App Store Accountability Act (ASAA) proposals shift youth online protection upstream: from individual apps and websites to the app store layer (and, in some states, to developers as well). Instead of every app building its own age assurance solution, the model aims to make the app store establish the age category of the account holder (or device user) and, for minors, require ‘verifiable parental consent’ before they can download an app or make purchases. The ASAA is promoted as a response to children being asked to accept terms of service when downloading an app, as the ability of minors to agree to a contract is generally limited below the age of 18.
Information is believed to be correct as of (February 2026)
| 1. Texas | SB 2420 | 1st January 2026 (enjoined) |
| 2. Utah | SB 142 (HB 498) | 1st September 2026 enjoined pending appeal |
| 3. Louisiana | HB 570 | 1st July 2026 |
| 4. Alabama | HB 161 | 1st January 2027 |
Arkansas’s earlier Social Media Safety Act (SB 396, 2023) established a precursor model requiring app stores to obtain parental consent for minors, and its ongoing litigation has informed constitutional analysis of later ASAA legislation.
California took a different, but related, approach with AB 1043, the Digital Age Assurance Act) that begins in 2027. This relies on self-reported age brackets in the operating system created during the device setup, with no mandatory age verification or parental consent for every download). California’s AB 1043 is an example of moving toward age signals via OS APIs (self-reported brackets like under 13, 13–15, 16–17, 18+), rather than mandating parental consent for every download or robust verification.
There is also a federal version of the App Store Accountability Act (S.1586 / H.R. 3149, introduced 2025), but it has not been enacted as of February 2026.
Features
- A distribution-layer safeguard: age assurance happens where apps are obtained (app stores) and is then used to drive downstream protections.
- A parental-consent framework for minors: the model commonly links a minor account to a parent/guardian account and requires verifiable consent for downloads and/or purchases.
- A signal/metadata approach: app stores pass an age bracket and consent status to developers.
- Age verification which requires outcomes (verified age category / verifiable parental consent) without naming a single mandated method leaving – implementation choices open.
To meet “verify age category” requirements meaningfully, app stores generally need something beyond a self-asserted birthdate. In practice, that can mean document-based checks, verified credentials, third-party attestations, or other “commercially reasonable” methods (varies by jurisdiction and implementing rules).
Whether Estimation (e.g Facial Age Estimation) is acceptable depends on how “verification” is defined in statute/rulemaking or on the app stores own policy decisions.
If a jurisdiction primarily relies on app-store account architecture (e.g., device-level age signaling) and allows lower-friction methods for non-sensitive categories, developers may consume an age signal without collecting additional data themselves.
The biggest legal question so far is the argument that broad app-store gating burdens access to lawful speech and can operate like a prior restraint – particularly if it conditions access to a large universe of apps on identity/age checks.
- Texas SB 2420 was preliminarily enjoined on Dec. 23, 2025; the court found the law likely violates First Amendment protections (overbroad, vague, akin to prior restraint on speech).
- Utah SB 142 is now being challenged in federal court (filed early February 2026, e.g., by CCIA) on similar First Amendment theories.
- Arkansas’s SB 396 has been subject to ongoing litigation since 2023 and has served as an early test case shaping how courts analyze the constitutional questions common to this model.
Other States Considering ASAA versions:
Alaska, Arizona, Florida, Hawaii, Kansas, Mississippi, New Hampshire, Ohio, South Carolina, South Dakota, Virginia, West Virginia