Written by: Haim Ravia, Dotan Hammer
This October, California Governor Gavin Newsom signed the Digital Age Assurance Act into law, establishing new age verification rules for software applications. The law takes effect on January 1, 2027.
The law focuses on mandatory age verification signals for software applications and online services, aiming to provide greater protections for child users.
Operating system providers (OSPs) are required to provide an accessible interface during account setup, compelling account holders (18 or older, or a parent/guardian) to indicate the birth date or age of the device user. The OSP must then provide developers with a real-time digital signal, known as “age bracket data,” which indicates if the user falls into one of several categories, such as under 13 years of age, 13 to under 16, or at least 18. This data must be non-personally identifiable.
Application developers must request this signal when an application is downloaded and launched and are subsequently deemed to have actual knowledge of the user’s age range for purposes of complying with applicable law. Both OSPs and application developers must only share or request the minimum information necessary and are prohibited from sharing the signal with third parties for purposes not required by the title. Furthermore, OSPs and covered application stores must not use data collected during compliance in an anticompetitive manner.
Noncompliance can result in civil penalties enforced by the Attorney General, reaching up to $7,500 per affected child for intentional violations.
Click here to read the Digital Age Assurance Act.
