Part One of ACT | The App Association’s Two-Part Series: The ABCs and 1-2-3s of Age Verification and Compliance
Lawmakers across the United States are introducing a wave of age verification and parental consent laws aimed at protecting kids online. While well-intentioned, these state-by-state approaches create a confusing and costly patchwork for startups and independent developers. And, as we have seen in other efforts to use age verification methods, the very people these laws aim to protect often become more vulnerable to the harms they were meant to prevent. To help our members stay ahead, we’re breaking it down into two living guides that will be updated periodically:
- The ABCs of Age Verification: Our part one directory tracking where each state stands on AV proposals.
- The 1-2-3s of Age Verification Compliance: Our part two compliance guide will outline how to 1) understand requirements, 2) prepare systems, and 3) understand how to better stay compliant as rules take effect.
This overview is for informational purposes only and does not constitute legal advice, but together these resources aim to offer startups and small tech companies a clear path through the evolving landscape of age verification laws. Let’s start with the ABCs: what they mean, why they matter, and where things stand across the states.
The ABCs: Awareness, Burden, and Clarity
- Awareness: Every month, new bills emerge, some modeled on existing rules, others entirely novel. Knowing where each state stands is the first step to planning.
- Burden: Broad, one-size-fits-all mandates often force developers to rebuild backend systems, store sensitive IDs, and absorb steep legal costs, challenges that fall hardest on small teams.
- Clarity: With overlapping, sometimes contradictory requirements, clarity is essential. That’s why we’ve built this living directory, a running snapshot of where age verification legislation currently stands across the United States.
What’s at Stake
If every state develops its own age verification law, developers could soon face 50 different sets of rules, each with its own standards, timelines, and enforcement mechanisms. For small tech, that’s not just confusing; it’s unsustainable.
For our small tech members, this fragmented patchwork means higher compliance costs, conflicting technical requirements, and increased exposure to liability. It also risks creating direct conflicts with federal law, particularly the Children’s Online Privacy Protection Act (COPPA), which already establishes clear guidelines for protecting minors’ data. Most importantly, these laws often fail to protect the very children they’re designed to help, forcing developers to collect and store even more personal information, which increases, rather than reduces, the risk of data misuse or exposure.
State Directory (A- Z)
Upon publishing this latest edition, four states have enacted age verification laws that directly impact small businesses with apps, both the developers of those apps and their clients. Three of the state laws (Utah, Texas, and Louisiana) all share common elements. For example, all of them require the major app stores to conduct age verification, which requires collecting sensitive personal information, such as birth certificates, to verify the age of every potential user. Similarly, all the laws require that apps on the stores receive age-category and parental-consent signals before enabling downloads by minors.
There are also differences among these laws that seem small but, in reality, create major compliance headaches. For example, Louisiana and Texas both disallow using an age signal for anything other than age verification and age-appropriate content management, but Texas requires deletion of any such data after use, while Louisiana and Utah allow its retention. Proving compliance typically requires retention, leading all developers with apps available in all or a combination of these states into serious compliance traps. Meanwhile, California’s law differs more significantly from the other three, stopping short of requiring verification and providing more flexibility for developers.
Confused? No worries. Below, we outline the key details of each state’s bill and what they mean for startups and small tech innovators navigating new compliance requirements.
California: Enacted – AB 1043
Requires app stores to verify users’ ages before app purchases or downloads and to obtain parental consent for users under 18. Enforcement would fall under the state’s Attorney General. The bill shares some similarities with other state proposals but adds privacy and transparency carve-outs designed to align more closely with existing child privacy rules that overlap.
Small Tech Impact: This bill would require developers to adjust how their apps interact with app store verification systems, increasing technical and administrative burdens even before the law goes into effect.
Louisiana: Enacted – HB 570
Applies to app stores and requires age verification at the point of download, triggering parental consent for users under 18. Like other state proposals, HB 570 requires the stores to conduct age verification through voluminous information collection from kids and their guardians and then requires developers to create systems to receive age category and verifiable parental consent (VPC) signals. Confusingly, existing federal child privacy law requires VPC before the collection of data about children under 12, but the VPC required under HB 570 is a different concept and a separate compliance obligation.
Small Tech Impact: This law would force developers to integrate or adapt to app store-based parental consent flows, adding approval delays, compliance ambiguity, and development costs and uncertainty for updates and new releases.
Michigan: Pending – HB 4429
Covers devices, operating systems, and app stores. Requires an age estimate at device setup and transmits a “digital age signal” to apps and websites. Parental consent is required for users under 16, and apps must use this signal to filter or restrict mature content. Enforcement rests solely with the Attorney General.
Small Tech Impact: This proposal would be complex to implement, forcing even small teams to rebuild authentication systems and content filters to comply with new device-level verification frameworks.
Ohio: Pending – HB 226 & HB 302
HB 226 would require a broader range of developers making apps “likely to be accessed by a minor,” while HB 302 would apply more appropriately to apps that provide a different experience for minors than for adults. Together, the two bills represent different approaches to defining which apps are covered: HB 226 uses a broad, likelihood-based standard, while HB 302 focuses on specific functionality. Neither proposal outlines how developers should determine whether they fall into these categories or what steps would be required to comply, leaving key operational questions unresolved.
Small Tech Impact: While HB 226 and HB 302 offer some flexibility compared to stricter laws in Texas and Utah, the lack of clear compliance frameworks creates uncertainty for small developers. Without defined verification methods or enforcement standards, startups could be left guessing how to meet potential obligations, risking penalties for unintentional noncompliance or over-implementing costly systems that go beyond what the law requires.
Texas: Enacted – SB 2420
Applies to all app stores and requires age verification at the point of app download. Parental consent is required for users under 18. Enforcement is led by the Attorney General. The law applies broadly to all apps, not just social media.
Small Tech Impact: This law would impose significant compliance expectations on small developers, creating added costs for those distributing general audience apps that do not pose age-related risks but that are available to minors. Adding to the confusion, the compliance date for the stores as well as for developers is the same day, January 1, 2026. Even if the stores roll out their compliance plans today, this leaves precious little time for developers to build their compliance components before the January 1 deadline. More likely, they’ll all be forced out of compliance when that date arrives.
Utah: Enacted – SB 142
Extends Texas’s model to devices and app stores, requiring verification during account creation and parental consent for users under 18. It also includes limited data use provisions to govern how age information can be stored or shared.
Small Tech Impact: This law would require developers to handle more user verification data or depend on costly third-party verification tools, diverting resources away from innovation and core product development.
States to Watch: Alabama, Florida, Georgia, Idaho, Indiana, Massachusetts, Missouri, New Jersey, Ohio, South Carolina, South Dakota
These states are actively considering or drafting legislation modeled after existing age verification frameworks. Most proposals mirror the Texas or Utah approach, but differ in scope, enforcement, and definitions of covered platforms.
Small Tech Impact: As more states introduce copycat laws, developers could face a growing web of conflicting verification requirements. This patchwork would force small tech companies to build different compliance systems for each state, increasing operational costs and discouraging app launches in more restrictive markets.
Moving Forward
We will continue to advocate for consistent, privacy-protective, innovation-friendly policies that align with existing compliance obligations, promote digital literacy, and empower parents without overwhelming developers. ACTivated by this issue? Reach out to Brad Simonich here for future activations and opportunities to get involved and stay tuned for the 1-2-3s of Age Verification Compliance coming soon!