Regulation June 4, 2025

Texas App Store Accountability Act: what it means for age assurance worldwide

profile picture Yoti 8 min read
An image of a young male holding a mobile phone. The accompanying text reads 'Texas App Store Accountability Act: United States'.

The State of Texas has passed a landmark law – the App Store Accountability Act – that places legal responsibility for age checking squarely on app store operators. Utah was the first state to enact this type of legislation, now followed by Texas.

This new regulatory shift has far-reaching implications for digital safety, privacy and innovation around the world. As an age assurance provider, we believe it’s critical to explain the significance of this development, highlight the practical challenges it raises, and offer a path forward that protects both users and platforms.

One of the main weaknesses of this legislation is that it only looks at age checking on app stores. But some of the most harmful content is found online, not on apps. As a result, this law fails to fully address the broader risks and challenges involved in protecting children from inappropriate content. Additionally, the current wording of the law would benefit from clarity as to which age assurance methods will be accepted and classed as “commercially reasonable methods”.

 

What does the Texas law do?

The Texas App Store Accountability Act does the following:

  • Requires app stores (e.g. Apple App Store, Google Play) to verify the exact age of users and place them into the correct age band, before they can download apps or make in-app purchases. The age bands are: ‘children’ under 13, ‘younger teenagers’ aged 13-15, ‘older teenagers’ aged 16-17 and adults. The age check must determine the actual age band of a minor, not just whether they are over or under 18.
  • Mandates that users under 18 obtain parental consent, verifiably, before they can proceed. The Act requires the parent to be verified as over 18 and the app store must confirm the adult also has legal authority over the minor.  This is a high bar, rarely achievable either through existing public databases or typical digital workflows.
  • Makes app store operators – not developers – legally liable for compliance failures.
  • Goes into effect January 1, 2026, if unchallenged.

This places the duty of care and enforcement at the top of the digital distribution chain, a dramatic departure from the status quo where individual app developers bear most of the responsibility.

 

Why this matters globally

The Texas law is a signal: Texas as a regulator is no longer satisfied with self-regulation or app-level parental controls that can be easily bypassed. Other jurisdictions – from California to Australia and the EU – are also grappling with this topic. If replicated, this approach could reshape the landscape in other US states and potentially other geographies, for app stores, device manufacturers and platforms across sectors including gaming, social media and dating.

Google and Apple have both publicly expressed concerns regarding the Texas App Store Accountability Act. An Apple spokesperson said in a statement, “If enacted, app marketplaces will be required to collect and keep sensitive personal identifying information for every Texan who wants to download an app, even if it’s an app that simply provides weather updates or sports scores.”

And prior to the bill signing, Google’s policy team said it was “one of the most extreme age-verification regimes that we’ve seen.”  

 

Pros and cons of app store-level age checks

Advantages:

  • Provides a uniform standard for age assurance, reducing inconsistencies between apps.
  • Could ease the burden on smaller developers by embedding age checks earlier in the value chain.
  • Should give parents greater oversight of their children’s app activity.

Challenges:

  • Adds friction to the user experience, potentially reducing app engagement and revenue.
  • Adds friction to the user experience, especially for parents who could struggle to adjust settings across multiple devices and systems. Additionally, some parents collude with their children by providing incorrect ages, weakening this approach.
  • Shared devices weaken protections because apps can be accessed by multiple people, not just the person who installed them.
  • Creates operational strain for app stores who must deploy, maintain and audit complex verification systems.
  • Risks increasing platform dominance of the large US platforms given that age and identity data are closely linked to payments.
  • App stores may struggle to comply without creating centralised databases of personal information. Whereas the very purpose of using certified, independent age assurance providers is to avoid this – by verifying age without retaining or exposing any identifying data.
  • There are practical barriers to verifying children’s ages. Many young people do not own an identity document and aren’t included on credit databases, limiting their ability to verify their exact age. Hence age estimation approaches will need to be considered.
  • Only works for businesses who offer users an app experience, not a web experience. 
  • Threatens the healthy growth of a competitive age assurance market which could instead result in an unhealthy duopoly across age and identity.

 

What’s the best approach?

Based on years of deployment and experience across diverse sectors, we advocate for an age assurance framework that is:

  • Proximity-based: To enhance consumer understanding and acceptance, age checks should occur as close as possible in time to the relevant activity or service which requires age appropriate access. For instance when signing into a dating or gaming app, making it clear to users why the age check is needed.
  • Privacy-preserving: Uses existing techniques like anonymous facial age estimation or age tokens to avoid collecting and storing sensitive data. These methods can determine whether someone is above or below a certain age (e.g. +/- 18 or +/-13), which is more private than verifying an exact age.
  • Interoperable: Age tokens allow users to verify their age once and gain continued access to a number of platforms for a certain time period, reducing repetition and friction.
  • Layered and context-aware: Supports both upfront checks (e.g. at device setup) and checks at high-risk access points (e.g. to access certain content or features). If the age verification only takes place at the app-store level, you can’t be sure the verified user is the one accessing the content, weakening the effectiveness of app-store level age checks.

 

The risk of one-size-fits-all regulation

Mandating operating system or app store-level age checks across all devices introduces several unintended consequences:

  • Excludes services not accessed via app stores (e.g. online content and sales of pornography, alcohol, vaping products, gambling).
  • Undermines multi-user environments, such as families sharing a tablet or using hand-me-down devices.
  • Exacerbates inequality by locking out users with older or unsupported devices, or those who lack the correct documents to verify their age.
  • May inadvertently empower dominant platforms to control access to digital age and identity assurance and make decisions on what data is required, without oversight. This also raises anti-trust concerns.

 

A call to collaboration

The age assurance industry is ready to help regulators and platforms navigate this new terrain. Solutions already exist that are scalable, independently audited and compliant with global standards.

Before implementing sweeping mandates, we urge policymakers to:

  • Engage with independent age assurance providers, who have experience across the full range of approaches – verification, estimation and inference 
  • Look at the evidence in terms of capacity of parents to engage with parental control settings
  • Review the global evidence base
  • Evaluate the balance between child safety, privacy and innovation
  • Avoid introducing excessive burden on parents and small developers

 

Final thoughts

The Texas App Store Accountability Act is a turning point for age assurance.

If implemented wisely, it could spur much-needed scrutiny of online child safety. But if rushed, it risks creating complexity, cost and inequity – without necessarily delivering better outcomes.

The challenges must be carefully considered and it will not serve as a silver bullet, given it only includes apps, not browser based online content or platforms. It also doesn’t consider the user experience for parents, especially for those who could struggle to adjust settings across multiple devices and systems.

Age checks are already required by law now, and there are many approaches currently available that meet the requirements. The optimal placement of age assurance in the consumer journey depends on balancing consumer convenience, privacy and operational feasibility.

Keep reading

An image of a child and their parent sitting on a sofa and using a mobile phone. The accompanying text reads 'Ireland's Online Safety Code - Ireland'.
Articles June 25, 2025

Ireland’s Online Safety Code: what it means for online platforms and how to comply

What you need to know: Ireland’s Online Safety Code will hold video-sharing platforms accountable for keeping their users, especially children, safe online. Platforms with adult content, including pornographic or extremely violent content, must use age assurance to prevent children from accessing the content. These age assurance requirements come into force in July 2025. Platforms that don’t comply can face strong penalties – up to €20 million or 10% of annual turnover.     From July 2025, video-sharing platforms in Ireland with pornography or extremely violent content will need to introduce age assurance to protect children from accessing their content.

#age assurance#regulation
Rachael Trotman Rachael Trotman
7 min read
Image of a man holding his mobile phone in one hand and a driving licence in the other hand. The accompanying text reads "Data Act - United Kingdom".
Articles June 20, 2025

Understanding the UK’s new Data Act

The Data (Use and Access) Act, now known more simply as the “Data Act”, is a landmark piece of UK legislation that aims to reshape how individuals and businesses interact with digital data. It introduces provisions for a national digital identity trust framework, helping to foster trust in digital identities by ensuring that businesses adhere to strict standards during digital transactions.  This blog gives an overview of the Data Act and what this means for digital identities in the UK.    Why has the Government introduced the Data Act? The Government has said that the Act will “unlock the

#digital id#regulation
Yoti Yoti
9 min read
An image of a young girl using a laptop. The accompanying text reads 'Organic Law for the Protection of Minors in Digital Environments - Spain'.
Articles June 18, 2025

Understanding age assurance in Spain's new online safety law

As digital technology continues to shape how people interact, communicate and consume content, protecting children online has become an increasingly urgent issue. Recognising this, the Spanish government has proposed the Organic Law for the Protection of Minors in Digital Environments. The law is now in its final stages of approval. While comparable initiatives such as the UK’s Online Safety Act and California’s Age-Appropriate Design Code exist in other jurisdictions, the Spanish law stands out for its broad scope and emphasis on enforceable age assurance, platform accountability and digital literacy. Its comprehensive framework places it among the leading examples of

#age assurance#regulation
Amba Karsondas Amba Karsondas
11 min read