.  For example, if a $1 Bet placed on the link has a probability of one (1) in 1,000 to win the shared prize, a $2 Bet placed on the link must have at least the same probability of winning the shared prize adjusted for the Bet amount, i.e. one (1) in 500.

Guidance:

Linked Gaming Devices are considered to have the same chance of winning the shared prizes proportional to the Bet amount provided the total difference in the theoretical return to player from the shared prizes is less than 1% of the total theoretical return to player between all pairs of linked Gaming Devices.

In cases where the linked Gaming Devices have multiple shared prizes, the total expected value (the product of prize amount and probability of winning divided by the Bet amount) of all shared prizes combined must not be less than the total expected value for the lower Bet amount.

11.6 Tournament Games

11.6.1 Tournament mode Games must not impact the integrity or accounting of non-tournament Game Play.

11.6.2 Gaming Devices in tournament mode must not accept or dispense Wagering Instruments.

11.6.3 Gaming Devices in tournament mode must not increment any meters unless they are meters designed exclusively for use with tournament software, and must not communicate any tournament related accounting information to the Slot Accounting System unless the system is designed to process and store such information separately from cash Play information.

11.6.4 Tournament mode Games must not provide an unfair advantage or disadvantage to any player, including as a result of previous game Play, rank on the leaderboard, or other factors.

11.6.5 Tournament mode paytables are not subject to the standards in section 11.9 entitled, “Game Payout”.

11.7 Gamble Features

11.7.1 Initial entry to a Gamble Feature must be conditional on an immediately preceding occurrence of a winning event, and only credits awarded by that winning event are eligible for the feature.

11.7.2 When a Gamble Feature is provided, the Game must provide the following to the player:

1. Information regarding how the Gamble Feature works; and
2. A choice of whether to enter the Gamble Feature.

11.7.3 The Gamble Feature must have a 100% theoretical payout percentage to the player.

11.7.4 The prize limit for Gamble Features or the maximum number of gambles or double-ups allowed by the Game must be clearly stated.

11.7.5 In the event the Gamble Feature is discontinued before the maximum number of double-ups or gambles available is reached, the reason must be clearly stated.

11.7.6 Player selections made during the Gamble Feature (e.g. which multiplier has been selected by the player) must be clearly indicated by the game.

11.8 Gamble Features in a Skill-Based Game

11.8.1 When a Gamble Feature is provided in a Skill-Based Game, it must comply with the following standards:   11.7.2, 11.7.4, 11.7.5, and 11.7.6.

11.8.2 Initial entry to a Gamble Feature must be conditional on a preceding occurrence of one or more winning events, where the credits for the win(s) have not been collected by the player in accordance with standard 11.7.2.  If an additional Bet is combined with credits from preceding win(s), then both the previous win amount(s) and the new Bet amount must be clear to the player in the next offered Gamble Feature Bet.

11.8.3The Gamble Feature must have a 100% theoretical payout percentage to the player for credits won in preceding Bet(s).

11.9 Game Payout

Theoretical Payout Percentage

11.9.1 The minimum theoretical payout percentage of a Game is eighty-five (85.000) percent.

11.9.2 Gaming Devices must meet minimum theoretical payout percentage.

1. The theoretical payout percentage of Skill-Based Games that are traditional card Games (e.g. video poker) or disclose a Strategy is to be calculated using the optimal or disclosed Strategy respectively.
2. The theoretical payout percentage of Skill-Based Games that do not disclose a Strategy and are not traditional card Games must be mathematically demonstrable (i.e. calculated based on an expected distribution of players’ Skill levels).  The mechanism and assumptions for how the theoretical payout percentage is calculated must be provided by the Gaming-Related Supplier at the time of request for approval.

Guidance:

The expected distribution of players’ Skill levels is to be evaluated by the Gaming-Related Supplier, based on considerations such as historical performance of similar Games, difficulty of the Skill component, and availability of Strategy information so that the Game meets the minimum payback during play.

11.9.3 The minimum theoretical payout percentage of a Game must be met for every available Bet configuration.

Guidance:

This requirement is intended to ensure that every enabled Bet option will meet the minimum theoretical payout percentage.  For example, for a game where players can bet on any number of lines between 1 line and 50 lines, and any number of credits per line between 1 and 5 credits per line, the minimum theoretical payout percentage of the game must be met for each Bet option a player could wager on (e.g. 1 line and 1 credit per line, 50 lines and 5 credits per line, etc.).

This requirement also extends to Games such as Keno, where the continuous Playing of a certain spot combination must meet the minimum theoretical payout percentage.

Metamorphic and Persistence Games will be evaluated based on the overall theoretical payout percentage of the enabled Bet options..

11.9.4 The theoretical payout percentage of a higher Bet amount must not be less than the theoretical payout percentage of a lower Bet amount for the same paytable and wager category.

Guidance:

As a player increases any aspect of their bet (e.g. number of lines played or bet per line), a tolerance of up to 0.5% decrease in theoretical payout percentage between any two of these bets will be permitted for a Game where the theoretical payout percentage of a higher Bet is less than that of a lower Bet.

Monitoring of Actual Payout Percentage for Skill-Based Games

11.9.5 Skill-Based Games that do not disclose a Strategy and are not traditional card Games must be monitored to ensure they are paying a minimum of eighty-five (85) percent (e.g. the Game payback is within a statistically reasonable range of the minimum payout of eighty-five (85) percent utilizing the mechanism and assumptions from 11.9.2b)).

11.9.6 In the case there is evidence that the Skill-Based Game is paying below eighty-five (85) percent (e.g. the Game payback is below a statistically reasonable range from eighty-five (85) percent), one of the following must occur:

1. The Game must be removed from Play; or
2. The condition must be addressed through a manual method (i.e. not an automated adaptive feature pursuant to standard 11.4.5) that is disclosed at the time of request for approval, and must be approved by the Registrar.

Guidance:

One mechanism to achieve this is for a Game to include a mechanism to self-monitor its actual return to player to ensure this standard is met.  As a possible example of how this could be implemented, the Gaming Device could calculate the actual payback percentage for every N games, where N is the minimum number of games played necessary to determine the theoretical payback percentage with the 95% confidence interval within a range of +/- 5%.  Upon detection of three consecutive calculations for a paytable in which the actual payback percentage is at least 4% less than the theoretical payback percentage, the Gaming Device could enter into a tilt condition.  Please note that other mechanisms to self-monitor the actual payout to player may be more suitable in some cases.

Alternatively, Operators can monitor the payout of the Game to ensure this standard is met. The Supplier must advise the Operator when providing the game of this expectation.

11.10 Award Odds

 Guidance:

In the context of award odds, an award is considered to be a credit prize.  If one or more symbols can be substituted by a wild symbol, resulting in a winning combination with the same pay as that using the original symbols, then both combinations are considered to be the same award.

11.10.1 The Top Award displayed on the Gaming Device must not have odds exceeding 17 million : 1, unless the odds of winning the award are disclosed to the player.

11.10.2 All other awards displayed on the Gaming Device must not have odds exceeding 34 million : 1, unless the odds of winning the award are disclosed to the player.

11.10.3 Any single shared Wide Area Progressive award must not have odds exceeding 50 million : 1. These Games will be evaluated on a case-by-case basis taking into consideration the prize amount, the intended use, number of Games, and any other relevant factors.

11.11 Reel Strips

11.11.1 Each reel spin must be displayed to the player in a manner that is not misleading.

11.11.2 Where Games involve reels:

1. For single line Games, Top Award symbols must not appear in their entirety more than 12 times on average, adjacent to the pay-line, for every time they appear on the pay-line; and
2. For multi-line Games, Top Award symbols must not appear in their entirety more than 12 times, on average, not on any pay-line, for every time they appear on any pay-line.

11.11.3 All symbols displayed in the Game’s physical reels, including blanks, must:

1. Each occupy a space with a minimum length of (L/N)*0.4, where L is the length of the physical reel strip and N is the number of physical stops on the reel strip; and
2. Each occupy a space on the reel in a manner that makes it clear and unambiguous which symbol belongs to each reel stop.

11.11.4 If virtual reels that map to displayed reels are used, each of the reel stops of the virtual reel strip must be mapped to a displayed symbol and must have the same probability of occurring (i.e. if the virtual reel consists of N positions, the probability of occurrence of each position must be 1/N).  There cannot be any displayed symbol with a virtual reel weight of zero; all displayed reel symbols must have a non-zero probability to occur.

11.12 Game History

11.12.1 All Gaming Devices must have the capacity to display a complete Play history for the most recent Game played and nine Games prior to the most recent Game. Retention of Play history for additional prior Games is encouraged. The display must indicate the Game outcome (or a representative equivalent), intermediate Play steps (such as a hold and draw sequence or a double down sequence), credits available, Bet amounts, win amounts, and credits cashed out.  Gaming Devices offering Games with a variable number of intermediate Play steps per Game may satisfy this requirement by providing the capability to display the last 50 Play steps.

Guidance:

In accordance with this standard, 10 Games (nine prior and the most recent) are considered part of Critical Game Data. In Games where “free games” are awarded as the result of a qualifying alignment, the “free games” are regarded as intermediate Play steps of the game that initially awarded the “free games”. As such, the initiating Game and the last 50 “free games” awarded are considered Critical Game Data. For Games that award additional “free games” during free Game Play, the subsequent “free game” initiating Games need not be stored unless they are contained in the last 50 free Games Played.

11.12.2 The Gaming Device must clearly indicate when recent Games Played are being reviewed.

The objective of the requirements in this section is to ensure the Gaming Management System provides accounting, monitoring, cashless wagering, or a combination of these functions in an auditable manner while maintaining integrity and security.

12.1 General Requirements

12.1.1 The Gaming Management System must be protected from unauthorized access.

12.1.2 Sensitive data, including player personal information and data relevant to determining Game outcomes, must be protected from unauthorized access at all times.

12.1.3 Communication of sensitive Game data must be protected for integrity.

12.1.4 Gaming Management Systems must comply with the standards in section 6.1 entitled, “General Communication”.

12.2 Critical Software Integrity

12.2.1 In order to ensure compromised Critical Software is not executed by the Gaming Management System, the Gaming Management System must verify the integrity of its Critical Software prior to the Critical Software being executed, and verify the integrity of its Critical Software automatically thereafter.

The system interface devices deployed at the Gaming Site to communicate directly between the Gaming Devices and the Gaming Management System are considered part of the Gaming Management System, and the software on the system interface devices is considered part of the Critical Software of the Gaming Management System.

Note: This standard will become effective July 1, 2020.

12.2.2 The integrity of Critical Software must be safeguarded during its execution.

12.3 On-Demand Authentication

12.3.1 All software critical to the integrity of the Gaming Management System must be able to be securely authenticated on-demand using a mechanism provided by the Gaming-Related Supplier that meets industry good practices when deployed at Gaming Sites to ensure only approved Gaming Management System software is installed.

12.4 Access Control

12.4.1 The Gaming Management System must limit access to only authorized personnel, for various functions, based on segregation of duties.

12.4.2 All user accounts on the Gaming Management System must be uniquely assigned to a single individual.

12.4.3 The Gaming Management System must automatically lock out user accounts should identification and authorization requirements not be met after a defined number of attempts.

12.5 Records and Reporting

12.5.1 The Gaming Management System must accurately record all activities related to additions, changes, or deletions made to user accounts and critical Gaming Management System features, functions, settings, and parameters for audit purposes.

12.5.2 All transactions initiated, captured and maintained by the Gaming Management System must include the origin (e.g. the Gaming Device, the Gaming Management System user account, etc.) of the activity, transaction, event, or any combination of these, and date and time stamping.

12.5.3 Reporting capability must be available to satisfy audit and reconciliation of the Gaming Devices transactions captured by the Gaming Management System as well as the Gaming Management System transactions.

12.6 Slot Accounting Systems

12.6.1 Slot Accounting Systems must comply with the standards from the following sections:  12.1 entitled “General Requirements”, 12.2 entitled “Critical Software Integrity”, 12.3 entitled “On-Demand Authentication”, 12.4 entitled “Access Control”, and 12.5 entitled “Records and Reporting”.

12.6.2 The Slot Accounting System must accurately receive, accurately record, accurately maintain, and securely store each connected Gaming Devices’ accounting meters in accordance with section 5 entitled, “Accounting Meters” to enable reconciliation, reporting, and audit to be performed

Guidance:

An acceptable approach to meet this standard is by accurately receiving, accurately maintaining, and securely storing each connected Gaming Devices’ accounting meters in accordance with industry standard protocols (e.g. SAS, G2S).

12.7 Slot Monitoring Systems

12.7.1 Slot Monitoring Systems must comply with the standards from the following sections:  12.1 entitled “General Requirements”, 12.2 entitled “Critical Software Integrity”, 12.3 entitled “On-Demand Authentication”, 12.4 entitled “Access Control”, and 12.5 entitled “Records and Reporting”.

12.7.2 The Slot Monitoring System must be capable of receiving, recording, and alerting the Operator in real-time of all events and error conditions that may impact Game integrity, security or otherwise warrant Operator intervention such as unauthorized door opened status, jackpot events, etc.

12.7.3 The Slot Monitoring System must be capable of detecting, recording, and alerting the Operator in real-time of any communication loss and door access events at all times including during power loss to Gaming Devices.

12.7.4 The Slot Monitoring System must be capable of initiating the authentication of the Critical Software of all Gaming Devices it interfaces with (e.g. via SAS LP21 or Read-Only Memory Signature (ROMSig)), recording the results of authentications of Critical Software on the Gaming Devices performed in comparison with the expected results stored in the Slot Monitoring System, and initiating the disabling of the Gaming Devices or another action to enable the Operator to ensure only approved Critical Software is being used by the Gaming Devices.

12.7.5 The Slot Monitoring System must be capable of remotely initiating the disabling of the Gaming Devices it is monitoring on demand.

12.7.6 Slot Monitoring Systems (including multi-site Slot Monitoring Systems) must not allow alteration of any critical configurations or settings that affect the security, integrity or accounting capabilities of the Gaming Management System or the Gaming Devices.  This includes but is not limited to disabling of the Critical Software authentication. 

12.8 Cashless Wagering Systems

12.8.1 Cashless Wagering Systems must comply with the standards from the following sections:  12.1 entitled “General Requirements”, 12.2 entitled “Critical Software Integrity”, 12.3 entitled “On-Demand Authentication”, 12.4 entitled “Access Control”, and 12.5 entitled “Records and Reporting”.

12.8.2 The Cashless Wagering System must securely and accurately process, record, capture, communicate, monitor status and store all connected Gaming Devices’ cashless transactions for reconciliation and audit purposes.

12.8.3 The Cashless Wagering System must accurately issue, record, maintain, validate, and redeem only valid cashless Wagering Instruments.

12.8.4 The Cashless Wagering System must accurately distinguish between cashable and non-cashable transactions, if applicable, and between different categories of the player’s account such as player deposit funds and promotional funds.

12.8.5 The Cashless Wagering System must have a settable limit for the maximum value of a Wagering Instrument (e.g. Voucher) that can be accepted by or produced by any connected Gaming Devices.

12.8.6 Sufficient information to identify the following must be included on all wagering Vouchers and Coupons produced by Gaming Devices connected to the Cashless Wagering System:

1. Gaming Site;
2. Gaming Device identifier or printer station identifier, as applicable;
3. Date and time of issuance; and
4. Unique Identifiers (e.g. bar code, validation and sequence numbers, etc.).

12.8.7 Information which could compromise Voucher integrity when displayed on electronic devices including, but not limited to, Gaming Devices must not be available to unauthorized individuals (e.g. information that could be used to counterfeit unredeemed Vouchers).

Guidance:

One of the acceptable approaches to meet this standard is by appropriately masking the validation numbers of unredeemed Vouchers when viewable through any display, aside from on the Voucher itself, to prevent generation of counterfeit Vouchers.

12.8.8 In case of power loss of communication between Cashless Wagering System and the Gaming Device, an offline Voucher may be issued provided that:

1. The Voucher is capable of being authenticated by the Cashless Wagering System as a unique and valid Voucher; and
2. The Voucher amount can be validated.

12.8.9 For Cashless Wagering Systems that include Wagering Accounts, the Cashless Wagering System must securely and accurately record, communicate, maintain and process all transactions associated with player accounts, and accurately record and maintain each player’s account balance including, but not limited to, deposits, withdrawals, and transfers between Gaming Devices.

The objective of the requirements in this section is to ensure the Kiosk and Kiosk backend system accurately perform transactions in an auditable manner while maintaining integrity and security.

13.1 General Construction and Error Conditions

13.1.1 Critical Memory, Critical Software, and areas holding Wagering Instruments must be protected from unauthorized access.

13.1.2 The Kiosk must immediately detect, record, and display error conditions that could affect the integrity of the Kiosk or completion of a transaction (e.g. door open, memory corruption, cashbox removed, etc.).  Immediately upon any such error conditions being detected, the Kiosk must disable itself and the condition must be reported to the Kiosk backend system.  The Kiosk may only be enabled after the error conditions have been resolved.

13.1.3 The Kiosk must immediately detect, record, and display appropriate error conditions that could affect the operational capabilities of the Kiosk (e.g. Bill Validator jam, printer paper out, etc.).  Immediately upon any such error conditions being detected, the affected peripherals must be Disabled and the condition must be reported to the Kiosk backend system.  The peripheral may only be enabled after the error conditions have been resolved.

13.2 Access Control and Security

13.2.1 The Kiosk and the Kiosk backend system must limit access to only authorized personnel, for various functions, based on segregation of duties.

13.2.2 All user accounts on the Kiosk and Kiosk backend system must be uniquely assigned to a single individual.

13.2.3 The Kiosk and the Kiosk backend system must automatically lock out accounts should identification and authorization requirements not be met after a defined number of attempts.

13.2.4 The Kiosk and the Kiosk backend system must comply with the standards in section 6.1 entitled, “General Communication”.

13.3 Critical Software and Data

13.3.1 The integrity and security of the Critical Software, critical data, and functions of the Kiosk including the Kiosk backend system must be maintained.

13.3.2 The Kiosk must validate and process all transactions accurately, rejecting any invalid transactions.

13.3.3 The Kiosk must maintain transaction integrity and prevent data loss due to power or communication loss.

13.3.4 The Kiosk must not send communication to the Gaming Management System for the purposes of altering the state of any transactions in the Gaming Management System until successful completion of the transaction by the Kiosk.

13.3.5 The integrity of Critical Software must be safeguarded during its execution.

13.3.6 All deployed software critical to the integrity of the Kiosk and the Kiosk backend system must be able to be securely authenticated on-demand using a mechanism provided by the Gaming-Related Supplier that meets industry good practices when deployed at Gaming Sites to ensure only approved Kiosk software is installed.

13.3.7 The Kiosk must have a settable limit for the maximum value of a Voucher it can accept and print.

13.3.8 The Kiosk must have a settable limit for the maximum value in cash it can accept in a single transaction.

Note:  This standard will become effective July 1, 2020.

13.4 Audit Records and Reporting

13.4.1 Information must be readily available for accounting, reconciliation, and audit purposes.

13.4.2 Each connected Kiosk must be uniquely identified by the Gaming Management System and by the Kiosk backend system it is connected to.

13.4.3 The Kiosk must accurately record all transactions, player and Operator activities performed at the Kiosk.

13.4.4 The Kiosk must meet the standards in section 4 entitled “Wagering Financial Transaction Logging”.

13.4.5 The Kiosk system must have the capability to provide necessary information and reports used for auditing the Kiosk backend system and its transactions.

13.4.6 The Kiosk must have the capacity to display a complete transaction history for each the last thirty-five (35) transactions at minimum prior to the most recent transaction for each of the following transaction types:

1. Voucher printing and Redemption;
2. Jackpot Redemption; and
3. Wagering Account Transactions.

For each transaction, the history must include disposition of transaction, date and time of occurrence of transaction, and the amount of transaction at minimum.

The objective of the requirements in this section is to ensure that Gaming Systems that are publicly exposed (e.g. web applications, etc.) are secure.

14.1 Security Assessments of Publicly Exposed Gaming Systems

14.1.1 Publicly exposed Gaming Systems (e.g. web applications) must be protected with adequate security measures to prevent any integrity or security issues.

14.1.2 New Gaming Systems that are publicly exposed (e.g. web applications) must be assessed for security vulnerabilities.  The assessment must include the following, as a minimum:

1. Source code analysis using Static Application Security Testing (SAST) tools to identify data entry points, perform data flow analysis, trace user controllable data from entry points, and search the code base for known gaps and software vulnerabilities; analysis of the results to remove false positives; and manual analysis of specific codebase areas to confirm results of the automated tools, and if other identified risks require a manual inspection of the code.  The results of this assessment must be included with the submission of the Gaming System.
2. Penetration testing through the use of Dynamic Application Security Testing (DAST) tools to identify weaknesses in the Gaming System with both authenticated and unauthenticated scans; analysis of the results to remove false positives; and manual testing to confirm the results from the tools and to identify the impact of the weaknesses.  The results of this assessment must be provided after approval and deployment of the Gaming System, but before the Gaming System goes live.

14.1.3 Modifications to publicly exposed Gaming Systems may require assessment per standard 14.1.2 to be performed on the modifications, depending on the complexity and number of changes.  These will be assessed on a case-by-case basis.

The objective of the requirements in this section is to ensure that Gaming Devices will appropriately capture, maintain, store, and preserve Critical Game Data to enable forensic examination.

15.1 Forensics

15.1.1 Critical Game Data must be preserved and capable of being examined without alteration in order to enable forensic examination.

15.1.2 It must be possible to extract Critical Game Data through Restricted Technical Procedures without contaminating the data in the original storage media.

15.1.3 At the time of request for approval, a mechanism must be provided to the Registrar to enable interpretation of Critical Game Data for any new software that controls Critical Game Data.

15.1.4 The Critical Game Data must be preserved when power to its storage media is lost to provide protection in the event of power outages as well as time for transportation and examination of Critical Game Data storage devices.

The objective of the requirements in this section is to ensure that Gaming Devices and Gaming Systems are submitted in a manner that enables efficient review of submitted items in a timely manner.

16.1 Submission Requirements

16.1.1 Gaming-Related Suppliers must provide necessary information, training, and tools pertaining to the Gaming Devices, Gaming Systems, or both for which the approval is being requested to help facilitate the AGCO to assess, test, and issue decisions in a timely manner.

16.1.2 All requests for approval of Gaming Devices and Gaming Systems must adhere to the submission requirements, “AGCO Casino Gaming Lab Submission Requirements”.

Note:

This may be most efficiently achieved by Gaming-Related Suppliers providing a secure electronic mechanism to provide their submissions to the AGCO, e.g. via sFTP.

16.1.3 For any Game software submitted to the AGCO for approval, the Gaming-Related Supplier must ensure that the Game behaves in accordance with the rules of Play (i.e pays, triggers, substitutions, etc. all function in accordance with the rules of Play).

Guidance:

This standard is intended to enable the AGCO to place reliance on the Gaming-Related Suppliers’ internal quality assurance processes for emulation to confirm the game behaves in accordance with the Game rules.

Note:

If this standard will cause any delay in the Gaming-Related Supplier submitting products to Ontario for approval, please contact the AGCO Gaming Lab to discuss options.

The objective of the requirements in this section is to ensure appropriate action is taken to address any integrity, security and accounting capability concerns with approved Gaming Devices and Gaming Systems that may be deployed at Gaming Sites.

17.1 Actions Required in the Event of Integrity Concerns in Approved Gaming Devices and Gaming Systems

17.1.1 Gaming-Related Suppliers must promptly notify the Operators and the Registrar of any integrity, security or accounting capability concerns with the approved Gaming Devices and Gaming Systems.