A US House subcommittee is moving on 19 separate online-safety bills at once, and the through-line matters more than any single one: a revived Kids Online Safety Act, COPPA updates, and a plan to shift age verification and parental consent to the app store level. If that app-store approach becomes law, the way every American proves their age online changes, because the checkpoint moves from each individual app to the gate Apple and Google already control.
- The House Subcommittee on Commerce, Manufacturing and Trade held a hearing on 19 federal digital-media bills, signaling the most serious online-safety push in years.
- The package includes a revised Kids Online Safety Act (KOSA), updates to COPPA, and a regime for age verification and parental consent through app stores.
- Other proposals would bar under-16s from social media accounts and force platforms to open API access to third-party safety software.
- Moving age checks to the app store centralizes enforcement on Apple and Google, which is simpler to police but concentrates identity data and gatekeeping power.
What is actually on the table?
A stack of bills, not one law. The subcommittee reviewed 19 measures, and several recur across them: a revised Kids Online Safety Act that imposes a duty of care on platforms toward minors, COPPA updates that tighten data collection on children, and a sweeping age-verification and parental-consent framework routed through app stores. Adjacent proposals would prohibit under-16s from holding social media accounts and require platforms to expose API access so registered third-party safety tools can operate on a teen's account. Together they represent the most coordinated federal attempt to regulate minors online in years, after a decade in which almost every such bill stalled.
RelatedCloudflare says 52% of crawler traffic is AI training
The number of bills is itself the signal. Rather than one comprehensive law that has repeatedly collapsed under its own breadth, lawmakers are advancing many narrower measures at once, betting that at least some clear the votes and survive court challenges. That strategy makes the package harder to track but easier to pass in pieces.
Why route age checks through the app store?
Because it is the simplest place to enforce. Making each app verify age independently produces a patchwork: thousands of apps, thousands of implementations, and easy circumvention. Putting the check at the app store means age is confirmed once, at download, by the two companies that already gate nearly all mobile software. For lawmakers frustrated by unenforceable per-app rules, that centralization is the appeal. The cost is concentration: it hands Apple and Google a new, sensitive job, confirming the ages and often the identities of every user, and makes them the compliance chokepoint for the entire mobile internet, which is a lot of power and a lot of data to place in two private gatekeepers.
What are the tradeoffs everyone is fighting over?
| Concern | App-store age gate | Per-app verification |
|---|---|---|
| Enforceability | High, one checkpoint | Low, fragmented |
| Privacy risk | Concentrated in 2 firms | Spread across many apps |
| Gatekeeper power | Increases for Apple, Google | Diffuse |
| User friction | Once at download | Repeated per app |
| Circumvention | Harder on-device | Easier |
Neither column is clean. The app-store model is easier to enforce and less repetitive for users, but it deepens the privacy and gatekeeping problems that antitrust regulators spent the last two years trying to shrink. That tension is why the same digital-rights groups that want child safety also warn about routing everyone's identity through two companies.
RelatedExam Shutdowns Now Top Cause of Internet Outages
What to watch as the bills move
- Does KOSA clear the House this time? It has passed the Senate before and died in the House. Whether the duty-of-care language survives is the bellwether for the whole package.
- The First Amendment fight. Age verification and duty-of-care provisions draw constitutional challenges. Court injunctions have blocked similar state laws.
- How age is proven. Government ID, on-device estimation, or a credential system produce very different privacy outcomes. The method is the policy.
- Apple and Google's stance. The gatekeepers may resist a job that adds liability, or embrace the entrenchment. Their lobbying will shape the final text.
Our take
The instinct behind these bills is understandable, and the political momentum is real after years of dead-on-arrival attempts. But the app-store approach trades one hard problem for another. It genuinely makes age rules enforceable, which per-app schemes never managed, yet it does so by handing Apple and Google a chokepoint over who can use the internet and a new trove of identity data, at the exact moment regulators are trying to curb their gatekeeping. The safest version of this law would mandate privacy-preserving, on-device age estimation that never ships an ID to a server, and would keep the verification data out of the platforms' hands. Whether Congress writes that version, or the blunt one, is the whole ballgame, and the 19-bill hearing is where that fork gets decided.
- OfficialHouse Energy & Commerce Committee hearings and bill text
- ReferenceCongress.gov KOSA and COPPA bill tracking
- AnalysisTech Policy Press online-safety policy reporting
Original analysis by GenZTech. Figures current as of July 2026.
