69. Ordinance of the Federal Minister of Finance on the technical characteristics of gambling machines, their connection to a data center as well as the recording and storage obligations (Gambling Machine Ordinance)

Pursuant to § § 2 para. 3, 5 and 59 (3) of the Federal Act of 28 November 1989 on the regulation of gambling services (gambling law-GSpG), BGBl. N ° 620/1989, as last amended by the Federal Law BGBl. I n ° 76/2011 and pursuant to Section 131 of the Federal Tax Code (BAO), Federal Law Gazette (BGBl). No. 194/1961, as last amended by the Federal Law BGBl. I No 112/2011, shall be assigned:

table of contents

Part 1 General Part
§ 1.	Scope
§ 2.	Personal names
§ 3.	Abbreviations and definitions
Part 2 Technical requirements
1. Main item General requirements for electronic connection
§ 4.	General provisions
§ 5.	Time of electronic connection
§ 6.	Data Transfers
2. Main piece Construction and game features of gambling machines
Section 1 Hardware requirements
§ 7.	General construction requirements
§ 8.	Enclosure Requests
§ 9.	Requirements for changeable storage media
§ 10.	Device identification
§ 11.	Electromechanical counting mechanisms
§ 12.	USB connector
Section 2 Software requirements
§ 13.	Game scope and history
§ 14.	Game result determination
§ 15.	Payout and profit rates on the basis of a random number generator
§ 16.	Internal Diagnostic System
Section 3 Storage requirements
§ 17.	Program Store
§ 18.	Modifiable Memory (RAM)
§ 19.	Electronic Meters (Meters)
Section 4 Viewing at the gambling machine
§ 20.	Display of the Last Games
§ 21.	Display of a disconnect
§ 22.	Display of player-related information during the cooling phase
3. Main piece Access to gambling machines
§ 23.	Communication with the central control system
§ 24.	Identification/Verification
§ 25.	Service level for the connection to the central control system
4. Main piece Minimum standards of electronic connectivity
Section 1 Network framework conditions
§ 26.	Network with coordinated IPv4 addresses according to RFC 1918
§ 27.	Line connection to the central control system
Section 2 Standards for data transfers
§ 28.	Confidentiality, authenticity and integrity
§ 29.	Data Transfer Log
5. Main piece Technical advice on compliance with the rules on gambling law
§ 30.	Type Reports
§ 31.	Audit Company
§ 32.	Contents of the type opinion
§ 33.	Type Display
6. Main piece Actions in case of malfunctions
§ 34.	Measures in the event of malfunctions of a gambling machine
§ 35.	Actions in case of malfunctions of a gambling machine type
Part 3 Recording and retention requirements for gambling machines
§ 36.	Recording requirements
§ 37.	logbook
§ 38.	Retention duties
Part 4 Final provisions
§ 39.	Date of application of the provisions of the Ordinance on Gambling Machines

Part 1

General Part

Scope

§ 1. The Gambling Vending Machine Ordinance regulates the construction and game-technical features of gambling machines within the meaning of § 5 GSpG, the electronic connection of which to the data center of the Bundesrechenzentrum GmbH, the data sets to be transmitted, the Access by the authorities for purposes of supervisory and tax law to the individual gambling machines of the holder of the authorization, the nature of the technical opinion on compliance with the rules on gambling law, as well as the recording and processing of the data. Retention duties.

Personal names

§ 2. All personal names used in this Regulation shall apply equally to persons of both female and male sex.

Abbreviations and definitions

§ 3. For the purposes of this Regulation, the following shall be:

1.	API	Application Programming Interface (programming interface in computer science)
2.	Switch node	Physical communication interface from the network of the holder of the authorization to the respective location of Bundesrechenzentrum GmbH
3.	Audit meters	Special counter for the current 24h valid image of all counters at the end of a game day (according to the "auditMeters class" of the G2S protocol)
4.	User	A person named and entitled by the holder of the authorization, who performs a task in the context of the participation in the automated data transmission (e.g. Administrator)
5.	Marketing authorisation holder	Holder of an upright permit for national games with gambling machines within the meaning of § 5 GSpG
6.	Credit Meter	Display on the gambling device for displaying the usable amounts available to the game participant in credit or monetary values
7.	Diagnostic System	Gambling machine internal test system for monitoring the proper functioning of the gambling machine
8.	EGM	Electronic Gaming Machine (Gambling Machine)
9.	Software Signing	Data linked to electronic information to be used by the signatory or Identify the signature manufacturer and verify the integrity of the signed electronic information
10.	Profit-to-benefit ratio	Quotient of Total Wins (total paytotal) and Turnover (total sum total) of a game program, represented in parts of hundreds (zB 95%)
11.	Gambling machine type	Describes the construction of a gambling machine with regard to its hardware and software components, their possible combinations and interplay.
12.	Gambling vignette	Unique identification feature for approved gambling machines in the sense of § 5 GSpG
13.	Hardware dentifiable feature	Unchanging string of characters stored in the system board of the gaming machine system board, which uniquely defines the concrete assembly of the available hardware
14.	Hardware token with crypto processor	Hardware unit in which a cryptographic key is stored in a copy-protected way
15.	Hash function	Any image that produces an output from a large source quantity from a typically smaller target set, the so called hashcode (or hash value)
16.	G2S log	Game to System Log
17.	Gat	Game authentication terminal
18.	GSA	Gaming Standards Association
19.	GSpG	Gambling Law
20.	HTTP	Hypertext Transfer Protocol
21.	HTTPS	Hypertext Transfer Protocol Secure
22.	Meters	Counter; non-volatile variable for the storage of gambling machine information (in particular events and accounting data)
23.	Multi-player device	A self-contained device, in which the game decision is based on a common result of the same random number generator in several gambling machines connected by a common housing.
24.	PKCS#11	Specifies as Cryptographic Token Interface Standard an API called Cryptoki for devices that contain cryptographic information or perform cryptographic functions.
25.	Program Store	Memory of the binary execution of the programs, routines and subroutines of the gambling machine
26.	RAM	Random access memory (electronic component, used as working memory and for storage of operating data and electronic meter readings of the gambling machine)
27.	Salt	Input parameters in conjunction with a hash function
28.	Reference programs	Executable game programs (binaries) and all software components and utilities that are necessary to create the game programs from the source codes (especially Make Files, Batch Files, Build Outputs, Map Files, Assembler, Linker)
29.	SHA-256	Secure Hash Algorithm (encryption algorithm)
30.	Play Event	Observable action of a game (e.g. triggering possible game features or possible additional games) as well as the player's inputs (e.g., the selection of the cards to be kept after the first draw at poker games)
31.	Game Result	Endresultat of a game
32.	Game mode	State of a gambling machine in which it is playable
33.	Game Program	Software application that can be distinguished for a player on a gambling machine that offers winning opportunities for the stakes of the stakes
34.	SSL	Secure Socket Layer
35.	System hardware	Unambiguously identified combination of all hardware components of a gaming machine (e.g. system board, electromechanical meters, cash movements and printers) by means of the hardware identification feature.
36.	System board	Central hardware component of the gambling machine with all components essential for the operation of the gambling machine (especially processor, RAM); also called motherboard or motherboard
37.	End of Day	The time at which all gambling machines at a location of the match day ends
38.	TLS	Transport Layer Security
39.	Total Wins	Total amount of money won from all games, regardless of whether the winnings are paid directly or credited to the credit meter
40.	Turnover	Total amount of money used, regardless of the amount of the money (in particular coins, hardware tokens, banknotes, receipts, vouchers, credit meters, etc.)
41.	Verification	Integrity checking to determine whether the components used and used in the gaming machine correspond to the components tested and approved in the type report, unchanged, complete and unscoured
42.	Central control system	All IT systems of the data computer center of Bundesrechenzentrum GmbH pursuant to § 2 para. 3 GSpG

Part 2

Technical requirements

1. Main item

General requirements for electronic connection

General provisions

§ 4. (1) The automation-supported data transmission is mandatory via functions which are made available to the holder of the authorization and to the users designated by him by the Bundesrechenzentrum GmbH via the central control system, ,

(2) Further mandatory detailed specifications and organisational framework conditions shall be presented in the annex to this Regulation.

Time of electronic connection

§ 5. (1) The time of the mandatory electronic connection of all gambling machines shall be established for holders of upright permits for national games with gambling machines with 1.7.2013.

(2) For the examination of the central control system, the structure of the network pursuant to § § 26, 27 and the transfer of all existing gambling machines into the electronic connection, a period of six months prior to the date of the mandatory to provide electronic connection. Within this period of time, the possibility of testing connections with regard to the operability of the automated data transmission is to be granted for each type of gambling machine which is intended for use.

(3) Authorisation holders who are to be added after the date of paragraph 1 shall be granted a test connection with regard to the operability of the automated data transmission after the granting of the authorization by the Bundesrechenzentrum GmbH .

(4) The holder of the authorization shall receive an identification holder identification with access data from the Bundesrechenzentrum GmbH, which is to be carefully preserved and protected against unauthorized access. A data transmission carried out under a specific authorisation holder identification shall be deemed to be independent of who actually carried out or caused the data transmission to be used as a data transmission of the person to whom the data transmission was carried out. Grant holder identification has been issued.

Data Transfers

§ 6. (1) Data transfers to the Data Computing Centre of the Bundesrechenzentrum GmbH shall be carried out exclusively in the form defined in this Regulation. They shall only be deemed to have been transmitted if they have arrived at the Bundesrechenzentrum GmbH in the form suitable for the complete electronic processing.

(2) Automated data transfers between the automatic gaming machine and the central control system must be carried out via the Point to Point Transport Protocol in the version of the GSA Point to Point SOAP/HTTPS transport, which is given by the Federal Minister of Finance. and Security Specification. The version of the "GSA Point to Point SOAP/https Transport and security Specification" and the "G2S Message Protocol" set by the Federal Minister for Finance is defined in the annex (detail specification 1).

(3) Data which have been successfully transmitted technically have to be confirmed by Bundesrechenzentrum GmbH in a suitable manner. Confirmation and error handling must be done in accordance with G2S protocol standard.

(4) The Federal Minister of Finance, Land Governments, District Administrative Authorities, Federal Police Directorates and the Public Authorities of the Federal Republic of Germany (Federal Minister for Finance, Finance, Regional Government, Public Health and Public Health) In the central control system, the security service is to process personal data for the holder of the authorization (detailed specification 7). In doing so, the Federal Minister of Finance is acting as data protection provider and the Bundesrechenzentrum GmbH as data protection service provider within the meaning of § 4 Z 5 DSG 2000.

2. Main piece

Construction and game features of gambling machines

Section 1

Hardware requirements

General construction requirements

§ 7. (1) Gambling machines must:

1.		have appropriate arrangements to prevent unauthorized access from outside,
2.		is to be protected against loss of data in the event of a power failure and against electromagnetic, electrostatic or radio waves,
3.		may be able to resume operations without loss of data after interruptions of electricity or other operating losses, and
4.		is uniquely associated with a verified gambling machine type.

(2) Gambling machines may

1.		have no other functions other than those mentioned and described in the documents referred to in paragraphs 3 to 6,
2.		do not allow for the connection of devices outside of the slot machine which may affect the functionality of the gambling machine or the performance of the game-except for equipment used for initial operation or diagnostic purposes outside the Play mode by persons authorized by the authorization holder are required,
3.		In the game mode, do not allow any influence by devices and systems outside of the gambling machine on the decision on the game result of the gambling machine,
4.		do not include devices for making money in the gambling machines by means of electronic transactions (e.g. ATM card),
5.		to allow only one game in accordance with § 13 at the same time, and
6.		have the possibility of using a card reader for the purpose of protecting the player.

(3) Each of the gambling machines includes a technical manual in German in paper form, which consists of a player-oriented and a government-oriented part.

(4) The player-oriented part of the technical handbook must be easily accessible on the outside of the housing. In addition to the unique name of the gambling machine (Section 10 (1)), this has to contain a description of the functions of the gambling machine which are relevant to the player. The function descriptions of the games must be easily understood and illustrated in a clear way.

(5) The official part of the technical manual has, in addition to the name of the type of gambling machine type in accordance with § 32 (2), a description of each available function of the vending machine and a schematic diagram of each type of gambling machine type. Drawing of the automatic gaming machine as well as a design drawing of the contents of the logic housing (in particular the position of the USB interface according to § 12).

(6) In the event of a change in the type of gambling machine (e.g. in the course of a software or hardware update), the changes are to be described and documented in the same form.

(7) If several gambling machines are operated in the form of a multi-player device, compliance with the legal provisions is to be made safe for each individual gambling machine.

Enclosure Requests

§ 8. Gambling machines must be constructed in such a way that:

1.		only persons authorised by the authorization holder (e.g. by using mechanical or electronic locking devices) shall have access to the equipment;
2.		all hardware and software components that are significant for the execution of the program and the operation of the gaming machine, such as, in particular, the generation of random numbers and the storage of the settings and data against unauthorized access, protected in a separate logic housing inside the automatic gaming machines with separately lockable door,
3.		all interfaces (plug connections) of the electronic communications connections in the separate logic housing within the gambling machine and are not accessible without the opening of the logic-housing door,
4.		all device doors are monitored via suitable sensors (logic-housing doors even in the currentless state) and immediately when opening
a)			a game break,
b)			the prevention of money-taking and
c)			an error message
		triggered and saved,
5.		they are reset immediately after a break into the condition prior to the game interruption; and
6.		They immediately report the opening of one or more device doors to the central control system from the point of connection to the data processing centre of the Bundesrechenzentrum GmbH. If the opening takes place in the current-free or switched-off state, the messages must be transmitted to the game mode immediately after switching.

Requirements for changeable storage media

§ 9. Vending machines must have the data of the electronic meters according to the Appendix (detail specification 2), the information given in section 16 (1) Z 3 of the last 20 games, the information given in section 16 (1) Z 4 of the last 50 units and store the data relevant to the continuation of the operation in such a way that these data remain stored for at least 30 days even in the event of a continuous interruption of electricity.

Device identification

§ 10. (1) A legible manufacturer's badge shall be affixed to each gambling machine, which shall at least include the following information:

1.		the name of the manufacturer,
2.		Device serial number,
3.		Model name and
4.		the date of manufacture,

(2) A gambling machine has, as a clear identification feature, a gambling vignette which is to be applied during the course of the commissioning and which is easily visible from the outside and easily readable.

Electromechanical counting mechanisms

§ 11. (1) In addition to the electronic meters referred to in § 19, a gambling machine must have three at least 6-digit electromechanical counting mechanisms for recording

1.		the total amount of the game amounts used in all games played in euros (turnovers),
2.		the total amount of the game amounts won in all games played in Euro (Total Wins) and
3.		the total number of games played
of all the gaming machines used in gambling machines.

(2) The electromechanical counting mechanisms must correspond to the recognized state of the art and must be constructed in such a way that the counter reading cannot be manipulated. Once the maximum count has been reached, the counting mechanisms must start again at zero.

(3) The gambling machine may not be playable if one of the electromechanical counting mechanisms is switched off or is not connected to the electronics of the gambling machine.

(4) In case of an all-due exchange of one or more electromechanical counting mechanisms, the counter readings of the electromechanical counting mechanisms to be exchanged and the new electromechanical counting mechanisms are to be noted in the logbook of the gambling machine.

USB connector

§ 12. (1) Slot machines must have an active USB interface (at least V2.0) connected to the system board within the logic enclosure, as well as sufficient space for attaching a hardware token with a crypto-processor of at least 3 cm Width, 2 cm height and 7 cm length. The interface, which exclusively serves to record the hardware token with crypto-processor, which is also used for authenticating the device, must be easily visible and easily accessible after opening the logic housing.

(2) The hardware token with the crypto processor itself must have a gambling vignette and by affixing a further gambling vignette with the dimensions of approx. 1 cm width and 6 cm length against removal and removal are secured. The number of these gambling vignettes must be in accordance with the number of the gambling vignette in accordance with section 10 (2).

Section 2

Software requirements

Game scope and history

§ 13. A game on a gambling machine begins with the separate triggering of a game program by the game participant after the performance of an insert and ends with the decision on the game result and its booking into the electronic game. Meters (meter). In the course of a game, it may be played on several paylines and in accompanying games, if this does not exceed the legally maximum permissible amounts of the use and the profit of this one game.

Game result determination

§ 14. (1) The decision on the result of the game must depend exclusively or primarily on chance and must be based on a random number generator. This must be realized mechanically, electromechanically or electronically via mathematical algorithms. The reliability of the random number generator and the randomness of the number generated shall be demonstrated by accepted probability calculations and other recognized procedures in the framework of the type-assessment tests. The initial start value (seed) of a random number generator based on mathematical algorithms must be selected at random.

(2) All decisions relating to game results may only be determined from unchangeable specifications based on the player's inputs. Any other type of control mechanism shall be prohibited. In particular, the decision on a game result may not have any influence on future decisions about game results and may not be influenced by previous game results.

(3) The game information provided may not be misleading at any time.

Profit payout ratio

§ 15. The payout ratio is to be calculated for each bet size by means of accepted probability calculations based on an infinite series of individual games. If the game participant offers a variety of odds to choose from in a game program, none of these odds may be considered on its own, starting from an infinite series of individual games, above the set Profit distribution ratio of the respective game programme.

Internal Diagnostic System

§ 16. (1) Gambling machines must have an internal diagnostic system that is self-sufficient.

1.		at the start of the system and at periodic intervals, at least once every 24 hours, automatic self-testing of the gambling machine shall be carried out,
2.		monitoring the permanent connection with the central control system and the data transmission,
3.		at least the last 20 games and within each of the last 50 game events and results for display at the gambling machine (§ 20) and
4.		stores the value and the loans granted for the last 50 units (e.g. banknote, coin coins, tickets) for display at the gambling machine (§ 20) for each device that brings or pays money or playing credit in the gambling machines.

(2) The internal diagnostic system shall store malfunctions in accordance with paragraph 1 (1) (1) and (2) and immediately trigger the further treatment within the meaning of § 34.

Section 3

Storage requirements

Program Store

§ 17. (1) The program storage media of the software components that influence the course of the game, the operating system software of the gambling machines and the sound and graphics data must be designed in such a way that no change in the program code is possible.

(2) An update or exchange of the software may only be possible after opening of the logic housing door of the device and by physical exchange of the program storage medium.

Modifiable Memory (RAM)

§ 18. Gambling machines must have an internal audit system for memory error detection for variable memory (RAM). In the event of unexpected misregularity of the data or data structures listed in particular under § 9, the current game must be cancelled and the start of a further game as well as the cash acceptance must be prevented.

Electronic Meters (Meters)

§ 19. (1) In addition to the electromechanical counting mechanisms referred to in § 11, the automatic gaming machines must have at least the electronic meters according to the Appendix (detail specification 2). The readings shall be displayed at the request of the authorities ' monitoring bodies at the gambling machine under the game programme name used for the game participant and shall be accessible to the central control system as from the time of the connection. .

(2) All electronic meters shall be at least 10 digits and may only be used outside of their intended function.

1.		the exchange of software,
2.		the maintenance of malfunctions, which do not allow the correct operation of the gambling machine without resetting, and
3.		changing the settings of the gambling machine that require a reset,
will be changed.

(3) In addition, if the gambling machine offers different game programs, it must also be equipped with other counters, which collect the data separately for each game program offered, according to detail specification 2.

(4) The electronic counters must start again at zero after reaching the maximum counter reading.

(5) From the connection to the data center of the Bundesrechenzentrum GmbH, all electronic counters must correspond to the G2S Standard of the Gaming Standard Association as defined by the Federal Minister for Finance (according to detail specification 1). ,

Section 4

Viewing at the gambling machine

Display of the last games and units

§ 20. Gambling machines must, on request, have the information stored in the internal diagnostic system of the last 20 games (§ 16 para. 1 Z 3) and the last 50 accepted units (§ 16 paragraph 1 Z 4) in time-correct sequence at the gambling machine view.

Display of a disconnect

§ 21. Gambling machines must monitor the permanent connection with the central control system (§ 16 para. 1 Z 2). If the connection is lost, a clear indication of this situation at the gambling machine, which can be read for the player, is to be displayed immediately for the duration of the connection interruption. The game operation can be continued. The provisions of § § 23 (3) and (25) must be observed.

Display of player-related information

§ 22. (1) Slot machines in vending machines may not allow any further game after the current game has expired (cooling phase) and must have the current credit balance when the maximum permitted length of the game is reached by a player after the current game has expired. of the player. The cooling phase must last at least 5 minutes. The recorded playing time may not be reset to zero until a game has been performed for the duration of the legally regulated cooling phase. Gambling machines may display only player-related information for the duration of the cooling phase. The entrance of the cooling phase is to be announced on the screen of the gambling machine in a timely way.

(2) Gambling machines in individual orders may only display game-protection-related information when the maximum duration of the game is reached by a player for a period of at least 5 minutes. The arrival of the maximum daily playing time for individual orders is to be announced on the screen of the gambling machine in a timely way.

(3) The game participant must be shown clearly and clearly legibly on the gambling machine the payout ratio according to § 15, which has been mathematically determined for the respective game programme and the chosen bet size. It must be recognizable to the player that this is not his current winning probability in the next game.

3. Main piece

Access to gambling machines

Communication with the central control system

§ 23. (1) The vending machines must be permanent using the G2S Message Protocol in the version of the Gaming Standards Association (GSA) by the Federal Minister for Financial Affairs (detailed specification 1), via a G2S network Can connect to multiple systems (hosts). A connection of this is to be provided for the central control system.

(2) All gambling machines must synchronize their local system time with the time of the Global Positioning System (GPS) or the central time server provided by the Bundesrechenzentrum GmbH (Bundesrechenzentrum GmbH).

(3) In the event of loss of connection, it is necessary to ensure that the audit meters are stored and that all the events provided for the central control system are persisted in the "eventHandler log" of the G2S protocol. At least the last 500 events must be stored in the "eventHandler log" until the successful transmission.

Identification and verification

§ 24. (1) Prior to the initial connection of a gambling machine in the central control system, the unambiguous assignment of the hardware token to the gambling machine and the attachment of the hardware token with crypto-processor must be carried out in accordance with § 12. the USB interface described.

(2) In order to ensure the integrity of the software used, it is necessary to sign the software used for each type of gambling machine. The software signature is to be recalculated for each request. In order to ensure the reproducibility of the signature values, a clear physical separation between the program memory and the data memory is to be provided. Changes in the software represent a change in the type of gambling machine (§ 32) and require a re-creation of the software signatures.

(3) The software signatures are to be created by the mathematical hash function Secure Hash Algorithm (SHA-256). The SHA-256 method is used per software component in the gambling machine. The entire storage medium of the program memory in question is to be signed. The start value (Salt) for the hash function has a length of 16 bytes.

(4) In order to ensure a clear identification of the system hardware (combination of all hardware components), it must be ensured that a hardware identification feature (256 bit, represented as a hexadecimal value of 64 characters) remains unchanged in the RAM is stored. A new hardware identification property is required if the system hardware is changed.

(5) From commissioning, all gambling machines must, after switching to a special mode, the necessary input possibility of the starting value for the local query of the software signature values (paragraph 1). 2), and calculate and display the software signature values of the components and the type identification (§ 33). In addition, the hardware identification feature (par. 4) and all other information required for verification of system software, system hardware and game programs on the gaming machine's screen.

(6) From the point in time of connection to the central control system, all gambling machines must, upon request of the central control system, be required to use software signature values (paragraph 1). 2) and the hardware identification feature (par. 4) and transmit all further information required for verification to the central control system for system software, system hardware and game programs. The comparison with the information of the type display stored in the central control system is to be made possible. The above-mentioned information must be provided in accordance with the G2S standard (detailed specification 1), which is given by the Federal Minister of Finance. The request is made using the "getComponentList" and "doVerification" commands of the G2S protocol.

Service level for the connection to the central control system

§ 25. The network connection between the individual gambling machines and the connection node of the Bundesrechenzentrum GmbH, which is to be provided by the holder of the authorization, has the following requirements to be met:

1.		Availability:
a)			Maximum total duration of interruption in the responsibility of the holder of the authorization per calendar month and automatic gaming machine: 7 hours
b)			Maximum individual interruption in the responsibility of the holder of the authorization per calendar month and automatic gaming machine: 4 hours
c)			If the network connection and thus the data transmission between the entire network of the authorization holder and the connection node of the Bundesrechenzentrum GmbH is interrupted, this interruption period shall be deemed to be an interruption to each individual. Gambling machines of the holder of the authorization.
d)			The permissible interruption times refer to the individual gambling machines. If the maximum period of interruption is not reached in the case of a gambling machine, the remaining time period shall not be allowed to exceed the maximum period of interruption of other gambling machines.
e)			Planned maintenance work on the part of the holder of the authorization shall be admissible and shall be displayed at least 10 working days before the start of the Bundesrechenzentrum GmbH, stating the time, duration and type of maintenance activity. Only after a timely notification is the interruption not considered as an interruption in the sense of availability. A game operation during maintenance interruption is not allowed.
f)			Maintenance work by Bundesrechenzentrum GmbH is permitted and will not be considered as an interruption in the sense of availability. These maintenance work shall be indicated at least 10 working days before the start by Bundesrechenzentrum GmbH, indicating the time, duration and type of maintenance activity. A game operation during this maintenance-related interruption is allowed.
2.		Performance/Response Time Behavior:
a)			When transmitting data between the gambling machine and the connection node of the Bundesrechenzentrum GmbH, the holder of the authorization must ensure that the maximum transmission time does not exceed 7 seconds. The transmission of individual game data is to be used as a measuring criterion. The start of the measurement must take place from the point in time of the end of a game on the gambling machine and end with the complete entry of the defined data into an individual game at the connection node of the Bundesrechenzentrum GmbH.
b)			It must be ensured that the performance requirements are complied with with simultaneous single-game data transmission of at least 20% of the gambling machines of a location, of at least 3 gambling machines, at least.
c)			The verification of performance behaviour has to be carried out for the first time at the time of commissioning of the network connection between Bundesrechenzentrum GmbH and the holder of the authorization, and thereafter periodically during the ongoing operation.

4. Main piece

Minimum standards of electronic connectivity

Section 1

Network framework conditions

Network with coordinated IPv4 addresses according to RFC 1918

§ 26. ( 1) As a basis for bi-directional communication between the central control system, which is established by the Bundesrechenzentrum GmbH in its data centers in a failsafe way, and the gambling machines, which are located in the private network of the respective An IPv4 network (RFC 791) based on Ethernet (IEEE 802.3) is assumed to be connected to the authorization holder. The authorisation holder must establish such a network for the networking of his gambling machines at his own expense-if not available-, adapt it to the requirements of the gambling law and operate it in a trouble-free way. The authorisation holder is responsible for the operation of its network-the transfer point is a defined network access in the system rooms of Bundesrechenzentrum GmbH. The network shall comply with the requirements laid down in § 25. Consequences resulting from a failure of this network shall be borne exclusively by the holder of the authorization.

(2) Bundesrechenzentrum GmbH has a reasonable number (including a reserve for extension) of private IPv4 addresses according to RFC 1918 to be mandatory for the holder of the authorization for the number of automatic gaming machines operated by the company. To make use available. With its private IP address made available by Bundesrechenzentrum GmbH, each gambling machine is mandatory to connect to the network according to RFC 1918 and thus has a bi-directional communication path between the individual To enable gambling machines and the central control system. All necessary conversion work (mandatory use of the IPv4 addresses, network settings, etc. specified by the Bundesrechenzentrum GmbH) in the network of the holder of the authorization will be at the expense of the holder of the authorization and are to be carried out on schedule before connection.

(3) As an alternative to the use of the IPv4 addresses provided by Bundesrechenzentrum GmbH, official IPv4 addresses can be communicated with the central control system, whereby the holder of the authorization for the provision of of its IP addresses, which are required for the communication of its gambling machines with the central control system. The Bundesrechenzentrum GmbH has to make available the corresponding official IP addresses for the central control system. All other requirements remain unaffected. The Federal Minister of Finance can arrange a transition to IPv6 addresses within a reasonable transition period when IPv6 is included in the GSA protocol standard.

(4) Each authorisation holder must ensure sufficient protection for his/her private network against both external attacks and other holders of authorisation. The Bundesrechenzentrum GmbH has to provide the appropriate security measures for the central control system.

Line connection to the central control system

§ 27. (1) Bundesrechenzentrum GmbH has two switching nodes available at two different locations, with the maximum possible one primary binding for each holder of the authorization. The erection and operation of the redundant connection is carried out under the same conditions as the primary connection. At its own expense, the authorization holder has to establish and operate a corresponding data line between its private network and these two connection nodes of the data computer center of Bundesrechenzentrum GmbH. The choice of the respective provider as well as the connection technology (ADSL, etc.) are the responsibility of the holder of the authorization and are not regulated by the Federal Ministry of Finance.

(2) The central control system shall be operated by Bundesrechenzentrum GmbH. The holder of the authorization is in the system rooms of the Bundesrechenzentrum GmbH for the accommodation of its transmission equipment (e.g. network components) the necessary rack space (including power supply [~ 230V] via two different Power circuits and air-conditioned). The holder of the authorization shall not be entitled to a separate 19 ' 'network cabinet and shall not be allowed to provide any of them. The network cabinets are to be made available by the Bundesrechenzentrum GmbH and remain in their property.

(3) For a fault in the network of the holder of the authorization, only the holder of the authorization shall be responsible for and responsible for the troubleshooting. After signing a Non-Disclosure Agreement (NDA, detail specification 4), the holder of the authorization shall be allowed access to the facilities in his responsibility and located in the Bundesrechenzentrum GmbH. The initial installation as well as all other activities which require a suburban use in the system rooms of the Bundesrechenzentrum GmbH are to be coordinated with this schedule. The staff of the holder of the authorization shall be allowed access to the system rooms of the Bundesrechenzentrum GmbH in the company of the employees of the Bundesrechenzentrum GmbH who are entitled to access the information. As a transfer point for the coupling to the central control system, the holder of the authorization from the Bundesrechenzentrum GmbH is once RJ45 (100 Base TX) or once RJ45 (1000 BaseT), including an RJ45 (1000 BaseT), according to the required bandwidth. to provide 16x IPv4 addresses (Netmask = 255.255.255.240). This transfer point represents the strict separation between the individual networks and, at the same time, defines the limits of responsibility.

(4) The holder of the authorization shall ensure the network adapter of his gambling machines, which is necessary for the transmission of the gambling data, against manipulation in such a way that neither an intended nor an intended withdrawal of the network cabling without the use of such data is not required. The use of force (e.g. mechanical protection) can be used for other purposes (e.g., the connection of another terminal) to this cabling by third parties (e.g. by port security on a MAC address basis). The holder of the authorization shall be liable for any damage caused by such manipulation in the central control system or in the case of other holder of the authorization. The authorisation holder is obliged to make all necessary arrangements for its part of the network, which is an attack (e.g. Denial of Service (DoS) attacks) on the authority network and the networks of the other authorisation holders. prevent. In addition, the owner of the authorization has to make arrangements that any malware (malware)-e.g. viruses, Trojans-can neither be introduced into its private network nor disseminated in the same. In the event of damage arising from such attacks, the responsible holder of the authorization shall be liable to the Bundesrechenzentrum GmbH and the other holders of the authorization, provided that the relevant influence and control options are not exclusively available in the case of the Bundesrechenzentrum GmbH are located.

Section 2

Standards for data transfers

Confidentiality, authenticity and integrity

§ 28. In order to ensure confidentiality, authenticity and integrity, data shall be transmitted in encrypted form. The following requirements have to be met for the use of encryption and cryptographic signature:

1.		Each gambling machine has at least one cryptographic asymmetric key pair (e.g., RSA, 2048 bits, etc.). This is obtained from the gaming machine via a hardware token with crypto-processor, which is connected via the USB interface described in § 12.
2.		Data sent from the gambling machine to the Bundesrechenzentrum GmbH are to be encrypted with cryptographic keys derived from the above-mentioned keys, from the gambling machine. When setting up the connection (HTTP) between the gaming machine and the central control system (in both directions), this derived cryptographic key between the gambling machine and the central control system, and thus encrypts all subsequent data packets by using SSL/TLS (HTTPS).
3.		The gambling machine has to be authenticated with the private key of the named key pair by creating a digital signature securely in relation to the Bundesrechenzentrum GmbH. This has to be done in the construction of the connection between the gambling machine and the central control system (in both directions) at the level of the communication channel in accordance with the protocol SSL/TLS.
4.		The possible versions of SSL and TLS are defined in the version of the "GSA Point to Point SOAP/https transport and security specification" given by the Federal Minister of Finance (detailed specification 1).
5.		The gambling machine has access to the cryptographic keys and certificates on the hardware token via PKCS#11 .
6.		The holder of the authorization shall ensure that the hardware token is supported by the hardware and software of the gambling machine.

Data Transfer Log

§ 29. (1) All devices required for the operation of the gaming machine (e.g. cash movements and printers) have to fully support the corresponding classes of the G2S protocol in the gambling machine.

(2) The G2S standard protocol classes defined in the following table must be fully implemented and supported. These classes shall in particular be used for the transmission of

1.		Special events of the gambling machine (cabinet and eventHandler class),
2.		Single game data according to requirements by the central control system (game play class),
3.		Meter readings according to requirements by the central control system (meter class and auditMeters class) and
4.		Control information on gambling machines (gat class)
is used. The classes to be implemented can be extended or amended on behalf of the Federal Minister of Finance for reasons of player protection. The implementation of additional G2S classes on the part of the holder of the authorization is permitted, provided the functionality of these classes does not violate legal provisions (e.g. download class).

G2S Classes	Description
communication class	monitor & control communication between EGM and host systems
cabinet class	physical housing & security of EGM; enable, disable, lock from game play
eventHandler class	Event subscriptions for EGM
meters class	to collect meter information from EGM
gamePlay class	game availability on EGM
gat class	authentication required by regulators
auditMeters class	identify support for audit meter subscription and which host can set it

(3) In the central control system of the data processing centre of the Bundesrechenzentrum GmbH, the holder of the authorization shall announce the end of a game day for each location. This end of the day applies to all gambling machines of a location.

(4) For the storage and reporting of the counter readings at the end of the day to the central control system, "Auditmeters" are to be provided in the gambling machine.

(5) For each gambling machine, the current status of all counters (Appendix, Detail Specification 2) at the end of the day of a game day in the "Auditmeters" of the gambling machine is to be stored persistent for at least 24 hours.

(6) The holder of the authorization shall ensure that these "Auditmeters" can be read out at any time by the central control system of Bundesrechenzentrum GmbH.

5. Main piece

Technical advice on compliance with the rules on gambling law

Type Reports

§ 30. The holder of the authorisation shall ensure that a technical expert opinion on compliance with the rules on the right to happiness by an appropriate and authorized person shall be made available for each type of gambling machine which is to be used before the start of operation. Test companies (type reports) are available.

Audit Company

§ 31. Each testing company shall meet each of the following requirements at the time of issue of the type opinion:

1.		Accredited in the EU/EEA area or Switzerland as a testing and calibration laboratory for the area of gambling machines
2.		any auditor of the audit firm responsible for drawing up the type report shall have a degree in the field of electrical engineering, mechatronics or technical computer science or equivalent training, or has at least Five years of experience in the preparation of technical expertise in the field of gaming machine technology
3.		No economic dependence on the manufacturer of the tested gambling machine or on the holder of the authorization.
The requirements of Z 1 to 3 are to be confirmed by the test company in accordance with the Appendix (detailed specification 3) and can be proved via soliciation.

Contents of the type opinion

§ 32. (1) The following components and all combinations of these components which are to be used for the type test to be issued in the framework of the type test are to be checked:

1.		the hardware and software components of the gambling machine and
2.		the game software of all individual game programs and all software components relevant to the game.

(2) The type report shall contain, in addition to the unique name of the type of gambling machine, test reports for each component, as well as a test report for each combination of these components, and compliance with all of these components shall be: To confirm the rules on gambling rights. For all hardware and software components of a gambling machine type, the test reports must also contain all the information required for later verification. The type report and the test reports have to correspond to the templates of the plant (detailed specifications 5 and 6).

(3) A type identification is to be calculated for the component combination to be used and must be shown in the type report. The type identification is based on the signature values of all software components with a starting value to be issued in the type report (§ 24 para. 2 and 3) and the hardware identification feature (§ 24 para. 4) by the XOR-linkage (mathematical " exclusive or "). The type identification feature is to be indicated in the representation form of the hardware identification feature.

(4) Changes to hardware or software components of a gambling machine (par. 1), for which no type report is available, a new type report is required.

Type Display

§ 33. (1) With the type display, the holder of the authorization shall declare the completeness of the test records of all components defined under § 32 for each type of gambling machine and the type report including the test reports and the confirmation transferred to the central control system of the Data Computing Centre of Bundesrechenzentrum GmbH pursuant to § 31.

(2) With the type display, the Federal Minister of Finance for each type of gambling machine type reference programs of the game programs and the system software on a variable-proof medium (e.g. DVD) in a sealed and inscribed envelope are available. To be made available.

(3) The Federal Minister for Finance may at any time order a technical inspection in which the conformity of the reference programs made available with the software installed on the gambling machine must be demonstrated. The holder of the authorization shall keep the source code and infrastructure for the duration of the use of the software tested in a gambling machine and at least three years thereafter, in order to draw up the reference programmes from the source codes to be comprehensible and verifiable.

6. Main piece

Actions in case of malfunctions

Measures in the event of malfunctions of a gambling machine

§ 34. (1) The diagnostic system of a gambling machine (§ 16) establishes a malfunction which has an effect on

1.		the transmission of data to the central control system in the area of gambling machines,
2.		the course of the game, the counting mechanisms or the internal data storage or
3.		the functioning of the diagnostic system itself,
The acceptance of this gambling machine must be immediately prevented and no further play should be allowed. The type and the correction of the malfunction must be documented in the logbook (§ 37).

(2) From connection all malfunctions detected by the diagnostic system must be reported to the central control system in accordance with the specifications of the G2S protocol.

Actions in case of malfunctions of a gambling machine type

§ 35. If in the case of gambling machines or their components malfunctions are found which prevent the lawful operation of a gambling machine type, all gambling machines of this type are immediately after the malfunctions become known. except to operate. After rectification of the malfunctions, the holder of the authorization must have a check in accordance with § 32 and carry out a new type advertisement.

Part 3

Recording and retention requirements for gambling machines

Recording requirements

§ 36. (1) The holder of the authorization shall record the individual games of gambling machines within the meaning of § 13 as a delivery subject as well as all the up-and-out bookings of game credit. The following amounts of the time sequence according to the gambling machine (§ 10) are to be recorded completely, correctly and immediately with the indication of the respective time point (date, time):

1.		Bet per game,
2.		Profit or loss per game,
3.		Booking a game's credit and
4.		Debiting or paying off a credit balance.

(2) The recording obligations of paragraph 1 can be fulfilled by logging the individual movements of the corresponding accounting counters of the plant (detail specification 2).

(3) Events outside the gambling machine, which are of importance in terms of duty, such as the removal of money, cash payouts, settlement with the paying person, shall be recorded and the supporting documents shall be kept.

logbook

§ 37. For each automatic gambling machine, a paper log book shall be placed at its place of installation, which shall be granted access to the supervisory authorities of the authorities upon request. In the logbook are

1.		the type identification, the device serial number and the model name and
2.		the commissioning, non-operation, any opening of the logic-housing door, as well as all operational interruptions due to malfunctions of the automatic gaming machine, with the respective status of the electromechanical counting mechanisms, date and time of the To document the interruption period as well as a justification. In addition, each entry in the logbook shall include the name and signature of the person responsible for the authorisation holder. If an outage occurs due to the change in the type of gambling machine, the new type identification is to be recorded in the logbook.

Retention duties

§ 38. (1) The records in accordance with § 36 may not be erasable or subsequently modifiable. They shall be kept for a period of seven years and shall be submitted at the request of the discharge authority. For the purposes of recording, volumes can be used.

(2) If the total storage of all relevant data is not provided for in the gambling machine, an unalterable storage shall be made in an EDP system of the holder of the authorization or on an external data carrier.

(3) The taxable person shall, within a maximum of three days, make available to his/her expenses those tools which are necessary to make the documents legible and, where necessary, legible, permanent reproductions, without any means Teach. Permanent reproductions are to be made available in the form of data carriers or as "export or print files".

Part 4

Final provisions

Date of application of the provisions of the Ordinance on Gambling Machines

§ 39. (1) This Regulation shall enter into force at the end of the day of the manifestation in the BGBl. Their rules and obligations shall be complied with with the entry into service of the respective gambling machine.

(2) By way of derogation from paragraph 1, the provisions of the

1.		§ § 5 (4), 6, 8 Z 5, 12, 16 (1) Z 2, 19 (5), 21, 23, 24 (1), 24 (6), 25 to 33, 34 (1) Z 1 and 34 (2) and
2.		§ § 7 to 9 and 11 to 35 for national permits issued prior to the date of entry into force of this Regulation in the sense of § 5 GSpG
first entered into force with 1.7.2013.

Fekter