As Introduced
136th General Assembly
Regular Session S. B. No. 167
2025-2026
Senator Reynolds
To enact section 1349.07 of the Revised Code to
require certain application store-based parental
controls.
BE IT ENACTED BY THE GENERAL ASSEMBLY OF THE STATE OF OHIO:
Section 1. That section 1349.07 of the Revised Code be
enacted to read as follows:
Sec. 1349.07. (A) As used in this section:
(1) "Application store" means a publicly available web
site, software application, or online service that distributes a
third-party platform's software applications to a computer,
mobile device, or any other general purpose computing device.
(2)(a) "Broadband internet access service" means a mass-
market retail service by wire or radio that provides the
capability to transmit data to and receive data from all or
substantially all internet endpoints, including any capabilities
that are incidental to and enable the operation of the
communications service, but excluding dial-up internet access
service.
(b) "Broadband internet access service" includes any
service that the federal communications commission finds to be
providing a functional equivalent of the service described in
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 S. B. No. 167 Page 2
As Introduced
division (A)(2)(a) of this section or that is used to evade the
protections set forth in this section.
(3) "Child" means an individual consumer known to be under
eighteen years of age.
(4)(a) "Covered application" means a software application,
web site, or other online service that is likely to be accessed
by children and that is intended to be run or directed by a user
on a computer, mobile device, or other general purpose computing
device.
(b) "Covered application" does not include any of the
following:
(i) A broadband internet access service;
(ii) A telecommunications service, as defined in 47 U.S.C.
153;
(iii) The delivery or use of a physical product
unconnected to the internet.
(5) "Covered entity" means a covered manufacturer or
developer of a covered application.
(6) "Covered manufacturer" means a manufacturer of a
device, an operating system for a device, or an application
store.
(7) "Developer" means any person, entity, or organization
that creates, owns, or controls an application and is
responsible for the design, development, maintenance, and
distribution of the application to users through an application
store.
(8)(a) "Device" means a device or portion of a device that
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47 S. B. No. 167 Page 3
As Introduced
is designed for and capable of communicating across a computer
network with other computers or devices for the purpose of
transmitting, receiving, or storing data, including a desktop
computer, laptop, cellular telephone, tablet, or other device
designed for and capable of communicating with or across a
computer network and that is used for such purpose.
(b) "Device" does not include any of the following:
(i) Cable, fiber, or wireless modems;
(ii) Home routers, whether standalone or combined with
cable, fiber, or a wireless modem;
(iii) Managed set-top boxes;
(iv) Any physical object that only supports communications
within a closed user group or private network available to a
limited set of users.
(9) "Likely to be accessed by children" means, in the
context of an application, that either or both of the following
apply:
(a) Competent and reliable evidence regarding audience
composition demonstrates that the application is routinely
accessed by children;
(b) Internal research findings determine that the
application is routinely accessed by children.
(10) "Parent" includes a legal guardian.
(11) "User" means an individual consumer.
(B) Beginning January 1, 2026, no developer shall
distribute an application to users in this state or design,
develop, or maintain an application distributed to users in this
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74 S. B. No. 167 Page 4
As Introduced
state without first determining whether the application is
likely to be accessed by children and, if so, providing notice
of that determination to each application store that distributes
the application to users in this state.
(C)(1) The covered manufacturer of a device sold in this
state on or after January 1, 2026, shall, upon the initial
activation of the device, take commercially reasonable and
technically feasible steps to determine or estimate the age of
the primary user of the device.
(2) The covered manufacturer of an operating system for a
device sold in this state before January 1, 2026, shall take
commercially reasonable and technically feasible steps to
determine or estimate the age of the primary user of the device
following the first update to the operating system that occurs
after January 1, 2027.
(D) On and after January 1, 2026, the covered manufacturer
of an application store with users in this state shall take
commercially reasonable and technically feasible steps to do all
of the following:
(1) Provide a mechanism for developers to provide notice
that an application is likely to be accessed by children;
(2) Obtain parental consent before permitting a user in
this state who the covered manufacturer knows or should know is
under sixteen years of age to download a covered application
from the application store;
(3) Provide developers of covered applications in the
application store with a signal regarding whether a parent has
provided consent when required under division (D)(2) of this
section;
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103 S. B. No. 167 Page 5
As Introduced
(4) Provide a parent who consents to a child downloading
an application under division (D)(2) of this section with the
option to connect with the developer of the application for the
purpose of facilitating parental supervision tools.
(E) On and after January 1, 2026, a covered manufacturer
shall take commercially reasonable and technically feasible
steps to provide developers of covered applications with a
digital signal via a real-time application programming interface
regarding whether the covered manufacturer knows or estimates a
user to be:
(1) Under thirteen years of age;
(2) At least thirteen years of age, and under sixteen
years of age;
(3) At least sixteen years of age, and under eighteen
years of age;
(4) At least eighteen years of age.
(F) On and after January 1, 2026, a developer of a covered
application shall, to the extent applicable and technically
feasible, provide readily available features for parents to
support a child's use of the covered application. Such features
shall, at minimum, do all of the following:
(1) Manage which accounts are affirmatively linked to the
child;
(2) Manage the delivery of age appropriate content;
(3) Limit the amount of time that the child spends daily
on the covered application.
(G)(1) This section shall not be construed to require a
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130 S. B. No. 167 Page 6
As Introduced
covered entity to access, collect, retain, re-identify, or link
information that the covered entity would not otherwise access,
collect, retain, re-identify, or link in the ordinary course of
business, except as absolutely necessary to comply with
divisions (C), (D), and (E) of this section.
(2) A covered entity is not required to implement new
account controls or safety settings if the covered entity's
existing account controls and safety settings are sufficient to
comply with this section.
(H)(1) Nothing in this section shall be construed to
modify, impair, or supersede the operation of any antitrust law,
including Chapter 1331. of the Revised Code and 15 U.S.C. 1, et
seq.
(2) An application store shall comply with this section in
a nondiscriminatory manner, including by:
(a) Imposing at least the same restrictions and
obligations on the application store's own applications and
application distribution as the application store does on third-
party applications or application distributors;
(b) Not using data collected from third parties, or
consent mechanisms deployed for third parties, in the course of
compliance with this section, for any of the following:
(i) To compete against those third parties;
(ii) To give the application store's services preference
relative to those of third parties;
(iii) To act in a manner adverse to competition.
(I)(1) The attorney general may bring a civil action
against a covered entity that the attorney general believes to
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158 S. B. No. 167 Page 7
As Introduced
have violated this section. Before initiating such an
enforcement action, the attorney general shall provide written
notice to the covered entity identifying and explaining the
basis for each alleged violation.
(2) Except as otherwise provided in division (I)(4) of
this section, the attorney general shall not commence an
enforcement action if the covered entity, within forty-five days
after notice of the alleged violations is sent, does both of the
following:
(a) Cures all violations described in the notice;
(b) Provides the attorney general with a written statement
indicating that the violations are cured and agreeing to refrain
from further violations of this section.
(3) If the covered entity does not timely respond or
continues to violate this section after receiving the notice,
the attorney general may initiate the enforcement action and
seek damages of up to two thousand five hundred dollars for each
violation. Except as otherwise provided in division (I)(4) of
this section, damages begin to accrue on the forty-sixth day
following the date the attorney general sends notice of the
violation.
(4) Division (I)(2) of this section does not apply if the
covered entity fails to timely cure all of the violations
described in the notice or commits a subsequent violation of the
same type after curing the initial violation under that
division. Notwithstanding division (I)(3) of this section, if a
covered entity commits a subsequent violation of the same type
after reporting that the initial violation is cured, the
attorney general may bring a civil action at any time after
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187 S. B. No. 167 Page 8
As Introduced
sending notice of the violation under division (I)(1) of this
section. Damages for the subsequent violation begin to accrue on
the date the violation occurs.
(5) It is an affirmative defense to a violation of
division (F) of this section if the covered entity acted in
reasonable reliance on a covered manufacturer's signals
regarding a user's age or parental consent.
(6) It is an affirmative defense to a violation of this
section if the covered entity took commercially reasonable and
technically feasible steps to comply.
(7) Nothing in this section shall be construed to provide
a private right of action. The attorney general has the
exclusive authority to enforce this section.
188
189
190
191
192
193
194
195
196
197
198
199
200