Age Verification Creep Tracker: KOSA, App Store ID Laws, and the Fight for Anonymous Speech

Age Verification Creep Tracker: When safety becomes an ID checkpoint

17 min read·Updated Jul 3, 2026

0 0 votes
Article Rating

Part of Start Here

Age Verification Creep Tracker: <a href="https://thethriftydev.com/blog/kosa-age-verification-privacy-pseudonymous-speech/" class="ttd-autolink">KOSA</a>, App Store ID Laws, and the Fight for Anonymous Speech – The Thrifty Dev

Age Verification Creep Tracker: KOSA, App Store ID Laws, and the Fight for Anonymous Speech

Age Verification Creep Tracker: When safety becomes an ID checkpoint

14 min read·Updated Jun 21, 2026

Part of Start Here

Age Verification Creep Tracker: <a href="https://thethriftydev.com/blog/kosa-age-verification-privacy-pseudonymous-speech/" class="ttd-autolink">KOSA</a>, App Store ID Laws, and the Fight for Anonymous Speech – The Thrifty Dev

Age Verification Creep Tracker: KOSA, App Store ID Laws, and the Fight for Anonymous Speech

Age Verification Creep Tracker: When safety becomes an ID checkpoint

11 min read·Updated Jun 21, 2026

Part of Start Here

Age verification is being sold as child safety. The bigger pattern is internet identity control. This tracker follows KOSA, app store age checks, state ID laws, platform responses, and the policy pipeline pushing the open internet toward identity checkpoints.

Last updated: July 2, 2026

Current threat level: HIGH

  • June 27, 2025: Supreme Court ruled 6-3 in Free Speech Coalition v. Paxton that state age verification for adult content is constitutional under intermediate scrutiny.
  • March 5, 2026: Senate passed COPPA 2.0 (S.836) by unanimous consent. Now heads to the House.
  • KOSA (S.1748) has 76 cosponsors (42 R, 33 D, 1 I) but has not received a Senate Commerce markup.
  • State age verification laws are spreading across the country.
  • Some platforms already block users in certain states instead of collecting ID.
  • Big Tech can absorb compliance costs. Smaller sites, forums, and open-source projects cannot.
  • The core risk is not one bill. The core risk is normalizing ID checks for speech.

Cite this tracker

TheThriftyDev. “Age Verification Creep Tracker: KOSA, App Store ID Laws, and the Fight for Anonymous Speech.” Last updated July 2, 2026. https://thethriftydev.com/blog/age-verification-creep-tracker/

What changed recently

  • July 1, 2026 — Confirmed: Louisiana ASAA did not activate on July 1, 2026. HB 977 (signed May 15, 2026) postponed enforcement to July 1, 2027. No Apple age-check activation for Louisiana occurred on this date.
  • June 27, 2026Correction: Louisiana HB 977 (signed May 15, 2026) postponed the Louisiana ASAA effective date from July 1, 2026 to July 1, 2027. Utah HB 498 similarly postponed Utah ASAA from May 6, 2026 to May 7, 2027. Apple’s Declared Age Range API enforcement for Utah and Louisiana reflects Apple’s implementation schedule, which operates on its own timeline. Tracker updated to reflect corrected legislative dates.
  • June 21, 2026 — Texas SB 2420 enforcement update: Fifth Circuit lifted injunction May 28, 2026; CCIA filed emergency SCOTUS challenge June 11, 2026 (pending — most significant active development). KIDS Act (H.R.7757) markup update: passed House E&C along party lines March 5, 2026; stalled on House floor with bipartisan talks ongoing; Democrats objected over weakened duty-of-care and broad state preemption. Louisiana postponed to July 1, 2027 — HB 977 signed May 15, 2026 delays Louisiana ASAA by one year. Utah also postponed to May 7, 2027 — HB 498 delayed Utah ASAA during legislative session. Apple’s Declared Age Range API enforcement for Utah (May 6) and Louisiana (originally July 1) reflects Apple’s implementation timeline, which may proceed independently of state legislative effective dates. West Virginia HB 4412 adult-site age verification law effective June 12, 2026. Massachusetts H.5295 passed House April 8, 2026 — would ban social media for under-14s and require universal age verification for all users; currently in Senate. New: Parents Decide Act (H.R.8250) introduced April 13, 2026 — mandates OS-level age verification with FTC enforcement, broader than app store laws. Litigation landscape updated with Texas SB 2420 SCOTUS emergency.
  • June 9, 2026 — Added the June 27, 2025 SCOTUS ruling in Free Speech Coalition v. Paxton, COPPA 2.0 (S.836) Senate passage by unanimous consent on March 5, 2026, KIDS Act (H.R.7757) House Energy & Commerce advancement along party lines on March 5, 2026, Apple Declared Age Range API enforcement timeline (international Feb 24, 2026; Utah May 6, 2026 — postponed to May 7, 2027 by HB 498; Louisiana July 1, 2026 — postponed to July 1, 2027 by HB 977), Google Play US state-law developer guidance, NetChoice v. Carr preliminary injunction against Georgia SB 351 (June 26, 2025), April 20, 2026 federal court block on the reworked Arkansas minor-social-media law, 76-cosponsor status for KOSA, and a litigation landscape update covering at least 8 states sued.
  • May 24, 2026 — Added S.1748 status, app-store age verification risk, platform response framing, and privacy-first alternatives.

Quote this

Age verification does not stay age verification. Once platforms must prove who is a minor, adults get dragged into the identity layer too.

The core risk is not one bill. The core risk is normalizing ID checks for speech.

A privacy-first child safety policy should punish exploitation and data abuse, not force every lawful speaker through an identity checkpoint.

Share this tracker

X / Twitter: Age verification does not stay age verification. Once platforms must prove who is a minor, adults get dragged into the identity layer too. That is how “protect kids” becomes “show ID to speak.” Tracker: https://thethriftydev.com/blog/age-verification-creep-tracker/

Nostr: KOSA and age-verification laws are not just child-safety policy. They are building pressure toward identity checkpoints for speech. Track the pattern here: https://thethriftydev.com/blog/age-verification-creep-tracker/

Congressional email subject: Oppose age verification mandates; support privacy-first child safety

Congressional email body: Please protect kids online without creating an ID-check internet. I oppose age verification mandates or liability schemes that pressure platforms to identify users before they can speak, search, learn, or join communities. Support privacy-first child safety instead: data minimization, limits on behavioral targeting, anti-dark-pattern rules, enforcement against predators, and protections for anonymous and pseudonymous speech.

Age verification creep tracker showing KOSA, app store ID laws, and state age-check pressure

Why This Tracker Exists

There are real online harms affecting kids. Sextortion, predatory adults, algorithmic amplification, bullying, self-harm content, addictive feeds, and data harvesting are not imaginary. Parents are right to be angry, and lawmakers are right to care.

The problem is the tool. Age verification sounds narrow until you ask how it works at internet scale. If a platform must treat minors differently, it needs a way to know who is a minor. If it cannot reliably know who is a minor, it checks more users. If checking more users becomes the safe legal path, adult speech gets dragged into the same identity layer.

That is age verification creep: a child safety proposal becomes a compliance system, the compliance system becomes an identity checkpoint, and the identity checkpoint becomes the default gate for speech, search, social media, communities, apps, and eventually payments.

The Short Version

  • Protecting kids online matters.
  • Age checks sound limited.
  • But platforms cannot separate minors from adults without checking users.
  • That creates pressure for ID vendors, device-level age signals, app-store verification, and more intrusive account systems.
  • The people hurt first are not criminals. They are abuse survivors, whistleblowers, dissidents, religious minorities, activists, journalists, LGBTQ users, and teenagers seeking help.

Federal Bills To Watch

Bill or proposalStatusSupporter framingAge verification riskSpeech/privacy risk
KOSA, S.174876 cosponsors (42 R, 33 D, 1 I). Introduced May 14, 2025. No Senate Commerce markup to date.Design duties and safeguards for minorsHighPlatforms may over-filter sensitive lawful content and seek age assurance
COPPA 2.0Passed Senate by unanimous consent March 5, 2026 (21 cosponsors). Awaiting House action.Stronger protections for children and teensMediumDepends on implementation and how platforms determine age
House online safety packagesKIDS Act (H.R.7757) passed House E&C along party lines March 5, 2026. Strips the Senate KOSA “duty of care”; adds broad federal preemption. Stalled on House floor — bipartisan negotiations ongoing; Democrats object over weakened knowledge standard and state law preemption. No floor vote scheduled.Parental controls and child safety accountabilityHighCould shift age checks to app stores, operating systems, or device layers
Parents Decide Act, H.R.8250Introduced April 13, 2026. Mandates OS-level age verification (Apple, Google, Microsoft) with FTC enforcement — broader than app store laws, covers every device. In House committee, no markup scheduled.Device-level child safety accountabilitySevereShifts age checks from apps to OS layer; could affect every desktop and mobile device nationally
Phone or SIM identity proposalsSeparate but related identity pressureFraud, trafficking, and crime preventionSevereTurns basic communication into a permissioned identity event
Map-style overview of age verification laws spreading through states and platforms

The Compliance Incentive Problem

Supporters often say KOSA does not directly require every user to upload ID. That is an important distinction. But direct mandates are not the only way policy changes behavior. Liability changes incentives.

If a platform can be punished for failing to protect minors from certain harms, the platform needs a defensible way to show which users are minors, which settings applied to them, and what content or features they were allowed to access. A small site owner, open-source developer, Nostr client, forum admin, or indie app team does not have a legal department to litigate fine distinctions. The safe response is to block users, remove features, over-filter speech, or outsource age checks to vendors.

That is how “we do not require ID” can still become “show ID to participate.”

State Age Verification Laws To Watch

State laws matter because they create the test cases. One state passes an age check. Another expands it. Courts rule on pieces of it. Platforms react by blocking regions, adding compliance vendors, or changing product design nationally.

CategoryWhat to watchWhy it mattersRisk
Adult-site age verificationState laws requiring ID or age assurance for sexual contentCreates legal precedent and vendor infrastructureHigh
Social media minor lawsParental consent, account limits, and age checks for social platformsPushes identity checks into general-purpose speech platformsSevere
App store age verificationApple/Google or app-store-level age signalsCentralizes age identity at the operating-system or app-store layerSevere
Device-level age systemsAge signals built into phones, browsers, or operating systemsCould follow users across apps and websitesSevere
Social media age verification (state)West Virginia HB 4412: adult-site age verification effective June 12, 2026. Massachusetts H.5295: House-passed April 8, 2026 — would ban social media for under-14s and require universal age verification for all social media users; currently in Massachusetts Senate.West Virginia creates new enforcement precedent; Massachusetts would be one of the strictest laws in the nationSevere

Litigation landscape (June 2026): At least 8 states have been sued over age verification for children. Courts have preliminarily halted laws in Arkansas (reworked law blocked April 20, 2026) and Georgia SB 351 (preliminary injunction June 26, 2025). Pending challenges remain in Florida, Louisiana, Mississippi, and Tennessee. Tennessee classifies age-verification violations as Class C felonies. New state AV bills are moving in at least 10 more states in 2026.

Texas SB 2420 — SCOTUS emergency (most significant active development): The Fifth Circuit lifted the district court’s injunction on May 28, 2026, allowing Texas’s App Store Accountability Act to take effect. CCIA filed an emergency injunction request with the U.S. Supreme Court on June 11, 2026 — SCOTUS has not yet ruled. If SCOTUS declines to intervene, other states’ app store laws (Louisiana July 1, future states) will accelerate. If SCOTUS intervenes and blocks Texas, the entire app-store-age-check pipeline faces a major setback.

Platform Responses Are The Early Warning System

App stores have started enforcing. Starting February 24, 2026, Apple began blocking users in Australia, Brazil, and Singapore from downloading apps rated 18+ unless confirmed to be adults — the same enforcement model now rolling out to US states. Apple’s Declared Age Range API shares age categories with developers. New Apple’s Declared Age Range API enforcement for Utah went live May 6, 2026. However, Utah’s state law (ASAA) was subsequently postponed to May 7, 2027 (HB 498). Louisiana’s state law (ASAA) was postponed to July 1, 2027 (HB 977, signed May 15, 2026). Apple’s API enforcement may proceed on its own timeline independent of state legislative dates. Texas SB 2420 is now enforced following the Fifth Circuit’s May 28 ruling, with CCIA’s emergency SCOTUS challenge pending. Google has published US-specific developer guidance for the same wave of state app-store age-verification laws.

When a platform blocks a state instead of collecting ID, that is not just a business decision. It is a warning signal. It means the compliance burden, liability risk, or privacy risk is too high for that platform to operate normally.

EFF has documented how age gates can become a windfall for Big Tech and a death sentence for smaller platforms. Large companies can pay lawyers, vendors, auditors, trust and safety teams, policy teams, lobbyists, and compliance engineers. Small communities cannot. If the cost of running a forum becomes identity verification infrastructure, the open web loses.

Compliance moat diagram showing how age checks favor Big Tech over small websites

Why Anonymous And Pseudonymous Speech Matters

Pseudonymous speech is not a loophole. It is a safety feature.

People use pseudonyms to report abuse, talk about addiction, explore religion, research health issues, organize politically, question powerful institutions, build communities, and separate public speech from private life. Teenagers may need access to information they cannot safely ask for at home. Abuse survivors may need resources without alerting an abuser. Whistleblowers may need to speak without attaching their legal name to every sentence.

An ID-check internet chills all of that. Even if the government never reads the database, the database exists. It can be breached, sold, subpoenaed, misused, shared, or quietly normalized until refusal itself looks suspicious.

The Big Tech Compliance Moat

Regulation sold as anti-Big-Tech can accidentally entrench Big Tech. That is the compliance moat.

Meta, Google, Apple, TikTok, and other giants can absorb age assurance vendors, policy audits, legal challenges, and reporting requirements. A small Mastodon instance, Nostr client, indie forum, hobby project, or privacy-first tool cannot. The likely result is less competition, more centralization, and fewer escape routes from the platforms lawmakers claim to be disciplining.

That matters for builders. A sovereign web needs small services, open protocols, self-hosted tools, and low-friction publishing. Identity compliance moves the web in the opposite direction.

Anonymous speech risk path from child safety rules to identity checkpoints

Better Child Safety Without ID Checkpoints

The choice is not “do nothing” or “verify everyone.” Better options exist:

  • Ban behavioral advertising to minors.
  • Enforce data minimization for all users.
  • Ban manipulative dark patterns and addictive product loops.
  • Require simple chronological feed options.
  • Improve reporting, takedown, and appeals systems.
  • Fund investigations and enforcement against predators and extortion networks.
  • Support family-level tools that do not require every website to collect ID.
  • Require privacy-preserving age signals only if they are voluntary, minimal, audited, open, and not tied to browsing history.

What To Tell Congress

Here is the clean message:

Protect kids online, but do not create an ID-check internet. Oppose age verification mandates and any bill that pressures platforms to identify users before they can speak, search, learn, or join communities. Pass privacy-first child safety instead: data minimization, limits on behavioral targeting, anti-dark-pattern rules, better enforcement against predators, and protections for anonymous and pseudonymous speech.

What Privacy-Minded Readers Should Do Now

  1. Contact your senators and representatives. Ask whether they support age verification mandates or privacy-first child safety.
  2. Use pseudonymous accounts where appropriate. Do not attach your legal identity to every public opinion.
  3. Support decentralized and smaller platforms before the compliance moat gets worse.
  4. Move some social activity to Nostr and other exit-ramp systems.
  5. Reduce dependence on identity-linked accounts where possible.
  6. Share this tracker when someone says, “It is only about protecting kids.”
Privacy-first child safety alternatives without mandatory ID checks

Copy/Paste This

If you want to explain the issue fast, use this:

Age verification does not stay age verification.

Once platforms must prove who is a minor, adults get dragged into the identity layer too.

That is how “protect kids” becomes “show ID to speak.”

Tracker: https://thethriftydev.com/blog/age-verification-creep-tracker/

Sources

By TheThriftyDev

Building smart with AI and automation. No fluff, just results.

Leave a comment

Your email address will not be published. Required fields are marked *


TheThriftyDev Dispatch

Don’t Wait Until Google Locks You Out

The escape map for search, email, cloud files, photos, browser, and phone backups — set up before you actually need it.



No spam. Practical privacy, AI, backup, and tool drops. Unsubscribe anytime.

By TheThriftyDev

Building smart with AI and automation. No fluff, just results.

Leave a comment

Your email address will not be published. Required fields are marked *


TheThriftyDev Dispatch

De-Google Without Going Crazy

Get the practical escape map: search, email, cloud files, photos, browser, phone backups, and what to replace first.



No spam. Practical privacy, AI, backup, and tool drops. Unsubscribe anytime.


0 0 votes
Article Rating

By TheThriftyDev

Building smart with AI and automation. No fluff, just results.

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Most Voted
Newest Oldest
TheThriftyDev Dispatch
Don't Wait Until Google Locks You Out

The escape map for search, email, cloud files, photos, browser, and phone backups — set up before you actually need it.

No spam. Practical privacy, AI, backup, and tool drops. Unsubscribe anytime.
0
Would love your thoughts, please comment.x
()
x