01-17 17:43 S.B. 142
1
App Store Accountability Act
2025 GENERAL SESSION
STATE OF UTAH
Chief Sponsor: Todd D. Weiler
2
3
LONG TITLE
4
General Description:
5
This bill enacts provisions governing app store operations and creates requirements for age
6
verification and parental consent.
7
Highlighted Provisions:
8
This bill:
9
▸ defines terms;
10
▸ requires app store providers to:
11
● verify user ages;
12
● obtain parental consent for minor accounts;
13
● notify users and parents of significant changes;
14
● share age and consent data with developers; and
15
● protect age verification data;
16
▸ prohibits app store providers from:
17
● enforcing contracts against minors without parental consent; and
18
● misrepresenting parental content disclosures;
19
▸ requires developers to:
20
● verify age and consent status through app stores; and
21
● notify app stores of significant changes;
22
▸ prohibits developers from:
23
● enforcing contracts against minors without verified parental consent; and
24
● misrepresenting parental content disclosures;
25
▸ designates violations of certain provisions as deceptive trade practices;
26
▸ requires the Division of Consumer Protection to establish standards for age verification
27
methods;
28
▸ creates a private right of action for parents of harmed minors;
29
▸ provides a safe harbor for compliant developers; and
30
▸ includes a severability clause.
31
Money Appropriated in this Bill: S.B. 142 01-17 17:43
32
None
33
Other Special Clauses:
34
This bill provides a special effective date.
35
Utah Code Sections Affected:
36
ENACTS:
37
13-75-101 (Effective 05/07/25), Utah Code Annotated 1953
38
13-75-201 (Effective 05/06/26), Utah Code Annotated 1953
39
13-75-202 (Effective 05/06/26), Utah Code Annotated 1953
40
13-75-301 (Effective 05/07/25), Utah Code Annotated 1953
41
13-75-401 (Effective 05/06/26), Utah Code Annotated 1953
42
13-75-402 (Effective 05/07/25), Utah Code Annotated 1953
43
13-75-403 (Effective 05/07/25), Utah Code Annotated 1953
44
13-75-404 (Effective 05/07/25), Utah Code Annotated 1953
45
46
Be it enacted by the Legislature of the state of Utah:
47
Section 1. Section 13-75-101 is enacted to read:
48
CHAPTER 75. APP STORE ACCOUNTABILITY ACT
49
Part 1. General Provisions
50
13-75-101 (Effective 05/07/25). Definitions.
51
As used in this chapter:
52
(1) "Age category" means one of the following categories of individuals based on age:
53
(a) "child" which means an individual who is under 13 years old;
54
(b) "younger teenager" which means an individual who is at least 13 years old and under
55
16 years old;
56
(c) "older teenager" which means an individual who is at least 16 years old and under 18
57
years old; or
58
(d) "adult" which means an individual who is at least 18 years old.
59
(2) "Age category data" means information about a user's age category that is:
60
(a) collected by an app store provider; and
61
(b) shared with a developer.
62
(3) "Age rating" means a classification that provides an assessment of the suitability of an
63
app's content for different age groups.
64
(4) "App" means a software application or electronic service that a user may run or direct
- 2 - 01-17 17:43 S.B. 142
65
on a mobile device.
66
(5) "App store" means a publicly available website, software application, or electronic
67
service that distributes apps from third-party developers to users.
68
(6) "App store provider" means a person that owns, operates, or controls an app store that
69
distributes apps to users in the state.
70
(7) "Content description" means a description of the specific content elements that informed
71
an app's age rating.
72
(8) "Developer" means a person that owns or controls an app made available through an
73
app store in the state.
74
(9) "Division" means the Division of Consumer Protection, established in Section 13-2-1.
75
(10) "Knowingly" means to act with actual knowledge or to act with knowledge fairly
76
inferred based on objective circumstances.
77
(11) "Minor" means an individual under 18 years old.
78
(12) "Minor account" means an account with an app store provider that:
79
(a) is established by an individual who the app store provider has determined is under 18
80
years old through the app store provider's age verification methods; and
81
(b) requires affiliation with a parent account.
82
(13) "Mobile device" means a portable computing device that:
83
(a) provides cellular or wireless connectivity;
84
(b) is capable of connecting to the Internet;
85
(c) runs a mobile operating system; and
86
(d) is capable of running apps through the mobile operating system.
87
(14) "Mobile operating system" means software that:
88
(a) manages mobile device hardware resources;
89
(b) provides common services for mobile device programs;
90
(c) controls memory allocation; and
91
(d) provides interfaces for applications to access device functionality.
92
(15) "Parent" means, with respect to a minor, any of the following individuals who have
93
legal authority to make decisions on behalf of the minor:
94
(a) an individual with a parent-child relationship under Section 78B-15-201;
95
(b) a legal guardian; or
96
(c) an individual with legal custody.
97
(16) "Parent account" means an account with an app store provider that:
98
(a) is verified to be established by an individual who the app store provider has
- 3 - S.B. 142 01-17 17:43
99
determined is at least 18 years old through the app store provider's age verification
100
methods; and
101
(b) may be affiliated with one or more minor accounts.
102
(17) "Parental consent disclosure" means the following information that an app store
103
provider is required to provide to a parent before obtaining parental consent:
104
(a) if the app store provider has an age rating for the app or in-app purchase, the app's or
105
in-app purchase's age rating;
106
(b) if the app store provider has a content description for the app or in-app purchase, the
107
app's or in-app purchase's content description;
108
(c) a description of:
109
(i) the personal data collected by the app from a user; and
110
(ii) the personal data shared by the app with a third party; and
111
(d) if personal data is collected by the app, the methods implemented by the developer to
112
protect the personal data.
113
(18) "Significant change" means a modification to an app's terms of service or privacy
114
policy that:
115
(a) changes the categories of data collected, stored, or shared;
116
(b) alters the app's age rating or content descriptions;
117
(c) adds new monetization features, including:
118
(i) in-app purchases; or
119
(ii) advertisements; or
120
(d) materially changes the app's:
121
(i) functionality; or
122
(ii) user experience.
123
(19) "Verifiable parental consent" means authorization that:
124
(a) is provided by an individual who the app store provider has verified is an adult;
125
(b) is given after the app store provider has clearly and conspicuously provided the
126
parental consent disclosure to the individual; and
127
(c) requires the parent to make an affirmative choice to:
128
(i) grant consent; or
129
(ii) decline consent.
130
Section 2. Section 13-75-201 is enacted to read:
131
Part 2. App Store and Developer Requirements
132
13-75-201 (Effective 05/06/26). App store requirements.
- 4 - 01-17 17:43 S.B. 142
133
(1) An app store provider shall:
134
(a) at the time an individual who is located in the state creates an account with the app
135
store provider:
136
(i) request age information from the individual; and
137
(ii) verify the individual's age using commercially available methods that are
138
reasonably designed to ensure accuracy;
139
(b) if the age verification process described in Subsection (1)(a) determines the
140
individual is a minor:
141
(i) require the account to be affiliated with a parent account; and
142
(ii) obtain verifiable parental consent from the holder of the affiliated parent account
143
before allowing the minor to:
144
(A) download an app;
145
(B) purchase an app; or
146
(C) make an in-app purchase;
147
(c) after receiving notice of a significant change from a developer:
148
(i) notify the user of the significant change; and
149
(ii) for a minor account:
150
(A) notify the holder of the affiliated parent account; and
151
(B) obtain renewed verifiable parental consent;
152
(d) provide developers real-time access to:
153
(i) age category data for each user located in the state; and
154
(ii) the status of verified parental consent for each minor located in the state;
155
(e) protect personal age verification data by:
156
(i) limiting collection and processing to data necessary for:
157
(A) verifying a user's age;
158
(B) obtaining parental consent; or
159
(C) maintaining compliance records; and
160
(ii) transmitting personal age verification data using industry-standard encryption
161
protocols that ensure:
162
(A) data integrity; and
163
(B) data confidentiality.
164
(2) An app store provider may not:
165
(a) enforce a contract or terms of service against a minor unless the app store provider
166
has obtained verifiable parental consent;
- 5 - S.B. 142 01-17 17:43
167
(b) knowingly misrepresent the information in the parental content disclosure; or
168
(c) share personal age verification data except:
169
(i) between an app store provider and a developer as required by this chapter; or
170
(ii) as required by law.
171
Section 3. Section 13-75-202 is enacted to read:
172
13-75-202 (Effective 05/06/26). Developer requirements.
173
(1) A developer shall:
174
(a) verify through the app store's data sharing methods:
175
(i) the age category of users located in the state; and
176
(ii) for a minor account, whether verifiable parental consent has been obtained;
177
(b) notify app store providers of a significant change to the app; and
178
(c) use age category data received from an app store only to enforce any developer
179
implemented age-related restrictions.
180
(2) A developer may not:
181
(a) enforce a contract or terms of service against a minor unless the developer has
182
verified through the app store provider that verifiable parental consent has been
183
obtained;
184
(b) knowingly misrepresent any information in the parental consent disclosure; or
185
(c) share age category data with any person.
186
Section 4. Section 13-75-301 is enacted to read:
187
Part 3. Division Rulemaking
188
13-75-301 (Effective 05/07/25). Division rulemaking.
189
In accordance with Title 63G, Chapter 3, Utah Administrative Rulemaking Act, the
190
division shall make rules establishing standards for what constitutes a commercially
191
reasonable method for age verification under Subsection 13-75-201(1)(a)(ii).
192
Section 5. Section 13-75-401 is enacted to read:
193
Part 4. Enforcement and Safe Harbor
194
13-75-401 (Effective 05/06/26). Enforcement.
195
(1) A violation of Subsection 13-75-201(2)(b) or Subsection 13-75-202(2)(b) constitutes a
196
deceptive trade practice under Section 13-11a-3.
197
(2)(a) The parent of a minor who has been harmed by a violation of Subsection
198
13-75-201(2)(b) may bring a civil action against an app store provider.
199
(b) The parent of a minor who has been harmed by a violation of Subsection
- 6 - 01-17 17:43 S.B. 142
200
13-75-202(2)(b) may bring a civil action against a developer.
201
(3) In an action described in Subsection (2), the court shall award a prevailing parent:
202
(a) the greater of:
203
(i) actual damages; or
204
(ii) $1,000 for each violation;
205
(b) reasonable attorney fees; and
206
(c) litigation costs.
207
Section 6. Section 13-75-402 is enacted to read:
208
13-75-402 (Effective 05/07/25). Safe harbor.
209
A developer is not liable for a violation of this chapter if the developer demonstrates that
210
the developer:
211
(1) relied in good faith on:
212
(a) personal age verification data provided by an app store provider; and
213
(b) notification from an app store provider that verifiable parental consent was obtained;
214
and
215
(2) complied with the requirements described in Section 13-75-202.
216
Section 7. Section 13-75-403 is enacted to read:
217
13-75-403 (Effective 05/07/25). Severability.
218
(1) If any provision of this chapter or the application of any provision to any person or
219
circumstance is held invalid by a final decision of a court of competent jurisdiction, the
220
remainder of this chapter shall be given effect without the invalid provision or
221
application.
222
(2) The provisions of this chapter are severable.
223
Section 8. Section 13-75-404 is enacted to read:
224
13-75-404 (Effective 05/07/25). Application and limitations.
225
Nothing in this chapter shall be construed to:
226
(1) prevent an app store provider from taking reasonable measures to:
227
(a) block, detect, or prevent distribution to minors of:
228
(i) unlawful material;
229
(ii) obscene material; or
230
(iii) other harmful material;
231
(b) block or filter spam;
232
(c) prevent criminal activity; or
233
(d) protect app store or app security;
- 7 - S.B. 142 01-17 17:43
234
(2) require an app store provider to disclose user information to a developer beyond:
235
(a) age category; or
236
(b) verification of parental consent status; or
237
(3) allow an app store provider to implement measures required by this chapter in a manner
238
that is:
239
(a) arbitrary;
240
(b) capricious;
241
(c) anticompetitive; or
242
(d) unlawful.
243
Section 9. Effective Date.
244
(1) Except as provided in Subsection (2), this bill takes effect May 7, 2025.
245
(2) The actions affecting the following sections take effect on May 6, 2026:
246
(a) Section 13-75-201 (Effective 05/06/26);
247
(b) Section 13-75-202 (Effective 05/06/26); and
248
(c) Section 13-75-401 (Effective 05/06/26).
- 8 -