Age Verification 'Wave' Raises Business Compliance Issues, Experts Say

Lawrence cited Australia, which conducted “a huge age-assurance research and reporting project” to decide whether age assurance was "something that they should be pushing forward and make everyone comply with.” The country ended up using age verification, with the “acknowledgment that there are a lot of different ways to do age assurance,” from an age gate where users confirm their age to uploading a government ID and everything in between. “It's not necessarily a one-size-fits-all.”

“Australia's confidence in age assurance … is bleeding through [to] other countries," Lawrence added.

App store age-verification laws in the U.S. appeared in the spring of 2025, with Utah, Texas, Louisiana and California, said Alara Abbasi, a Squire Patton privacy lawyer. Apple and Google released guidelines on compliance with those types of laws in the fall.

Apple’s guidance mentions Texas’ law, which is set to go into effect on Jan. 1. But the Computer and Communications Industry Association challenged it in October (see 2510160034).

Another Squire Patton privacy lawyer, Kyle Fath, said “it's really hard to see where [the court] lands” on this.

Lawrence said "a lot of people ... are hopeful that the court will enjoin it,” but she would be “surprised” if it did. Instead, she expects the law will stand, based on “reading the tea leaves from the other court cases where age-verification mechanisms have been allowed to move forward.”

Under these types of laws, app stores have a few main responsibilities, Fath said. One, they must “use commercially reasonable methods to verify the age of” new app store account holders, and sort them into one of four age categories: “under 13, at least 13 but under 16, at least 16 but under 18 or 18 plus.”

Next, “the App Store must get parental consent from the associated parent account” every time a minor account wants to download an app or make an in-app purchase. “If an app developer makes significant changes,” it must inform the app stores, which then must “refresh parental consent for each minor user” about that app.

Lawrence said this provision is a bit “strange,” because it requires consent “even if you're making changes that are actually more privacy protective to the user.”

Hailun Ying, head of the privacy and security legal team at Roblox, agreed and said this shifts "the landscape a little bit more and makes it clear that with general changes," you must "obtain that consent all over again," especially for users who are children [or] minors.

App stores also must “provide a commercially reasonable or available method to allow developers to access the age range info for each user's internal consent status,” Fath said.

These laws implicitly state that companies “have actual knowledge of age once [they] get this signal from the app stores developers.”

Ying said it’s helpful for companies to think of this as COPPA compliance, since that statute carries “additional obligations” for actual knowledge of age (see 2507110042). Having actual knowledge of age “really does complicate things,” as there are additional privacy laws in states that have other requirements for those younger than 18, she added.

Lawrence agreed. “It opens up a can of worms on other compliance obligations that companies may have never thought about, but now really need to think through … comprehensively.”

Fath also said that while “the app stores on mobile are the first thing that come to mind … there are app stores in other places,” like CTV or certain gaming platforms.

“Non-mobile app store operators need to think about California” in particular, said Fath. That's because the state, in “true California fashion, doesn't use the term app store," he said. Instead, it uses “‘operating system providers’ as the defined term for app stores,” which is “broader” than just mobile.