New state age verification and parental consent laws are slated to take effect in 2026 to shield children from harmful online content, creating significant compliance obligations and heightened enforcement risk for both app developers and app stores.
As part of the continuing debate about how to best protect minors on internet platforms, the way apps reach users in Texas, Utah, and Louisiana is set to change this year, with California to follow in 2027. These states have shifted from statutorily prescribing standards for Internet platforms to the adoption of “App Store Accountability” laws that shift responsibility for children’s online safety to both app store owners and app developers.
For years, policymakers have argued over who should keep kids away from harmful online content. While some proposals put age assurance duties directly on every platform or website, industry warned that separate systems for each service would be unworkable and pushed to move age checks to a centralized layer, such as the device or app store. The new state laws reflect that shift, and California pushes it further by involving operating systems themselves.
Under these laws, app stores and operating systems must verify users’ ages and track parental consent, while developers must plug into those systems, assign age ratings, and enforce new restrictions for minors inside their apps. The result: new engineering work, new legal exposure, and uncertainty up and down the technology stack.
State Laws
Texas, Utah, and Louisiana start with the app stores. When a user creates an account, the store must determine the user’s age using a “commercially reasonable” method and assign them to an age band. If the user is a minor, the account must be linked to a verified parent, and the store must track whether that parent has consented to downloads and purchases. No longer is age just a local setting inside a single app; it becomes an account-level fact the store is expected to manage.
Developers are then required to act on that information. Any company that makes an app available through an app store is treated as a developer, whether or not the app is designed for children.
Developers must receive age and parental consent data from the store and use it to control in-app features and purchases for minors, while the store remains the gatekeeper for downloads and store-level transactions. In Texas, developers also must assign age ratings not only to the app as a whole but also to each type of in-app purchase and explain what content or features support those ratings.
The laws also tighten the link between product changes and parental consent. Developers must notify app stores before making any “significant change” to terms of service, privacy practices, monetization, or functionality. A significant change can include adding new ad formats, changing the categories of personal data collected, or making a change that materially affects the user experience. Those changes may trigger renewed parental consent, so a design decision in a sprint meeting can ripple back to a parent’s phone in a covered state.
California’s Distinct Approach
As is often the case, California takes a different tactic. Instead of centering everything on the app store account, its approach is built around a standardized, privacy-preserving “age signal” at the operating system level.
When an adult sets up a device for a child, the operating system must collect the child’s age or birth date, convert it into a non-personally identifiable age bracket, and expose that bracket as a real-time signal to apps in covered app stores. Developers must request this age signal when an app is downloaded and launched, and once they receive it, they are treated as having actual knowledge of the user’s age range. Operating system providers and app stores must minimize what they share and may not repurpose age-signal data for unrelated purposes. Enforcement rests with the California Attorney General.
Texas Risks
The Texas App Store Accountability Act treats app stores and apps as gateways that must screen all users. No one in Texas can download an app without an age check, and minors cannot download apps or make paid in-app purchases without transaction-by-transaction parental approval that must be refreshed when apps significantly change.
The Texas law shows both the stakes and the legal risks. The law was scheduled to take effect Jan. 1, 2026, but a federal judge in Texas granted challengers’ request for a preliminary injunction blocking the law’s enforcement. In doing so, the court concluded that the act likely violates the First Amendment because it restricts lawful speech and broadly covers nearly all mobile apps and in-app purchases, not just clearly harmful content, while leaving many web and device platforms potentially untouched. Centralized age checks may also require IDs, credit cards, or biometrics, raising privacy concerns and chilling anonymous or pseudonymous use.
The State of Texas, backed by child safety advocates, has filed a notice of appeal and responds that centralized age verification and parental consent are reasonable protections that intermediaries are best equipped to provide.
What’s Next
For developers, the lesson is not that these laws will disappear. Already, Utah’s law has partially taken effect, with more developer obligations due this year and enforcement scheduled to begin soon after. Louisiana’s version also is expected to take effect this year.
The broader policy debate—over who should control the front door to the Internet for children and how intrusive age checks should be—is far from settled.
More states are likely to experiment, and Congress faces pressure to act at the federal level. That means planning for compliance even as litigation unfolds and beginning to integrate app-store-level age and consent data and device-level age signals into product design and engineering.
This article does not necessarily reflect the opinion of Bloomberg Industry Group, Inc., the publisher of Bloomberg Law, Bloomberg Tax, and Bloomberg Government, or its owners.
Author Information
Chris Carlson is a partner at Troutman Pepper Locke who advises clients on state, federal, and local regulatory matters, including investigations and enforcement actions.
Lauren Fincher is a partner at Troutman Pepper Locke who has experience handling state attorneys general investigations, navigating complex regulatory compliance matters, and providing strategic counsel in enforcement actions across various industries.
Jessica Birdsong is an associate at Troutman Pepper Locke in the firm’s regulatory investigations, strategy + enforcement practice group, and a member of the state attorneys general team.
Write for Us: Author Guidelines
To contact the editors responsible for this story:
Learn more about Bloomberg Law or Log In to keep reading:
See Breaking News in Context
Bloomberg Law provides trusted coverage of current events enhanced with legal analysis.
Already a subscriber?
Log in to keep reading or access research tools and resources.