Gaming Machines Act s.49 requires a hotelier or club that keeps approved gaming machines to ensure patrons have access to a self-exclusion scheme and to publicise its availability (s.49(3)). The scheme's minimum requirements — including the 6-month non-withdrawal period — are set by the Gaming Machines Regulation 2019 cl.45. What that obligation looks like in practice — registers, refusal-on-entry logs, multi-venue scheme coordination, and the FRT layer venues are increasingly adding — is where most of the operational work sits. Working reference for club managers and gaming managers — not legal advice.
Working reference, not legal advice
Self-exclusion obligations turn on the specific terms of each order, the venue's scheme participation (single- venue vs MVSE), and the operational mechanisms in use. For a definitive view of your venue's position, talk to a liquor and gaming lawyer.
Section 49 of the Gaming Machines Act 2001 (NSW) sits across three operative subsections. s.49(3) requires a hotelier or club authorised to keep approved gaming machines to ensure patrons have access to a self-exclusion scheme and to publicise its availability — maximum penalty 100 penalty units. s.49(4) makes it lawful, using no more force than is reasonable, for a responsible person to prevent a participant from entering the nominated area or to remove them — this is permissive, not compelled. s.49(5) provides a good-faith immunity from civil and criminal liability for acts done in accordance with the section and the regulations.
Gaming Machines Regulation 2019 (NSW) cl 45 ↗ sets the scheme's minimum requirements. The participant gives a written and signed undertaking specifying the period (cl.45(b)); the participant must be given an opportunity to seek independent advice (cl.45(c)); the venue must provide written information on the relevant problem-gambling counselling service (cl.45(d)); the venue must ensure responsible persons can readily identify the participant, for example by means of a recent photograph (cl.45(e)); and the participant must be prevented from withdrawing from the scheme within 6 months after requesting participation (cl.45(f)).
Self-exclusion is fundamentally a harm-minimisation tool, not a punitive measure. The patron is asking the venue to help them stay away from gaming. The s.49 obligation is to ensure the request can be made and to honour it operationally — a register that exists to be used, not to be filed.
NSW law requires hotels and clubs with gaming machines to provide access to a self-exclusion scheme that meets the Gaming Machines Regulation 2019 minimum requirements. L&GNSW says venues may run their own scheme or use a provider; ClubSAFE (operated by ClubsNSW) is one example provider that L&GNSW identifies. The minimum self-exclusion period for hotels and clubs is 6 months (cl 45 ↗(f)).
In practice, the two operational patterns look like this:
A patron may be subject to both kinds of arrangement at the same time. The venue's operational system needs to check the consolidated participant set as part of the same patron-on-entry flow — a self-excluded participant identified at the door doesn't need to be flagged separately by single-venue vs multi-venue source. The participant is excluded; the source of the undertaking is metadata.
For clubs that participate in a multi-venue scheme, the practical participant list is the union: every undertaking applicable to this venue, regardless of source. Inspectors expect to see evidence that the identification mechanism is operationally used at the entry — not just maintained. See /mvse-explained for the multi-venue pattern in more detail.
A working self-exclusion regime has four operational stages, each producing its own evidence:
What inspectors test against is not the existence of the register — most clubs have a register — but the chain of evidence demonstrating that each stage actually happened for each patron. A register without refusal logs is the most common finding. So is a refusal log that doesn't match the register, which signals data drift between the two.
Section 49 of the Gaming Machines Act 2001 (NSW) requires a hotelier or club that is authorised to keep approved gaming machines to (a) ensure that patrons have access to a self-exclusion scheme, and (b) publicise the availability of self-exclusion schemes and information about how they operate (s.49(3), maximum penalty 100 penalty units). s.49(4) makes it lawful — not compelled — for a responsible person to prevent a participant from entering the nominated area or to remove them, using no more force than is reasonable. s.49(5) provides a good-faith immunity from civil and criminal liability for acts done in accordance with the section and the regulations. The scheme's minimum requirements live in the Gaming Machines Regulation 2019 cl.45 — including that the participant gives a written and signed undertaking specifying the period (cl.45(b)), that the venue can readily identify the participant (cl.45(e), e.g. via a recent photograph), and that the participant must be prevented from withdrawing from the scheme within 6 months after requesting participation (cl.45(f)). A register is a sensible operational artefact; it is not the statutory mandate.
NSW law requires hotels and clubs with gaming machines to provide access to a self-exclusion scheme that meets the Gaming Machines Regulation 2019 minimum requirements. Venues may run their own scheme or use a provider. L&GNSW identifies ClubSAFE, operated by ClubsNSW, as one example provider. The minimum self-exclusion period for hotels and clubs is 6 months. A scheme that covers more than one venue — sometimes referred to as multi-venue self-exclusion — lets a patron's self-exclusion undertaking apply across the venues participating in that scheme, instead of being signed at each venue individually. The page /mvse-explained covers the multi-venue pattern in more detail, including the venues-may-run-their-own / use-a-provider framing.
The venue, via its staff. s.49(4) of the Gaming Machines Act makes it lawful — not compelled — for a responsible person at the hotel or club to prevent a participant from entering, or to remove them, using no more force than is reasonable; s.49(5) gives a good-faith immunity. Operationally, this is the venue's harm-minimisation posture in action: the staff who control entry to the gaming area need an effective way to identify participants (cl.45(e)), a workable check at the door, and a documented refusal flow when a self-excluded person is identified. The s.49(3) breach — failing to ensure access to a scheme or to publicise it — carries a maximum penalty of 100 penalty units; further licence consequences may follow from a pattern of harm-minimisation failures. Scheme deed terms (where the venue participates in a multi-venue scheme operated by a provider) add their own enforcement obligations on top.
In practice, three things, each tied back to GMR cl.45 or to general harm-minimisation expectations. First, evidence the venue can readily identify scheme participants (cl.45(e)) — typically a current list of self-excluded participants, including those signed up via any multi-venue scheme the venue participates in, with the order details (start date, period specified in the undertaking, scope). Second, the practical identification mechanism — how staff at the entry to the gaming area actually check participants, whether via terminal, portable device, paper list, or facial-recognition tool. Third, the refusal-on-entry records that demonstrate the identification mechanism is being used, not just maintained. A list that exists but never appears to be checked is a finding. Refusal records that don't match the list (people refused who aren't on it; people on the list who appear in CCTV in the gaming area) are findings.
Under the Gaming Machines Regulation 2019 cl.45, the participant gives a written and signed undertaking specifying a period (cl.45(b)). The Regulation does not prescribe a fixed minimum or maximum period; the single hard floor is that the participant must be prevented from withdrawing from the scheme within 6 months after requesting participation (cl.45(f)). Many self-exclusion undertakings are signed for six months or longer, and some are open-ended. The arrangement remains in force until the period specified ends or until the participant's withdrawal is processed in accordance with the scheme's rules. Where the venue uses a multi-venue scheme operated by a provider, the scheme deed terms add the provider-side revocation process on top of the cl.45 framework.
FRT is increasingly used by NSW gaming venues to support participant identification at the entry to the gaming area, but it's not a regulatory requirement under s.49 or cl.45. cl.45(e) requires that responsible persons can readily identify the participant — a recent photograph is the example given in the Regulation — and FRT is one mechanism for satisfying that capability, alongside human staff identification, ID-card scanning, and door-staff visual recognition. Incoming Privacy Act reforms will require APP entities to update their privacy policies to explain certain uses of personal information in substantially automated decisions that have a legal or similarly significant effect — this is a transparency obligation commencing 10 December 2026, not a current statutory right to contest automated FRT decisions or a current statutory requirement for human oversight, although those may be prudent governance controls. NSW also has a voluntary FRT Code of Practice (approved under GMA s.48) covering PIAs, Australia-only data storage, signage, deletion-on-expiry, and access controls. See /frt-vendor-selection for the vendor-side framing.
The current self-exclusion register itself (a continuous record while orders are active). The signed self-exclusion application forms (retained per the venue's broader retention policy; seven years is the safer default). Records of self-exclusion checks performed at the gaming-area entry (the evidence that the register is being used). Refusal-on-entry logs when a self-excluded person is identified and refused. Any communications with the patron during the exclusion period (revocation requests, breach incidents). The records have to be findable at inspection — a register that exists in a database the manager can't access in 30 seconds is functionally invisible.
Two things, depending on the circumstances. If the venue identifies the participant at entry and refuses them, the situation is contained — the venue logs the refusal, the undertaking remains in force, and depending on the venue's policy (and the rules of any multi-venue scheme it participates in), the participant may receive a written notification. If the participant enters the gaming area undetected, this may indicate a scheme-enforcement gap that warrants review: under the venue's harm-minimisation framework and (where applicable) the scheme deed terms, identifying and removing the participant as soon as practicable, documenting the incident in the incident register, reviewing what allowed the entry, and tightening the identification process at the door are the operational responses. Note that s.49(4) makes prevention and removal lawful — not compelled — and s.49(5) provides a good-faith immunity from civil and criminal liability for acts done in accordance with the section and the regulations. Repeat occurrences signal a structural gap that the Authority and (where applicable) the scheme provider will take seriously.
How facial-recognition technology supports self-exclusion enforcement, and what to look for in a vendor.
Where the five clusters of inspection findings come from — self-exclusion is one of them.
How long the self-exclusion register, refusal logs, and related records have to be kept.
Venue-run and provider-run participant lists checked together at every entry, refusal records that hold up against the cl.45(e) identification standard, and the audit trail an inspector asks for. First three months free, no card up front.