The Age Verification Bills Are Bigger Than You Think
There is a pattern forming that I want to put on your radar.
While the United States Congress debates the federal App Store Accountability Act, California has already signed a law requiring age verification at the operating system level.
Colorado’s Senate passed a copycat bill two days ago (which we covered here). Mexico just mandated biometric identity for all 127 million cell phone lines. And the federal versions of COPPA 2.0 and KOSA are advancing through committee.
These are not separate policy experiments. They are the same infrastructure being built at every layer of the digital stack, but under different names, across different jurisdictions, and justified by different rationales. The end result is the same though:
verified identity tethered to digital access.
I want to walk through the layers quickly, because the shape of this matters more than the details of any single bill.
The Layers
Connectivity. Mexico enacted a law on January 9 requiring every cell phone line in the country to be biometrically linked to a government-credentialed individual by June 30. Fingerprints, iris scans, facial recognition, all tied to the national ID system.
Unregistered lines get suspended July 1. Mexico’s Supreme Court struck down a nearly identical law in 2022 as unconstitutional. The government repackaged it, and this time it appears to be sticking. In fact, registration is already underway, carriers are collecting biometric data at point of sale, and legal challenges have so far failed to stop the rollout.
Operating system. California’s AB 1043, signed by Governor Newsom in October, requires every operating system provider (Windows, macOS, iOS, Android, Linux, etc.) to collect user age at account setup and broadcast an age bracket signal to app developers via API. It takes effect January 1, 2027. Colorado passed SB26-051 through the Senate on March 3, modeled directly on AB 1043. New York has a version in committee. The OS-level approach is already replicating before California’s law even takes effect.
App store. Texas, Utah, and Louisiana have each passed App Store Accountability Acts requiring app stores to verify every user’s age and obtain parental consent for minors before any app download. Texas’s version was blocked by a federal judge in December as a likely First Amendment violation. A federal version (S.1586 / H.R.3149) is moving forward anyway, backed by 40 state attorneys general and bipartisan sponsors.
Platform. COPPA 2.0 would extend regulated privacy protections from children under 13 to everyone under 17, ban targeted advertising to minors, and create an “eraser button” for personal data. KOSA would impose safety-by-design obligations on platforms.
Both advanced through a House subcommittee in December alongside 16 other child safety bills. The House versions are narrower than the Senate versions largely because of preemption clauses that would override stronger state-level protections.
That last point deserves a pause. The preemption fight means that the federal bills marketed as protecting children would actually dismantle existing state laws that go further. The stated purpose and the structural effect are moving in opposite directions. Major 🚩
Same Infrastructure, Different Excuses
The justifications for these laws vary by jurisdiction:, but here are the most common:
Child safety in the United States.
Content regulation in Brazil (whose OS-level age verification law takes effect March 17).
Crime prevention in Mexico.
Once every layer of the digital stack requires identity verification, anonymous or pseudonymous digital existence does not just become illegal. It becomes nearly impossible to architecture around. There is no layer left to opt out of.
The Federal App Store Accountability Act
I posted a deep dive on X last week breaking down the federal App Store Accountability Act. Proponents of the ASAA are using the language of parental empowerment to promote the bill. There are three problems with that:
the bill creates a universal identity verification system that applies to every smartphone user in the country - including adults
the tools it claims to provide already exist, for free, on every iPhone and Android device right now
the App store accountability concept is being pushed by Meta/facebook’s own Mark Zuckerberg
Our article covers the privacy paradox at the heart of the bill (the liability structure incentivizes overcollection, not minimization), the rhetorical funnel that makes these laws politically impossible to vote against, and why the infrastructure they create will inevitably be repurposed.
Read it here if you haven’t already:
And if you have kids and want to see what actual parental empowerment looks like without identity verification databases, our free First iPhone Ready course walks you through the entire setup in 45 minutes or less. No government ID required. Click the image below to get your copy.
That’s a high level overview of the current attack on digital anonymity. And I didn’t even mention what’s going on in the United Kingdom.
Provided there’s enough interest, I will cover this topic in more depth as these bills advance. Log your vote below on whether I should continue covering this topic in the newsletter (I’m sure it’ll come up on X and Substack Notes).
Looking for help with a privacy issue or privacy concern? Chances are we’ve covered it already or will soon. Follow us on X and LinkedIn for updates on this topic and other internet privacy related topics.
Disclaimer: None of the above is to be deemed legal advice of any kind. These are *opinions* written by a privacy and tech attorney with years of working for, with and against Big Tech and Big Data. And this post is for informational purposes only and is not intended for use in furtherance of any unlawful activity. This post may also contain affiliate links, which means that at no additional cost to you, we earn a commission if you click through and make a purchase.
Privacy freedom is more affordable than you think. We tackle the top Big Tech digital services and price out privacy friendly competitors here. The results may surprise you.
Governments around the world are starting to crack down on VPNs, and not the usual suspects like Russia, China, and North Korea. VPN bans are being proposed in Western countries as well, such as the United Kingdom and the United States. Get up to speed on the latest (and how to prepare) here:
If you’re reading this but haven’t yet signed up, join for free (4.5K+ subscribers strong) and get our newsletter delivered to your inbox by subscribing here 👇
Very insidious. If all the tools to restrict phone usage based on age are readily available already, there's no need for such laws like these. The risks far outweigh the benefits.