Last week, the Senate Commerce Committee voted out the Kids’ Online Safety Act (KOSA), a bill loosely based on proposals from overseas and at the state level that would require online services to adhere to design principles to address risks to any kids who might happen upon their sites or apps.

Takeaway: The Committee made several changes to the bill that help and will relieve the threat of catastrophic compliance burdens, so as the language currently stands, KOSA likely wouldn’t require major changes for small app companies. However, the compliance burden concerns remain, to the extent compliance is required. For example, despite the additional flexibility, determining whether KOSA’s provisions apply to individual ACT | The App Association members would still present challenges. Similarly, if KOSA does apply to any of our members, the costs of compliance with the structural design and reporting requirements could well exceed the associated potential benefits for minors.

Here’s a quick TL;DR (Too Long; Didn’t Read) of how the bill was amended to address the problems with initial versions of it:

  1. Express Affirmative Acknowledgement (EAA): We were critical of making parents jump through these awkward hoops to allow kids under 17 to access any services in the early versions of KOSA. The Committee sanded the edges of it down by clarifying that covered platforms are “deemed” to have complied with the requirement if they make reasonable efforts to obtain EAA.
  2. Age Verification: We had urged KOSA sponsors not to use a “constructive knowledge” standard, which would have essentially required app makers to verify (not just ask for birthdates) the age of any person accessing their services. The Committee tweaked the “knowledge” standard in KOSA to align closer to “actual” knowledge, reducing the burden on app companies to collect more sensitive data than they want to about their customers and consumers.
  3. KOSA’s Scope: We had also suggested that KOSA sponsors avoid sweeping in messaging apps that are unconnected to social media and to generally direct the bill’s applicability to social media harms (in line with what we think the drafters’ intent is). The Committee made a few changes that demonstrate an intent to so limit the bill’s scope, although some general audience apps with comment sections may nonetheless be subject to KOSA.

In Conclusion / Outlook: Last year, KOSA got stuck after sailing through Committee mainly because it didn’t preempt state laws with the same general purpose and scope. The current version of KOSA still doesn’t have a preemption provision, but it appears to have a better chance of moving forward than last year’s bill.