ARTICLE
2 December 2025

An App Developer's Guide To App Store Age-Assurance Laws

B
BakerHostetler

Contributor

BakerHostetler logo
Recognized as one of the top firms for client service, BakerHostetler is a leading national law firm that helps clients around the world address their most complex and critical business and regulatory issues. With five core national practice groups — Business, Labor and Employment, Intellectual Property, Litigation, and Tax — the firm has more than 970 lawyers located in 14 offices coast to coast. BakerHostetler is widely regarded as having one of the country’s top 10 tax practices, a nationally recognized litigation practice, an award-winning data privacy practice and an industry-leading business practice. The firm is also recognized internationally for its groundbreaking work recovering more than $13 billion in the Madoff Recovery Initiative, representing the SIPA Trustee for the liquidation of Bernard L. Madoff Investment Securities LLC. Visit bakerlaw.com
Explore Firm Details
If your company has a mobile application, you should be ready to address new age-assurance requirements, starting Jan. 1, 2026.
United States California Louisiana Texas Utah Privacy
Justin T. Yedor,Carolina A. Alonso, and Danielle A. A. Richardson
Your Author LinkedIn Connections
Justin T. Yedor’s articles from BakerHostetler are most popular:
  • within Privacy topic(s)
  • with Senior Company Executives, HR and Inhouse Counsel
  • in United States
  • with readers working within the Banking & Credit and Retail & Leisure industries

If your company has a mobile application, you should be ready to address new age-assurance requirements, starting Jan. 1, 2026.

In 2025, four states enacted laws that will require app stores to implement age-assurance processes to support the online safety and privacy of minors under the age of 18. While the core requirements of these laws are directed at the app stores themselves, there are significant obligations for app developers as well, both directly under these laws and as a result of Apple's and Google's implementation of the app-store requirements. Because these laws apply to all apps – not just those intended for minors – app developers and the businesses that hire them should be aware of these laws and ready to comply with them.

So, here's what you need to know about age assurance if you publish mobile apps in an app store.

What Are the App Age-Assurance Laws?

As of the date of this post, the following states have passed an app age-assurance law:

Generally, the Texas, Utah, and Louisiana laws require app stores to:

  • Verify user age at account creation in order to distinguish minors from adult users.
  • Classify minor accounts into specific brackets: children (under 13), younger teens (13-15), older teens (16-17), and adults (18+).
  • Obtain parental consent for app downloads, app purchases, and in-app purchases.

The California law is similar but with a greater focus on design and technical solutions rather than the explicit obligations listed above. For example, app stores must provide an accessible interface for users to indicate their age at account setup and must provide app developers with a signal containing the user's age bracket via APIs.

What Is Required for App Developers?

These laws do not just place obligations on app stores. While there are nuances distinguishing these laws, at a high level, app developers must:

  • Publish an age rating.In Texas, Utah, and Louisiana, app developers must assign their apps and in-app purchases an age rating corresponding to the age brackets that app stores maintain under these laws.
  • Verify age and consent through the app store. Utah and Louisiana require that app developers verify, through the app store, the user's age bracket and whether verifiable parental consent has been obtained for minor accounts. California requires app developers to request a signal containing the user's age from the app store when the app is downloaded. Louisiana, notably, requires minor accounts to be affiliated with a parent account.
  • Notify the app store of a "significant change" to an app. Texas, Utah, and Louisiana require that the app developer notify the app store before making a "significant change" to an app. "Significant change" is defined in these laws and generally refers to a specific material modification of the app's terms of service, privacy policy, content or age rating, monetization features, or user experience.
  • Obtain age or consent directly from user. Utah and Louisiana require that app developers request personal age verification data or parental consent when a user downloads or purchases an app, or when implementing a "significant change" to the app.
  • Engage in age design minimization. Both Utah and Louisiana require that app developers, when working with contradictory age data, use the lowest age bracket for implementing any developer-created safety-related features or defaults.

Both Apple and Google recently announced how their app stores will handle age signaling from a technical standpoint. App developers should familiarize themselves with these technical standards and prepare to implement the required APIs into their apps in advance of the Texas law's Jan. 1, 2026, effective date.

Fortunately for app developers, the laws generally provide a safe harbor from liability when relying on age information received from the app stores. For example, the Texas, Utah, and Louisiana laws explicitly state that app developers are not liable when they (a) use widely adopted industry standards to determine the age rating and specific content for an app and apply those standards consistently and in good faith, (b) rely in good faith on age category and consent information received from an app store, and (c) otherwise comply with the app age-assurance law. However, this is not to say that app developers may turn a blind eye to evidence that contradicts the age information received from an app store. For example, California's law states that if an app developer has internal clear and convincing information that a user's age is different than the age indicated by the app store's age signal, the developer can then use the internal information as the primary indicator of the user's age.

How Do These Laws Interact with Existing Children's Privacy Rules?

These state laws do not replace existing laws protecting minors, such as those requiring parental consent before processing personal information. They layer on top of and expand existing frameworks such as the Children's Online Privacy Protection Act (COPPA), state comprehensive privacy laws, state age-appropriate design codes, state online safety laws, state social media laws and state addictive feed laws. App developers should note the overlapping requirements and be prepared to address follow-on compliance under other laws. For example, apps targeting children under 13 must obtain parental consent for data collection and provide clear notices as required under COPPA and the provisions governing collection of personal data from a "known child" under the Texas Data Privacy and Security Act and the Utah Consumer Privacy Act. Businesses should also prepare for potential implications regarding the requirement to obtain opt-in consent for "sales" and "sharing" of personal information about consumers under 16 under the California Consumer Privacy Act.

Are There Other Age-Assurance Laws to Be Aware Of?

More states are considering similar laws, and a federal App Store Accountability Act was also proposed earlier this year. Further, these laws are not unique to the U.S. For example, Brazil's Digital Statute of the Child and Adolescent ("Digital ECA") , which also passed this year, includes age-assurance requirements for both app stores and app developers, including implementing and receiving a technical age signal. As discussed in a previous post, New York's Child Data Protection Act also included age-signal requirements. These laws are part of the continued expansion of online safety and privacy legislation related to minors that shows no sign of slowing down.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]
Authors
Photo of Justin T. Yedor
Justin T. Yedor
Photo of Carolina A. Alonso
Carolina A. Alonso
Photo of Danielle A. A. Richardson
Danielle A. A. Richardson
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More