A US House subcommittee is moving on 19 separate online-safety bills at once, and the through-line matters more than any single one: a revived Kids Online Safety Act, COPPA updates, and a plan to shift age verification and parental consent to the app store level. If that app-store approach becomes law, the way every American proves their age online changes, because the checkpoint moves from each individual app to the gate Apple and Google already control.

  • The House Subcommittee on Commerce, Manufacturing and Trade held a hearing on 19 federal digital-media bills, signaling the most serious online-safety push in years.
  • The package includes a revised Kids Online Safety Act (KOSA), updates to COPPA, and a regime for age verification and parental consent through app stores.
  • Other proposals would bar under-16s from social media accounts and force platforms to open API access to third-party safety software.
  • Moving age checks to the app store centralizes enforcement on Apple and Google, which is simpler to police but concentrates identity data and gatekeeping power.
Where age verification happens: per-app versus app store Today each app verifies age separately; the proposed model moves the age check to the app store gate before download. Today · per-app checks Proposed · app-store gate user App A · age checkApp B · age checkApp C · age checkApp D · age check user App storeone age gate App AApp BApp C genztech.blog
Fig 1 The structural change: instead of every app running its own age check, the app-store model verifies age once at the download gate, concentrating the checkpoint in Apple and Google.

What is actually on the table?

A stack of bills, not one law. The subcommittee reviewed 19 measures, and several recur across them: a revised Kids Online Safety Act that imposes a duty of care on platforms toward minors, COPPA updates that tighten data collection on children, and a sweeping age-verification and parental-consent framework routed through app stores. Adjacent proposals would prohibit under-16s from holding social media accounts and require platforms to expose API access so registered third-party safety tools can operate on a teen's account. Together they represent the most coordinated federal attempt to regulate minors online in years, after a decade in which almost every such bill stalled.

RelatedCloudflare says 52% of crawler traffic is AI training

The number of bills is itself the signal. Rather than one comprehensive law that has repeatedly collapsed under its own breadth, lawmakers are advancing many narrower measures at once, betting that at least some clear the votes and survive court challenges. That strategy makes the package harder to track but easier to pass in pieces.

Why route age checks through the app store?

Because it is the simplest place to enforce. Making each app verify age independently produces a patchwork: thousands of apps, thousands of implementations, and easy circumvention. Putting the check at the app store means age is confirmed once, at download, by the two companies that already gate nearly all mobile software. For lawmakers frustrated by unenforceable per-app rules, that centralization is the appeal. The cost is concentration: it hands Apple and Google a new, sensitive job, confirming the ages and often the identities of every user, and makes them the compliance chokepoint for the entire mobile internet, which is a lot of power and a lot of data to place in two private gatekeepers.

What are the tradeoffs everyone is fighting over?

ConcernApp-store age gatePer-app verification
EnforceabilityHigh, one checkpointLow, fragmented
Privacy riskConcentrated in 2 firmsSpread across many apps
Gatekeeper powerIncreases for Apple, GoogleDiffuse
User frictionOnce at downloadRepeated per app
CircumventionHarder on-deviceEasier

Neither column is clean. The app-store model is easier to enforce and less repetitive for users, but it deepens the privacy and gatekeeping problems that antitrust regulators spent the last two years trying to shrink. That tension is why the same digital-rights groups that want child safety also warn about routing everyone's identity through two companies.

RelatedExam Shutdowns Now Top Cause of Internet Outages

What to watch as the bills move

What to watch · 2026
  • Does KOSA clear the House this time? It has passed the Senate before and died in the House. Whether the duty-of-care language survives is the bellwether for the whole package.
  • The First Amendment fight. Age verification and duty-of-care provisions draw constitutional challenges. Court injunctions have blocked similar state laws.
  • How age is proven. Government ID, on-device estimation, or a credential system produce very different privacy outcomes. The method is the policy.
  • Apple and Google's stance. The gatekeepers may resist a job that adds liability, or embrace the entrenchment. Their lobbying will shape the final text.

Our take

The instinct behind these bills is understandable, and the political momentum is real after years of dead-on-arrival attempts. But the app-store approach trades one hard problem for another. It genuinely makes age rules enforceable, which per-app schemes never managed, yet it does so by handing Apple and Google a chokepoint over who can use the internet and a new trove of identity data, at the exact moment regulators are trying to curb their gatekeeping. The safest version of this law would mandate privacy-preserving, on-device age estimation that never ships an ID to a server, and would keep the verification data out of the platforms' hands. Whether Congress writes that version, or the blunt one, is the whole ballgame, and the 19-bill hearing is where that fork gets decided.

Primary sources

Original analysis by GenZTech. Figures current as of July 2026.