diff --git a/.planning/REQUIREMENTS.md b/.planning/REQUIREMENTS.md
index a242f48..3fe1b38 100644
--- a/.planning/REQUIREMENTS.md
+++ b/.planning/REQUIREMENTS.md
@@ -26,6 +26,8 @@ Requirements for Phase 1 (Development Focus: Live Tournament Management). Each m
 - [ ] **ARCH-06**: SvelteKit frontend embedded in Go binary via `//go:embed` for single-binary deployment
 - [ ] **ARCH-07**: Leaf is sovereign — all tournament logic runs locally, cloud is never required for operation
 - [ ] **ARCH-08**: Append-only audit trail for every state-changing action (operator, action, target, previous/new state, timestamp)
+- [ ] **ARCH-09**: Automated daily backup of LibSQL database to USB or cloud, with documented recovery procedure
+- [ ] **ARCH-10**: Leaf must recover cleanly from hard power-cycle during active tournament (verified by chaos testing)
 
 ### Tournament Clock
 
@@ -59,7 +61,7 @@ Requirements for Phase 1 (Development Focus: Live Tournament Management). Each m
 
 - [ ] **FIN-01**: Buy-in configuration (amount, starting chips, per-player rake, fixed rake, house contribution, bounty cost, points)
 - [ ] **FIN-02**: Multiple rake categories (staff fund, league fund, house)
-- [ ] **FIN-03**: Late registration cutoff (by level or time)
+- [ ] **FIN-03**: Late registration cutoff (by level, by time, or by level AND remaining time — e.g., "end of Level 6 or first 90 minutes, whichever comes first")
 - [ ] **FIN-04**: Re-entry support (distinct from rebuy — new entry after busting)
 - [ ] **FIN-05**: Rebuy configuration (cost, chips, rake, points, limits, level/time cutoff, chip threshold)
 - [ ] **FIN-06**: Add-on configuration (cost, chips, rake, points, availability window)
@@ -88,7 +90,7 @@ Requirements for Phase 1 (Development Focus: Live Tournament Management). Each m
 - [ ] **SEAT-02**: Table blueprints (save venue layout)
 - [ ] **SEAT-03**: Dealer button tracking
 - [ ] **SEAT-04**: Random initial seating on buy-in (fills tables evenly)
-- [ ] **SEAT-05**: Automatic balancing algorithm (size difference threshold, move fairness, button awareness, locked players, break short tables first)
+- [ ] **SEAT-05**: Automatic balancing suggestions with operator confirmation required (size difference threshold, move fairness, button awareness, locked players, break short tables first — dry-run preview, never auto-apply)
 - [ ] **SEAT-06**: Drag-and-drop manual moves on touch interface
 - [ ] **SEAT-07**: Break Table action (dissolve and distribute)
 - [ ] **SEAT-08**: Visual top-down table layout (player names in seats), list view, movement screen
@@ -128,6 +130,7 @@ Requirements for Phase 1 (Development Focus: Live Tournament Management). Each m
 - [ ] **DISP-08**: Multi-tournament routing (assign displays to specific tournaments or lobby)
 - [ ] **DISP-09**: Auto font-scaling to resolution; readable from 10+ feet
 - [ ] **DISP-10**: Display nodes connect via WebSocket, heartbeat every 5s, Leaf tracks status
+- [ ] **DISP-11**: All display views must stay under 350MB RSS on Pi Zero 2W during 4-hour continuous operation (non-functional, verified by soak testing)
 
 ### Digital Signage
 
@@ -176,7 +179,7 @@ Requirements for Phase 1 (Development Focus: Live Tournament Management). Each m
 
 - [ ] **SYNC-01**: NATS-based event sync from Leaf to Core (queued offline, replayed in order on reconnect)
 - [ ] **SYNC-02**: Idempotent upserts on Core (safe to replay, keyed on event ID)
-- [ ] **SYNC-03**: Reverse sync (Core → Leaf) for player profiles, league config, new registrations, branding
+- [ ] **SYNC-03**: Reverse sync (Core → Leaf) for player profiles, league config, tournament templates, new registrations, branding
 - [ ] **SYNC-04**: During running tournament, Core never overrides Leaf data for that tournament
 
 ### Authentication & Security
@@ -185,7 +188,7 @@ Requirements for Phase 1 (Development Focus: Live Tournament Management). Each m
 - [ ] **AUTH-02**: Operator OIDC via Authentik when Leaf has internet
 - [ ] **AUTH-03**: Operator roles: Admin (full control), Floor (runtime actions), Viewer (read-only)
 - [ ] **AUTH-04**: Core Admin: OIDC via Authentik with mandatory MFA
-- [ ] **AUTH-05**: Player mobile: no auth for public views, 6-digit PIN claim for personal data
+- [ ] **AUTH-05**: Player mobile: no auth for public views, 6-digit PIN claim for personal data (rate limited: exponential backoff after 5 failures, lockout after 10)
 - [ ] **AUTH-06**: Leaf ↔ Core sync: mTLS certificate + API key per venue
 - [ ] **AUTH-07**: LUKS full-disk encryption on Leaf NVMe
 - [ ] **AUTH-08**: PostgreSQL Row-Level Security (RLS) for multi-tenant isolation on Core
@@ -263,7 +266,7 @@ Deferred to Development Phases 2-4. Tracked but not in current roadmap.
 | Crypto payments | Volatile, regulatory uncertainty, wrong market |
 | Real-time chip count entry by players | Cheating surface, operational chaos |
 | Staking / backing / action splitting | Legal complexity, out of scope |
-| Casino CMS integration (IGT, Bally's) | Enterprise sales cycle, not needed for target market in Phase 1 |
+| Casino CMS integration (IGT, Bally's) | Out of scope for Phase 1-3; planned for Casino Enterprise tier in Phase 4+ |
 
 ## Traceability