US betting laws by state
1) Context and basic logic
Federal level: Since the repeal of PASPA, sports betting regulation has become a matter for states. At the same time, federal norms apply (for example, banking and payment regulation, sanctions lists, anti-money laundering), as well as interstate restrictions (geofencing, prohibition of interstate rates without direct permits, etc.).
State level: Each state/territory determines whether rates are allowed and in what form:1. Online + retail (via commercial casinos/racetracks/teams/tribal casinos).
2. Retail only (rates at physical points).
3. Tribal model (compact, sometimes limited online within reservations).
4. Prohibited/unresolved.
2) Typical market models
Master license + "skins" (skins): the state issues master licenses (casino/hippodrome/team), each of which can link 1-N online brands (skins).
Commercial license without "skins": license directly to the brand/operator.
Tribal Compact: A state treaty with the tribe; online betting may be limited by geography or operating model.
Lottery model: regulator - state lottery, few operators (sometimes one), high level of centralization.
3) Key parameters by which states differ
1. Allowed channels: online (mobile/web applications), retail (sports books in casinos/racetracks/arenas).
2. Regulator: Gambling Commission, State Lottery, Tribal Regulator (Compact).
3. Age and KYC: generally 21 + (sometimes 18 + under lottery model/racetracks). Remote identification and geofencing within the state is required.
4. College betting: A number of states have banned betting on full-time college matches and/or on individual student props.
5. Betting on amateur/" non-sports" events: sometimes allowed (drafts, awards), sometimes prohibited.
6. Official league data: Some states require the use of "official league data" for Live/settlement.
7. Advertising and partnerships: bans on "aggressive" offers, restrictions on the language of advertising, requirements for the audience and for integration with sports teams/universities.
8. Taxes and fees: GGR/Net Win tax rate, royalties/contributions, one-time license fees and annual renewals; sometimes differentiation for online/retail.
9. Types of bets: pre-match, live, parlay/tazer/round-robin, sweepstakes, bans on certain markets.
10. Payments: cards (limited), ASN/bank transfers, A2A, e-wallets; bans on credit products are encountered; returns/chargeback - according to the regulations.
11. Anti-fraud/responsible play: limits, timeouts/self-exclusion (regular or general), behavioral triggers, incident reporting.
12. Data and privacy: requirements for PII storage, logging, brick notifications, DPIA approaches.
4) "State Passport": Unified Template
Use this template for your wiki to fill out state cards uniformly and update quickly.
4. 1 Short card
Market status: online + retail/retail only/tribal/prohibited.
Regulator: {name of commission/lottery/compact}.
Age: {usually 21 +/sometimes 18 +}.
Taxes: {GGR tax rate, differentiations, fees}.
Licenses/skins: {model and limits}.
College rates: {allowed/restricted/prohibited}.
Official data: {required/not}.
Advertising: {restrictions and requirements}.
Payments: {available methods/prohibition of credit cards, etc.}.
Self-exclusion: {staff register/model}.
Other: {features: stadium sports books, pilots, extension dates...}.
4. 2 Advanced structure (YAML for your base)
yaml state: "State name"
status:
online: true/false retail: true/false tribal_only: true/false regulator:
name: "Full name"
model: "commission lottery tribal_compact"
licensing:
master_license: true/false skins_per_master: number null application_fees:
initial: "$..."
annual: "$..."
taxation:
ggr_rate_online: "..."
ggr_rate_retail: "..."
notes: "additional fees/differentiations"
betting_scope:
college_markets:
in_state: "allowed restricted prohibited"
player_props: "allowed restricted prohibited"
amateur_non_sport: "allowed restricted prohibited"
official_league_data: true/false responsible_gaming:
self_exclusion: "statewide property none"
tools: ["limits","timeouts","reality_checks"]
ads:
restrictions: ["bonuses_copy_rules","affiliates_controls","campus_bans"]
payments:
allowed: ["ach","a2a","debit_cards","wallets"]
credit_cards_allowed: true/false chargeback_policy: "summary"
compliance:
geofencing: "required"
kyc: "remote_idv in_person"
privacy: "breach_notification_rules"
notes: "special provisions/courts/transitional norms"5) Cluster map (for quick orientation)
A. Full access (online + retail): mature markets with "skins," developed competition, active advertising restrictions, college markets are regulated in different ways.
B. Retail only/limited online: mobile betting pilots are possible, but emphasis on physical points, sometimes via lottery.
C. Tribal models: compacts (tribal-state) play a key role, there are often stationary sports books; online may be restricted or absent.
D. Prohibited/unsettled: bills are debated but there are no launches; follow the sessions of the legislature.
(In your wiki, take the section to the cluster and inside - links to "state passports.")
6) Taxes and fees: what to consider in the unit economy
GGR tax: separately for online and retail; sometimes progressive scales/allowances.
License fees: high upfront (initial) + annual; contributions to responsible funds.
Royalties/lottery margin: Under the lottery model, the actual economic burden can be comparable to tax.
Cost of launch: integration with master license owners (skin rental), stadium partnerships, local support, legal support.
7) Restrictions on markets and data
College sports: Often restricted - either no marketplaces on "in-state" teams or no player props on students.
Amateur/political/award markets: state specific; sometimes allowed in a narrow list.
Official data for Live: several states require "official league data" for Live/settlement calculations - include in the cost price.
8) Advertising and affiliates
Tone and transparency: banning "promises of easy wins," mandatory disclaimers, targeting controls (18 +/21 +), special bans on campuses and near educational institutions.
Affiliates: contractual liability, whitelisting sites, creative audit, stop procedures and clear attribution.
9) Payments and the "way to the wallet"
Methods: ACH/A2A, debit cards, e-wallets; credit cards may be limited.
Integration requirements: idempotency, HMAC signatures webhooks, DLQ/replay, Time-to-Wallet monitoring, returns/chargeback policies.
KYC/AML: remote identification, basic and advanced checks, sanctions/PEP, monitoring of velocity and sources of funds.
10) Technical control (relevant for any state)
SDLC and releases: change control, artifact and SBOM signatures, "no humans in prod," release/rollback log.
Observability: structured logs (without redundant PII), metrics/traces (OTel), SLO/SLI, synthetic "deposit/ACC/output" runs.
Security: segmentation, mTLS, WAF/bot management, SSO/MFA/PAM, SAST/SCA/DAST in CI/CD, pentests, critical/high closure.
DR/BCP: RTO/RPO-validated regular restore tests; graceful-degradation scripts.
Anti-abuse: bonus anti-fraud, device-signals, velocity rules, behavioral scoring.
11) Checklists for entering a new state
11. 1 Definition of Ready
- Selected channel (online/retail/CD) and master license/skin partner.
- Назначены Key Persons (MLRO/AMLO, DPO, RG-Lead, Heads Compliance/Platform/SRE/Security/Payments).
- AML/RG/Advertising/Data/Incidents/DR policies approved; training completed.
- Geofencing/identification/payments - architecture and providers selected; contracts are ready.
- Unit economics: tax/fees/royalties, partnership capex/opex and local arena/racetrack requirements.
- Markets: permission matrix (college restrictions, props, non-sports).
- Evidence package: release logs, SLO dashboards, DR acts, vulnerabilities closed.
11. 2 Definition of Done (after launch)
- Regulatory/tax reporting included; KPI owners are assigned.
- Geofencing/payments/CCM work stably; TtW and authorizations are monitored.
- RG tools are active; self-exclusion/interventions are logged; SLAs with affiliates and arenas are enforced.
- Ads are pre-approved (where required); violations and measures are documented.
- Internal audits: quarterly compliance and security audits; remediation roadmap.
12) RACI (example for multi-state program)
13) Frequent risks and how to mitigate them
14) Operating "SOP memo" for wiki update
1. Weekly: reconciliation of the status of bills and rules (internal digest).
2. Monthly: update of "state passports" (taxes/restrictions/data/advertising).
3. Quarterly: Audits of advertising templates, affiliate listings, and market matrices (especially college).
4. With changes: hotfix state cards + entry in "changelog" with date and sources.
5. Quality control: section owner + peer-review (Legal × Compliance × Product).
Brief conclusion
The United States is a mosaic of 50 + modes: some states allow online and retail, others only retail or tribal models, some are not launched. Success depends on structural accounting for differences: licenses and "skins," taxes/GGRs, college market restrictions, advertising and official data, geofencing and payments. Introduce a single "state passport" and evidence-first practice - this will allow you to quickly scale the portfolio and safely adapt to changes.