Part One of ACT | The App Association’s Two-Part Series: The ABCs and 1-2-3s of Age Verification and Compliance
Lawmakers across the United States are introducing a wave of age verification and parental consent laws aimed at protecting kids online. While well-intentioned, these state-by-state approaches create a confusing and costly patchwork for startups and independent developers. And, as we have seen in other efforts to use age verification methods, the very people these laws aim to protect often become more vulnerable to the harms they were meant to prevent. To help our members stay ahead, we’re breaking it down into two living guides that will be updated periodically:
-
- The ABCs of Age Verification: Our part one directory helps developers make sense of state age-verification proposals through three lenses: awareness – which bills are emerging and where; burden – how broad, one-size-fits-all mandates fall on small teams; and clarity – a snapshot of overlapping and sometimes conflicting requirements across the United States.
- The 1-2-3s of Age Verification Compliance: Our part two compliance guide outlines how to 1) understand requirements, 2) prepare systems, and 3) understand how to better stay compliant as rules take effect.
This overview is for informational purposes only and does not constitute legal advice, but together these resources aim to offer startups and small tech companies a clear path through the evolving landscape of age verification laws. Let’s start with the ABCs: what they mean, why they matter, and where things stand across the states.
The ABCs: Awareness, Burden, and Clarity
-
- Awareness: Every month, new bills emerge, some modeled on existing rules, others entirely novel. Knowing where each state stands is the first step to planning.
- Burden: Broad, one-size-fits-all mandates often force developers to rebuild backend systems, store sensitive IDs, and absorb steep legal costs, challenges that fall hardest on small teams.
- Clarity: With overlapping, sometimes contradictory requirements, clarity is essential. That’s why we’ve built this living directory, a running snapshot of where age verification legislation currently stands across the United States.
What’s at Stake
If every state develops its own age verification law, developers could soon face 50 different sets of rules, each with its own standards, timelines, and enforcement mechanisms. For small tech, that’s not just confusing; it’s unsustainable.
For our small tech members, this fragmented patchwork means higher compliance costs, conflicting technical requirements, and increased exposure to liability. It also risks creating direct conflicts with federal law, particularly the Children’s Online Privacy Protection Act (COPPA), which already establishes clear guidelines for protecting minors’ data. Most importantly, these laws often fail to protect the very children they’re designed to help, forcing developers to collect and store even more personal information, which increases, rather than reduces, the risk of data misuse or exposure.
State Directory (A- Z)
As of this latest edition, four states have enacted app store-focused age-verification laws, 10 states have introduced bills, and at least 12 states have rumors or early signals of potential proposals. Three of the states with enacted laws (Utah, Texas, and Louisiana) share a similar framework: they require the major app stores to conduct age verification, which requires collecting sensitive personal information, such as birth certificates, to verify the age of every potential user. Similarly, all the laws require that apps on the stores receive age-category and parental-consent signals before enabling downloads by minors. Texas’s law is currently on hold under a federal preliminary injunction, so it is not in effect at this time.
There are also differences among these laws that seem small but, in reality, create major compliance headaches. For example, Louisiana and Texas prohibit using an age signal for anything other than age verification and age-appropriate content management, but Texas requires deletion of that data after use, while Louisiana and Utah permit its retention. That’s a real trap for developers shipping across states, because proving compliance often requires keeping records. Meanwhile, California’s law differs more significantly from the other three, stopping short of requiring verification and providing more flexibility for developers.
Confused? No worries. Below, we outline the key details of each state’s bill and what they mean for startups and small tech innovators navigating new compliance requirements.
Alaska: In Committee – HB46
Would establish new obligations for app stores to verify users’ ages, receive verifiable parental consent, and provide clearer age ratings and content descriptions tied to defined age categories. The proposal also contemplates parent-facing controls and oversight tools and would be enforced by the Department of Law.
Small Tech Impact: This proposal would introduce significant new compliance expectations for developers alongside app store requirements, including building parental-control features such as time restrictions and usage metrics. Because the bill references a January 1, 2026, effective date that has already passed, developers would face added uncertainty around timelines and implementation expectations.
California: Enacted – AB 1043
Requires app stores to verify users’ ages before app purchases or downloads and to obtain parental consent for users under 18. Enforcement would fall under the state’s Attorney General. The bill shares some similarities with other state proposals but adds privacy and transparency carve-outs designed to align more closely with existing child privacy rules that overlap.
Small Tech Impact: This bill requires developers to adjust how their apps interact with app store verification systems, increasing technical and administrative burdens even before the law goes into effect.
Hawaii: In Committee – SB 1542
Would require app store providers to verify users’ ages and assign age categories; obtain verifiable parental consent before allowing minors to use an app store or download, purchase, or use apps; and give parents tools to block unsuitable apps, set content filters, and apply usage limits. The bill also establishes age verification and parental-consent requirements for certain app developers and directs the Department of Commerce and Consumer Affairs to adopt implementing rules by July 1, 2026.
Small Tech Impact: This bill would push developer teams to integrate age-category and consent workflows and ship parent-facing controls (like time restrictions), creating added product work and compliance complexity even before the July 1, 2027, effective date.
Illinois: Both In Committee – HB 4140 & SB 2037
HB 4140 and SB 2037 would require specified manufacturers to determine or estimate the age of the device’s primary user and provide websites, apps, app stores, and online services with a digital age signal. The bills limit the use of data collected under the Act and establish civil penalties and injunctive relief for violations. They also set requirements for services that make mature content available and require services with actual knowledge that a user is under 18 to provide parent or guardian support features (to the extent commercially reasonable and technically feasible). Enforcement would fall under the state’s Attorney General.
Small Tech Impact: These bills would require developers and online services to operationalize a device-level age signal for mature-content gating and parent-support features, adding new product work and compliance complexity for small teams distributing in Illinois. While the House bill lists an effective date of January 1, 2027, the Senate bill lists January 1, 2026, a date that has already passed, adding uncertainty for developers around timelines and implementation expectations if the proposal advances.
Louisiana: Enacted – HB 570
Applies to app stores and requires age verification at the point of download, triggering parental consent for users under 18. Like other state proposals, HB 570 requires stores to conduct age verification through extensive information collection from minors and their guardians, and then requires developers to create systems to receive age category and verifiable parental consent (VPC) signals. Confusingly, existing federal child privacy law requires VPC before collecting data about children under 12, but the VPC required under HB 570 is a different concept and a separate compliance obligation.
Small Tech Impact: This law requires developers to integrate with or adapt to app store-based parental consent flows, adding approval delays, compliance ambiguity, and increased development costs and uncertainty around updates and new releases.
Michigan: Both in Committee – HB 4429 & SB 0284
HB 4429 and SB 0284 are companion bills that advance the same Digital Age Assurance Act approach. Covers devices, operating systems, and app stores. Would require an age estimate during device setup and would transmit a “digital age signal” to apps and websites. Parental consent would be required for users under 16, and apps must use this signal to filter or restrict mature content. Enforcement rests solely with the Attorney General.
Small Tech Impact: These proposals would be complex to implement, forcing even small teams to rebuild authentication systems and content filters to comply with new device-level verification frameworks.
New Hampshire: Both in Committee – HB 1658 & SB 648
HB 1658 and SB 648 would take two different approaches to age verification in New Hampshire. HB 1658 would focus on app stores, requiring age verification at account creation, minor accounts linked to a parent account, and verifiable parental consent before minors can download apps or make purchases (including in-app purchases). SB 648 would focus on commercial websites and applications that publish or distribute more than one-third material harmful to minors, requiring age verification to confirm users are 18+ and prohibiting retention of personal data used for verification. Both bills would be enforced by the Attorney General, and SB 648 would also create a private right of action. Both would take effect January 1, 2027.
Small Tech Impact: These proposals would create two parallel compliance tracks (one tied to app store parental-consent flows and one tied to web/app content gating for “harmful to minors” material) raising implementation and liability risk for small teams that ship across platforms or operate both app and web experiences.
New Jersey: In Committee – S 4669
Would require app stores to verify a New Jersey user’s age category at account creation and, for minors, link the account to a parent account and obtain verifiable parental consent before allowing app downloads, purchases, or in-app purchases. The bill would also require app stores and developers to coordinate on “significant changes,” including renewed parental consent where applicable, and would be enforced through the New Jersey Consumer Fraud Act and a private right of action.
Small Tech Impact: This proposal would push developers to integrate with app store age- and consent-signals and manage “significant change” re-consent flows, increasing compliance overhead and liability exposure for small teams.
New York: Both in Committee – A 08893 & S08102
A08893 and S08102 are companion bills that would require manufacturers of internet-enabled devices to conduct commercially reasonable age assurance at activation (not solely self-reported) and, when a user is a covered minor (under 18), send a real-time API signal to websites, online services, and applications on the device indicating the user is a minor. Would also require deleting age-verification data after use. Enforced by the state’s Attorney General (no private right of action) and would take effect one year after becoming law.
Small Tech Impact: These proposals would push developers to build around a device-level “covered minor” signal and apply it across their app or service experience, adding integration work and compliance overhead for small teams shipping in New York.
Ohio: Both Introduced – HB 226 & HB 302
HB 226 would require a broader range of developers making apps “likely to be accessed by a minor,” while HB 302 would apply more appropriately to apps that provide a different experience for minors than for adults. Together, the two bills represent different approaches to defining which apps are covered: HB 226 uses a broad, likelihood-based standard, while HB 302 focuses on specific functionality. Neither proposal outlines how developers should determine whether they fall into these categories or what steps would be required to comply, leaving key operational questions unresolved.
Small Tech Impact: While HB 226 and HB 302 offer some flexibility compared to stricter laws in Texas and Utah, the lack of clear compliance frameworks creates uncertainty for small developers. Without defined verification methods or enforcement standards, startups could be left guessing how to meet potential obligations, risking penalties for unintentional noncompliance or over-implementing costly systems that go beyond what the law requires.
Pennsylvania: In Committee – HB 1729
Would require online platforms to implement age verification to identify users under 18 and apply default privacy settings that limit minors’ interactions with non-connected users, including direct messaging, profile viewing, tagging, and financial transactions. For users under 13, would require parental approval for new connections and financial transactions, and would be enforced by the state’s Attorney General. Bill would take effect 60 days after passage.
Small Tech Impact: This proposal would require platforms to build age-based default settings and parent-approval workflows, adding product and compliance lift for small teams, plus enforcement risk tied to age verification standards and civil penalties.
South Carolina: In Committee – H 3405
Would establish an App Store Accountability Act requiring app store providers to determine users’ age categories and obtain verifiable parental consent for minors, alongside clearer, prominently displayed age ratings and content descriptions. Directs the Department of Consumer Affairs to issue guidance and establish an advisory committee and would be enforced by the Attorney General with a private right of action.
Small Tech Impact: This proposal would require developers to adapt to app store age- and consent-signals and ship parent-facing controls (including time restrictions), adding product work and compliance risk for small teams distributing in South Carolina. Because the bill references a January 1, 2026, effective date that has already passed, developers would face added uncertainty around timelines and implementation expectations if it advances.
Texas: Enacted, Though Currently Blocked by a Federal Court – SB 2420
Applies to all app stores and requires age verification at the point of app download. Parental consent is required for users under 18. Enforcement is led by the Attorney General. The law applies broadly to all apps, not just social media.
Small Tech Impact: This law would impose significant compliance burdens on small developers, creating additional costs for those distributing general-audience apps that do not pose age-related risks but are available to minors. The compliance date for stores and developers was set for January 1, 2026. However, a federal judge issued a preliminary injunction preventing the law from taking effect on that date, placing it on hold for now. If it ultimately moves forward after the court challenge, the same tight timelines and broad scope will still be a concern for small tech.
Utah: Enacted – SB 142
Extends Texas’s model to devices and app stores, requiring verification during account creation and parental consent for users under 18. It also includes limited data use provisions to govern how age information can be stored or shared.
Small Tech Impact: This law requires developers to handle more user verification data or depend on costly third-party verification tools, diverting resources away from innovation and core product development.
States to Watch: Alabama, Arizona, Colorado, Florida, Georgia, Idaho, Indiana, Massachusetts, Missouri, South Dakota, Washington, Wyoming
As of our most recent update, 12 states are considering or drafting legislation based on existing age-verification frameworks. Most proposals mirror the Texas or Utah approach, but differ in scope, enforcement, and definitions of covered platforms.
Small Tech Impact: As more states introduce copycat laws, developers could face a growing web of conflicting verification requirements. This patchwork would force small tech companies to build different compliance systems for each state, increasing operational costs and discouraging app launches in more restrictive markets.
Moving Forward
We will continue to advocate for consistent, privacy-protective, innovation-friendly policies that align with existing compliance obligations, promote digital literacy, and empower parents without overwhelming developers. ACTivated by this issue? Reach out to Brad Simonich here for future activations and opportunities to get involved and check out the 1-2-3s of Age Verification Compliance here!
The original version of this resource was published on November 18, 2025.