App Store Accountability Act

This bill sets up a national system for how big app stores and app developers must treat users under 18. It defines four age groups (young child, child, teenager, and adult) and uses these groups to decide what kind of consent and protections are needed. A “covered app store provider” is any app store with more than 5 million users in the United States. App stores would have to ask for a person’s age when they create an account and then verify the person’s age category using a method designed to be accurate. If the user is a minor, the store must link that account to a verified adult “parental account” and get verifiable parental consent before the minor can download or buy apps or make in‑app purchases. When an app later makes a significant change—such as collecting new types of data, changing its age rating, adding in‑app purchases or ads, or making other material changes—the app store must notify the user and, for minors, notify the parent and get new parental consent. App stores must share with app developers the user’s age category and whether parental consent has been verified, and notify developers if a parent revokes consent. They also must give developers a real‑time way (such as a technical “signal”) to check age category and consent status. App stores must limit and protect the personal data they collect for age checks and consent, and show any age ratings or content descriptions clearly and in plain language. App developers must use the app store’s method to check users’ age categories and consent status for minors, and they must tell the app store when they make a significant change to the app. Developers can request age data or consent at certain times, such as when a user downloads the app, when the app changes in a major way, once a year to confirm accuracy, when they suspect account misuse, or to follow other laws. They may use age data to enforce their own age rules, follow laws, and set features or defaults, but they cannot enforce their terms of service against a minor unless they have confirmed that parental consent was obtained. They also cannot misrepresent information to parents or share age category data with most outside third parties. The bill directs the FTC to issue guidance within one year to help app stores and developers comply, and to set up a system to certify whether app stores meet the law’s requirements. Certified app stores must notify the FTC if they later make significant policy changes. The FTC must also create a way to accept and review complaints about app store compliance. Violations of this act would be treated as unfair or deceptive practices under existing FTC law, giving the FTC its usual powers and penalties. State attorneys general could bring civil cases in federal court to stop violations, seek damages or restitution for residents, and enforce compliance, while notifying the FTC and allowing it to intervene. The bill includes a “safe harbor” stating that app developers are not liable under this act if they rely in good faith on app‑store age data or signals, follow section 4, and reasonably follow widely accepted industry standards or FTC‑identified best practices for age ratings and content descriptions. The act would override (preempt) state or local laws related to its provisions, but it would not replace contract or tort law. Most of the act would take effect one year after it is signed into law.

This bill could change how children and teens access apps by making age checks and parental involvement standard on large app stores. Parents would have more information about what data apps collect from their children, what content they contain, and when important changes are made, which may affect the apps they allow their children to use. For app stores and developers, the bill would set a single national rule for dealing with minors’ accounts, age ratings, and verifiable parental consent. This may reduce differences between state laws but could also require new technical systems and policies to verify ages, link parent and child accounts, and send and receive real‑time age signals. The exact effects on minors’ access to certain apps, on privacy, and on business practices would depend on how the FTC guidance is written and how companies implement the requirements. Because the bill treats violations as unfair or deceptive practices and allows both federal and state enforcement, companies that run app stores or apps used by minors could face legal and financial consequences if they do not comply. This enforcement structure may influence how quickly and how strictly platforms and developers put new protections and consent processes in place.

• Applies to app stores with more than 5 million users in the United States, defined as “covered app store providers.”
• Requires app stores to collect users’ age information at account creation and verify the age category using a commercially available method designed for accuracy.
• Requires that minor accounts be linked to a verified parental account, with verifiable parental consent obtained before a minor downloads or buys apps or makes in‑app purchases.
• Requires new parental consent when an app undergoes a “significant change,” including changes in data practices, age rating, content description, monetization features, or material user‑experience changes.
• Obligates app stores to provide app developers with each user’s age category and consent status for minors, and to offer a real‑time technical signal to check this information.
• Limits app stores’ collection, processing, and storage of personal data used for age verification and parental consent to what is strictly necessary, and requires reasonable safeguards and encryption for this data.
• Prohibits app developers from enforcing contracts or terms of service against minors unless they have confirmed that verifiable parental consent was obtained through the app store.
• Bars app developers from sharing age category data with unaffiliated third parties that are not service providers or processors.
• Directs the FTC, within 1 year of enactment, to issue non‑binding guidance on compliance and to create a mechanism to review and certify app store policies for compliance with section 3.
• Provides that a compliance certification from the FTC is valid for 1 year, and requires certified app stores to notify the FTC of significant policy changes relevant to compliance.
• Treats violations of the act as violations of FTC rules on unfair or deceptive acts or practices, giving the FTC full enforcement powers and penalties under the Federal Trade Commission Act.
• Authorizes state attorneys general to bring civil actions in federal court to stop violations, seek damages or restitution, and obtain other appropriate relief, subject to notice and coordination with the FTC.
• Establishes a safe harbor where app developers are not liable under this act if they rely in good faith on app store age data or signals, comply with developer duties, and reasonably follow widely accepted industry standards or FTC‑identified best practices.
• Preempts state and local laws related to the provisions of the act, while leaving contract and tort law in place.
• Sets the general effective date as 1 year after enactment.

• The FTC’s compliance guidance is explicitly non‑binding and cannot by itself be the basis for an enforcement action; actions must be tied to specific violations of the act’s core sections.
• The bill makes receipt of an app store’s age “signal” count as actual knowledge of a user’s age category for developers, which can raise their legal responsibilities even if they do not directly collect age data.
• While the bill preempts state laws in this area, it leaves contract and tort law untouched, so companies may still face lawsuits under those theories in addition to actions under this act.
• A developer’s safe harbor applies only to this federal act and does not protect against liability under other laws, such as broader privacy, consumer protection, or child‑protection statutes.
• The act specifies that required measures may not be used in an arbitrary, capricious, anti‑competitive, or unlawful way, which could be relevant in disputes over how app stores treat particular apps or categories of content.