Texas App Store Accountability Act: what it means for age assurance worldwide

profile picture Yoti 8 min read
An image of a young male holding a mobile phone. The accompanying text reads 'Texas App Store Accountability Act: United States'.

The State of Texas has passed a landmark law – the App Store Accountability Act – that places legal responsibility for age checking squarely on app store operators. Utah was the first state to enact this type of legislation, now followed by Texas.

This new regulatory shift has far-reaching implications for digital safety, privacy and innovation around the world. As an age assurance provider, we believe it’s critical to explain the significance of this development, highlight the practical challenges it raises, and offer a path forward that protects both users and platforms.

One of the main weaknesses of this legislation is that it only looks at age checking on app stores. But some of the most harmful content is found online, not on apps. As a result, this law fails to fully address the broader risks and challenges involved in protecting children from inappropriate content. Additionally, the current wording of the law would benefit from clarity as to which age assurance methods will be accepted and classed as “commercially reasonable methods”.

 

What does the Texas law do?

The Texas App Store Accountability Act does the following:

  • Requires app stores (e.g. Apple App Store, Google Play) to verify the exact age of users and place them into the correct age band, before they can download apps or make in-app purchases. The age bands are: ‘children’ under 13, ‘younger teenagers’ aged 13-15, ‘older teenagers’ aged 16-17 and adults. The age check must determine the actual age band of a minor, not just whether they are over or under 18.
  • Mandates that users under 18 obtain parental consent, verifiably, before they can proceed. The Act requires the parent to be verified as over 18 and the app store must confirm the adult also has legal authority over the minor.  This is a high bar, rarely achievable either through existing public databases or typical digital workflows.
  • Makes app store operators – not developers – legally liable for compliance failures.
  • Goes into effect January 1, 2026, if unchallenged.

This places the duty of care and enforcement at the top of the digital distribution chain, a dramatic departure from the status quo where individual app developers bear most of the responsibility.

 

Why this matters globally

The Texas law is a signal: Texas as a regulator is no longer satisfied with self-regulation or app-level parental controls that can be easily bypassed. Other jurisdictions – from California to Australia and the EU – are also grappling with this topic. If replicated, this approach could reshape the landscape in other US states and potentially other geographies, for app stores, device manufacturers and platforms across sectors including gaming, social media and dating.

Google and Apple have both publicly expressed concerns regarding the Texas App Store Accountability Act. An Apple spokesperson said in a statement, “If enacted, app marketplaces will be required to collect and keep sensitive personal identifying information for every Texan who wants to download an app, even if it’s an app that simply provides weather updates or sports scores.”

And prior to the bill signing, Google’s policy team said it was “one of the most extreme age-verification regimes that we’ve seen.”  

 

Pros and cons of app store-level age checks

Advantages:

  • Provides a uniform standard for age assurance, reducing inconsistencies between apps.
  • Could ease the burden on smaller developers by embedding age checks earlier in the value chain.
  • Should give parents greater oversight of their children’s app activity.

Challenges:

  • Adds friction to the user experience, potentially reducing app engagement and revenue.
  • Adds friction to the user experience, especially for parents who could struggle to adjust settings across multiple devices and systems. Additionally, some parents collude with their children by providing incorrect ages, weakening this approach.
  • Shared devices weaken protections because apps can be accessed by multiple people, not just the person who installed them.
  • Creates operational strain for app stores who must deploy, maintain and audit complex verification systems.
  • Risks increasing platform dominance of the large US platforms given that age and identity data are closely linked to payments.
  • App stores may struggle to comply without creating centralised databases of personal information. Whereas the very purpose of using certified, independent age assurance providers is to avoid this – by verifying age without retaining or exposing any identifying data.
  • There are practical barriers to verifying children’s ages. Many young people do not own an identity document and aren’t included on credit databases, limiting their ability to verify their exact age. Hence age estimation approaches will need to be considered.
  • Only works for businesses who offer users an app experience, not a web experience. 
  • Threatens the healthy growth of a competitive age assurance market which could instead result in an unhealthy duopoly across age and identity.

 

What’s the best approach?

Based on years of deployment and experience across diverse sectors, we advocate for an age assurance framework that is:

  • Proximity-based: To enhance consumer understanding and acceptance, age checks should occur as close as possible in time to the relevant activity or service which requires age appropriate access. For instance when signing into a dating or gaming app, making it clear to users why the age check is needed.
  • Privacy-preserving: Uses existing techniques like anonymous facial age estimation or age tokens to avoid collecting and storing sensitive data. These methods can determine whether someone is above or below a certain age (e.g. +/- 18 or +/-13), which is more private than verifying an exact age.
  • Interoperable: Age tokens allow users to verify their age once and gain continued access to a number of platforms for a certain time period, reducing repetition and friction.
  • Layered and context-aware: Supports both upfront checks (e.g. at device setup) and checks at high-risk access points (e.g. to access certain content or features). If the age verification only takes place at the app-store level, you can’t be sure the verified user is the one accessing the content, weakening the effectiveness of app-store level age checks.

 

The risk of one-size-fits-all regulation

Mandating operating system or app store-level age checks across all devices introduces several unintended consequences:

  • Excludes services not accessed via app stores (e.g. online content and sales of pornography, alcohol, vaping products, gambling).
  • Undermines multi-user environments, such as families sharing a tablet or using hand-me-down devices.
  • Exacerbates inequality by locking out users with older or unsupported devices, or those who lack the correct documents to verify their age.
  • May inadvertently empower dominant platforms to control access to digital age and identity assurance and make decisions on what data is required, without oversight. This also raises anti-trust concerns.

 

A call to collaboration

The age assurance industry is ready to help regulators and platforms navigate this new terrain. Solutions already exist that are scalable, independently audited and compliant with global standards.

Before implementing sweeping mandates, we urge policymakers to:

  • Engage with independent age assurance providers, who have experience across the full range of approaches – verification, estimation and inference 
  • Look at the evidence in terms of capacity of parents to engage with parental control settings
  • Review the global evidence base
  • Evaluate the balance between child safety, privacy and innovation
  • Avoid introducing excessive burden on parents and small developers

 

Final thoughts

The Texas App Store Accountability Act is a turning point for age assurance.

If implemented wisely, it could spur much-needed scrutiny of online child safety. But if rushed, it risks creating complexity, cost and inequity – without necessarily delivering better outcomes.

The challenges must be carefully considered and it will not serve as a silver bullet, given it only includes apps, not browser based online content or platforms. It also doesn’t consider the user experience for parents, especially for those who could struggle to adjust settings across multiple devices and systems.

Age checks are already required by law now, and there are many approaches currently available that meet the requirements. The optimal placement of age assurance in the consumer journey depends on balancing consumer convenience, privacy and operational feasibility.

Keep reading

Young girl looking at smartphone

Yoti responds to the Draft Statement of Strategic Priorities for online safety

Last week, the Department of Science, Innovation and Technology, published the final draft Strategic Priorities for online safety. We welcome the statement, which highlights the five areas the government believes should be prioritised for creating a safer online environment. These areas are: safety by design, transparency and accountability, agile regulation, inclusivity and resilience, and technology and innovation. These priorities will guide Ofcom as it enforces the Online Safety Act, ensuring platforms stay accountable and users are protected. We welcome this clear direction and commitment from the government to create safer online spaces. It’s positive that age assurance has been

9 min read
Image of a man holding his mobile phone in one hand and a driving licence in the other hand. The accompanying text reads "Data Bill - United Kingdom".

Understanding the UK’s new Data Bill

The Data (Use and Access) Bill, known more simply as the “Data Bill”, is a landmark piece of UK legislation that aims to reshape how individuals and businesses interact with digital data. It will introduce provisions for a national digital identity trust framework, helping to foster trust in digital identities by ensuring that businesses adhere to strict standards during digital transactions.  This blog gives an overview of the Data Bill and what this means for digital identities in the UK.    Why has the Government introduced the Data Bill? The Government has said that the Bill will “unlock the

10 min read
An image of a young girl lying on a sofa and using a smartphone.

Complying with Ofcom’s Protection of Children Codes: what you need to know about age assurance

With children’s online engagement at an all-time high, the UK government passed the Online Safety Act in 2023, aiming to make the UK ‘the safest place in the world to be online’. It places legal obligations on online services to prioritise user safety, particularly for children. As the UK’s communications regulator, Ofcom plays a pivotal role in enforcing the Act’s provisions. As part of phase two of the Act’s implementation, Ofcom published its Protection of Children Codes of Practice on 24th April 2025. Made up of over 40 practical measures, they outline how digital platforms must safeguard younger users

11 min read