As of today, about half of all U.S. states have some form of age verification law around. Nine of those were passed in 2025 alone, covering everything from adult content sites to social media platforms to app stores.
Right now, California’s Digital Age Assurance Act (AB 1043) is all the rage right now, which targets not only websites and apps but also operating systems. Come January 1, 2027, every OS provider must collect a user’s age at account setup and provide that data to app developers via a real-time API.
Colorado is also working on a near-identical bill, which we covered earlier.
The EFF’s year-end review put it more bluntly: 2025 was “the year states chose surveillance over safety.” The foundation’s concern, which I concur with, is, where does this stop? Self-reported birthday today, government ID tomorrow? There appears to be no limit to these laws’ overreach.
It’s a bit crazy to think about how things have changed. When I was a kid, the only computer in the house that was online was in the office/living room, so my parents could walk past at any time and see what I was up to. This was in the MSN beta days, and I was usually in teen chat, which, given the beta, meant that we were all teens whose parents had gotten prerelease Win95 discs (actually, in my case, it was the head of my high school math department who “loaned” me his CD).
As a result, it was pretty chill. Having your phone at all hours and no oversight seems an absurd situation.