
The State of Texas has passed a landmark law – the App Store Accountability Act – that places legal responsibility for age checking squarely on app store operators. Utah was the first state to enact this type of legislation, now followed by Texas.
This new regulatory shift has far-reaching implications for digital safety, privacy and innovation around the world. As an age assurance provider, we believe it’s critical to explain the significance of this development, highlight the practical challenges it raises, and offer a path forward that protects both users and platforms.
One of the main weaknesses of this legislation is that it only looks at age checking on app stores. But some of the most harmful content is found online, not on apps. As a result, this law fails to fully address the broader risks and challenges involved in protecting children from inappropriate content. Additionally, the current wording of the law would benefit from clarity as to which age assurance methods will be accepted and classed as “commercially reasonable methods”.
What does the Texas law do?
The Texas App Store Accountability Act does the following:
- Requires app stores (e.g. Apple App Store, Google Play) to verify the exact age of users and place them into the correct age band, before they can download apps or make in-app purchases. The age bands are: ‘children’ under 13, ‘younger teenagers’ aged 13-15, ‘older teenagers’ aged 16-17 and adults. The age check must determine the actual age band of a minor, not just whether they are over or under 18.
- Mandates that users under 18 obtain parental consent, verifiably, before they can proceed. The Act requires the parent to be verified as over 18 and the app store must confirm the adult also has legal authority over the minor. This is a high bar, rarely achievable either through existing public databases or typical digital workflows.
- Makes app store operators – not developers – legally liable for compliance failures.
- Goes into effect January 1, 2026, if unchallenged.
This places the duty of care and enforcement at the top of the digital distribution chain, a dramatic departure from the status quo where individual app developers bear most of the responsibility.
Why this matters globally
The Texas law is a signal: Texas as a regulator is no longer satisfied with self-regulation or app-level parental controls that can be easily bypassed. Other jurisdictions – from California to Australia and the EU – are also grappling with this topic. If replicated, this approach could reshape the landscape in other US states and potentially other geographies, for app stores, device manufacturers and platforms across sectors including gaming, social media and dating.
Google and Apple have both publicly expressed concerns regarding the Texas App Store Accountability Act. An Apple spokesperson said in a statement, “If enacted, app marketplaces will be required to collect and keep sensitive personal identifying information for every Texan who wants to download an app, even if it’s an app that simply provides weather updates or sports scores.”
And prior to the bill signing, Google’s policy team said it was “one of the most extreme age-verification regimes that we’ve seen.”
Pros and cons of app store-level age checks
Advantages:
- Provides a uniform standard for age assurance, reducing inconsistencies between apps.
- Could ease the burden on smaller developers by embedding age checks earlier in the value chain.
- Should give parents greater oversight of their children’s app activity.
Challenges:
- Adds friction to the user experience, potentially reducing app engagement and revenue.
- Adds friction to the user experience, especially for parents who could struggle to adjust settings across multiple devices and systems. Additionally, some parents collude with their children by providing incorrect ages, weakening this approach.
- Shared devices weaken protections because apps can be accessed by multiple people, not just the person who installed them.
- Creates operational strain for app stores who must deploy, maintain and audit complex verification systems.
- Risks increasing platform dominance of the large US platforms given that age and identity data are closely linked to payments.
- App stores may struggle to comply without creating centralised databases of personal information. Whereas the very purpose of using certified, independent age assurance providers is to avoid this – by verifying age without retaining or exposing any identifying data.
- There are practical barriers to verifying children’s ages. Many young people do not own an identity document and aren’t included on credit databases, limiting their ability to verify their exact age. Hence age estimation approaches will need to be considered.
- Only works for businesses who offer users an app experience, not a web experience.
- Threatens the healthy growth of a competitive age assurance market which could instead result in an unhealthy duopoly across age and identity.
What’s the best approach?
Based on years of deployment and experience across diverse sectors, we advocate for an age assurance framework that is:
- Proximity-based: To enhance consumer understanding and acceptance, age checks should occur as close as possible in time to the relevant activity or service which requires age appropriate access. For instance when signing into a dating or gaming app, making it clear to users why the age check is needed.
- Privacy-preserving: Uses existing techniques like anonymous facial age estimation or age tokens to avoid collecting and storing sensitive data. These methods can determine whether someone is above or below a certain age (e.g. +/- 18 or +/-13), which is more private than verifying an exact age.
- Interoperable: Age tokens allow users to verify their age once and gain continued access to a number of platforms for a certain time period, reducing repetition and friction.
- Layered and context-aware: Supports both upfront checks (e.g. at device setup) and checks at high-risk access points (e.g. to access certain content or features). If the age verification only takes place at the app-store level, you can’t be sure the verified user is the one accessing the content, weakening the effectiveness of app-store level age checks.
The risk of one-size-fits-all regulation
Mandating operating system or app store-level age checks across all devices introduces several unintended consequences:
- Excludes services not accessed via app stores (e.g. online content and sales of pornography, alcohol, vaping products, gambling).
- Undermines multi-user environments, such as families sharing a tablet or using hand-me-down devices.
- Exacerbates inequality by locking out users with older or unsupported devices, or those who lack the correct documents to verify their age.
- May inadvertently empower dominant platforms to control access to digital age and identity assurance and make decisions on what data is required, without oversight. This also raises anti-trust concerns.
A call to collaboration
The age assurance industry is ready to help regulators and platforms navigate this new terrain. Solutions already exist that are scalable, independently audited and compliant with global standards.
Before implementing sweeping mandates, we urge policymakers to:
- Engage with independent age assurance providers, who have experience across the full range of approaches – verification, estimation and inference
- Look at the evidence in terms of capacity of parents to engage with parental control settings
- Review the global evidence base
- Evaluate the balance between child safety, privacy and innovation
- Avoid introducing excessive burden on parents and small developers
Final thoughts
The Texas App Store Accountability Act is a turning point for age assurance.
If implemented wisely, it could spur much-needed scrutiny of online child safety. But if rushed, it risks creating complexity, cost and inequity – without necessarily delivering better outcomes.
The challenges must be carefully considered and it will not serve as a silver bullet, given it only includes apps, not browser based online content or platforms. It also doesn’t consider the user experience for parents, especially for those who could struggle to adjust settings across multiple devices and systems.
Age checks are already required by law now, and there are many approaches currently available that meet the requirements. The optimal placement of age assurance in the consumer journey depends on balancing consumer convenience, privacy and operational feasibility.