Texas and Louisiana Join Growing Trend of State Age Verification Laws for App Stores

On May 27, 2025, Texas Governor Greg Abbott signed into law the App Store Accountability Act (the “Act”). Similar to the law of the same name passed by Utah in March, the Act requires app stores to take more responsibility for the online content and experiences accessible to minors under 18 years of age through mandated age verification and parental consent requirements. More than a dozen other states are considering similar bills (such as Louisiana’s HB 570, which was signed into law on June 30, 2025). Despite the name, the App Store Accountability Act imposes new obligations on both app stores and app developers. For developers, these App Store laws effectively impose a duty to verify the age of all users of applications, without regard to the type of application or its intended audience demographic. This significantly expands compliance obligations for app developers by giving the developer “actual knowledge” of the age range of the user.

The Act goes into effect on January 1, 2026. The Utah law came into effect in May, but app stores and developers have until May 6, 2026, to comply, with enforcement beginning December 31, 2026. Key considerations for developer compliance with both laws will be:

1. Ensuring that mechanisms are in place to rate apps and respond to app store age and consent notifications for users across individual download and purchase requests.
2. Putting procedures in place to limit use of the data received for age verification purposes and ensuring it is deleted once the process is complete.
3. Ensuring notice is given to app stores of material changes to their terms of service and privacy notices.

See below for a summary of the most important takeaways.

Obligations for App Stores

• Displaying age ratings for apps: If the app store has a mechanism for displaying an age rating or other content notice, it must provide users an explanation of the mechanism, and display an age rating or content notice for each app. If the app store does not have such a mechanism, it must display the age rating assigned by the app developer, and the specific content or other elements that led to that rating. The information displayed by the app stores must be clear, accurate and conspicuous.
• Age verification: When an individual in Texas creates an account with an app store, the owner of the app store must use a “commercially reasonable method of verification” to verify the individual’s age category. The age categories are “Child” (<13 years old), “younger teenager” (13-15 years old), “older teenager” (16-17 years old) and “adult” (18 years or older). The Act does not address whether there are any requirements to categorize previously existing accounts by age. The Act also does not define what constitutes a “commercially reasonable method” to verify a minor user’s age, nor does it address the challenge of distinguishing between different age brackets of minor users, many of whom do not have government-issued IDs. The Utah law applies a similar age-categorization standard but also provides that the Division of Consumer Protection will issue rules establishing acceptable age verification method(s), which could establish a “reasonableness” threshold for other states to follow.
• Affiliation with the account of a parent or guardian: If the app store identifies an individual as a “child,” “younger teenager,” or “older teenager,” it must require the individual’s account to be affiliated with that individual’s parent or guardian’s account. To do this, the app store must use a “commercially reasonable method” to verify that the account (a) belongs to an adult and (b) that adult has legal authority to make decisions on behalf of the minor. Again, there is no guidance regarding what will constitute a “commercially reasonable method” of verification.
• Duty to obtain consent from the minor’s parent or guardian: The app store must obtain consent from the minor’s parent or guardian via the parent’s affiliated account before allowing the minor to (a) download an app, (b) purchase an app, or (c) make an in-app purchase, or a purchase using an app. The app store must obtain consent for each individual download or purchase. There are exceptions to the consent requirement for some apps, including those which provide access to emergency services; government, emergency service and nonprofit-operated apps that do not require users to create an account; some nonprofit educational apps; or those which limit data collection to that which is compliant with the Children's Online Privacy Protection Act (COPPA), or necessary for the provision of emergency services.
• Requirements for obtaining consent: When obtaining consent from the parent or guardian, the app store may use any reasonable means to:
  • Disclose to the parent or guardian:
    • The specific app or purchase for which consent is sought;
    • The rating assigned to the app or purchase;
    • The specific content or other elements that led to the rating;
    • The nature of any collection, use or distribution of personal data that would occur because of the app or purchase; and
    • Any measures taken by the developer of the app or purchase to protect the personal data of its users.
  • Give the parent or guardian a clear choice about whether to give or withhold the consent sought.
  • Ensure that the consent is given by the parent or guardian and through the appropriately affiliated account.
  • If a software developer gives notice to the app store that there has been a significant change to an app’s terms, privacy notice, or content, then the app store must notify the parent or guardian and obtain consent for the minor’s continued use of the app or purchase.
• Duty to notify developers if consent is revoked: The app store must inform each applicable software developer if the parent or guardian revokes consent.
• Duty to provide developers with access to information: App stores must use a “commercially available method” to allow developers to access current information related to (a) the age category the app store has assigned to each user; and (b) whether the app store has obtained consent from the parent or guardian.
• Duty to protect personal data: App stores have a duty to protect the personal data of users by limiting the collection and processing of personal data to the minimum necessary to verify user ages, obtain consent and maintain compliance records. App stores must use industry-standard encryption when transmitting personal data to ensure integrity and confidentiality of the data. It is not clear whether this provision applies to all personal data collected by app stores, or only to the data collected specifically for age verification, while still permitting app stores to collect personal data for other purposes.
• Violations: App stores will be in violation of the Act if they (a) enforce a contract or provision of a terms of service agreement against a minor, who entered into or agreed to the terms without the consent of their parent or guardian; (b) knowingly misrepresent information that the Act requires they disclose when obtaining parental consent; (c) obtain a blanket consent from parents to authorize multiple downloads or purchases; or (d) share or disclose personal data obtained for age verification purposes, except to share it with developers to fulfill their own age and consent verification requirements. App stores will not be liable for breaches of the age verification and consent requirements if they use widely adopted industry standards to verify age and obtain parental consent and apply those standards consistently and in good faith. This contrasts with the Utah’s App Store Accountability Act, which does not provide a safe harbor for app stores.

Obligations for App Developers

The following obligations under the Act apply to developers who make apps available to users through app stores:

• Assign an age rating: Developers must assign an age rating based on the categories of “child,” “younger teenager,” and “older teenager” for each app and each purchase that can be made through an app. Each developer must give each app store the assigned rating and the specific content or elements that contributed to that rating.
• Notify the app store of changes: The developer must notify app stores before making significant changes to the terms of service or privacy notice applicable to the app, including changes to data processing activities, changes that affect the age rating, changes to monetization features (including new advertisements in the app), or changes to functionality or user experience.
• Verify user age: Developers need to set up a system to use information from the app store to confirm each user's age category and check if a parent or guardian has given consent for minor users. The developer must use this information to perform age verification. The Act does not specify when this procedure must take place, but since consent is required before each download or purchase, it presumably must occur prior to any user-initiated download or purchase. Importantly, the age verification required of developers by this Act does not relieve a social media platform from doing any other age verifications as required by law.
• Use of personal data: The developer must use the personal data provided by the app stores for age and consent verification purposes only to enforce restrictions and protections on the app related to age, ensure compliance with applicable laws and regulations, and implement safety-related features and default settings. However, the Act does not expressly require developers to implement default privacy settings for minor users or impose any other design restrictions. The developer must delete personal data provided by the app store under the Act upon completion of the age and consent verification.
• Violations: Developers will be in violation of the Act if they: (a) enforce a contract or provision of a terms of service agreement against a minor, who entered into or agreed to the terms without the consent of their parent or guardian; (b) knowingly misrepresent an age rating or reason for the age rating; or (c) share or disclose the personal data of a user that was acquired under the Act.

Enforcement and Liability

Violations of the Act constitute a deceptive trade practice under Texas law and are actionable accordingly.

• There is no private right of action available under the Texas law.
• This is in contrast with Utah’s law, which can also be enforced by a minor or parent through a private right of action, for the greater of actual damages or $1,000 for each violation, reasonable attorney fees and costs.

Exemptions and Construction

The Act does not require disclosure of user data to developers except as specified, nor does it prevent app stores from blocking harmful or illegal content.

We recommend companies continue to monitor these app age verification bills and to engage with counsel to review their practices and procedures. Our team helps companies build out and maintain robust compliance programs tailored to your organization.