Phosra Spec / Capability
OCSS v1.0 — DraftAge
Reads age signals across OS, app, and household.
What Age does
One age signal, every downstream decision.
Every modern child-safety law turns on knowing the child’s age. KOSA needs the age band; COPPA needs under-13; CA AB 1043 introduces OS-level age signals; UT App Store Accountability Act + TX SB 2420 require app-store age attestations; China’s Age Confirmation makes platforms verify before access. Each platform implements its own age-determination flow with its own gaps.
Age is the canonical age-signal-handling layer. It ingests OS-level age bands (Apple/Google), app-store age attestations (Utah/Texas/China), parental attestations (cryptographically signed, renewed every 180 days), and falls back gracefully through hard-ID escalation only for the highest-risk categories (gambling, AI companion, adult content). Every downstream Phosra capability — Tier, Consent, Block — receives the same age band from the same source.
Platforms stop reinventing age verification per statute. Parents stop attesting to age six different ways. Regulators get a single, auditable age-signal source per child account.
How partners plug in
Age is a socket. Age signals flow in. A canonical band flows out.
These are the upstream age-signal sources Age federates — either shipping today, in conversation with a partner, or pending an upstream API.
Standards & laws
What Age does for each statute.
- CA AB 1043 (OS Age Signal) — consumes Apple/Google OS-level age signals at the network layer.
- UT App Store Accountability Act + TX SB 2420 — performs app-store age attestation at install.
- China Age Confirmation — verifies age before app access per state directive.
- COPPA / COPPA 2.0 — enforces under-13 (and expanded under-17) age detection at the data-collection boundary.
- KOSA — exposes the age-band signal to every covered platform’s enforcement decisions.
- EU AADC + Digital Services Act — applies the strictest member-state age threshold.
- CA AB 1709 (age-16 social media floor) — gates social-media account creation by verified age.
Conformance
Adopter Tier 1 certification.
To ship Age-conformance for an Adopter Tier 1 certification, your implementation must pass the Age suite. Test count is [draft] coming Q3 2026. The suite covers OS-level age-signal ingestion, attestation chain verification, 180-day renewal cycles, and downstream capability hand-off correctness.
We are co-authoring the suite with our design partners. If you want a seat at the table while the bar is being set, reach out.
Rule list
The 9 rules Age ships
Every rule below is implemented by this capability. Pulled directly from the rule registry.
- Age Gate — Enforces age verification requirements and restricts access to age-inappropriate content or features.
- App Store Age Attestation — Consumes age attestations issued by Apple and Google app stores as authoritative age signals for downstream enforcement.
- Csm Age Gate
- OS Age Signal Ingest — Consumes the OS-level age signal (Apple, Google, Samsung, Microsoft) at the moment of enforcement.
- Age Signal Broadcast — Emits the canonical age signal to every connected enforcement surface so apps and OSes act on a single source of truth.
- Hard ID Verification Escalation — Escalates to government-ID verification when softer age signals fail to confirm a user is above the configured threshold.
- Social Media Min Age — Enforces minimum age requirements for social media platform access based on jurisdiction.
- AI Chatbot Age Assertion — Requires AI chatbot products to assert and verify the user's age band before any conversational interaction.
- Teen Minimum Age 16 Gate