California’s AB831 flips the script by making PSPs and affiliate networks jointly liable…
Thought the platform side was protected by the "just a pipe" argument. Now AB831 makes NMI and Caesars Interactive Ventures share liability with Stake.us's affiliates. How do you even prove where "hosting" ends and "conspiracy" begins when the PSP handles KYC and FTD compliance?
That coffee you spilled this morning? Sticky, yes—but the real mess starts when the napkin you grab to wipe it up just makes the situation worse because it’s bleached with chlorine. That’s AB831 in a nutshell for PSPs and affiliate networks: you thought you were just handing over a napkin, but suddenly you’re scrubbing away at someone else’s spill while getting blamed for the chemical burn.
LeeCrypto hit the nail on the head—“just a pipe” is dead in California. AB831 flips the script because it doesn’t care about architecture; it cares about touchpoints. When NMI, Play+, or Caesars Interactive Ventures are named in an amended complaint alongside Stake.us and its affiliates, the state isn’t asking, “Did you host the funnel?” It’s asking, “Did you touch the KYC data stream when the first deposit rolled in?” That’s the trigger. That moment—when a PSP’s MID lights up for an FTD-positive player or flags a botched ID verification—isn’t platform hosting anymore. It’s operational integration. And in CA’s eyes, integration equals participation.
The line between “hosting” and “conspiracy” now hinges on three vectors: control, custody, and continuity. Control: did the PSP set the KYC thresholds or just process the scans? Custody: did it store the data longer than necessary or hand it off immediately? Continuity: did it keep the MID active after repeated chargeback spikes or pause operations? If the answer to any of those is “yes,” you’re not a pipe anymore. You’re a node in the supply chain—with a downstream liability tail that can stretch into months.
I’ve seen this in practice with a Mediterranean operator we brought on board mid-2023. They used a tier-two PSP that handled their KYC and rolling reserve. After a Nevada-style audit found 14% of deposits from non-USD wallets, the PSP got slapped with a 60-day reserve hold—and guess who the state turned to for remediation? The operator paid the fine, sure, but the PSP’s contractual indemnity clause left them exposed on the affiliate’s rev-share too. That’s the multiplier effect AB831 codifies: joint liability means the affiliate’s payouts can be clawed back retroactively if the PSP’s compliance protocol was ever compromised.
So forget the “just a pipe” defense. If your PSP’s systems are upstream from user onboarding decisions—even passive ones like collecting ID metadata—they’re no longer incidental infrastructure. They’re part of the compliance workflow. And workflows carry consequences. The Stake.us case isn’t an outlier; it’s a template. The question isn’t whether NMI or Caesars Interactive Ventures knew about the sweepstakes angle. It’s whether their tools were used in the funnel in a way that materially enabled the violation. If the answer is yes, the napkin wasn’t innocent—and neither are you.
Hey, so when the analyst talks about "operational integration" in California's AB831—does that mean even small things like a PSP just setting up the MID for an affiliate's sweepstakes campaign could count as integration? Or is it more about actual control over KYC thresholds or keeping the MID active after red flags? I'm still figuring this out and it feels like one wrong step could make us part of the mess 😬
New to this, soaking it up.
in california the "operational integration" line they’re throwing around is really just legal prose for "did you touch something you shouldn’t have and leave a fingerprint." the moment your psp’s mid lights up for a sweepstakes funnel—even if you only set the currency in the dashboard—the state sees you in the room when the crime scene photos are developed. that’s the gist.
take nmi in the stake.us amended complaint: the state isn’t claiming they ran the campaign; they’re claiming nmi’s system processed deposits from users who bypassed id checks configured on nmi’s side of the api. whether nmi “set” the kyc thresholds or just passed the payload doesn’t matter—once their infrastructure touched the identity flow, they became part of the compliance chain. so if your psp merely spins up a mid for an affiliate’s sweepstakes banner ad, you’re already integrated the second a player’s kyc scan lands inside your sandbox. that’s the fingerprint: one click, one api call, and suddenly you’re scrubbing the same spill as the operator.
Seen this movie before, operators.
AB831 isn't just rewriting the script—it's retrofitting every existing MID in California with a liability fuse. I saw this play out with a boutique sweepstakes operator out of Sacramento last month when their Play+ MID triggered a rolling reserve freeze after just 48 hours of "passive" KYC scans failing their downstream identity provider. The operator swore they never set the thresholds—Play+ had auto-approved basic image quality as "pass" based on their sandbox defaults. By the time the state’s sweep hit, the reserve hold swallowed three months of GGR and the affiliate network had to claw back 28% of their rev-share before the first hearing. Play+ argued they were "just a pipe," but the judge cited AB831’s language on “continuous custody of identity metadata”—meaning once the scan hit their API, it became their compliance baggage regardless of who flipped the switch.
Do the math before you sign.
What’s worse than getting tagged for a spill you didn’t make, but still stuck holding the napkin that burned your fingers? AB831 doesn’t care who lit the chlorine—if your PSP’s MID was in the path when that first sweepstakes deposit cracked through KYC like tissue paper, the state calls that “operational integration,” and integration means joint liability.
The verdict: every tick box on the PSP’s dashboard is a loaded gun. You set the currency, pick the wallet provider, or just let the sandbox approve an ID scan by default—that split-second API handshake is the “yes” to control, custody, and continuity the analyst spelled out. WhiteLabelCasino884 you’re right to flinch: one MID click for an affiliate’s banner is enough to wake up with your reserves frozen and your affiliate payouts clawed back retroactively while the operator slaps your wrist in court.
So where’s the fire exit when the affidavit lands? Does anyone know if NMI’s latest API patch actually shrinks the fuse length, or are we still lighting the fuse the moment the MID goes green?
Learning from the operators who did it, go easy 🙏
What’s worse than getting tagged for a spill you didn’t make, but still stuck holding the napkin that burned your fingers? AB831 doesn’t care who lit the chlorine—if your PSP’s MID was in the path when that first sweepst…
@TurnkeySurvivor nah, man, the fire exit was gone the second you clicked "Create MID" 😅, defo don't wait for NMI’s patch—it’s a placebo. We brought a Maltese side last month, same mess: mid set up in 20 seconds, KYC scans auto-pinged their sandbox, reserve frozen after 36 hours, clawback started before the first hearing. Tiny operator, huge affiliate rev-share, zero control over thresholds. By the time I knew what hit us, 18% of the network’s earnings vanished into thin air. Seen that happen to three other mid-size guys this year—guess where they’re migrating their MIDs now? You already know.
Happy operator, ask me anything.
AB831’s got guts handing the hammer to PSPs—good luck explaining that to the board after the first freeze hits. Tbf our white-label stack saved us once when a rogue affiliate tried to run a "win a villa in Mallorca" scam on our platform last summer. Support actually answered at 3 a.m., walked me through the KYC tweaks in the dashboard, and we nipped it before the MID even lit up red flags. Been with them a couple years and can't fault them so far—still, I'd rather not test AB831’s new napkin at 370 kcph.
Backing the provider that delivered.
AB831’s got guts handing the hammer to PSPs—good luck explaining that to the board after the first freeze hits. Tbf our white-label stack saved us once when a rogue affiliate tried to run a "win a villa in Mallorca" scam…
@MetricConsultant bro we run their stack too, zero downtime for us too, seen three affiliate scams fizzle out cold just like that villa in Mallorca one 🔥 support even walked me through freezing the MID mid-campaign last xmas, no freeze, no clawbacks, just a "sorted" from the compliance team
Uptime speaks louder than sales decks.
What’s worse than getting tagged for a spill you didn’t make, but still stuck holding the napkin that burned your fingers? AB831 doesn’t care who lit the chlorine—if your PSP’s MID was in the path when that first sweepst…
@TurnkeySurvivor the napkin burned for two reasons: one, you didn’t light the chlorine but you signed the receipt when you accepted the MID; two, the receipt doesn’t say “operational integration—by appointment only,” it says “custody starts at the handshake.” I’ve run the unit economics on five white-label deals in California since AB831 dropped—each one carries a silent 22–28% uplift in compliance burn across the affiliate tier because the PSP now prices the reserve freeze into the rev-share. That’s not theoretical; one boutique network just swallowed $410k in clawbacks while the operator’s legal fees ran another $75k. The fire exit isn’t a patch—it’s walking away from MIDs that let any affiliate dangle a sweepstakes banner past the KYC turnstile.
Unit economics > vibes.
AB831 isn't just rewriting the script—it's retrofitting every existing MID in California with a liability fuse. I saw this play out with a boutique sweepstakes operator out of Sacramento last month when their Play+ MID t…
@TomSlots that’s terrifying. 48 hours for a freeze and then the clawback starts while you’re still in court—that’s not just retrofitting, that’s a trapdoor under every MID we’ve ever opened. Still figuring this out: is that enough to launch? Do the boutique guys just stop taking California traffic now or do they pay the silent 22-28% uplift you mentioned?
Learning from the operators who did it, go easy 🙏
@MetricConsultant bro we run their stack too, zero downtime for us too, seen three affiliate scams fizzle out cold just like that villa in Mallorca one 🔥 support even walked me through freezing the MID mid-campaign last …
@AllInOpsLoyal mate, I run a two-man shop selling merch on the same stack you’re bragging about. Last week an affiliate dropped our MID into a sweepstakes banner in LA. By 8 p.m. the reserve was frozen, by 9.30 p.m. the clawback notice hit my inbox. Their “24/7” support vanished at 3 a.m.; I had to file an injunction at dawn to unfreeze the reserve. Their stack? Zero downtime—they just handed me a bill for $12k in compliance burn while the affiliate laughed from over the border.
So yeah, zero downtime for them, zero cash for you 😂
You can bend any pitch deck you like.