NorthStar
Module 05

Blueprint
Architecture & Innovation

An interactive visualization of the end-to-end AWS architecture powering the NorthStar platform. Every component leverages services already in Allwyn's technology stack — this is configuration and integration, not greenfield development.

System Architecture

Five-Layer Architecture

Click each layer to explore its components

Data flows upward from ingestion → platform → AI → orchestration → applications
Agentic AI

End-to-End Agentic Workflow

When a player signal is detected, the system autonomously reasons, retrieves context, generates a response, validates compliance, and delivers — all in under 1 second.

Total end-to-end latency: <1 second
<10ms
Step 1

Signal Detection

Kinesis stream captures player behavioural event (purchase, session, deposit)

~50ms
Step 2

Context Retrieval

Agent queries Knowledge Base for player history, preferences, and regulatory context

~80ms
Step 3

Risk Assessment

SageMaker ML model scores the event against 50+ behavioural signals and player baseline

~200ms
Step 4

Reasoning & Planning

Bedrock AgentCore reasons about the appropriate response — intervention, engagement, or no action

~300ms
Step 5

Response Generation

Claude 3.5 Sonnet generates a personalised, empathetic response tailored to the player's context

~50ms
Step 6

Guardrail Validation

Bedrock Guardrails checks response for compliance, tone, accuracy, and regulatory alignment

~100ms
Step 7

Multi-Channel Delivery

Pinpoint delivers the response via the optimal channel — in-app, email, SMS, or push notification

~10ms
Step 8

Audit & Learning

Full interaction logged to immutable audit trail. Outcome feeds back into ML model training.

Competitive Advantage

Traditional vs. GenAI Approach

DimensionTraditionalGenAI (NorthStar)Advantage
Time to deploy per use case3-6 months2-4 weeks70% faster
Regulatory change responseFull release cycle (weeks)Prompt update (hours)Days → Hours
New data source integrationAPI development projectKnowledge Base configConfiguration, not code
Intervention personalisationRules-based templatesContext-aware generationInfinite variations
Cost modelFixed infrastructurePay-per-inference60% cost reduction
Cross-channel consistencyChannel-specific logicUnified agent orchestrationSingle source of truth
Explainability for auditManual documentationAuto-generated XAI reportsAlways audit-ready
Scalability (draw night peaks)Pre-provisioned capacityServerless auto-scalingPay only for peaks
Enterprise Security

Security, GDPR & Data Governance

Five-layer security architecture designed for UKGC compliance, GDPR Article 25 (Privacy by Design), and SOC 2 Type II alignment.

Data Classification

  • PII encrypted at rest (AES-256)
  • Tokenised player identifiers
  • Data classification: Public / Internal / Confidential / Restricted
  • Automated PII detection and masking in logs

Access Control

  • AWS IAM with least-privilege policies
  • SSO integration via SAML 2.0 / OIDC
  • Role-Based Access Control (RBAC) across all modules
  • Multi-factor authentication enforced
  • Session timeout: 15 min idle / 8 hour absolute

Data Processing

  • GDPR Article 25: Privacy by Design
  • Data residency: UK-only (eu-west-2)
  • Right to Erasure: automated deletion pipeline
  • Data retention: 7 years (regulatory) / 30 days (behavioural)
  • Consent management integrated with OneTrust

Network & Infrastructure

  • VPC isolation with private subnets
  • AWS WAF + Shield Advanced
  • API Gateway with rate limiting (10k req/s)
  • TLS 1.3 in transit, certificate pinning
  • DDoS protection for draw-night traffic spikes

Audit & Compliance

  • CloudTrail for all API calls
  • GuardDuty for threat detection
  • Immutable audit logs (S3 Object Lock)
  • SOC 2 Type II aligned controls
  • Quarterly penetration testing
Access Control

Role-Based Access Control

Every role sees only what they need — no more, no less.

RoleModulesPermissions
Compliance OfficerGuardianAthenaFull access to player risk data, audit trails, regulatory reports. Can trigger manual interventions.
Marketing ManagerAthenaDream BigCampaign analytics, A/B test results, player engagement metrics. No access to individual player risk data.
ExecutiveAthenaImpactBoard-level dashboards, ROI metrics, strategic KPIs. Aggregated data only — no individual player access.
Retail OperationsNexusTerminal status, retailer performance, stock levels. Regional data scoped to assigned territory.
Participant Protection LeadGuardianAthenaDream BigFull access to all player protection data, escalation management, GAMSTOP administration, intervention override.
System AdministratorAllPlatform configuration, user management, API keys, model versioning. No direct player data access.
Looking Ahead

Innovation Roadmap 2026-2028

H2 2026FoundationNext
Core 4 modules liveBedrock integrationGuardian ML v1GAMSTOP APIRBAC & Audit TrailRetailer AI Support
H1 2027Expansion
Voice AI (Alexa/Google)Multi-language (10 markets)Advanced A/B testingPredictive player journeysAR scratchcard experiencesRetailer self-service portal
H2 2027Intelligence
Autonomous campaign optimisationReal-time game design feedbackCross-market intelligence sharingDigital twin for retail networkPredictive Good Causes matching
2028Autonomy
Self-optimising lotteryFully autonomous complianceGenerative game designHyper-personalised experiencesPredictive regulatory compliance

Beyond 2028: The Autonomous Lottery

The NorthStar architecture is designed to evolve. As foundation models advance, the same infrastructure supports increasingly autonomous capabilities — from self-optimizing campaigns to predictive player journeys to real-time game design feedback loops. The investment in agentic architecture today pays dividends for years to come.