Bill > AB962

Introduced Session

This bill establishes age verification and other requirements for app store providers and certain other requirements for app developers. The bill defines an “app” as a software application or electronic service that an individual may run or direct on a mobile device. An “app store” is defined as a publicly available website, software application, or electronic service that an individual associated with a mobile device (account holder) may use to download an app from a developer onto the mobile device. An “app store provider” is a person that owns, operates, or controls an app store. A “developer” is a person that owns or controls an app that is available for download from an app store or that is pre-installed onto a mobile device. Under the bill, at the time an individual who is located in this state creates an account with an app store on or after the bill’s effective date, the app store provider must request age category information from the individual and must verify the individual’s age category using a commercially available method of age verification. The bill prescribes four age categories, as follows: the category “child” comprises individuals under 13 years of age; the category “younger teenager” comprises individuals at least 13 years of age but under 16 years of age; the category “older teenager” comprises individuals at least 16 years of age but under 18 years of age; and the category “adult” comprises individuals who are at least 18 years of age. The bill also defines a “minor” as an individual under 18 years of age unless the individual is married or emancipated. If an individual already holds an account with an app store on the bill’s effective date, the app store provider must, within 12 months, request age category information from the individual and verify the individual’s age category using the same criteria as for new accounts. For both new and existing accounts, if the age verification conducted by the app store provider results in a determination that the individual is a minor, the app store provider must 1) require the minor’s account to be affiliated with an account created by a parent; and 2) each time before allowing the minor to purchase an app, download an app, or make an in-app purchase, obtain verifiable parental consent from the holder of the parent account. The bill defines “verifiable parental consent” as authorization that 1) is provided by a parent account; 2) is given after an app store provider has clearly and conspicuously provided a parental consent disclosure; and 3) requires a parent to make an affirmative choice to grant consent or decline consent. “Parental consent disclosure” is defined as disclosing all of the following information: 1) if an app store provider has an age rating for an app or in-app purchase, the age rating; 2) if an app store provider has a content description for an app or in-app purchase, the content description; 3) a description of the personal data collected by an app from an account holder and the personal data shared by the app with a third party; and 4) if personal data is collected by an app, the methods implemented by the developer to protect the personal data. The bill also requires an app store provider, each time it receives notice from a developer that an app on the app store has undergone a significant change, to notify all app store account holders that have downloaded the app of the significant change. In addition, if the account holder is a minor, the app store provider must 1) notify a parent affiliated with the minor account of the significant change; and 2) obtain from the parent renewed verifiable parental consent before providing the changed app to the minor. The bill requires an app store provider to provide to each developer of an app available on the app store, in response to the developer’s request (as discussed below), age category data for an account holder and the status of verifiable parental consent for a minor. An app store provider must also provide a mechanism for a parent to revoke prior consent for a minor and for notifying a developer when parental consent is revoked. In addition, an app store provider must protect age category data and any associated verification data by 1) limiting the collection and processing of data to that necessary for verifying an account holder's age category, obtaining verifiable parental consent, or maintaining compliance records; and 2) transmitting age category data using encryption protocols. With respect to pre- installed apps, an app store provider must, in response to a request from a developer, provide available age category information to the developer and take reasonable measures to facilitate verifiable parental consent for use of the pre- installed app. The bill defines a “pre-installed app” as any app, or portion of any app, that is present on a mobile device at the time of purchase, initial activation, or first use by a consumer, subject to certain exclusions. An app store provider may not 1) enforce a contract or terms of service against a minor unless the app store provider has obtained verifiable parental consent; 2) knowingly misrepresent any information in a parental consent disclosure; or 3) share or disclose age category data and any associated data except as required by law. The bill requires a developer to do all of the following: 1) verify through an app store's data sharing methods the age category data of account holders located in this state and, for a minor account, whether verifiable parental consent has been obtained; 2) notify an app store provider each time the developer’s app has undergone a significant change; 3) use age category data received through an app store's data sharing methods to enforce any developer-created, age-related restrictions, safety-related features, or defaults; 4) request age category data or verifiable parental consent at all of the following times: when an an account holder purchases an app, downloads an app, or launches a pre-installed app for the first time; when the developer implements a significant change to the app; and when necessary to comply with applicable law. A developer may request age category data for any of the following purposes: 1) to verify the accuracy of age category data associated with an account holder or to verify continued account use within the age category, but the developer may not request this age category data more than once during any 12-month period; 2) when there is reasonable suspicion of account transfer or misuse outside of the age category; and 3) at the time an account holder creates a new account with the developer. When implementing any developer- created, age-related restrictions, safety-related features, or defaults, a developer must use the lowest age category indicated by age category data received through an app store's data sharing methods or by age data independently collected by the developer. A developer may not 1) enforce a contract or terms of service against a minor unless the developer has verified through an app store's data sharing methods that verifiable parental consent has been obtained with respect to the minor; 2) knowingly misrepresent any information in a parental consent disclosure; or 3) share age category data with any person. Under the bill, the Department of Agriculture, Trade and Consumer Protection, or the Department of Justice in consultation with DATCP, may bring a civil action against an app store provider or developer that violates the bill’s provisions seeking any combination of the following relief: a forfeiture not exceeding $7,500 for each violation; temporary or permanent injunctive relief; and court costs and attorney fees, plus investigative costs. The bill also provides for a private cause of action. A minor, or the parent of a minor, who has been harmed by a violation may bring a civil action against an app store provider or a developer to recover all of the following: the greater of actual damages or $1,000 for each violation; punitive damages if the violation was egregious; and court costs and attorney fees. In addition, a violation of the bill’s provisions is a violation of the unfair and deceptive trade practice law. However, a developer is not liable for a violation if the developer satisfies certain requirements.

AI Summary

Committee Categories

David Armstrong (R)*,  Elijah Behnke (R)*,  Lindee Brill (R)*,  Barbara Dittrich (R)*,  Joy Goeben (R)*,  Dan Knodl (R)*,  Dave Murphy (R)*,  Jerry O'Connor (R)*,  Jim Piwowarczyk (R)*,  André Jacque (R), 

Read first time and referred to committee on Utilities, Technology and Tourism (on 02/25/2026)

Official Document