91
Total Laws
54
Enacted
52
Jurisdictions
64
OCSS Categories
Establishes a duty of care for platforms, requiring them to disable addictive features and algorithmic feeds for minors by default.
Extends COPPA to teens under 17, bans all targeted advertising to minors, and creates an Eraser Button for data deletion. Passed the Senate 91-3 as part of KOSMA in July 2024 (118th Congress) but the House never voted and the bill expired Jan 3, 2025. Reintroduced in the 119th Congress as S.836 (Senate, March 2025, Senators Markey & Cassidy) and H.R.6291 (House, November 2025). Not yet signed into law.
Combined KOSA + COPPA 2.0 package extending protections to all minors under 17, with mandatory age verification. Passed the Senate 91-3 in July 2024 (118th Congress) but the House never voted and the bill expired on Jan 3, 2025. Must be reintroduced and repassed in the 119th Congress. Component bills KOSA and COPPA 2.0 have been individually reintroduced.
The FTC's COPPA enforcement rule requiring verifiable parental consent for data collection on children under 13. The FTC finalized major amendments in January 2025 (5-0 vote), published in the Federal Register on April 22, 2025, with legal effect June 23, 2025 and a full compliance deadline of April 22, 2026. The 2025 amendments add mandatory information security programs, data retention/deletion policies, enhanced direct notice requirements, expanded personal information definitions (biometrics, government IDs), new consent methods, and separate consent for third-party data sharing.
Requires schools and libraries receiving E-Rate funding to implement internet safety policies and content filters to protect children from harmful online content.
Proposes to hold platforms accountable for CSAM by modifying Section 230 protections and establishing best practices for preventing child exploitation.
Amends Section 230 to hold platforms liable for facilitating sex trafficking. Requires platforms to actively monitor for and remove trafficking content involving minors.
Federal version of Utah's ASAA. Mandates app store operators verify each user's age category, obtain verifiable parental consent before a minor downloads an app or makes an in-app purchase, and share an age-category attestation with downstream apps under data-minimization and industry-standard-encryption requirements. Apps relying on the store's signal receive a liability safe harbor. (The statute does not itself mandate zero-knowledge proofs or document deletion — that is an implementation choice.)
Federal device-level + ISP-level age verification for online pornography access. Targets the gap that state-level porn-AV laws (TX HB 1181, LA Act 440) only address platform compliance — SCREEN Act extends the requirement device-side and ISP-side.
Bans addictive feeds and notifications during school hours for minors. Platforms must default to chronological feeds.
Requires platforms to suppress non-essential notifications during nighttime and provide configurable screen time limits.
Prohibits addictive algorithmic feeds for minors without parental consent and mandates notification-free quiet hours.
Connecticut law protecting minors from addictive platform features and restricting unsolicited contact. Requires platforms to default to safest settings for accounts identified as minors.
Florida law requiring age verification for social media platforms and prohibiting minors under 14 from holding accounts. Minors 14-15 need parental consent.
Minnesota bill requiring platforms to implement usage awareness tools for minor users, including periodic screen time reminders and usage dashboards.
Tennessee law requiring social media platforms to implement screen time awareness features for minor users, including configurable usage timer notifications.
New York Child Data Protection Act focusing on commercial data collection from minors, with strong data minimization and deletion rights for child accounts.
Maryland Age-Appropriate Design Code requiring platforms to default to maximum privacy settings for minors, including geolocation disabled by default and data protection impact assessments.
Texas law requiring parental consent for minors to access social media, with age verification requirements and monitoring provisions for platforms serving minors.
Utah law imposing curfews on minor social media use, requiring age verification, and banning addictive design features targeting minors.
First-in-nation law shifting the age-verification and parental-consent burden from individual apps to the app-store operator. Requires Apple and Google to verify the age of every Utah user and obtain verifiable parental consent before a minor downloads an app. Per-app re-verification becomes unnecessary once the OS-tier attestation exists.
Directs Utah public schools to adopt bell-to-bell phone-free policies during instructional hours. Student personal devices must be stored or otherwise inaccessible during class time, with documented exceptions for medical, IEP/504, and ELL needs.
Louisiana law requiring age verification for social media platforms and restricting minor access without parental consent.
Louisiana's statewide ban on student cellphone use throughout the school day in public K-12 schools. Devices must be off and out of sight from the first bell to the last, with school-board-approved exceptions for documented health, learning, or safety needs.
Ohio law requiring platforms to obtain parental consent for users under 16, with restrictions on direct messaging to minor accounts.
Vermont age-appropriate design code requiring platforms to disable addictive design features, ban targeted ads, and default geolocation to off for minors.
Massachusetts bill targeting dark patterns and addictive design in platforms used by minors, with bans on targeted advertising to children.
Arkansas law requiring age verification for social media platforms and prohibiting minors under 18 from creating accounts without parental consent.
Texas law requiring commercial pornography websites to verify the age of every user via government ID or transactional data. Survived SCOTUS challenge in Free Speech Coalition v. Paxton (June 2025) — important precedent.
First-in-nation state porn-AV law requiring commercial pornography websites to verify user age via the state's LA Wallet digital ID system or equivalent. Inspired the wave of state porn-AV laws (TX HB 1181, AR, NC, VA, OH, MS, etc.).
California law restricting notification delivery to minors during school hours and banning addictive design features that target children.
Establishes rules for how Pennsylvania public schools and their third-party vendors collect, store, and share student data. Increases transparency for parents, creates accountability mechanisms for vendors, and requires verifiable parental consent for specified data-collection activities involving minors.
Requires all public schools in Pennsylvania to implement bell-to-bell phone-free policies. Students must store devices in lockers or locking pouches during school hours, with exceptions for medical needs, IEP/504 plans, and ELL accommodations.
Companion bill to SB 1014 amending the Public School Code to establish statewide phone-free school policies. Sponsored by Rep. Mandy Steele with 17 co-sponsors and PSEA (Pennsylvania State Education Association) support.
Kids Code / KOSA-style legislation requiring platforms to conduct data protection impact assessments before launching services for minors. Prohibits collecting or selling child geolocation data, profiling children by default, and using design patterns that lead children to provide personal information.
Regulates AI interactions with minors by requiring age verification for AI services, prohibiting minors from using AI companion chatbots, and criminalizing AI systems that solicit sexually explicit content from or encourage self-harm in minors. Penalties up to $100,000 per violation.
Idaho law requiring age verification for platforms hosting content harmful to minors, mandating commercially reasonable age verification methods.
Kentucky law requiring age verification for platforms hosting content harmful to minors, with civil liability for non-compliance.
Nebraska law requiring age verification for platforms hosting content harmful to minors, establishing obligations for commercial content publishers.
South Carolina law requiring age verification for platforms hosting content harmful to minors, with both AG enforcement and private right of action.
Georgia law requiring age verification for social media platforms to prevent minors from accessing age-restricted content.
Mississippi law restricting social media access for minors, requiring age verification and parental consent for account creation.
Iowa law requiring age verification for online platforms to protect minors, with parental consent requirements for children's accounts.
Requires operating systems and app stores to collect parent-declared age information at account setup and pass an age-category signal to downstream apps. Moves the age-assurance burden from individual apps to the OS/store tier so per-app re-verification becomes unnecessary.
Establishes a statewide minimum age of 16 to create a social media account in California, with verifiable parental consent required for users aged 13 through 15. Platforms must block account creation for children under 13 and apply protective defaults for 13–15 accounts.
Raises platform financial liability when a covered product knowingly or willfully contributes to harm to a minor. Creates a duty-of-care evidentiary standard, requires algorithmic audits, and mandates parental notification of qualifying safety events.
Restricts exposure of minors to gambling-style mechanics in games and apps, including loot boxes, wagering-linked predictive markets, and pressure-based in-app purchases. Requires platforms to block or gate qualifying mechanics on minor accounts.
Establishes an independent California eSafety Commission modeled on Australia's eSafety Commissioner, with authority to receive platform safety reports, publish transparency data, and coordinate cross-agency enforcement on online harms to minors.
Tightens rules on how California schools and their ed-tech vendors collect, retain, and use student data. Bans commercial sale or ad-targeting use of school-collected data and imposes retention-minimization and parental-access requirements.
Establishes baseline safety and transparency standards for general-purpose AI chatbots available to minors. Requires age-tiered feature gating, clear disclosure that the user is interacting with AI, and prohibits engagement-maximizing dark patterns on minor accounts.
Applies product-safety and disclosure requirements to AI-enabled toys and conversational devices marketed to or used by children. Requires classification, safety certification, and restrictions on certain generative behaviors in child-facing products.
Prohibits specified unsafe AI-chatbot behaviors when the user is or is likely to be a minor, including simulated romantic companionship, unsupervised therapy roleplay, self-harm facilitation, personhood deception, and CSAM generation. Requires age assertion before age-restricted features unlock.
Restricts the use of engagement-maximizing algorithmic features on minor accounts. Platforms must default minors to non-personalized feeds, disable autoplay and infinite scroll, and submit to algorithmic audits covering minor-user impact.
Establishes safety standards specifically for AI companion products (apps whose primary function is ongoing simulated relationship with a user). Prohibits companion-style products on minor accounts and requires age-tiered feature gating for any system that may create a minor user.
Requires platforms to block unsolicited direct messages from non-connected adult accounts to minors, apply friction on stranger outreach, default minor profiles to non-public, and require parental approval for purchases and connection requests.
Requires covered platforms to publish teen-safety transparency reports, retain evidence sufficient to evaluate liability claims, and submit to annual independent algorithmic audits. Strengthens accountability for engagement systems that affect teen users.
Requires streaming services operating in New York to apply and enforce age ratings on individual titles, block age-restricted content on minor profiles by default, and make ratings available through machine-readable metadata for parental-control systems.
Comprehensive consumer-privacy statute built around a strict data-minimization model — one of the most protective in the US. Bans sale of sensitive personal data, bars targeted advertising to known minors under 18, and limits data collection to what is reasonably necessary to deliver the product or service.
Proposed ballot measure establishing statutory duties for AI products used by minors, including age assurance, prohibitions on emotional manipulation and romantic simulation, required parental controls, and a ban on ad targeting to children.
Comprehensive EU regulation banning targeted ads to minors and requiring risk assessments for algorithmic systems.
GDPR Article 8 establishes conditions for child consent to data processing, requiring parental consent for children under 16 (or 13, depending on member state).
The EU AI Act includes specific provisions protecting minors from AI systems that exploit vulnerabilities, manipulate behavior, or use subliminal techniques harmful to children.
French law requiring age verification for accessing certain online content and establishing image rights protections for minors, including provisions against sharenting.
German interstate treaty governing youth protection in media, requiring content classification, age verification, and filtering for online services accessible by minors.
Irish law establishing Coimisiún na Meán as online safety regulator, with powers to issue binding online safety codes and designate platforms for compliance obligations protecting children.
Spain's comprehensive law protecting minors in digital environments, requiring age verification, parental consent, and prohibiting addictive design patterns targeting children.
Italy's age verification decree issued by communications authority Agcom, requiring robust age checks and content filtering for minors.
Proposed EU regulation requiring platforms to detect and report child sexual abuse material, including scanning of private communications.
Duty of care requiring platforms to protect children from harmful content, restrict adult-child DMs, and implement age verification.
UK law imposing a duty of care on platforms to protect children from harmful content online. Requires age verification and proactive measures to prevent children encountering harmful material.
Establishes the eSafety Commissioner with powers to enforce age verification and removal of content harmful to children.
Complete ban on behavioral monitoring and targeted advertising directed at children. Verifiable parental consent required.
Australian law establishing a minimum age of 16 for social media access, with significant penalties for platforms that fail to enforce age verification.
Indonesian government regulation requiring platforms to implement age verification, content rating, and privacy protections for children accessing digital services.
Singapore's Personal Data Protection Commission guidelines on collecting, using, and disclosing personal data of children, emphasizing consent and data protection.
Japanese law requiring ISPs and device manufacturers to provide content filtering for minors, promoting a safe internet environment for young people.
South Korean law restricting minors' access to online games during nighttime hours and requiring content rating for all games and media accessible to juveniles.
South Korea's comprehensive data protection law with strengthened provisions for children's personal information, requiring parental consent and restricting data processing for minors.
New Zealand government proposal to establish a minimum age for social media access, modeled on Australia's Social Media Minimum Age Act.
Thailand's data protection law requiring parental consent for processing data of minors under 20, with strict privacy safeguards.
Philippines National Privacy Commission guidelines on transparency requirements for processing children's personal data, emphasizing best interests and data protection.
Canadian bill establishing a duty of care for online platforms to protect children from harmful content, with specific provisions for CSAM reporting and addictive design restrictions.
Brazil's data protection law includes specific child provisions banning targeted advertising to minors, supplemented by the Digital ECA bill strengthening children's digital rights.
Mexican federal data protection law with provisions for minors' personal data, requiring parental consent and data protection measures for children's information.
Chilean personal data protection bill with specific provisions for children's data, establishing a data protection authority and rights including data deletion for minors.
Colombia's updated data protection law strengthening privacy protections for minors with enhanced parental consent requirements.
UAE law establishing comprehensive child digital safety requirements, including age verification, targeted ad bans, privacy protections, and restrictions on addictive design for platforms serving children under 13.
Saudi Arabia's comprehensive data protection law with specific provisions for children's data, requiring explicit parental consent and prohibiting processing that harms minors' interests.
Nigeria's comprehensive data protection framework establishing rules for processing personal data of minors with parental consent requirements.
South Africa's data protection law with specific child provisions requiring parental consent and restricting commercial use of children's data.
Kenya's data protection framework with child-specific provisions requiring parental consent for processing minors' personal data.