2026 U.S. State Online Safety Legislation (First 2 weeks)

January 16th, 2026

By: Thurston Powers

AK AK: No bills
ME ME: 1 bill
WI WI: 2 bills
VT VT: No bills
NH NH: 4 bills
WA WA: 2 bills
ID ID: No bills
MT MT: No bills
ND ND: No bills
MN MN: 9 bills
IL IL: No bills
MI MI: 4 bills
NY NY: 12 bills
MA MA: No bills
RI RI: No bills
OR OR: No bills
NV NV: No bills
WY WY: No bills
SD SD: No bills
IA IA: 1 bill
IN IN: 4 bills
OH OH: 1 bill
PA PA: No bills
NJ NJ: 3 bills
CT CT: No bills
CA CA: No bills
UT UT: 3 bills
CO CO: 1 bill
NE NE: 3 bills
MO MO: 5 bills
KY KY: 2 bills
WV WV: No bills
VA VA: 4 bills
MD MD: No bills
DE DE: No bills
AZ AZ: 3 bills
NM NM: No bills
KS KS: No bills
AR AR: No bills
TN TN: 1 bill
NC NC: 2 bills
SC SC: 5 bills
DC DC: No bills
OK OK: 8 bills
LA LA: No bills
MS MS: 1 bill
AL AL: No bills
GA GA: 1 bill
TX TX: No bills
FL FL: 5 bills
HI HI: No bills
No Bills
Few
Many

1. Introduction

This report is a follow up on the 2025 session report that identifies online-safety legislation emerging in the first two weeks of the 2026 U.S. state legislative sessions. As of January 16, 2026, many state legislatures are just convening, and the bill landscape remains incomplete—but early filings already signal a renewed push for age-verification mandates, content-scanning requirements, and platform accountability measures. The goal here: flag these well-intentioned proposals as potential vectors for privacy breaches so that the risks can be weighed against the benefits.

Why the Urgency?

Data breaches are routine—thousands happen every year. What makes compliance-mandated breaches different is that users have no choice. When legislation requires platforms to collect government IDs, selfies, or biometric data, users must hand over sensitive documents just to access services. The breach surface isn't a bug; it's a direct consequence of the policy.

The Electronic Frontier Foundation made this explicit in their December 2025 "Breachies" awards, giving Discord "The We Still Told You So Award":

"Last year, AU10TIX won our first The We Told You So Award because as we predicted in 2023, age verification mandates would inevitably lead to more data breaches, potentially exposing government IDs as well as information about the sites that a user visits. Like clockwork, they did."

The UK's Online Safety Act duties entered force mid-2025, requiring "highly effective" age checks and children's risk assessments (Ofcom quick guide; Ofcom statement; Ofcom age-checks in force; UK government explainer). Within months, the consequences materialized.

The Discord Breach: Anatomy of a Compliance Honeypot

In late 2025, Discord disclosed that a third-party vendor (identified as 5CA) was compromised—not Discord's own systems—exposing users' government-ID photos collected for age-appeal reviews. According to EFF's analysis, the breach included "real names, selfies, ID documents, email and physical addresses, phone numbers, IP addresses, and other contact details or messages provided to customer support. In some cases, 'limited billing information' was also accessed."

Discord disputed threat-actor claims of "millions" of records and refused ransom (BleepingComputer; Tom's Hardware; The Verge). The support stack involved Zendesk, through which ticket data and attachments were allegedly exfiltrated (SOCRadar). After Discord named 5CA, the vendor pushed back, suggesting human error rather than a direct breach—underscoring the fragility of outsourced compliance chains (SecurityWeek).

As EFF notes: "Technically though, it wasn't Discord itself that was hacked but their third-party customer support provider... Either way, it's Discord users who felt the impact."

The Pattern: Mandates Create Attack Surfaces

The Discord breach isn't an isolated incident. The 2025 Breachies catalog a pattern where compliance and data-aggregation requirements create new breach vectors:

When statutes require platforms to conduct risk assessments, operate detection/scanning technologies, or verify age, they create:

Scope of This Early-Session Report

As legislatures convene throughout January and February 2026, I'm tracking U.S. federal and state proposals that mirror EU/UK-style child-safety frameworks—bills that impose:

For each bill, I map features to concrete operational requirements (ID collection, biometric inference, client-side analysis) and evaluate privacy, encryption, and civil liberties impacts.

Not all states have started session yet. Most states are still introducing bills.

Bottom line: Child-protection goals are vital. But without careful legislative design—data minimization, in-product age signals over document uploads, strict vendor segmentation, least-privilege access, short retention, and verifiable privacy guarantees—well-meaning statutes may manufacture the very privacy catastrophes and surveillance infrastructure they claim to prevent.

Further Reading

EFF: The Breachies 2025 · Discord press statement · BleepingComputer · The Verge · Tom's Hardware · SOCRadar · The Guardian · Ofcom: age checks · SecurityWeek

2. Methodology

Unlike previous blog posts, this report uses our similarity search engine instead of our concept search engine. In order to perform this search, I copied the text of the second chapter of the EU's Chat Control Act and provided a filtering prompt.

Legislative Analyst Prompt

Role: You are a legislative analyst. Your job is to evaluate a single U.S. bill (federal or state) to determine whether it is a "spiritual successor" to the EU Chat Act—that is, whether it meaningfully replicates its risk-assessment, mitigation, compelled detection/scanning, age-verification, app-store gatekeeping, reporting, removal/blocking, data-preservation, and compliance-infrastructure features aimed at preventing child sexual abuse online, with material implications for privacy, encryption, and user rights.

Guidelines: Work strictly from the provided bill text. Be conservative; prefer explicit statutory language over inferences. Quote only short, necessary phrases with section cites.

What Counts as "Spiritual Successor"

Mark YES/LIKELY when the bill includes one or more of the following core elements (strong signals), especially in combination:

  • Provider risk assessments & mitigation plans: Ongoing risk assessment obligations for hosting/interpersonal messaging services; mandated mitigation changes to moderation, recommender systems, product features, staffing, or governance.
  • Compelled detection / scanning: Court/agency "detection orders" or statutory duties requiring installation/operation of technologies to detect known or new CSAM or solicitation of minors, including in private communications. References to indicators/hashes, "reliable technologies," error-rate limits, "least intrusive," or "state of the art."
  • Age verification / age assessment: Duty to reliably identify child users (including for messaging) or to gate access to apps/services with age checks; language around "necessary to enable mitigation" or "age verification for app stores."
  • App-store obligations: App stores must assess service risks, prevent child access for high-risk apps, and implement age checks; publish risk criteria.
  • Reporting and centralized routing: Mandatory reporting of potential CSAM/solicitation to a central body (e.g., NCMEC or a newly created state/federal hub) with templates, required metadata, user/IP info, or cross-border forwarding.
  • Removal, blocking, or exposure-limiting orders: Takedown/removal orders with short compliance windows; blocking orders for access providers with URL lists or indicator databases.
  • Data preservation & internal controls: Retention of content/metadata tied to detection, complaints, or redress; internal oversight, human review, redress/appeal mechanisms.
  • Legal rep / points of contact / compliance infrastructure: Designated contact or in-jurisdiction representative; mandatory transparency of contacts; audits; DPIAs; implementation plans.
  • Explicit reach into E2EE (very strong signal): Language that functionally compels client-side scanning or scanning of end-to-end encrypted communications or otherwise undermines encryption "to the extent necessary to comply."

What Does NOT Count (Usually)

Mark NO/UNLIKELY when the bill is only about:

  • Criminal penalties/definitions of CSAM without platform duties.
  • School/library filters; public-computer policies.
  • Pure deepfake/AI labeling rules, biometric bans, or generic privacy acts.
  • Narrow takedown rules (e.g., "revenge porn" removal) without scanning, risk assessments, or age-verification mandates.
  • Voluntary best-practices with no binding duty.

Methodology

  1. Scope filter (fast): If platform-duty words (see keyword hints) don't appear, likely NO.
  2. Map elements: Extract section-level evidence for each Strong Signal (1–9).
  3. Weigh intrusiveness: Note effects on encryption, private comms, client-side analysis, upload scanning, and proportionality.
  4. Score & decision: Use the rubric below. Summarize impacts on privacy/E2EE and who's covered.

Keyword Hints (non-exhaustive; not determinative)

"risk assessment," "risk mitigation," "implementation plan," "coordinating authority," "trusted flagger," "detection order," "install technologies," "indicators," "hash," "solicitation of children," "age verification/assessment," "reliably identify child users," "app store," "interpersonal communication service," "private communications," "reporting obligations," "template," "central clearinghouse/center," "removal order," "blocking order," "URL list," "data preservation," "user redress," "point of contact," "legal representative," "end-to-end encryption," "client-side scanning," "least intrusive," "error rate," "state of the art."

I limited the search results to the first 120 results per state and dropped all results that were labeled as "false" by the filtering prompt. The net for this search is already quite large, and therefore marginal results are included in this report.

Arizona

Index of Bills

House - 2133 - sexual material; consent; synthetic depiction

Legislation ID: 247808

Bill URL: View Bill

Summary

HB 2133 introduces amendments to Arizonas laws concerning the unlawful disclosure of images depicting nudity or sexual activities. It establishes clear definitions and penalties for violations, particularly focusing on consent verification for the publication of sexual material on the internet. The bill also addresses the transfer and renumbering of existing statutes related to sexual material, and it provides a framework for civil penalties against commercial entities that fail to comply with consent requirements.

Key Sections

  • Definitions: This provision outlines key definitions used throughout the bill, including terms like disclose, reasonable consent verification methods, and synthetic depiction, which are crucial for understanding the bills application.
  • Severability and Short Title: This provision states that if any part of the act is found invalid, the remaining provisions will still be effective. It also provides a short title for the act, naming it the Protect Act.
  • Sexual Material on the Internet: This provision requires commercial entities to verify consent from individuals depicted in sexual material before publication, maintain records of such verifications, and implement measures to prevent unauthorized material from being uploaded.
  • Unlawful Disclosure of Images: This provision makes it unlawful to disclose images of individuals in states of nudity or specific sexual activities without their consent, outlining the conditions under which such disclosures are prohibited and the penalties for violations.

Key Requirements

  • Classifies violations as class 5 felony, with increased penalties for electronic disclosures.
  • Ensures that invalid provisions do not affect the validity of the remaining provisions.
  • Maintains that reasonable expectation of privacy remains unless the image is shared by the depicted person.
  • Mandates record-keeping of consent verifications for at least seven years.
  • Prohibits retention of identifying information post-verification.
  • Requires explicit informed consent from individuals depicted in sexual material.
  • Requires intent to harm, harass, intimidate, threaten, or coerce for unlawful disclosure.

Sponsors

Legislative Actions

Date Action
2026-01-13 House2nd Read
2026-01-12 Filed
2026-01-12 House1st Read

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates the use of automated scanning technologies to prevent the distribution of specific content.

Mechanism of Influence: Section 44-7302(A)(3) requires entities to 'Implement reasonable measures to prevent the uploading of sexual material that does not have verified consent, including using automated detection tools where feasible.'

Evidence:

  • using automated detection tools where feasible (Sec. 44-7302(A)(3))

Ambiguity Notes: The phrase 'where feasible' is not defined, leaving open whether this compels the adoption of specific hashing or AI-based scanning technologies similar to those proposed in the EU Chat Act.

Analysis 2

Why Relevant: The bill imposes a mandatory age-verification and consent-verification framework for commercial platforms.

Mechanism of Influence: Section 44-7302(A)(1) requires entities to 'verify, using reasonable consent verification methods' that depicted individuals are 'at least eighteen years of age.'

Evidence:

  • verify, using reasonable consent verification methods (Sec. 44-7302(A)(1))
  • Was at least eighteen years of age (Sec. 44-7302(A)(1)(b))

Ambiguity Notes: While it lists 'independent third party' verification, it does not specify the technical standards for 'reasonable' methods, potentially leading to invasive identity checks.

Analysis 3

Why Relevant: The bill establishes long-term data retention requirements for compliance and enforcement.

Mechanism of Influence: Section 44-7302(A)(2) requires entities to 'Maintain records of the verification for at least seven years' and make them available for inspection by the attorney general.

Evidence:

  • Maintain records of the verification for at least seven years (Sec. 44-7302(A)(2))

Ambiguity Notes: The requirement to maintain records for seven years creates a significant data-preservation obligation for platforms regarding user identity and consent.

House - 2192 - video content; minors; employment; compensation

Legislation ID: 247989

Bill URL: View Bill

Summary

HB 2192 establishes regulations for content creators who feature minors in video content, outlining definitions, compensation requirements, record-keeping obligations, and procedures for minors to request the removal of their identifiable information from such content. The bill seeks to safeguard minors rights and ensure they receive appropriate compensation for their participation in content creation.

Key Sections

  • Content creators; compensation to minors; reporting period; civil action: This provision outlines the conditions under which a minor featured in video content must be compensated, including criteria related to content percentage and total earnings.
  • Content removal requests; online hosting platforms; private right of action: This provision allows individuals who were minors in video content to request removal of their identifiable information and outlines the responsibilities of online platforms and content creators in this process.
  • Definitions: This section provides definitions for key terms used in the article, including content creator, minor, and video content.
  • Trust account for minors; requirements; civil action: This section mandates that content creators deposit earnings from video content featuring minors into a trust account until the minor reaches adulthood.
  • Unlawful financial benefit; sexual depiction of minors; prohibition; exceptions: This section prohibits the financial exploitation of minors through sexually explicit content and requires online platforms to implement strategies to mitigate risks.

Key Requirements

  • Content creators must comply with removal requests within a specified timeframe.
  • Content creators must maintain records related to the minors participation and compensation.
  • Funds must be disbursed to the minor upon reaching eighteen or upon emancipation.
  • Minors have the right to take legal action against violations.
  • Online platforms must develop risk-based strategies to prevent the sexualization of minors.
  • Online platforms must provide a mechanism for removal requests.
  • Requires minors to be compensated if featured in a significant portion of video content.
  • Trust accounts must be held by a bank or trust company.

Sponsors

Legislative Actions

Date Action
2026-01-14 House2nd Read
2026-01-13 House1st Read
2026-01-12 Filed

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates that platforms perform ongoing risk assessments and mitigation, a core pillar of the EU Chat Act.

Mechanism of Influence: Platforms are legally required to document and reassess strategies to mitigate risks of 'sexualization of a minor.'

Evidence:

  • an online hosting platform shall develop and implement a risk-based strategy to help mitigate risks related to the monetization of the knowing and intentional sexualization of a minor (23-349(B))
  • This risk-based strategy must be documented and reassessed on a reasonable recurring basis (23-349(B))

Ambiguity Notes: The term 'risk-based strategy' is broad and grants platforms discretion but creates a binding obligation to have a mitigation framework in place.

Analysis 2

Why Relevant: The bill explicitly suggests the use of automated scanning/detection technologies as a mitigation tool.

Mechanism of Influence: While framed as discretionary, the inclusion of 'automated systems' in a list of approved risk-mitigation strategies encourages the use of scanning to identify 'problematic content.'

Evidence:

  • The use of automated systems to identify and enforce against potentially problematic content and accounts (23-349(B)(3))

Ambiguity Notes: The bill does not strictly 'compel' scanning via a court order like the EU's 'detection orders,' but lists it as a primary method for fulfilling the mandatory risk-mitigation duty.

Analysis 3

Why Relevant: The bill creates a mandatory removal and takedown infrastructure for platforms.

Mechanism of Influence: Platforms must provide a submission mechanism and are legally compelled to 'take all reasonable steps to remove the content' if the original creator fails to act.

Evidence:

  • Online hosting platforms shall provide an easily accessible mechanism through which a removal request can be submitted (23-348(B))
  • the online hosting platform shall review and take all reasonable steps to remove the content (23-348(G))

Ambiguity Notes: The removal right is specifically for individuals who were minors at the time of filming, but it creates a permanent compliance infrastructure for content deletion.

Analysis 4

Why Relevant: The bill requires internal controls and transparency reporting similar to the EU's compliance infrastructure.

Mechanism of Influence: Platforms must publish their policies and best practices, and implement quality assurance to ensure mitigations are effective.

Evidence:

  • Quality assurance processes recurring at reasonable intervals to ensure that mitigations are working as intended (23-349(B)(5))
  • online hosting platforms shall make publicly available information that includes... policies, settings and best practices (23-349(C))

Ambiguity Notes: None

Senate - 1077 - interactive computer service; prostitution; violation

Legislation ID: 248149

Bill URL: View Bill

Summary

SB1077 amends existing Arizona statutes to introduce stricter penalties for dangerous crimes against children, particularly those involving sexual exploitation and trafficking. It establishes new offenses related to the use of interactive computer services for prostitution and enhances penalties for those involved in child sex trafficking, especially if the victims are minors. The bill aims to deter such crimes and protect vulnerable populations from exploitation.

Key Sections

  • Amendment to Dangerous Crimes Against Children: The bill amends section 13-705 to include harsher sentencing guidelines for individuals convicted of dangerous crimes against children, particularly those involving sexual exploitation and trafficking.
  • Unlawful Use of Interactive Computer Service: The bill introduces section 13-3213, criminalizing the use of interactive computer services to facilitate, promote, or solicit prostitution, particularly targeting enterprises that exploit minors.

Key Requirements

  • Individuals convicted of dangerous crimes against children involving sexual exploitation face life sentences if previously convicted.
  • Individuals or agents managing interactive computer services must not facilitate or promote prostitution.
  • Penalties vary based on the age of the minors involved and the knowledge of the perpetrator regarding the trafficking.
  • Specific minimum and maximum sentences are established based on the nature of the crime and the age of the victim.

Sponsors

Legislative Actions

Date Action
2026-01-14 Senate2nd Read
2026-01-12 Filed
2026-01-12 Senate1st Read

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age verification for certain types of content.

Mechanism of Influence: Section 13-3213(C) creates a Class 4 felony for a person or agent of an enterprise who 'knowingly exposes sexual material that is harmful to minors without using reasonable age verification methods.'

Evidence:

  • without using reasonable age verification methods prescribed by section 18-701 (13-3213(C))

Ambiguity Notes: The bill references 'section 18-701' for the definition of reasonable age verification methods, which is not provided in this text, leaving the specific technical requirements undefined here.

Analysis 2

Why Relevant: The bill defines and targets 'interactive computer services' similar to the scope of the EU Chat Act.

Mechanism of Influence: The definition includes any 'information service, system or access software provider that provides or enables computer access by multiple users to a computer server,' which captures social media and messaging platforms.

Evidence:

  • Interactive Computer Service means an information service, system or access software provider that provides or enables computer access by multiple users (13-3213(G)(3))

Ambiguity Notes: While the scope is broad, the duty is negative (refraining from facilitating prostitution) rather than positive (mandated proactive scanning or risk assessments).

↑ Back to Table of Contents

Colorado

Index of Bills

Introduced - 1058 - Protections for Minors Featured in Digital Content

Legislation ID: 264308

Bill URL: View Bill

Summary

This bill introduces new requirements and civil remedies for the protection of minors who are involved in the creation of online content. Effective June 1, 2027, it outlines criteria for content creators, mandates record-keeping regarding minors, and establishes trust accounts for their earnings. Additionally, it allows minors to request the removal of their identifiable information from online content, and it prohibits the exploitation of minors in a manner that could lead to sexual gratification.

Key Sections

  • Compensation for content creation - minors engaged in content creation: This provision establishes the criteria for recognizing minors as engaged in content creation, details the record-keeping requirements for content creators, and mandates the establishment of trust accounts for minors earnings.
  • Consequences for Non-Compliance: If content creators do not comply with removal requests, individuals may initiate civil actions against them, and online platforms must take steps to remove the content unless certain exceptions apply.
  • Definitions: This section defines key terms used throughout the bill, including content creator, minor, and online content.
  • Privacy removals - private right of action: This section allows adults who were minors in online content to request the removal of identifiable information and provides a mechanism for enforcement if the request is ignored.
  • Prohibition on Sexualization of Minors: The bill prohibits individuals from profiting from knowingly producing or distributing content that sexually exploits minors.
  • Removal Requests for Online Content: Individuals can submit requests to online platforms to delete or edit posts that feature their private information if they are identifiable.
  • Risk-Based Strategy for Online Hosting Platforms: Online hosting platforms are required to develop and implement strategies to mitigate risks associated with the sexualization of minors in content creation.

Key Requirements

  • A trust account must be set up to hold a portion of earnings for the minor until they reach adulthood or are emancipated.
  • Content creators must comply with removal requests within seventy-two hours of notification.
  • Content creators must delete or edit posts featuring minors within 72 hours of a request.
  • Content creators must maintain records of a minors age, compensation generated, and minutes featured in content.
  • Individuals may sue for injunctive relief, actual damages, punitive damages, and recovery of costs including attorney fees if their requests are ignored.
  • Individuals must provide all necessary information to identify themselves and the content in question when submitting a removal request.
  • Online hosting platforms are not liable unless they knowingly distribute exploitative content.
  • Online hosting platforms must act to remove content unless the request lacks sufficient information or the content is deemed newsworthy.
  • Online hosting platforms must facilitate the removal requests and notify content creators.
  • Online hosting platforms must notify content creators of removal requests within a specified timeframe not exceeding thirty days.
  • Platforms must document and regularly reassess their risk-based strategies.
  • The law does not apply to lawful activities by law enforcement or good faith reporting of unlawful activities.
  • They should provide clear information about policies and best practices regarding minors in content.

Sponsors

Legislative Actions

Date Action
2026-01-14 PDF

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates provider risk assessments and mitigation plans similar to the EU CSA Act.

Mechanism of Influence: Section 8-12.5-104(4)(a) requires platforms to 'develop and implement a risk-based strategy to help mitigate risks related to monetization of the intentional sexualization of known minors.'

Evidence:

  • 8-12.5-104(4)(a): 'ONLINE HOSTING PLATFORM SHALL DEVELOP AND IMPLEMENT A RISK-BASED STRATEGY TO HELP MITIGATE RISKS'
  • 8-12.5-104(4)(b): 'SHALL DOCUMENT AND REASSESS THE RISK-BASED STRATEGY'

Ambiguity Notes: The term 'risk-based strategy' is broad and grants platforms 'sole discretion' in implementation, but specifically suggests automated systems and recommendation guardrails.

Analysis 2

Why Relevant: The bill encourages or compels the use of automated detection technologies.

Mechanism of Influence: The risk-based strategy may include 'automated systems to identify and enforce against potentially problematic online content' (8-12.5-104(4)(b)(III)).

Evidence:

  • 8-12.5-104(4)(b)(III): 'AUTOMATED SYSTEMS TO IDENTIFY AND ENFORCE AGAINST POTENTIALLY PROBLEMATIC ONLINE CONTENT AND ACCOUNTS'

Ambiguity Notes: While listed as a discretionary component of the strategy, the mandate to 'mitigate risks' often necessitates the adoption of these automated tools in practice.

Analysis 3

Why Relevant: The bill establishes a mandatory removal and blocking regime for specific content.

Mechanism of Influence: If a content creator fails to comply with a privacy removal request, the platform is legally required to 'review and take all reasonable steps to remove the online content' (8-12.5-103(3)(b)).

Evidence:

  • 8-12.5-103(3)(b): 'THE ONLINE HOSTING PLATFORM SHALL REVIEW AND TAKE ALL REASONABLE STEPS TO REMOVE THE ONLINE CONTENT'

Ambiguity Notes: The 'reasonable steps' standard for platforms creates a statutory duty to moderate content upon notice, mirroring the 'removal order' features of the EU Act.

Analysis 4

Why Relevant: The bill requires compliance infrastructure and public transparency regarding moderation policies.

Mechanism of Influence: Platforms must provide an 'easily accessible mechanism' for removal requests and publish information about policies and 'best practices' for content featuring minors.

Evidence:

  • 8-12.5-103(2)(a): 'SHALL PROVIDE AN EASILY ACCESSIBLE MECHANISM THROUGH WHICH AN INDIVIDUAL CAN SUBMIT A REQUEST'
  • 8-12.5-104(4)(c): 'SHALL ENSURE THAT INFORMATION ABOUT ITS ONLINE CONTENT POLICIES... IS PUBLICLY AVAILABLE'

Ambiguity Notes: None

↑ Back to Table of Contents

Florida

Index of Bills

House - 1395 - Artificial Intelligence

Legislation ID: 250688

Bill URL: View Bill

Summary

This bill introduces the Artificial Intelligence Bill of Rights in Florida, defining artificial intelligence and prohibiting certain contracts with foreign entities of concern. It lays out various rights for Floridians related to AI, including rights to privacy, consent, and protection from misuse of AI technologies. The bill also mandates that AI technologies must not infringe on personal rights and establishes penalties for violations.

Key Sections

  • Artificial Intelligence Bill of Rights: Establishes a set of rights for Floridians regarding the use of artificial intelligence.
  • Definition of Artificial Intelligence: Defines artificial intelligence as engineered systems capable of inferring outputs from inputs to influence environments.
  • Definitions for AI Regulations: Provides definitions for terms used in the context of AI rights and regulations.
  • Prohibition on Contracts with Certain Entities: Prohibits governmental entities from extending or renewing contracts with certain foreign entities that have access to personal identifying information.
  • Rights Related to AI Usage: Lists specific rights of individuals regarding AI, including protection from misuse and the right to civil remedies.

Key Requirements

  • Contracts must not be extended or renewed if they provide access to personal identifying information.
  • Entities must provide affidavits confirming they do not meet specified criteria related to foreign ownership.
  • Floridians have rights to use AI to enhance their lives and to control their childrens use of AI.
  • Individuals may pursue civil remedies against unauthorized use of their likeness or personal data.
  • Rights include knowing if interacting with AI and if personal data is collected.
  • Rights to protection from AI-related criminal acts.

Sponsors

Legislative Actions

Date Action
2026-01-15 H Now in Information Technology Budget & Policy Subcommittee
2026-01-15 H Referred to Civil Justice & Claims Subcommittee
2026-01-15 H Referred to Commerce Committee
2026-01-15 H Referred to Information Technology Budget & Policy Subcommittee
2026-01-15 H Referred to State Affairs Committee
2026-01-13 H 1st Reading
2026-01-09 H Filed

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates mitigation measures to prevent the dissemination of harmful content to minors.

Mechanism of Influence: Platforms must implement technical or procedural safeguards to ensure AI chatbots do not generate or share prohibited materials.

Evidence:

  • Institute reasonable measures to prevent its companion chatbot from producing or sharing materials harmful to minors (s. 501.9984(2)(c))

Ambiguity Notes: The term 'reasonable measures' is not defined, potentially allowing the state to mandate specific filtering or scanning technologies.

Analysis 2

Why Relevant: The bill requires age-gating and parental consent for minors to access messaging-like AI services.

Mechanism of Influence: Companion chatbot platforms must verify age or obtain parental consent before allowing minors to create or maintain accounts.

Evidence:

  • prohibit a minor from entering into a contract with the platform to become an account holder... unless the minors parent or guardian provides consent (s. 501.9984(1))

Ambiguity Notes: The bill does not specify the method of verification, but mandates the prohibition of unconsented minor accounts.

Analysis 3

Why Relevant: The bill provides for data access and preservation of user interactions.

Mechanism of Influence: Parents are granted a statutory right to receive copies of all interactions, and platforms must delete data upon account termination unless law requires preservation.

Evidence:

  • Receive copies of all past or present interactions between the account holder and the companion chatbot (s. 501.9984(1)(a)1)
  • Permanently delete all personal information... unless state or federal law requires the platform to maintain the information (s. 501.9984(1)(b)4)

Ambiguity Notes: The interaction between the deletion mandate and 'state or federal law' preservation requirements may create a duty to retain evidence of potential harms.

Analysis 4

Why Relevant: The bill establishes significant compliance infrastructure and state oversight.

Mechanism of Influence: It subjects out-of-state platforms to Florida jurisdiction and empowers the Department of Legal Affairs to subpoena evidence and enforce penalties.

Evidence:

  • subject to the jurisdiction of the courts of this state (s. 501.9984(5))
  • the department may administer oaths and affirmations, subpoena witnesses or matter, and collect evidence (s. 501.9987(1))

Ambiguity Notes: The broad investigative powers could be used to compel disclosure of internal moderation algorithms or training data.

House - 659 - Interactions with Artificial Intelligence

Legislation ID: 239546

Bill URL: View Bill

Summary

This bill creates a new section in the Florida Statutes addressing companion chatbots, defining their characteristics and the responsibilities of their operators. It mandates that operators provide clear notifications about the nature of the chatbots, implement protocols to prevent harmful content, and verify user ages, especially for minors. Additionally, operators must submit annual reports to the Department of Legal Affairs regarding their compliance with these provisions.

Key Sections

  • Age Verification: Operators must implement anonymous and standard age verification processes, particularly for users identified as minors.
  • Annual Reporting: Operators must submit an annual report to the Department of Legal Affairs detailing their compliance with the protocols for managing suicidal content.
  • Content Protocols: Operators are required to prevent companion chatbots from interacting with users unless specific protocols are in place to manage content related to suicidal ideation and self-harm.
  • Definitions: This section defines key terms related to companion chatbots, including what constitutes AI-generated content and the specific nature of companion chatbots.
  • Effective Date: The act is set to take effect on July 1, 2026.
  • Enforcement and Violations: Violations of the established protocols are considered unfair or deceptive acts and can be enforced by civil action, with a provision for operators to cure violations before enforcement.
  • Non-relief Clause: This section clarifies that operators are still subject to other legal obligations beyond those outlined in this bill.
  • User Notification: Operators must display a clear notice indicating that companion chatbots are AI-generated and may not be suitable for minors.

Key Requirements

  • Operators must be notified of suspected violations and given time to address them.
  • Operators must disclose AI interaction to known minors.
  • Operators must display a conspicuous notice about the nature of companion chatbots.
  • Operators must maintain protocols to prevent the production of harmful content.
  • Operators must offer age verification for users accessing companion chatbots.
  • Operators must report the number of referrals to the suicide lifeline.
  • Protocols must include mechanisms for detection and response to suicidal ideation.
  • Reports must include protocols for managing suicidal ideation.

Sponsors

Legislative Actions

Date Action
2026-01-13 H 1st Reading
2025-12-16 H Now in Industries & Professional Activities Subcommittee
2025-12-16 H Referred to Commerce Committee
2025-12-16 H Referred to Industries & Professional Activities Subcommittee
2025-12-16 H Referred to Information Technology Budget & Policy Subcommittee
2025-12-04 H Filed

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates the implementation of technology to monitor and identify specific user content within the chatbot interface.

Mechanism of Influence: Operators must implement scanning mechanisms to 'detect' user expressions of suicidal ideation or self-harm in real-time, effectively requiring surveillance of user-to-AI interactions.

Evidence:

  • Detect, remove, and respond to expressions of suicidal ideation, or intent to commit suicide or to self-harm by users (s. 501.172(3)(c)1)

Ambiguity Notes: The term 'detect' implies automated surveillance of user input, though the specific technical standards or error-rate limits for this detection are not defined.

Analysis 2

Why Relevant: The bill requires mandatory age-gating for all users accessing the platform.

Mechanism of Influence: Operators are legally required to integrate 'anonymous' or 'standard' age verification systems to control access to the service, mirroring the EU's age-verification mandates.

Evidence:

  • An operator must offer anonymous age verification and standard age verification... for user access (s. 501.172(4)(a))

Ambiguity Notes: The bill refers to s. 501.1737 for standards, which typically involves third-party identity verification and data collection.

Analysis 3

Why Relevant: The bill establishes a centralized reporting and oversight mechanism similar to the EU's coordinating authority requirements.

Mechanism of Influence: Operators must submit annual reports to the Department of Legal Affairs detailing their safety protocols and the frequency of their interventions (e.g., suicide lifeline referrals).

Evidence:

  • each operator shall submit to the Department of Legal Affairs an annual report (s. 501.172(5)(a))

Ambiguity Notes: None

Analysis 4

Why Relevant: The bill mandates risk mitigation protocols and content filtering as a condition of service operation.

Mechanism of Influence: Operators are prohibited from providing the service unless they maintain specific protocols to prevent harmful content, including sexually explicit material for minors, necessitating model-level or output-level filtering.

Evidence:

  • prevent a companion chatbot... from interacting with users unless the operator maintains a protocol (s. 501.172(3)(a))
  • Implement reasonable measures to prevent a companion chatbot from producing visual material of sexually explicit conduct (s. 501.172(4)(b)3)

Ambiguity Notes: 'Reasonable measures' to prevent sexually explicit conduct is a broad standard that may compel intrusive filtering or client-side analysis.

Senate - 1344 - Companion Artificial Intelligence Chatbots

Legislation ID: 249908

Bill URL: View Bill

Summary

This bill establishes regulations for companion AI chatbots, requiring operators to implement age verification for users and to protect minors from accessing inappropriate content. It mandates that users create accounts, undergo age verification, and receive notifications about their interactions with AI chatbots. Additionally, the bill outlines penalties for non-compliance and empowers the Department of Legal Affairs to enforce these regulations.

Key Sections

  • Confidentiality of Age Verification: Operators are required to keep age verification information confidential.
  • Definitions: This section defines key terms related to companion AI chatbots, including what constitutes a companion AI chatbot and the roles of operators and minors.
  • Existing Accounts Transition: Operators must freeze existing user accounts as of July 1, 2026, requiring age verification for restoration.
  • Minors Access Restrictions: If a user is identified as a minor, specific restrictions apply to their account and access to the chatbot.
  • New Account Creation: Operators must request and verify age information when creating new user accounts.
  • Penalties for Non-compliance: Entities failing to comply with subpoenas or the act may face civil penalties and other consequences.
  • Rule Adoption: The Department is authorized to adopt rules for implementing this section.
  • Subpoena Authority: The Department of Legal Affairs has the authority to issue subpoenas and collect evidence regarding compliance with this act.
  • User Account Requirement: Operators must require users to create an account to access a companion AI chatbot.
  • User Notification Requirement: Operators must notify users that they are interacting with an AI chatbot at the start and every 60 minutes during interaction.
  • Violations and Enforcement: Violations of this act are considered deceptive trade practices, allowing for enforcement actions by the Department of Legal Affairs.

Key Requirements

  • Blocks access to sexually explicit content for minors.
  • Civil penalties for non-compliance can reach up to $5,000 per week.
  • Department may create rules to enforce the provisions of this act.
  • Department may enforce compliance and collect penalties.
  • Department may issue subpoenas for compliance investigations.
  • Legal fees may be imposed.
  • Operators must protect the confidentiality of age verification information.
  • Operators must request age information from users upon account creation.
  • Operators must verify age using standard or anonymous age verification.
  • Requires freezing of existing accounts until age verification is completed.
  • Requires operators to display a notification at the beginning and periodically during interactions.
  • Requires parental account affiliation for minor users.
  • Requires parental consent for minors to access the chatbot.
  • Requires users to create a user account to interact with the chatbot.
  • Violations are subject to civil penalties up to $50,000 per violation.

Sponsors

Legislative Actions

Date Action
2026-01-07 • Filed

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age verification for all users of interpersonal AI services.

Mechanism of Influence: Operators must 'Verify the user’s age using standard age verification or anonymous age verification' (s. 501.1739(4)(b)) and 'classify each user as either a minor or an adult' (s. 501.1739(3)(c)).

Evidence:

  • s. 501.1739(3)(b)
  • s. 501.1739(4)(b)
  • s. 501.1739(1)(h)

Ambiguity Notes: The term 'standard age verification' is broadly defined as 'any commercially reasonable method... approved by the operator' (s. 501.1739(1)(h)), leaving the specific technology choice to the provider but requiring it to be 'commercially reasonable.'

Analysis 2

Why Relevant: The bill requires operators to block specific categories of content for minor users, similar to exposure-limiting mandates.

Mechanism of Influence: Operators are legally compelled to 'Block the minor’s access to any companion AI chatbot that prompts, promotes, solicits, or otherwise suggests sexually explicit communication' (s. 501.1739(5)(c)).

Evidence:

  • s. 501.1739(5)(c)
  • s. 501.1739(1)(g)

Ambiguity Notes: The phrase 'otherwise suggests' is broad and could require proactive monitoring or filtering of AI outputs to ensure no sexually explicit content is generated for a minor.

Analysis 3

Why Relevant: The bill establishes a robust compliance and investigative infrastructure.

Mechanism of Influence: The Department of Legal Affairs is granted authority to 'subpoena witnesses or matter, and collect evidence' (s. 501.1739(11)(a)) and can levy civil penalties of 'up to $50,000 per violation' (s. 501.1739(8)(a)).

Evidence:

  • s. 501.1739(8)(a)
  • s. 501.1739(11)(a)
  • s. 501.1739(10)

Ambiguity Notes: The bill asserts jurisdiction over any operator making a chatbot available in the state, regardless of their physical location (s. 501.1739(10)).

Senate - 1722 - Application Stores

Legislation ID: 250849

Bill URL: View Bill

Summary

The App Store Accountability Act introduces regulations for app store providers and developers to ensure the safety and privacy of minors. It mandates age verification processes, parental consent for accounts held by minors, and specific obligations regarding the handling of age-related data. The act also allows for civil actions against violators, ensuring that minors and their parents can seek redress for any breaches of the law.

Key Sections

  • App Store Providers: Outlines the responsibilities of app store providers, including age verification, obtaining parental consent for minor accounts, and notifying users of significant changes to apps.
  • Definitions: This section defines key terms related to app stores, such as account holder, age category, app, developer, and others necessary for understanding the bills provisions.
  • Developers: Specifies the obligations of app developers, including age verification, notification of significant changes, and compliance with age-related restrictions.
  • Enforcement: Details the enforcement mechanisms available for violations of the act, including civil actions by minors or their parents and penalties for app store providers and developers.
  • Jurisdiction: Establishes jurisdiction for actions brought under the act, ensuring that app store providers and developers are subject to Florida courts if their services are accessible to minors in the state.
  • Rules and Safe Harbor: Instructs the Department of Legal Affairs to adopt rules for age verification processes and provides safe harbor provisions for developers who comply with the acts requirements.

Key Requirements

  • Allows minors to bring civil actions for violations.
  • Department must create rules for age verification processes.
  • Developers are not liable if they follow good faith reliance on age data.
  • Developers are restricted from enforcing contracts against minors without parental consent.
  • Developers must notify app store providers of significant changes.
  • Developers must verify age category data of account holders.
  • Establishes penalties for unfair and deceptive trade practices.
  • Mandates parental consent for accounts held by minors.
  • Obligates providers to protect age category data.
  • Permits the Department of Legal Affairs to enforce the act.
  • Requires app store providers to verify the age of account holders.
  • Requires notification of significant app changes to account holders.

Sponsors

Legislative Actions

Date Action
2026-01-09 • Filed

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age verification for all users of app stores, a core pillar of the EU's child safety framework.

Mechanism of Influence: App store providers are legally required to 'verify the individual’s age category' using 'commercially available methods' or state-defined rules, effectively creating a mandatory age-gate for mobile software access.

Evidence:

  • verify the individual’s age category using: a. Commercially available methods reasonably designed to ensure accuracy; or b. An age verification method or process that complies with department rule. (s. 501.1733(2)(a)1)

Ambiguity Notes: The term 'commercially available methods' is broad and could encompass privacy-invasive technologies like biometric face-scanning or government ID uploads, similar to debates surrounding the EU Chat Act's age-verification requirements.

Analysis 2

Why Relevant: The bill imposes significant gatekeeping obligations on app stores to control minor access to third-party services.

Mechanism of Influence: App stores must act as the central enforcement point, requiring 'verifiable parental consent' for every app download or in-app purchase by a minor, and must notify parents of 'significant changes' to an app's privacy policy or content rating.

Evidence:

  • obtain verifiable parental consent from the holder of the affiliated parent account each time before allowing the minor to download an app, purchase an app, or make an in-app purchase. (s. 501.1733(2)(a)2)

Ambiguity Notes: The requirement to obtain consent 'each time' before a download (s. 501.1733(2)(a)2) creates a high-friction environment that may compel developers to adopt more aggressive tracking to maintain compliance.

Analysis 3

Why Relevant: The bill creates a compliance infrastructure for data sharing between platforms and developers regarding user age and consent status.

Mechanism of Influence: Developers are compelled to 'Verify through the app store’s data-sharing methods' the age of their users and use that data to 'enforce any developer-created, age-related restrictions [or] safety-related features.'

Evidence:

  • Verify through the app store’s data-sharing methods the age category data of account holders (s. 501.1733(3)(a)1)
  • Transmitting age category data using industry-standard encryption protocols that ensure data integrity and data confidentiality. (s. 501.1733(2)(a)6.c)

Ambiguity Notes: While the bill requires encryption for this data, the mandatory sharing of 'age category data' between app stores and third-party developers creates new data-leakage risks and centralized databases of minor status.

Senate - 482 - Artificial Intelligence Bill of Rights

Legislation ID: 239443

Bill URL: View Bill

Summary

The bill amends existing statutes and creates new sections to define artificial intelligence, prohibit certain contracts with foreign entities, and establish the Artificial Intelligence Bill of Rights for Floridians. It outlines the rights of individuals regarding AI, including consent requirements for minors, protections against misuse of personal data, and civil remedies for violations. The bill also imposes obligations on AI technology companies and chatbot platforms to protect user information and restrict access for minors without parental consent.

Key Sections

  • Artificial Intelligence Bill of Rights: Establishes the Artificial Intelligence Bill of Rights which outlines the rights of Floridians regarding the use of AI.
  • Commercial Use of Likeness: Prohibits the commercial use of an individuals likeness created through AI without consent and establishes penalties.
  • Companion Chatbot Regulations: Imposes regulations on companion chatbot platforms, including parental consent for minors and options for parents to monitor interactions.
  • Data Protection and Violations: Prohibits AI companies from selling or disclosing personal information without consent and establishes penalties for violations.
  • Definitions and Contracting Restrictions: This provision defines artificial intelligence and prohibits governmental entities from contracting with certain foreign entities that could access personal identifying information.
  • Legal Actions and Enforcement: Authorizes the Department of Legal Affairs to take action against violations of the AI regulations and provides for civil penalties.

Key Requirements

  • AI companies must ensure personal information is deidentified and cannot be sold or disclosed without consent.
  • Chatbot platforms must prohibit minors from creating accounts without parental consent.
  • Department can bring actions under the Florida Deceptive and Unfair Trade Practices Act for violations.
  • Floridians have the right to know if they are interacting with AI, control their childrens use of AI, and seek civil remedies for unauthorized use of their likeness.
  • Platforms must provide parents with options to monitor and control their childs interactions with chatbots.
  • Prohibits governmental entities from extending or renewing contracts with specified foreign entities if they access personal information.
  • Requires an affidavit from entities seeking contracts to confirm they do not meet specified criteria related to foreign ownership or control.
  • Requires consent for the commercial use of an individuals AI-generated likeness.

Sponsors

Legislative Actions

Date Action
2026-01-13 • Introduced
2026-01-07 • Referred to Commerce and Tourism; Appropriations
2025-12-22 • Filed

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age verification and parental consent for access to specific online services.

Mechanism of Influence: By requiring platforms to 'prohibit a minor from... becoming an account holder... unless the minor’s parent or guardian provides consent,' the bill effectively compels the implementation of age-verification or age-assessment technologies.

Evidence:

  • prohibit a minor from entering into a contract with the platform to become an account holder... unless the minor’s parent or guardian provides consent (501.9984(1))

Ambiguity Notes: The bill does not specify the technical standard for 'consent' or age verification, leaving the 'reliability' of these checks to platform discretion or future rulemaking.

Analysis 2

Why Relevant: The bill imposes a duty on providers to mitigate the risk of children being exposed to harmful content.

Mechanism of Influence: Platforms must 'institute reasonable measures' to prevent chatbots from 'producing or sharing materials harmful to minors,' which functions as a mandated content-mitigation and safety-by-design requirement.

Evidence:

  • Institute reasonable measures to prevent its companion chatbot from producing or sharing materials harmful to minors (501.9984(2)(c))

Ambiguity Notes: 'Reasonable measures' is not defined, potentially requiring platforms to implement proactive filtering or monitoring of AI outputs to ensure compliance.

Analysis 3

Why Relevant: The bill compels the creation of monitoring and reporting infrastructure for private interactions.

Mechanism of Influence: Platforms are required to provide parents with 'copies of all past or present interactions' and 'timely notifications' regarding self-harm or intent to harm others, necessitating internal data-retention and monitoring systems.

Evidence:

  • Receive copies of all past or present interactions between the account holder and the companion chatbot (501.9984(1)(a)1)
  • Receive timely notifications if the account holder expresses... a desire or an intent to engage in self-harm or to harm others (501.9984(1)(a)5)

Ambiguity Notes: While focused on AI-to-human interaction, the requirement to provide 'all past or present interactions' creates a statutory mandate for platforms to maintain accessible, unencrypted logs of user communications.

↑ Back to Table of Contents

Georgia

Index of Bills

house - 171 - Crimes and offenses; obscenity; repeal and replace Code Section 16-12-80

Legislation ID: 188104

Bill URL: View Bill

Summary

This bill amends existing laws in Georgia regarding obscenity and related offenses by specifically prohibiting the distribution of computer-generated obscene material that depicts children. It establishes definitions for obscenity and child, outlines penalties for violations, and mandates reporting for individuals who suspect they are processing such material. Additionally, it introduces enhanced sentencing for defendants who utilize artificial intelligence in the commission of designated offenses.

Key Sections

  • Amendments to Existing Codes: This section amends references in the Official Code of Georgia to replace outdated code sections with the newly established code regarding obscene material and AI.
  • Amendments to Other Titles: This section amends references in Titles 20 and 32 of the Official Code of Georgia to reflect changes in the obscenity law.
  • Amendments to Related Codes: This section amends existing laws to replace references to previous code sections with updated ones regarding the distribution of obscene materials.
  • Definitions and Offenses: Establishes definitions for terms related to the distribution of obscene material and outlines offenses related to the distribution of computer-generated obscene material depicting a child.
  • Effective Date: Specifies the effective date of the bill as July 1, 2025, and its applicability to offenses committed on or after this date.
  • Effective Date: This section specifies the effective date of the Act as July 1, 2025, and its applicability to offenses committed after this date.
  • Enhanced Sentencing for AI Usage: This section establishes enhanced penalties for defendants who utilize artificial intelligence in committing certain offenses, specifying the consequences based on whether the offense is a misdemeanor or felony.
  • Exemptions for Law Enforcement: Clarifies that the provisions do not apply to law enforcement activities related to the investigation and prosecution of crimes.
  • Penalties for Offenses: Details the penalties associated with the distribution of computer-generated obscene material depicting a child, including felony and misdemeanor classifications.
  • Prohibition of Computer Generated Obscene Material: This section prohibits the distribution of computer-generated obscene material depicting a child, defining the criteria that constitute obscenity and detailing the penalties for violations.
  • Prohibition of Distribution of Obscene Material: This provision prohibits the distribution of computer-generated obscene material depicting a child and establishes criteria for what constitutes obscene material.
  • Prohibition of Distribution of Obscene Material: This section establishes the offense of distributing computer-generated obscene material depicting a child, defining the criteria for obscenity and the penalties for offenders.
  • Repeal of Conflicting Laws: States that all conflicting laws will be repealed to ensure the new provisions take precedence.
  • Repeal of Conflicting Laws: This section repeals any laws that conflict with the provisions of this Act.
  • Reporting Obligations: Mandates reporting requirements for individuals who suspect they are processing obscene material depicting minors, providing immunity for those who report in good faith.
  • Revised Obscenity Laws: This provision repeals the previous Code Section 16-12-80 and replaces it with a new definition and penalties for the distribution of computer-generated obscene material depicting a child.
  • Sentencing Enhancements for AI Utilization: This provision outlines the penalties for defendants who utilize artificial intelligence in committing designated offenses, including enhanced sentences for such actions.
  • Sentencing Enhancements for AI Utilization: This section outlines the enhanced sentencing for defendants who utilize artificial intelligence in committing designated offenses, specifying the penalties based on the severity of the offense.
  • Sentencing for Use of Artificial Intelligence: This provision introduces enhanced sentencing guidelines for defendants who use artificial intelligence in the commission of certain designated offenses.
  • Short Title: This section provides the official title of the Act as the Ensuring Accountability for Illegal AI Activities Act.

Key Requirements

  • Defines child as individuals under 16 years.
  • Defines obscene and child for legal clarity.
  • Defines obscene material based on community standards and its appeal to prurient interests.
  • Defines obscene material based on community standards and lack of serious value.
  • Establishes specific sentencing guidelines based on the type of offense committed.
  • Establishes that the offense is a felony with a punishment of 1 to 15 years imprisonment.
  • Felony punishment of 1 to 15 years for most offenders.
  • Immediate reporting to the National Center for Missing and Exploited Children and local law enforcement if there is reasonable belief of obscene conduct involving a minor.
  • Mandates a minimum fine and imprisonment based on the classification of the designated offense.
  • Mandates notification to the defendant of intent to seek enhanced penalties.
  • Mandates that the obscene material must depict an image that appears realistic and engages in sexually explicit conduct.
  • Misdemeanor classification for offenders aged 18 or younger under specific conditions.
  • Prohibits distribution of computer-generated obscene material that appears to depict a child.
  • Prohibits distribution of obscene material depicting a child created through artificial intelligence.
  • Prohibits the distribution of computer-generated obscene material depicting a child.
  • Prohibits the distribution of obscene materials depicting children created through AI.
  • Replaces cross-references to Code Section 16-12-80 with Code Section 16-12-80.1 in specified sections.
  • Requires enhanced penalties for using AI in designated offenses.
  • Requires individuals operating AI programs for children to ensure they do not provide obscene material.
  • Requires individuals to report suspected obscene material depicting children to law enforcement agencies.
  • Requires notice to be given to defendants regarding enhanced sentencing for using AI.
  • Requires notice to be given to defendants regarding the intent to seek enhanced penalties for AI usage in crimes.
  • Requires notification to defendants of intent to seek enhanced penalties if AI is used in a crime.
  • Specifies penalties based on whether the designated offense is a misdemeanor or felony.
  • Updates cross-references in education and transportation codes to reflect new provisions.
  • Updates cross-references in multiple education and transportation-related code sections.

Sponsors

Legislative Actions

Date Action
2026-01-12 Senate Recommitted
2025-03-31 Senate Committee Favorably Reported By Substitute
2025-03-28 Senate Recommitted
2025-03-27 Senate Committee Favorably Reported By Substitute
2025-03-27 Senate Read Second Time
2025-02-27 Senate Read and Referred
2025-02-26 House Passed/Adopted By Substitute
2025-02-26 House Third Readers

Detailed Analysis

Analysis 1

Why Relevant: The bill establishes a mandatory reporting requirement to a centralized body (NCMEC) for suspected child sexual abuse material.

Mechanism of Influence: It compels any person 'processing or producing visual or printed matter' to immediately report suspected CSAM to the National Center for Missing and Exploited Children and state authorities.

Evidence:

  • shall immediately report such incident, or cause a report to be made, to the National Center for Missing and Exploited Children (Section 2(f))
  • in the course of processing or producing visual or printed matter either privately or commercially (Section 2(f))

Ambiguity Notes: The phrase 'processing or producing' is not explicitly defined to include or exclude online service providers, potentially capturing AI generation platforms or cloud storage services.

↑ Back to Table of Contents

Indiana

Index of Bills

House - 1085 - Civil liability for child sexual abuse material.

Legislation ID: 242366

Bill URL: View Bill

Summary

House Bill No. 1085 introduces provisions for civil liability concerning child sexual abuse material and obscene material on the Internet. It enables individuals depicted in or exposed to such materials to file civil actions against those who knowingly allow access to, disseminate, or provide the content. The bill also allows the attorney general to seek injunctive relief and establishes a safe harbor provision for certain entities under specific conditions. Notably, it states that comparative fault and tort claims immunities do not apply to these civil actions.

Key Sections

  • Attorney Generals Authority: This section grants the attorney general the authority to seek injunctive relief against individuals or entities that violate the provisions related to prohibited material.
  • Civil Action for Prohibited Material: This provision allows individuals depicted in prohibited material to file a civil action against those who knowingly facilitate access to or disseminate such material.
  • Civil Action for Prohibited Material: This provision allows individuals depicted in prohibited material to file a civil lawsuit against those who knowingly or intentionally allow access to, disseminate, or provide such material online. It also permits parents or guardians to sue on behalf of minors depicted in such materials.
  • Definitions: Defines key terms such as child sexual abuse material, information content provider, interactive computer service provider, obscene material, and prohibited material.
  • Immunities and Administrative Remedies: This provision clarifies that certain immunities do not apply to actions brought under the chapter, and allows claims without exhausting administrative remedies.
  • Immunities and Administrative Remedies: This provision clarifies that certain immunities related to tort claims do not apply to actions brought under the new chapter concerning child sexual abuse material, and it allows such actions to proceed without exhausting administrative remedies.
  • Injunctive Relief: The attorney general is authorized to seek injunctive relief against individuals violating the provisions related to prohibited material.

Key Requirements

  • Attorney general can initiate actions for injunctive relief without needing a private individual to file first.
  • Defendants can be held liable if they knowingly allow access to or disseminate prohibited material.
  • Individuals depicted in child sexual abuse material or exposed to obscene material may bring civil actions.
  • Individuals depicted in prohibited material can sue for damages.
  • No need to exhaust administrative remedies prior to filing a lawsuit.
  • Parents or guardians can bring actions on behalf of minors.
  • Parents or guardians may file actions on behalf of minors depicted in prohibited material.
  • Tort claim immunities do not apply to civil actions under this chapter.

Sponsors

Legislative Actions

Date Action
2026-01-13 Representative Goss-Reaves added as coauthor
2026-01-05 Authored by Representative King
2026-01-05 First reading: referred to Committee on Judiciary

Detailed Analysis

Analysis 1

Why Relevant: The bill includes a safe harbor mechanism contingent on the removal or blocking of prohibited content.

Mechanism of Influence: Under Sec. 1(b)(2), a provider avoids liability only if it takes 'immediate voluntary good faith actions to remove or block access to the prohibited material' after gaining actual knowledge.

Evidence:

  • Sec. 1(b)(2): 'takes immediate voluntary good faith actions to remove or block access to the prohibited material'

Ambiguity Notes: While this incentivizes removal, it is a liability shield rather than a proactive administrative 'removal order' as seen in the EU CSA Act.

House - 1178 - Minor access to social media.

Legislation ID: 247600

Bill URL: View Bill

Summary

House Bill No. 1178 establishes requirements for social media providers regarding the creation and management of accounts for minors. It mandates that social media providers must obtain verifiable parental consent before allowing individuals under 14 years old to create accounts. Additionally, it requires providers to offer parental controls, regularly verify the age of account holders, and establish processes for account termination. Violations of these provisions may result in civil action and enforcement by the attorney general.

Key Sections

  • Account Creation for Minors: Social media providers cannot create accounts for individuals under 14 without verifiable parental consent.
  • Account Termination Process: Providers must provide a clear process for parents and minors to terminate accounts.
  • Age Verification and Account Management: Providers must periodically verify the age of account holders and terminate accounts if minors are found without consent.
  • Attorney General Enforcement: Empowers the attorney general to enforce the provisions of the bill.
  • Enforcement and Legal Remedies: Establishes legal consequences for providers who violate the provisions regarding minor accounts.
  • Parental Consent Information Retention: Providers must manage and retain information related to parental consent appropriately.

Key Requirements

  • Allows civil actions by minors or parents for violations.
  • Allows the attorney general to independently enforce compliance with the bill.
  • Requires a simple and accessible means for account termination for minors.
  • Requires periodic age verification for all account holders.
  • Requires providers to disable certain features for minor accounts.
  • Requires providers to offer parents a separate password to set limits on the minors account usage.
  • Requires termination of accounts if a minor is found without parental consent.
  • Requires termination of the account within a specified time after a termination request.
  • Requires verifiable parental consent for account creation for minors under 14.
  • Sets requirements for the use and retention of information for parental consent.
  • Specifies remedies available to prevailing plaintiffs.

Sponsors

Legislative Actions

Date Action
2026-01-05 Authored by Representative King
2026-01-05 Coauthored by Representatives Behning, Teshka
2026-01-05 First reading: referred to Committee on Judiciary

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates robust, ongoing age verification and assessment for all users, a core pillar of the EU's child protection framework.

Mechanism of Influence: Providers must use 'commercially reasonable means' to determine age and must perform periodic re-verification at 80% and 90% confidence levels once users reach specific usage milestones (25, 50, and 100 hours).

Evidence:

  • use commercially reasonable means to determine the age (Ch. 2, Sec. 1(a)(1))
  • periodically verify the age of each Indiana account holder (Digest)
  • determine under subsection (c) with ninety percent (90%) confidence that an Indiana account holder is fourteen (14) years of age or older (Ch. 3, Sec. 1(d)(1))

Ambiguity Notes: The bill does not define 'commercially reasonable means' or 'confidence' metrics, potentially forcing providers to adopt invasive biometric or identity-linked verification to meet the 90% threshold.

Analysis 2

Why Relevant: The bill mandates specific risk mitigation changes to product features and recommender systems.

Mechanism of Influence: It statutorily compels providers to disable features deemed harmful to minors, including 'profile based content feeds' and 'continuous loading,' effectively regulating the platform's core architecture and algorithms.

Evidence:

  • disabling access by the account holder to specified features and functionality (Digest)
  • configure the account such that the account does not use... Continuous loading... profile based content feed... push notifications (Ch. 2, Sec. 2(b))

Ambiguity Notes: While the EU Act requires providers to propose mitigations based on risk assessments, this bill bypasses the assessment and mandates specific feature removals.

Analysis 3

Why Relevant: The bill includes data preservation and internal control requirements regarding parental consent.

Mechanism of Influence: Providers are required to retain documentation establishing they received verifiable parental consent for active accounts, creating a compliance infrastructure for age-gating.

Evidence:

  • retain documentation sufficient to reasonably establish that the covered social media provider has received verifiable parental consent (Ch. 5, Sec. 2)
  • delete the information immediately after registering the individuals provision of verifiable parental consent (Ch. 5, Sec. 1(2))

Ambiguity Notes: The bill simultaneously requires the immediate deletion of personal information used for consent registration, creating a potential conflict with the duty to retain 'sufficient' documentation for enforcement.

Senate - 129 - Age verification for access to social media.

Legislation ID: 242574

Bill URL: View Bill

Summary

Senate Bill No. 129 mandates that social media operators must obtain verifiable parental consent before allowing minor users, defined as individuals under 16 years of age, to view content on their platforms. The bill establishes the framework for enforcement by the attorney general, including the ability to issue civil investigative demands and take legal action against non-compliant operators. Additionally, it highlights the risks associated with social media use among minors, such as increased rates of depression and suicide, while balancing parental rights and childrens safety.

Key Sections

  • Confidentiality of Minor User Information: Information collected about minor users is to be kept confidential in any legal proceedings.
  • Definitions: Defines minor user as an individual less than 16 years of age and establishes terms related to social media and social media operators.
  • Enforcement by Attorney General: The attorney general can take action against social media operators who violate the consent requirement and must first issue a notice of violation.
  • Findings and Declaration: The General Assembly recognizes the risks to childrens health and safety posed by unrestricted access to social media, citing data on suicide and depression rates among minors.
  • Parental Consent Requirement: Social media operators must not allow minor users to view their platforms without obtaining verifiable parental consent.
  • Security of Information: Social media operators are required to secure all information collected from minor users and ensure it is encrypted.
  • Severability: The provisions of this chapter are severable, ensuring that if one part is invalid, the others remain effective.

Key Requirements

  • All records related to minor users must be marked as confidential.
  • Attorney general must send a notice of violation before taking legal action.
  • Operators must identify accounts created by minors without consent.
  • Requires encryption of information collected from minor users.
  • Requires social media operators to obtain verifiable parental consent for minor users.

Sponsors

Legislative Actions

Date Action
2025-12-11 Authored by Senators Bohacek, Brown L
2025-12-11 First reading: referred to Committee on Judiciary

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age verification and parental consent for social media access, a core element of the spiritual successor criteria.

Mechanism of Influence: Operators must implement 'commercially reasonable methods' to identify minor users and obtain consent, effectively creating a gatekeeping mechanism for platform access.

Evidence:

  • Sec. 7. (a) (1) must not allow a minor user to view social media without obtaining verifiable parental consent
  • Sec. 7. (a) (2) shall use commercially reasonable methods to comply

Ambiguity Notes: The term 'commercially reasonable methods' is not defined, potentially allowing for highly intrusive verification technologies such as biometric scanning or government ID uploads.

Analysis 2

Why Relevant: The bill imposes data security and encryption requirements on information collected for age verification.

Mechanism of Influence: Requires social media operators to encrypt all data collected and retained under the chapter, impacting how user verification data is handled and stored.

Evidence:

  • Sec. 8. Any information collected and retained by a social media operator under this chapter must be encrypted

Ambiguity Notes: While it mandates encryption for storage, it does not address the privacy implications of the initial collection of sensitive data required for 'verifiable' consent.

Analysis 3

Why Relevant: The bill explicitly excludes app stores, which is a significant deviation from the EU Chat Act's model.

Mechanism of Influence: By excluding device manufacturers and app stores, the bill focuses the compliance burden solely on the social media operators themselves, rather than the distribution layer.

Evidence:

  • Sec. 5. (b) The term does not include a device manufacturer or application store.

Ambiguity Notes: None

Senate - 199 - Various education matters.

Legislation ID: 249529

Bill URL: View Bill

Summary

This bill establishes guidelines for social media services to protect adolescents and children from potential harm. It mandates age verification for account creation and restricts access for users identified as minors unless parental consent is provided. Additionally, it outlines the responsibilities of social media services in configuring accounts for minors and prohibits the collection of personal information from users known to be minors.

Key Sections

  • Account Configuration for Minors: Details how social media services must configure accounts for users identified as adolescents to limit their exposure and interactions on the platform.
  • Account Creation and Age Verification: Outlines the requirements for social media services regarding account creation for Indiana residents, focusing on age verification and parental consent for adolescents and children.
  • Age Verification Method Restrictions: Sets limitations on how social media services can verify ages without retaining unnecessary identifying information.
  • Definition of Addictive Features: Defines addictive features of social media services, including continuous loading of content, seamless content, personal interactive metrics, autoplay videos, and live streaming.
  • Emergency Declaration: Declares an emergency for the act, allowing for immediate implementation of its provisions.
  • Enforcement and Penalties: Describes the consequences for social media services that violate the provisions regarding minors, including potential legal actions by parents.
  • Parental Access to Adolescent Accounts: Establishes that parents or guardians must be provided with access credentials to monitor and manage their adolescents social media accounts.
  • Prohibition on Personal Information Collection: Prohibits social media services from collecting or using personal information from adolescents, except as necessary for age verification.
  • Voidance of Existing Regulation: Declares a specific existing administrative code provision void, effective immediately, and sets an expiration for this action.

Key Requirements

  • Allows individuals to take action against unlawful retention or use of their information.
  • Allows parents to sue for violations of the bills provisions.
  • Allows parents to view account activity, modify configurations, and set access limits.
  • Entitles parents to damages, injunctive relief, and legal costs.
  • Identifies specific features that contribute to addictive use of social media.
  • Imposes time restrictions on account access.
  • Limits the use of collected information solely to age determination.
  • Mandates written parental consent for adolescents and prohibits account creation for children.
  • Prevents accounts from appearing in search results unless designated by the user.
  • Prohibits dissemination of content based on usage patterns.
  • Prohibits retention or use of identifying information beyond age verification.
  • Requires reasonable age verification methods for account creation.
  • Requires social media services to employ algorithms analyzing user data to select content.
  • Requires social media services to provide separate access credentials for parents.
  • Restricts direct communications to linked accounts only.
  • Restricts the retention of identifying information unless required by court order.

Sponsors

Legislative Actions

Date Action
2026-01-08 Senator Rogers added as second author
2026-01-05 Authored by Senator Raatz
2026-01-05 First reading: referred to Committee on Education and Career Development

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age verification and age assessment for social media users.

Mechanism of Influence: It requires providers to use 'reasonable age verification methods' to identify child and adolescent users before allowing account creation.

Evidence:

  • The social media service shall use a reasonable age verification method to determine the age of the individual requesting creation of the account. (IC 24-16-2-1(a)(1))
  • "Reasonable age verification method" means a method of determining that an individual seeking to access a website is not a child or an adolescent... (IC 24-16-1-7)

Ambiguity Notes: The term 'reasonable age verification method' includes third-party services and transactional data, which may have privacy implications similar to those discussed in the EU context.

Analysis 2

Why Relevant: The bill imposes mandated mitigation changes to product features and moderation for minor accounts.

Mechanism of Influence: It compels services to configure accounts for minors to limit exposure, specifically restricting direct communications and algorithmic content selection.

Evidence:

  • The social media service may allow the account to receive direct communications only from an account that the user has designated as a linked account. (IC 24-16-2-2(b)(1))
  • The social media service may not disseminate: (A) content; (B) recommendations for content; or (C) advertising; based on patterns of the adolescents use... (IC 24-16-2-2(b)(3))

Ambiguity Notes: While not a 'risk assessment' in the formal sense, these are statutory mitigation mandates aimed at preventing harm to minors.

↑ Back to Table of Contents

Iowa

Index of Bills

House - 864 - relating to certain commercial entities who publish or distribute obscene material on the internet, and providing civil penalties.

Legislation ID: 63826

Bill URL: View Bill

Summary

House File 62 establishes civil liability for commercial entities that knowingly publish or distribute obscene material on the internet without verifying the age of the user. It mandates the use of age verification methods to prevent minors from accessing such material, while also clarifying that providers of interactive computer services are not liable under this law.

Key Sections

  • Age Verification Requirement: Requires commercial entities to verify that individuals accessing obscene material are not minors using reasonable age verification methods.
  • Civil Liability: Establishes civil liability for commercial entities that violate the age verification requirement, making them liable for damages resulting from a minors access to obscene material.
  • Definitions: Defines key terms such as interactive computer service and obscene material as per existing legal definitions.
  • Definitions: This provision defines key terms used in the bill, including covered platform, identifying information, obscene material, and reasonable age verification.
  • Definitions: This section defines key terms used in the bill, including covered platform, obscene material, and reasonable age verification.
  • Definitions: This section defines key terms used in the bill, including covered platform, obscene material, reasonable age verification, and others relevant to the regulation of obscene material on the internet.
  • Enforcement and Penalties: This section grants the attorney general the authority to enforce compliance with the bill and assess civil penalties for violations.
  • Enforcement —— penalties: This provision grants the attorney general authority to enforce compliance with the bill, including the ability to assess civil penalties for violations.
  • Exemption for Interactive Computer Services: Clarifies that the bill does not impose civil liability on providers or users of interactive computer services.
  • Limitations on liability: This provision clarifies that users of interactive computer services and providers who offer access to covered platforms are not liable under this chapter.
  • Limitations on liability: This section clarifies that the bill does not impose liability on users of interactive computer services or providers who merely facilitate access to covered platforms, provided they are not responsible for the creation of the obscene material. It also states that enforcement of the bills provisions is limited to private civil actions.
  • Limitations on Liability: This section clarifies that the bill does not impose liability on users of interactive computer services or providers for merely providing access to obscene material.
  • Publication and Distribution of Obscene Material: This section outlines the liability of covered platforms for failing to perform reasonable age verification for users accessing obscene material.
  • Publication and distribution of obscene material on the internet — age verification — civil liability: This provision establishes that covered platforms are liable if they fail to implement reasonable age verification for individuals accessing obscene material, leading to minors being able to access such content. It specifies the methods for age verification and the consequences for failing to comply.
  • Publication and distribution of obscene material on the internet —— age verification —— civil liability: This provision establishes liability for covered platforms that fail to conduct reasonable age verification for individuals accessing obscene material. It outlines methods for age verification and restrictions on retaining identifying information.

Key Requirements

  • Age verification methods can include government-issued ID and must not retain identifying information after verification.
  • Allows the attorney general to bring civil actions for violations, enforce compliance, and assess penalties up to $10,000 for each violation.
  • Allows third-party verification methods and cryptographic techniques to protect privacy.
  • Alternative commercially reasonable methods of age verification are acceptable.
  • Attorney general can bring civil actions for violations, including injunctions and penalties up to $10,000 per violation.
  • Clarifies that providers are not liable for access to obscene material not under their control.
  • Commercial entities must use a commercially available database for age verification.
  • Covered platforms must perform reasonable age verification for individuals accessing obscene material.
  • Defines covered platform as a commercial entity that creates, hosts, or distributes obscene material on the internet.
  • Defines key terms related to the regulation of obscene material and age verification.
  • Entities found in violation must compensate for damages and cover reasonable attorney fees and costs.
  • Establishes a reporting system for individuals to report violations.
  • Exempts providers from liability for merely providing access to obscene material they did not create.
  • Exempts users of interactive computer services from liability.
  • Prohibits retention and dissemination of identifying information after age verification.
  • Prohibits retention and distribution of identifying information after age verification is completed.
  • Requires covered platforms to perform reasonable age verification for access to obscene material.
  • Requires covered platforms to perform reasonable age verification on users attempting to access obscene material.
  • Specifies methods for age verification, including government-issued ID and other reliable documents.
  • Specifies that enforcement can only be through private civil actions.
  • Specifies that users of interactive computer services are not liable under this chapter.

Sponsors

Legislative Actions

Date Action
2026-01-13 Subcommittee: Alons, Bennett, and Taylor.
2025-06-16 Referred to Technology.S.J. 1057.
2025-04-03 Placed on calendar under unfinished business.S.J. 689.
2025-03-25 Explanation of vote.H.J. 811.
2025-03-25 Explanations of votes.H.J. 812.
2025-03-24 Message from House.S.J. 607.
2025-03-24 Read first time, attached toSF 443.S.J. 607.
2025-03-20 Immediate message.H.J. 767.

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age verification for access to specific online content, a core element of the EU Chat Act's child protection framework.

Mechanism of Influence: Requires 'covered platforms' to verify user age via government ID or financial documents before allowing access to 'obscene material' (Sec 2.1).

Evidence:

  • A covered platform shall be held liable if the covered platform fails to perform reasonable age verification (Sec 2.1)
  • “Reasonable age verification” means... Government-issued identification... Financial documents... Any other commercially reasonable and reliable method (Sec 1.7)

Ambiguity Notes: The catch-all 'any other commercially reasonable and reliable method' (Sec 1.7.c) leaves the specific technologies for verification undefined.

Analysis 2

Why Relevant: The bill addresses data preservation and privacy by restricting the retention of identifying information used for verification.

Mechanism of Influence: Mandates that platforms or third-party verifiers must not retain or disseminate identifying information after the verification process is complete (Sec 2.3).

Evidence:

  • shall not retain an individual’s identifying information after the covered platform or third party completes the individual’s reasonable age verification (Sec 2.3.a)
  • may employ cryptographic techniques such as zero knowledge proofs to preserve anonymity (Sec 2.2)

Ambiguity Notes: While it protects privacy by prohibiting retention, it does not address the security of the verification process itself beyond a mention of 'cryptographic techniques' (Sec 2.2).

Analysis 3

Why Relevant: The bill establishes a centralized reporting mechanism for violations, similar to the compliance infrastructure in the EU Chat Act.

Mechanism of Influence: Requires the attorney general to create an electronic system for individuals to report platforms that fail to implement age checks (Sec 3.4).

Evidence:

  • The attorney general shall establish an electronic reporting system for the submission of reports pursuant to this section (Sec 3.4)

Ambiguity Notes: The reporting system is for statutory violations by platforms, not for reporting specific instances of illegal content (CSAM) to a central hub.

↑ Back to Table of Contents

Kentucky

Index of Bills

House - 227 - AN ACT relating to addictive online platforms.

Legislation ID: 251636

Bill URL: View Bill

Summary

This bill outlines the requirements for parental consent when children create accounts on covered AI companion or social media platforms. It includes provisions for resolving disputes regarding a childs age, invalidation of contracts made without proper consent, and the establishment of penalties for violations of these provisions. The bill also empowers the Attorney General to enforce these regulations and provides mechanisms for civil action against non-compliant platforms.

Key Sections

  • Civil Penalties for Violations: Platforms that recklessly or intentionally violate the act face civil penalties of $10,000 or actual damages, whichever is greater.
  • Enforcement by the Attorney General: The Attorney General can enforce the act, investigate violations, and may impose penalties for continued non-compliance after a cure period.
  • Invalid Contracts with Minors: Contracts made by children without sufficient parental consent are deemed invalid and unenforceable, including any arbitration clauses or limitations of liability.
  • Parental Consent and Age Verification: This section mandates that covered platforms obtain verifiable parental consent before allowing children to create accounts. It also outlines the process for age verification if an account holder disputes their classification as a child.
  • Private Right of Action: Children or parents can sue for damages or seek injunctive relief for violations of the act, including mental health damages and attorney fees.
  • Severability and Public Policy: Any waivers or limitations of rights established by the act are void and unenforceable, ensuring that the acts provisions are upheld.

Key Requirements

  • Allows private right of action for violations of the act.
  • Contracts with minors must have parental consent to be valid.
  • Establishes civil penalties for reckless or intentional violations.
  • Grants enforcement authority to the Attorney General.
  • Mandates resolution of age disputes within 30 days.
  • Prohibits any waivers of rights under the act.
  • Requires account termination within 7 days if a child is determined to be ineligible.
  • Requires notice before initiating action for violations.
  • Requires verifiable parental consent for children to open accounts.
  • Specifies damages for emotional distress.

Sponsors

Legislative Actions

Date Action
2026-01-14 to Small Business & Information Technology (H)
2026-01-07 introduced in House to Committee on Committees (H)

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates sophisticated age estimation and verification, a core pillar of the EU's approach to online child safety.

Mechanism of Influence: Platforms must use 'reasonable means and efforts' to 'estimate the age of the account holder' with specific confidence thresholds of 80% and 90%.

Evidence:

  • Section 2(1)(a): 'use reasonable means and efforts... to estimate the age of the account holder'
  • Section 2(1)(b): 'conclude with eighty percent (80%) confidence that the account holder is over sixteen (16) years of age'
  • Section 4(6): 'may rely on any commercially reasonable age verification process to resolve the dispute'

Ambiguity Notes: The bill does not specify which technologies satisfy 'reasonable means,' potentially pressuring platforms toward biometric or invasive identity scanning.

Analysis 2

Why Relevant: The bill requires material changes to product design and features to mitigate perceived risks to minors, similar to the EU's mitigation mandates.

Mechanism of Influence: It bans 'addictive features' and 'profile-based paid commercial advertising' for users identified as children.

Evidence:

  • Section 3(5): 'shall not present addictive features in the display or feed of any child'
  • Section 1(2): '"Addictive feature" includes: (a) Infinite scrolling... (c) Push notifications... (d) Autoplay video'

Ambiguity Notes: The definition of 'addictive feature' is broad, covering standard UI elements like push notifications and infinite scroll.

Analysis 3

Why Relevant: The bill mandates ongoing monitoring and data analytics to maintain age-based compliance.

Mechanism of Influence: Platforms must update age estimates every 100 hours of usage or whenever they apply 'any form of data analytics or artificial intelligence' to update other demographic data.

Evidence:

  • Section 2(3): 'shall update its estimate of the age of each account holder after every additional one hundred (100) hours spent by the account holder on the platform'

Ambiguity Notes: This creates a statutory duty for continuous user profiling to ensure age accuracy.

Analysis 4

Why Relevant: The bill establishes a compliance and enforcement infrastructure with significant penalties.

Mechanism of Influence: It empowers the Attorney General to investigate and imposes heavy civil penalties for 'reckless or intentional' violations.

Evidence:

  • Section 6(3): 'assessed a civil penalty of ten thousand dollars ($10,000) or of actual damages... whichever is greater'
  • Section 8(1): 'The Attorney General may enforce Sections 1 to 8 of this Act'

Ambiguity Notes: None

House - 232 - AN ACT relating to the protection of minors on digital platforms.

Legislation ID: 251651

Bill URL: View Bill

Summary

This bill establishes new regulations for social media platforms to ensure the safety of minors. It defines terms related to addictive and nonaddictive feeds, mandates parental consent for minors to access certain content, and requires platforms to implement measures to protect minors from harmful material. Additionally, it outlines enforcement mechanisms and potential penalties for noncompliance.

Key Sections

  • Age Verification and Parental Consent: This section mandates social media platforms to implement methods for verifying the age of users and stipulates that any personal information collected for this purpose cannot be used for other purposes.
  • Definitions: This section defines key terms used in the bill, including addictive feed, minor, nonaddictive feed, social media platform, and verifiable parental consent.
  • Enforcement and Civil Actions: This section outlines the enforcement mechanisms for violations of the act, including penalties that the Attorney General can impose and the ability for parents to initiate civil actions against noncompliant platforms.
  • Proactive Strategies Against Harmful Material: Social media platforms are required to develop strategies to prevent minors from being exposed to harmful content, utilizing filtering technology to block such material.
  • Restrictions on Content for Minors: Social media platforms are prohibited from providing addictive feeds to minors without verifiable parental consent and must only offer nonaddictive feeds in the absence of such consent. They are also required to restrict push notifications to minors during certain hours unless consent is obtained.
  • Severability Clause: If any part of the act is found invalid, the remaining provisions shall still be enforceable, ensuring the acts overall intent remains intact.

Key Requirements

  • Allows the Attorney General to enforce the provisions of the act and impose fines for violations.
  • Enables parents to bring civil actions against platforms for noncompliance.
  • Limits push notifications to minors between midnight and 6 a.m. without parental consent.
  • Mandates deletion or deidentification of personal information after age verification or consent acquisition.
  • Mandates the development of proactive strategies to prevent exposure to content related to suicide, substance abuse, and harassment.
  • Prohibits denial of basic functionality to users who do not provide consent for addictive feeds.
  • Prohibits minors from making purchases without explicit parental consent for each transaction.
  • Requires platforms to implement filtering technology to block harmful material for known minors.
  • Requires social media platforms to obtain verifiable parental consent to provide addictive feeds to minors.
  • Requires social media platforms to verify the age of users accurately upon account creation.

Sponsors

Legislative Actions

Date Action
2026-01-15 to Small Business & Information Technology (H)
2026-01-08 introduced in House to Committee on Committees (H)

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age verification for all users at account creation.

Mechanism of Influence: Section 3(1) requires platforms to use 'commercially reasonable and technically feasible methods to determine the age of a user with a specified level of accuracy.'

Evidence:

  • Section 3(1): 'determine the age of a user with a specified level of accuracy upon account creation.'

Ambiguity Notes: The 'specified level of accuracy' is not defined, potentially allowing the state to demand high-assurance identity or biometric checks.

Analysis 2

Why Relevant: The bill compels the use of scanning/filtering technology to block specific categories of content.

Mechanism of Influence: Section 4(2) explicitly mandates the use of 'filtering technology to block such harmful material' (suicide, substance abuse, harassment) from being displayed to minors.

Evidence:

  • Section 4(2): 'The proactive strategy... shall include the use of filtering technology to block such harmful material'

Ambiguity Notes: While the categories differ from the EU's focus on CSAM, the mandate to implement 'filtering technology' mirrors the EU's 'detection order' mechanism.

Analysis 3

Why Relevant: The bill requires platforms to develop and implement risk mitigation plans.

Mechanism of Influence: Section 4(1) requires a 'proactive strategy' to prevent exposure to harmful material, which functions as a mandated mitigation plan.

Evidence:

  • Section 4(1): 'A social media platform shall develop and implement a proactive strategy to prevent a known minors exposure to harmful material'

Ambiguity Notes: The term 'proactive strategy' is broad and could be interpreted by the Attorney General to require specific product design changes or moderation staffing.

Analysis 4

Why Relevant: The bill regulates algorithmic 'addictive feeds' and mandates default-safe settings for minors.

Mechanism of Influence: Section 2(1) prohibits providing 'addictive feeds' (algorithmic recommendations) to minors without parental consent, effectively mandating a chronological feed by default.

Evidence:

  • Section 2(1)(a): 'A social media platform shall not provide a minor with an addictive feed without first obtaining verifiable parental consent.'

Ambiguity Notes: None

↑ Back to Table of Contents

Maine

Index of Bills

House - 1451 - An Act to Regulate and Prevent Childrens Access to Artificial Intelligence Chatbots with Human-like Features and Social Artificial Intelligence Companions

Legislation ID: 256064

Bill URL: View Bill

Summary

This legislation prohibits the accessibility of artificial intelligence chatbots and social AI companions that exhibit human-like features to minors. It defines what constitutes human-like features and outlines specific requirements for deployers to prevent minors from accessing such technologies. The bill allows exceptions for therapy chatbots under strict conditions, mandates safeguards for user information, and establishes penalties for violations.

Key Sections

  • Additional protections; all users: This section mandates that deployers implement practices to protect all users, including emergency situation protocols and restrictions on user information collection.
  • Applicability: This section outlines the applicability of the chapter, specifying that it applies to deployers operating in Maine and to users, particularly minors, residing in the state.
  • Chatbots with human-like features and social AI companions not accessible to minors: This provision mandates that deployers ensure that chatbots with human-like features and social AI companions are not accessible to minors, requiring age verification and allowing for alternative versions without such features.
  • Definitions: This section defines key terms used throughout the chapter, including artificial intelligence chatbot, deployer, human-like feature, minor, and others.
  • Exemption for therapy chatbots: This section provides conditions under which therapy chatbots may be made available to minors, requiring oversight by licensed mental health professionals and adherence to specific safeguards.
  • Penalties and remedies for violation: This provision outlines the enforcement mechanisms for violations of the chapter, including civil actions by the Attorney General and private rights of action for minors.
  • Rules: This section allows the Department of the Attorney General to adopt rules necessary for the implementation of the chapter.

Key Requirements

  • A licensed mental health professional must assess and monitor the use of the therapy chatbot.
  • Deployers may only collect user information necessary for legitimate purposes.
  • Deployers may provide alternative versions of chatbots without human-like features for minors.
  • Deployers must have systems to detect and respond to emergency situations.
  • Deployers must implement reasonable age verification systems.
  • Developers must provide peer-reviewed clinical trial data on the chatbots safety and efficacy.
  • Minors or their guardians may sue for damages or seek injunctive relief.
  • The Attorney General can bring civil actions for violations.
  • Therapy chatbots must provide a disclaimer that they are not licensed professionals.

Sponsors

Legislative Actions

Date Action
2026-01-13 Referred in Concurrence
2026-01-13 Referred to Committee

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age verification for interpersonal AI communication services.

Mechanism of Influence: Deployers are legally required to implement 'reasonable age verification systems' to ensure minors cannot access prohibited chatbot features, creating a gatekeeping requirement similar to the EU's age-assessment mandates.

Evidence:

  • The deployer shall implement reasonable age verification systems to ensure that chatbots with human-like features are not accessible to minors. (§1500-RR(1))

Ambiguity Notes: The term 'reasonable' is not defined, leaving open whether this requires high-assurance identity verification or less intrusive methods.

Analysis 2

Why Relevant: The bill compels the detection and reporting of specific harmful content/situations.

Mechanism of Influence: It creates a statutory duty to 'detect' and 'report' emergency situations (harm to self or others), which functionally requires the monitoring of user interactions with the AI, mirroring the 'compelled detection' logic of the EU Chat Act.

Evidence:

  • A deployer shall implement and maintain reasonably effective systems to detect, promptly respond to, report and mitigate emergency situations (§1500-SS(1))

Ambiguity Notes: While the focus is on 'emergency situations' rather than CSAM, the requirement to 'detect' and 'mitigate' such instances necessitates persistent monitoring of private or semi-private AI interactions.

Analysis 3

Why Relevant: The bill imposes data minimization and internal control requirements.

Mechanism of Influence: It restricts data collection to the 'minimum amount necessary' for legitimate purposes, similar to the data protection and internal oversight features of the EU's compliance infrastructure.

Evidence:

  • A deployer shall collect and store only information that does not conflict with a users safety and well-being... and is the minimum amount of information necessary (§1500-SS(2))

Ambiguity Notes: The definition of 'legitimate purpose' is broad and could be interpreted to include the data needed for the mandated detection systems.

↑ Back to Table of Contents

Michigan

Index of Bills

House - 4938 - State: other; distribution of certain material; prohibit. Creates new act.Last Action: bill electronically reproduced 09/11/2025

Legislation ID: 245812

Bill URL: View Bill

Summary

This bill, known as the Anticorruption of Public Morals Act, seeks to regulate the online dissemination of pornographic and prohibited materials. It outlines definitions, establishes penalties for violations, mandates internet service providers to implement filtering technologies, and requires internet platforms to enforce strict content moderation policies. The bill also creates a special enforcement division within the Attorney Generals office to ensure compliance and manage a fund for enforcement costs.

Key Sections

  • Content Moderation Requirements: This section outlines the requirements for internet platforms to update their terms of service and implement content moderation tools to prevent access to prohibited material.
  • Definitions: This section provides definitions for key terms used in the act, such as circumvention tools, commercial entity, distribute, internet service provider, and prohibited material.
  • Enforcement and Compliance: This section establishes a special internet content enforcement division within the Attorney Generals office to investigate violations and ensure compliance with the act.
  • Funding and Administration: This section creates a fund to support the enforcement of the act, detailing how funds will be collected and used for administration and enforcement.
  • Internet Service Provider Responsibilities: This section mandates internet service providers to implement filtering technologies to block access to prohibited materials and to monitor and block circumvention tools.
  • Prohibition of Distribution: This section prohibits commercial entities and internet platforms from knowingly distributing prohibited material online, imposing severe penalties for violations, including imprisonment and fines.

Key Requirements

  • Creates a fund for enforcement costs.
  • Establishes a division to audit and enforce compliance with the act.
  • Imposes penalties for violations, including imprisonment up to 25 years and fines up to $125,000 for multiple offenses.
  • Mandates compliance with takedown orders within 2 business days.
  • Mandates implementation of AI-driven filtering and human review teams for content moderation.
  • Obligates blocking access to specific sites upon court order.
  • Prohibits distribution of prohibited material by commercial entities and internet platforms.
  • Requires annual transparency reports to the state police.
  • Requires internet service providers to implement mandatory filtering technology.
  • Requires monitoring and blocking of circumvention tools.
  • Requires updating terms of service to prohibit prohibited material.
  • Specifies that funds will come from civil fines and other sources.

Sponsors

Legislative Actions

Date Action
2025-09-16 bill electronically reproduced 09/11/2025
2025-09-11 introduced by Representative Rep. Josh Schriver
2025-09-11 read a first time
2025-09-11 referred to Committee onJudiciary

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates the use of automated technologies to detect and remove specific categories of content, mirroring the EU's detection order mechanism.

Mechanism of Influence: It requires platforms to implement 'Artificial intelligence driven filtering technology for preemptive removal' (Sec. 4(2)(a)) and 'real-time content scanning, keyword and metadata analysis, [and] image recognition' (Sec. 4(4)(c)).

Evidence:

  • Sec. 4(2)(a): Artificial intelligence driven filtering technology for preemptive removal
  • Sec. 4(4)(c): Include real-time content scanning, keyword and metadata analysis, image recognition

Ambiguity Notes: The term 'real-time content scanning' is broad and implies a requirement for persistent surveillance of all user-generated content or communications.

Analysis 2

Why Relevant: The bill explicitly targets encryption and privacy-preserving technologies that would prevent the mandated scanning or filtering.

Mechanism of Influence: It defines 'circumvention tools' to include 'encrypted tunneling methods' (Sec. 2(a)) and requires ISPs to 'actively monitor and block known circumvention tools' (Sec. 3(3)).

Evidence:

  • Sec. 2(a): 'Circumvention tools' means any software... including virtual private networks, proxy servers, and encrypted tunneling methods
  • Sec. 3(3): An internet service provider... shall actively monitor and block known circumvention tools

Ambiguity Notes: By labeling 'encrypted tunneling' as a circumvention tool, the bill effectively criminalizes or mandates the blocking of standard security protocols like VPNs and potentially E2EE messaging.

Analysis 3

Why Relevant: The bill establishes a centralized compliance and enforcement infrastructure similar to the EU's proposed Coordinating Authorities.

Mechanism of Influence: It creates a 'special internet content enforcement division' (Sec. 5(1)) to 'audit, investigate, and enforce compliance' and manage a 'trusted flagger program' (Sec. 4(5)).

Evidence:

  • Sec. 5(1): The department of attorney general shall establish a special internet content enforcement division
  • Sec. 4(5): establish a trusted flagger program through which law enforcement and designated organizations have priority

Ambiguity Notes: The 'trusted flagger' program gives law enforcement priority reporting status, which can lead to rapid, extra-judicial content removal.

Analysis 4

Why Relevant: The bill imposes strict removal timelines and blocking requirements for service providers.

Mechanism of Influence: It mandates a '2-business-day response time' for flagged content (Sec. 4(2)(c)) and requires ISPs to block websites upon court order (Sec. 3(6)).

Evidence:

  • Sec. 4(2)(c): A public reporting mechanism with a 2-business-day response time
  • Sec. 5(4): fails to comply... is subject to a civil fine of $250,000.00 per day of delay
  • Sec. 3(6): internet service provider... shall block access to specific websites... on receipt of a valid court order

Ambiguity Notes: The short 2-day window for removal, combined with high civil fines ($250,000 per day), creates a strong incentive for over-blocking.

Senate - 757 - Communications: social media; addictive feeds for minors by social media platforms; prohibit. Creates new act.Last Action: REFERRED TO COMMITTEE ON FINANCE, INSURANCE, AND CONSUMER PROTECTION

Legislation ID: 266144

Bill URL: View Bill

Summary

Senate Bill No. 757, known as the "stop addictive feeds exploitation for kids act," is designed to address the issue of addictive internet-based services that may exploit minors. The bill defines key terms, outlines the responsibilities of covered operators, and sets forth rules regarding parental consent and the provision of addictive feeds to users. It also establishes civil penalties for violations and mandates the attorney general to implement rules for enforcement.

Key Sections

  • Age Verification and Data Usage: Covered operators are not required to collect age information but if they do, it must only be used for age verification and deleted immediately afterward.
  • Definitions: This section provides definitions for terms used in the act, including actual knowledge, addictive feed, covered minor, and covered operator.
  • Enforcement and Penalties: This section outlines the penalties for violations of the act, including civil fines and potential legal actions by the attorney general.
  • Exemptions for Addictive Feeds: This section outlines conditions under which a feed is not considered an addictive feed, such as user-selected settings and direct communications.
  • Notification Restrictions: This section prohibits covered operators from sending notifications about addictive feeds to minors during specific hours to limit exposure.
  • Parental Consent Provisions: This section clarifies that granting parental consent does not grant parents additional access to their childs accounts or data.
  • Restrictions on Providing Addictive Feeds: Covered operators are prohibited from providing addictive feeds to users unless they have actual knowledge that the user is not a minor or have obtained parental consent for minors.
  • Rule Promulgation by Attorney General: The attorney general is tasked with creating rules to implement the act, including methods for obtaining parental consent.

Key Requirements

  • Attorney general may seek actual damages and injunctive relief.
  • Information collected for parental consent must also be deleted after use.
  • Media displayed must not prioritize addictive content based on user data unless specific conditions are met.
  • Media must be displayed based on user settings or specific user requests.
  • No notifications between 10 p.m. and 6 a.m.
  • No notifications on weekdays during school hours (8 a.m. to 4 p.m.).
  • Operators may face fines up to $5,000 per violation.
  • Operators must delete age information after use for verification.
  • Operators must not degrade services for users who exercise their rights under the act.
  • Operators must verify the age of users or obtain parental consent for minors before providing addictive feeds.

Sponsors

Legislative Actions

Date Action
2025-12-17 INTRODUCED BY SENATOR DARRIN CAMILLERI
2025-12-17 REFERRED TO COMMITTEE ONFINANCE, INSURANCE, AND CONSUMER PROTECTION

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age verification or parental consent to gate access to specific service features.

Mechanism of Influence: Operators must have 'actual knowledge' that a user is not a minor or obtain 'verifiable parental consent' before providing an addictive feed, necessitating an age-verification infrastructure.

Evidence:

  • Sec. 7. (2) A covered operator may provide an addictive feed to a user if... (a) The covered operator has actual knowledge that the user is not a minor. (b) The covered operator has obtained verifiable parental consent

Ambiguity Notes: The bill defines 'actual knowledge' broadly to include 'inferences known to a covered operator,' which may pressure platforms to perform more invasive profiling to determine age.

Senate - 758 - Communications: internet; Michigan kids code act; create. Creates new act. TIE BAR WITH: SB 075925Last Action: REFERRED TO COMMITTEE ON FINANCE, INSURANCE, AND CONSUMER PROTECTION

Legislation ID: 266146

Bill URL: View Bill

Summary

Senate Bill No. 758, known as the kids code act, seeks to regulate online service providers by prohibiting certain acts that could endanger minors. It defines key terms related to data privacy, such as covered online service provider, personal data, and biometric data, and mandates the implementation of privacy settings that prioritize the protection of minors. The bill also outlines the responsibilities of service providers regarding the handling of minors data and the necessity for compliance with existing laws.

Key Sections

  • Annual Reporting and Independent Audits: This provision requires online service providers to publish annual reports detailing their practices and compliance regarding minors data.
  • Compliance and Enforcement: This section outlines the responsibilities of online service providers to ensure compliance with the act and establishes penalties for violations.
  • Definitions: This section provides definitions for key terms used throughout the bill, including covered online service provider, personal data, biometric data, and various classifications of consumers.
  • Exemptions: This section outlines entities and types of data that are exempt from the provisions of the act, including government entities and certain health-related data.
  • Implementation and Rulemaking: This provision empowers the attorney general to create rules for implementing the act and ensuring ongoing compliance with emerging technologies.
  • Privacy Settings and Data Collection: This section prohibits online service providers from making privacy settings less protective for minors and outlines the conditions under which personal data can be collected and used.
  • Privacy Settings for Minors: Covered online service providers must configure default privacy settings for minors to the highest level of privacy, restricting visibility and interaction with adult users unless explicitly permitted by the minor.
  • Reporting Mechanisms for Harms: This section requires online service providers to establish mechanisms for reporting harms experienced by minors on their platforms.
  • Restrictions on Adult Interaction with Minors: This provision outlines the conditions under which adults can interact with minors media and personal information, emphasizing that consent must be explicit and unambiguous.
  • Tools for Minors and Parents: This provision mandates that online service providers offer tools for minors and their parents to manage privacy settings and account controls effectively.

Key Requirements

  • Adults cannot comment or provide feedback unless permitted by the minor.
  • Adults can only view a minors media if the minor has consented.
  • All default privacy settings for minors must be the highest level of privacy.
  • Data collected for age verification must be deleted after 60 days.
  • Direct messaging between adults and minors is only allowed with the minors consent.
  • Location sharing and user connections must be consented to by the minor.
  • Minors must be notified when parental control tools are in effect.
  • No single setting should make all privacy settings less protective.
  • Personal data must be minimized to what is necessary for service engagement.
  • Providers cannot prompt minors to reduce privacy settings unless necessary for service access.
  • Providers must allow parents to manage their childs account settings and restrict financial transactions.
  • Providers must create a way for minors or parents to report harm.
  • Providers must designate an officer for compliance with the act.
  • Providers must enable parents to monitor and limit their childs online usage.
  • Providers must not allow adult users to interact with minors accounts without explicit consent from the minor.
  • Reports must be addressed appropriately.
  • Reports must be prepared by an independent auditor and include specific information about data practices.
  • Reports must compare data across different age groups of minors.
  • Search engine indexing of a minors profile can only be enabled with the minors consent.
  • The attorney general must review and update rules every two years to keep pace with technology.
  • Violations can result in fines of up to $50,000 per incident.

Sponsors

Legislative Actions

Date Action
2025-12-17 INTRODUCED BY SENATOR KEVIN HERTEL
2025-12-17 REFERRED TO COMMITTEE ONFINANCE, INSURANCE, AND CONSUMER PROTECTION

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates annual independent audits that function as risk assessments and mitigation reports.

Mechanism of Influence: Providers must issue a public report detailing 'design safety features for minors' and 'whether and how the online service uses covered design features' like algorithms or engagement-increasing components.

Evidence:

  • Sec. 17. (1) ...issue a public report... prepared by an independent third-party auditor.
  • Sec. 17. (1)(b)(v) The design safety features for minors, the privacy protections for minors... that the covered online service provider has adopted.

Ambiguity Notes: While framed as an 'audit' rather than a 'risk assessment,' the requirement to evaluate and report on the impact of design features on minors mirrors the EU's mitigation-plan requirements.

Analysis 2

Why Relevant: The bill requires the use and reporting of age verification or estimation technologies.

Mechanism of Influence: Providers must report on the 'Age assurance, age verification, or age estimation methods used' to distinguish between age groups (10-12, 13-15, 16-17, and adults).

Evidence:

  • Sec. 17. (1)(b)(viii) Age assurance, age verification, or age estimation methods used.
  • Sec. 11. (2) A covered online service provider that collects personal data of a user for age verification shall not use that personal data for any other purpose...

Ambiguity Notes: The bill states providers are not 'required' to collect data for age verification (Sec. 11(2)), yet they must have 'actual knowledge' of age to apply the act's protections, effectively necessitating age-gating mechanisms.

Analysis 3

Why Relevant: The bill imposes restrictions on private communications between adults and minors.

Mechanism of Influence: It mandates a default setting of 'Not permitting direct messaging' between a minor and an adult unless the minor expressly allows it, which impacts the design of interpersonal messaging services.

Evidence:

  • Sec. 9. (1)(d) Not permitting direct messaging between the covered minor and another user the covered online service provider knows to be an adult...
  • Sec. 3. (aa)(v) 'Sensitive personal data' means... The contents of an individuals mail, email, text messages, prompts, or other form of communication...

Ambiguity Notes: While it does not explicitly mandate scanning of encrypted messages, the classification of message content as 'sensitive personal data' and the restriction on messaging functionality touch on private communication protocols.

Analysis 4

Why Relevant: The bill requires a formal compliance infrastructure similar to the EU's legal representative requirements.

Mechanism of Influence: Providers must designate specific officers responsible for ensuring the entity complies with the act's various privacy and safety mandates.

Evidence:

  • Sec. 19. (1) A covered online service provider shall designate 1 or more of the covered online service providers officers to be responsible for the covered online service providers compliance with this act.

Ambiguity Notes: None

Senate - 759 - Consumer protection: privacy; Michigan consumer protection act; amend to include violation of kids code act as violation. Amends sec. 3 of 1976 PA 331 (MCL 445.903).Last Action: REFERRED TO COMMITTEE ON FINANCE, INSURANCE, AND CONSUMER PROTECTION

Legislation ID: 266148

Bill URL: View Bill

Summary

Senate Bill No. 759 seeks to expand the definitions of unlawful trade practices under the Michigan Consumer Protection Act. It outlines various unfair practices that are considered deceptive or misleading, including misrepresentations about goods and services, failure to disclose material facts, and coercive sales tactics. The bill also grants the Attorney General the authority to promulgate rules to enforce these provisions, ensuring that consumers are better protected from fraudulent activities.

Key Sections

  • Attorney Generals Authority: This provision allows the Attorney General to create rules to implement the act while ensuring no new unfair trade practices are introduced.
  • Definitions of Unlawful Practices: This provision defines various unfair, unconscionable, or deceptive methods, acts, or practices that are unlawful in the conduct of trade or commerce.
  • Exceptions to Provisions: This provision outlines exceptions to the rule regarding the disclosure of Social Security numbers in specific contexts.

Key Requirements

  • Does not apply to health-related services or employee benefits.
  • Prohibits causing confusion about the source or sponsorship of goods or services.
  • Prohibits false representations about the characteristics or quality of goods.
  • Requires clear disclosure of terms when offering goods or services for free.
  • Rules must ensure national uniformity.
  • Rules must not create additional unfair trade practices.

Sponsors

Legislative Actions

Date Action
2025-12-17 INTRODUCED BY SENATOR STEPHANIE CHANG
2025-12-17 REFERRED TO COMMITTEE ONFINANCE, INSURANCE, AND CONSUMER PROTECTION

Detailed Analysis

Analysis 1

Why Relevant: The bill explicitly incorporates the 'kids code act' into the state's consumer protection enforcement regime. 'Kids Code' legislation is the standard U.S. model for implementing EU-style safety-by-design, risk assessment, and age-verification mandates.

Mechanism of Influence: By adding 'Violating the kids code act' to the list of unlawful practices, the bill enables the Attorney General to penalize platforms for failing to comply with the underlying safety and risk-mitigation duties defined in the referenced 'Kids Code' legislation.

Evidence:

  • (ll) Violating the kids code act.
  • Sec. 3. (1) Unfair, unconscionable, or deceptive methods, acts, or practices in the conduct of trade or commerce are unlawful
  • Enacting section 1. This amendatory act does not take effect unless Senate Bill No. ____ (request no. S0383125) ... is enacted into law.

Ambiguity Notes: The bill does not define the specific duties (such as risk assessments or age checks) within this text, as it is a companion bill that relies on the passage of a separate 'Kids Code Act' (S0383125) to provide the substantive requirements.

↑ Back to Table of Contents

Minnesota

Index of Bills

house - 1434 - Age verification required for websites with material harmful to minors, enforcement by the attorney general provided, and private right of action created.

Legislation ID: 32085

Bill URL: View Bill

Summary

This bill introduces regulations for commercial entities that share or distribute material deemed harmful to minors on their websites. It mandates that these entities verify the age of users accessing such material to ensure they are 18 years or older. The bill outlines definitions, requirements for age verification, data privacy protections, enforcement mechanisms, and the liabilities for violations.

Key Sections

  • Age verification required: Commercial entities must verify the age of individuals accessing websites containing material harmful to minors, ensuring they are 18 years or older.
  • Data privacy: Commercial entities performing age verification are prohibited from retaining any identifying information submitted during the verification process.
  • Definitions: This section provides specific definitions for terms used in the bill, including commercial entity, host, identifying information, and material harmful to minors.
  • Enforcement; civil penalties: This section outlines the enforcement mechanisms for violations of the age verification requirements, including the ability for the attorney general to investigate and for individuals to pursue civil actions.
  • Limitations: The section clarifies that Internet service providers and users of interactive computer services are not liable under this law.

Key Requirements

  • Allows individuals to report violations to the attorney general.
  • Permits civil actions against entities for non-compliance.
  • Prohibits retention of identifying information after age verification.
  • Requires commercial entities to verify age for users accessing harmful content.
  • Verification must be conducted using approved methods.

Sponsors

Legislative Actions

Date Action
2025-03-20 Author added Sexton
2025-03-17 Author added Schultz
2025-02-24 Introduction and first reading, referred to Commerce Finance and Policy
2025-02-24 Introduction and first reading, referred to Commerce Finance and Policy

Detailed Analysis

Analysis 1

Why Relevant: The bill establishes a mandatory age-verification regime for specific online platforms, which is a core pillar of the EU Chat Act's safety framework.

Mechanism of Influence: Commercial entities must 'verify that an individual... is 18 years of age or older' before allowing access to websites meeting the 25% content threshold, using 'commercially available' databases or state-approved methods.

Evidence:

  • Subd. 2. Age verification required. (a) ...must verify that an individual... is 18 years of age or older.
  • Age verification must be conducted through the use of: (1) a commercially available database... or (2) any other commercially reasonable method... approved by the commissioner of commerce.

Ambiguity Notes: The definition of 'material harmful to minors' relies on 'contemporary community standards' and 'prurient interest,' which are subjective legal standards that could lead to broad application across various media types.

Analysis 2

Why Relevant: The bill establishes a state-level compliance infrastructure for approving verification technologies.

Mechanism of Influence: The Commissioner of Commerce is granted authority to 'review and approve reliable methods' for age verification, creating a centralized gatekeeping role for compliance standards.

Evidence:

  • Subd. 2. (c) The commissioner of commerce may review and approve reliable methods to verify age and identity used to comply with this section.
  • The commissioners approval under this paragraph is not subject to the rulemaking provisions of chapter 14.

Ambiguity Notes: The Commissioner's approval process is explicitly exempted from standard rulemaking provisions, which could result in a lack of transparency or public input regarding the technical standards for verification.

house - 1875 - Use of social media regulated for minors ages 15 and younger, and anonymous age verification required for websites harmful to minors.

Legislation ID: 53380

Bill URL: View Bill

Summary

This bill establishes regulations for social media platforms regarding minors aged 15 and younger, requiring them to implement anonymous age verification and to prohibit minors under 14 from creating accounts without parental consent. It also outlines penalties for violations and the responsibilities of social media companies in managing accounts for minors. Furthermore, it addresses the dissemination of material harmful to minors and sets forth age verification requirements for commercial entities that publish such content.

Key Sections

  • Age verification requirements: Outlines the requirements for age verification for websites that publish material harmful to minors.
  • Definitions: This section defines key terms used throughout the bill, including account holder, daily active users, resident, and social media platform.
  • Enforcement; damages to minor account holder: Establishes liability for social media platforms that violate the provisions, allowing minors to seek damages.
  • Enforcement; penalties: Details the penalties for social media platforms that violate the regulations, including civil penalties and the ability for the Attorney General to take action.
  • Jurisdiction; social media platform contracts: Clarifies the jurisdiction of Minnesota courts over social media platforms that allow minors to create accounts.
  • Other available remedies: Affirms that the provisions do not preclude any other legal remedies.
  • Requirements for minors aged 14 and 15 years: Minors aged 14 and 15 can only create accounts with parental consent, and platforms must terminate accounts without consent.
  • Requirements for minors younger than 14 years of age: Social media platforms must prohibit minors under 14 from creating accounts and must terminate any existing accounts held by such minors.

Key Requirements

  • Attorney General can impose civil penalties up to $50,000 per violation.
  • Claims must be brought within one year of the violation.
  • Commercial entities must use anonymous age verification methods for material harmful to minors.
  • Must allow account holders to request termination of their accounts within specified timeframes.
  • Must delete all personal information related to terminated accounts unless legally required to retain it.
  • Platforms allowing minors to create accounts are subject to Minnesota jurisdiction.
  • Platforms are liable for damages up to $10,000 to minor account holders.
  • Prohibits minors aged 14 and 15 from creating accounts without parental consent.
  • Prohibits minors under 14 from entering into contracts with social media platforms.
  • Punitive damages may be assessed for consistent violations.
  • Requires termination of accounts held by minors aged 14 and 15 if consent is not provided.
  • Requires termination of accounts held by minors under 14, allowing 90 days for disputes.
  • Violations are deemed unfair and deceptive trade practices.

Sponsors

Legislative Actions

Date Action
2025-03-05 Introduction and first reading, referred to Commerce Finance and Policy

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age verification and age assessment for both social media access and adult-oriented content.

Mechanism of Influence: It requires commercial entities to use third-party 'anonymous age verification' to gate access (Sec. 2, Subd. 2) and compels social media platforms to identify and prohibit underage users.

Evidence:

  • must use anonymous age verification to verify that the age of a person attempting to access the material is 18 years of age or older (Sec. 2, Subd. 2(a))
  • A social media platform must prohibit a minor who is younger than 14 years of age from entering into a contract... to become an account holder (Subd. 2(a))

Ambiguity Notes: The term 'commercially reasonable method' for age verification is not strictly defined, leaving the specific technology and data-sharing requirements to third-party providers.

Analysis 2

Why Relevant: The bill requires platforms to use internal data and categorization to identify and remove underage users, similar to age-estimation mandates.

Mechanism of Influence: Platforms must terminate accounts they 'treat or categorize' as belonging to minors under 14, effectively requiring the use of behavioral profiling or age-estimation algorithms for compliance.

Evidence:

  • terminate any account... including accounts that the social media platform treats or categorizes as belonging to an account holder who is likely younger than 14 (Subd. 2(a))
  • Termination must be effective upon the expiration of the 90 days if the account holder fails to effectively dispute the termination (Subd. 2(a))

Ambiguity Notes: The phrase 'likely younger than 14' suggests a duty to monitor user activity or metadata to infer age, which may impact user privacy and anonymity.

Analysis 3

Why Relevant: It establishes a compliance and enforcement infrastructure including user redress and state-level oversight.

Mechanism of Influence: The bill provides for a 90-day dispute window for account terminations and empowers the Attorney General to seek significant civil penalties for non-compliance.

Evidence:

  • provide 90 days for an account holder to dispute the termination (Subd. 2(a))
  • attorney general may collect a civil penalty of up to $50,000 per violation (Subd. 4(a))

Ambiguity Notes: The interaction between 'anonymous' verification and the requirement to provide a 90-day dispute window may create tensions in how user identity is maintained during the appeal process.

house - 48 - Certain social media algorithms that target children prohibited.

Legislation ID: 33474

Bill URL: View Bill

Summary

This bill establishes regulations for social media platforms operating in Minnesota, specifically targeting algorithms that direct user-generated content towards minors. It defines key terms related to social media usage, sets forth prohibitions on algorithmic targeting, and outlines requirements for parental consent for minors. The bill also includes provisions for liability and penalties for violations, aiming to create a safer online environment for children.

Key Sections

  • Definitions: This subdivision provides definitions for key terms used in the bill, including account holder, recommendation feature, social media algorithm, social media platform, and user-generated content.
  • Effective date: This subdivision specifies that the provisions of the act will take effect on January 1, 2026.
  • Exceptions: This subdivision outlines exceptions to the prohibitions, including parental control algorithms and educational content from government or educational institutions.
  • Liability; penalties: This subdivision establishes liability for social media platforms that violate the targeting restrictions, detailing penalties for each violation and capping the total penalties recoverable by an individual.
  • Prohibitions; social media algorithm: This subdivision prohibits social media platforms with over 1,000,000 account holders from using algorithms to target user-generated content at minors under 18 in Minnesota, with specific exceptions for chronological displays and search results.
  • Short title: This subdivision provides a short title for the act, known as the Stop Online Targeting Against Kids Act or SOTA Kids Act.

Key Requirements

  • Liability for platforms that target minors in violation of the law.
  • Penalty of $1,000 for each violation, capped at $100,000 per year.
  • Prohibits targeting minors under 18 with social media algorithms.
  • Requires chronological display of content for minors.
  • Requires verifiable parental consent for minors to open accounts.

Sponsors

Legislative Actions

Date Action
2025-02-20 Author added Stephenson
2025-02-13 Authors added Engen and Burkel
2025-02-10 Introduction and first reading, referred to Commerce Finance and Policy
2025-02-10 Introduction and first reading, referred to Commerce Finance and Policy

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age-gating through parental consent.

Mechanism of Influence: Subdivision 2(b) requires platforms to obtain 'verifiable parental consent' before a minor under 18 can open an account, creating a mandatory age-verification/gatekeeping infrastructure.

Evidence:

  • Subd. 2(b) A social media platform subject to this section must require an account holder who is under the age of 18 located in Minnesota to obtain verifiable parental consent prior to opening a new user account.

Ambiguity Notes: The term 'verifiable parental consent' is not defined, leaving platforms to determine the level of identity verification required, which could range from simple checkboxes to invasive ID collection.

Analysis 2

Why Relevant: The bill mandates product design changes to mitigate algorithmic influence.

Mechanism of Influence: By prohibiting 'social media algorithms' for minors and requiring 'chronological' displays, the bill forces a specific mitigation strategy on recommender systems.

Evidence:

  • Subd. 2(a) A social media platform... is prohibited from using a social media algorithm to target user-generated content at an account holder who is under the age of 18
  • Subd. 2(a)(1) allowing user-generated content to appear in a chronological manner

Ambiguity Notes: The definition of 'recommendation feature' is broad, encompassing any mechanism that considers 'any metric of user engagement,' which could include basic platform functionalities.

senate - 1124 - Minnesota Sports Betting 3.0 act

Legislation ID: 30745

Bill URL: View Bill

Summary

The bill establishes requirements for mobile sports betting operators, including maintaining business records for at least 3.5 years, allowing for audits by the commissioner, and defining various offenses related to sports betting, particularly concerning underage wagering and unauthorized acceptance of bets. It outlines penalties for violations and establishes guidelines for the transfer of private data collected through wagering activities.

Key Sections

  • Audits: The commissioner may require financial audits of mobile sports betting operators who fail to comply with regulations, performed by an independent accountant.
  • Business Records: Mobile sports betting operators must maintain records supporting their betting activities and taxes owed for at least 3.5 years, which can be inspected by the commissioner.
  • Crimes Relating to Wagering: Defines offenses related to wagering on sporting events, including unauthorized acceptance of bets and penalties for violations.
  • Juvenile Petty Offender Definition: Amends the definition of juvenile petty offenses to include certain violations by minors and outlines exclusions.
  • Other Provisions Apply: Certain existing provisions related to gambling products and equipment also apply to this chapter, with specific exceptions for distributors.

Key Requirements

  • Audits must be performed by a licensed independent accountant.
  • Establishes penalties for accepting unauthorized wagers.
  • Operators must file a complete copy of the audit as prescribed by the commissioner.
  • Prohibits individuals under 21 from placing bets.
  • Records must be available for inspection by the commissioner without notice.
  • Requires mobile sports betting operators to keep records for at least 3.5 years.

Sponsors

Legislative Actions

Date Action
2025-02-13 Author added Pratt
2025-02-06 Introduction and first reading
2025-02-06 Referred to State and Local Government

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age and identity verification for all users of the mobile platform.

Mechanism of Influence: Operators must verify a user's age and identity before allowing them to establish an account or place a wager, which mirrors the age-gating requirements found in child safety legislation.

Evidence:

  • shall verify an individuals age and identity before allowing that individual to place a wager (Sec. 14, Subd. 5(c))
  • may utilize an approved identity verification service provider to confirm an individuals age and identity (Sec. 14, Subd. 5(c))

Ambiguity Notes: While the verification is for gambling (age 21+), the technical requirement for 'identity verification service providers' is functionally similar to age-assurance mandates in the EU CSA Act.

Analysis 2

Why Relevant: The bill requires long-term data preservation of user metadata and communication-adjacent data (IP addresses).

Mechanism of Influence: Operators are compelled to retain personally identifiable information, IP addresses, and transaction history for 3.5 years for inspection by the commissioner.

Evidence:

  • maintain records of all bets and wagers, including personally identifiable information... location of the wager, including IP address if applicable... for 3-1/2 years (Sec. 19, Subd. 1)

Ambiguity Notes: The retention period is specific and exceeds many general privacy law requirements, focusing on auditability and law enforcement access.

Analysis 3

Why Relevant: The bill establishes a mandatory reporting and centralized monitoring infrastructure for 'suspicious' activity.

Mechanism of Influence: Independent integrity monitoring providers must immediately report suspicious activity to a state commissioner and other licensees, creating a centralized routing system for behavioral alerts.

Evidence:

  • independent integrity monitoring provider shall immediately report the suspicious activity to the commissioner (Sec. 18(b))

Ambiguity Notes: The 'suspicious activity' here refers to betting patterns rather than content, but the reporting infrastructure and mandatory nature align with centralized reporting signals.

senate - 1528 - Certain social media algorithms targeting children prohibition provision

Legislation ID: 30477

Bill URL: View Bill

Summary

This bill establishes regulations concerning social media platforms operating in Minnesota, particularly focusing on the use of algorithms that target minors. It defines key terms related to social media and outlines prohibitions against targeting user-generated content at minors through recommendation features. The bill also mandates parental consent for minors to create accounts and outlines penalties for non-compliance.

Key Sections

  • Definitions: This section provides definitions for key terms used in the bill, including account holder, recommendation feature, social media algorithm, social media platform, and user-generated content.
  • Effective date: This section specifies that the provisions of the act will take effect on January 1, 2026.
  • Exceptions: This section lists exceptions to the prohibitions, including algorithms used for parental controls, internal controls to limit minors access, and content created by government or educational institutions.
  • Liability; penalties: This provision establishes the liability of social media platforms for violations of the targeting prohibition, including potential damages and penalties for non-compliance.
  • Prohibitions; social media algorithm: This provision prohibits social media platforms with over 1,000,000 account holders from using algorithms to target content at users under 18 in Minnesota, with specific exceptions for chronological content display and search results.
  • Short title: This section designates the official title of the act as the Stop Online Targeting Against Kids Act or SOTA Kids Act.

Key Requirements

  • Platforms are liable for damages to account holders under 18 if they target them with content.
  • Prohibits algorithms from targeting users under 18.
  • Requires verifiable parental consent for minors to open accounts.
  • Statutory penalties of $1,000 per violation, capped at $100,000 per year.

Sponsors

Legislative Actions

Date Action
2025-02-17 Introduction and first reading

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age verification for minors, a core element of the EU Chat Act's compliance infrastructure.

Mechanism of Influence: Platforms must implement systems to identify users under 18 to ensure they obtain 'verifiable parental consent' before account creation.

Evidence:

  • must require an account holder who is under the age of 18... to obtain verifiable parental consent prior to opening a new user account (Subd. 2(b))

Ambiguity Notes: The term 'verifiable parental consent' is not strictly defined, leaving the specific technology (e.g., ID upload, credit card check) to the platform's discretion.

Analysis 2

Why Relevant: The bill mandates product-level mitigation by prohibiting specific recommendation features for a protected class.

Mechanism of Influence: Platforms are legally barred from using engagement-based algorithms to prioritize content for minors, effectively forcing a 'chronological' or 'search-only' design for those users.

Evidence:

  • prohibited from using a social media algorithm to target user-generated content at an account holder who is under the age of 18 (Subd. 2(a))

Ambiguity Notes: The prohibition on 'targeting' content could be interpreted broadly to include any algorithmic curation, potentially affecting safety-related content moderation if not carefully implemented.

Analysis 3

Why Relevant: The bill provides a safe harbor for content filtering, which relates to the 'reliable technologies' and 'mitigation' themes of the EU Act.

Mechanism of Influence: Platforms are not penalized for using algorithms that act as parental controls or filters for 'banned material,' which may incentivize the use of automated scanning tools.

Evidence:

  • an internal control used by the social media platform that is intended to control the ability of a minor to access content or is used to filter content for age-appropriate or banned material (Subd. 3(2))

Ambiguity Notes: The term 'banned material' is undefined, potentially allowing platforms to use broad automated detection tools under this exception.

senate - 2105 - Age verification requirement for websites with material harmful to minors

Legislation ID: 52887

Bill URL: View Bill

Summary

This bill establishes requirements for age verification on websites that contain material deemed harmful to minors. It includes definitions of key terms, sets forth the obligations of commercial entities, outlines data privacy protections, and provides for enforcement mechanisms by the attorney general as well as a private right of action for individuals affected by violations.

Key Sections

  • Age verification required: This provision mandates that commercial entities must verify that individuals accessing websites with harmful material are 18 years of age or older, using approved methods for age verification.
  • Data privacy: This provision prohibits commercial entities from retaining identifying information used for age verification and establishes liability for violations.
  • Definitions: This provision defines key terms used in the bill, including commercial entity, host, identifying information, interactive computer service, intimate part, material harmful to minors, sexual contact, sexual penetration, and shares or distributes.
  • Enforcement; civil penalties: This provision outlines the enforcement mechanisms for violations of the age verification requirement, allowing individuals and the attorney general to take action against offenders.
  • Limitations: This provision clarifies that the bill does not impose obligations on internet service providers or users of interactive computer services.

Key Requirements

  • Allows reporting of violations to the attorney general.
  • Entities retaining information in violation are liable for damages.
  • Establishes civil penalties for violations, including potential for $25,000 per violation.
  • Prohibits retention of identifying information after age verification.
  • Requires commercial entities to verify age for users accessing harmful material.
  • Verification must be done through a commercially available database or other approved methods.

Sponsors

Legislative Actions

Date Action
2025-03-03 Introduction and first reading

Detailed Analysis

Analysis 1

Why Relevant: The bill establishes a mandatory age-verification regime for specific categories of online content.

Mechanism of Influence: Commercial entities must gate access to content deemed 'harmful to minors' using third-party databases or state-approved methods.

Evidence:

  • must verify that an individual... is 18 years of age or older (Subd. 2(a))
  • Age verification must be conducted through the use of: (1) a commercially available database... or (2) any other commercially reasonable method (Subd. 2(b))

Ambiguity Notes: The definition of 'material harmful to minors' relies on 'contemporary community standards' (Subd. 1(g)), which is a broad legal standard, but the mandate itself is a standard age-gate.

senate - 2614 - Use of social media regulation for minors ages 15 and younger

Legislation ID: 74402

Bill URL: View Bill

Summary

This bill proposes regulations for social media platforms concerning minors aged 15 and younger. It mandates anonymous age verification for platforms that may expose minors to harmful content, establishes requirements for account management based on age, and outlines penalties for non-compliance. The bill seeks to protect young users from the risks associated with social media usage.

Key Sections

  • Age verification requirements: This section mandates age verification for commercial entities that publish material harmful to minors.
  • Definitions: This section defines key terms used throughout the bill, including account holder, daily active users, resident, and social media platform.
  • Enforcement and penalties: This provision details the enforcement mechanisms and penalties for violations of the regulations set forth in the bill.
  • Jurisdiction: This section clarifies the jurisdiction of Minnesota courts over social media platforms that allow minors to create accounts.
  • Other available remedies: This provision states that the regulations do not preclude other legal remedies available under law.
  • Requirements for minors aged 14 and 15: This section outlines requirements for social media platforms regarding minors aged 14 and 15, focusing on parental consent for account creation.
  • Requirements for minors younger than 14: This provision prohibits social media platforms from allowing minors under 14 to create accounts and mandates the termination of existing accounts for this age group.

Key Requirements

  • Allows account holders aged 14 and 15 to request termination of their accounts within five business days.
  • Allows minors under 14 to request account termination within five business days.
  • Allows the attorney general to impose civil penalties of up to $50,000 per violation.
  • Commercial entities must use anonymous age verification methods.
  • Establishes that violations are considered unfair trade practices.
  • Permits minors to seek damages up to $10,000 for violations affecting them.
  • Prohibits minors aged 14 and 15 from creating accounts without parental consent.
  • Prohibits minors under 14 from entering contracts with social media platforms.
  • Requires compliance with age verification standards for content that may be harmful to minors.
  • Requires termination of accounts for users under 14.
  • Requires termination of accounts if parental consent is not provided.
  • Social media platforms allowing minors to create accounts are subject to Minnesota jurisdiction.

Sponsors

Legislative Actions

Date Action
2025-03-17 Introduction and first reading
2025-03-17 Referred to Commerce and Consumer Protection

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age verification and age-gating, which is a core 'Strong Signal' of the EU CSA Act's spiritual successors.

Mechanism of Influence: Commercial entities publishing harmful material 'must use anonymous age verification to verify that the age of a person... is 18 years of age or older' [Sec. 2, Subd. 2(a)]. Additionally, social media platforms must enforce age-based bans for users under 14 and consent requirements for those 14-15, necessitating a functional age-assessment mechanism.

Evidence:

  • must use anonymous age verification to verify that the age of a person attempting to access the material is 18 years of age or older [Sec. 2, Subd. 2(a)]
  • A social media platform must prohibit a minor who is younger than 14 years of age from entering into a contract [Subd. 2(a)]

Ambiguity Notes: While the bill mandates 'anonymous' verification to protect privacy, the requirement for third-party verification creates a compliance infrastructure similar to the EU's proposed age-verification mandates for app stores and services.

Analysis 2

Why Relevant: The bill includes data preservation and internal control features related to account termination and verification data.

Mechanism of Influence: It mandates that platforms 'permanently delete all personal information' upon account termination [Subd. 2(c)] and prohibits third-party verifiers from retaining personal identifying information once age is verified [Sec. 2, Subd. 7(1)].

Evidence:

  • The social media platform must permanently delete all personal information held by the social media platform relating to the terminated account [Subd. 2(c)]
  • may not retain personal identifying information used to verify age once the age of an account holder or a person seeking an account has been verified [Sec. 2, Subd. 7(1)]

Ambiguity Notes: These provisions act as a counter-balance to the surveillance potential of age verification, similar to the 'least intrusive' and data minimization requirements in the EU Act.

senate - 704 - Human Trafficking and Child Exploitation Prevention Act

Legislation ID: 31331

Bill URL: View Bill

Summary

This bill addresses the growing concern of human trafficking and child exploitation, particularly in the context of the internet. It seeks to implement filters on internet-enabled devices that block access to websites facilitating trafficking and child exploitation. The bill also outlines definitions related to trafficking, adult entertainment, and obscene materials, and sets forth requirements for retailers of internet-enabled devices to ensure compliance with these new regulations.

Key Sections

  • Definitions: This section provides definitions for key terms used throughout the act, including adult entertainment establishment, human trafficking, and internet-enabled device.
  • Internet-Enabled Device Filter: This section mandates that retailers of internet-enabled devices must equip these devices with active filters that block access to specific harmful content by default.
  • Legislative Findings: This section outlines the legislatures findings regarding the prevalence of sex trafficking and the role of the internet in facilitating these crimes, as well as the impact of adult entertainment establishments on community safety.
  • Title: This section establishes the formal title of the legislation as the Human Trafficking and Child Exploitation Prevention Act.

Key Requirements

  • Opposes online censorship except for content that is harmful to children or promotes human trafficking.
  • Recognizes the shift of sex trafficking to online platforms and the need for measures to curb this trend.
  • Retailers must ensure devices have filters that block websites known for facilitating human trafficking or displaying child pornography.
  • Retailers must establish a reporting mechanism for consumers to report unblocked harmful websites.

Sponsors

Legislative Actions

Date Action
2025-01-27 Introduction and first reading

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates default-on filtering for internet-enabled devices to block specific content categories, including child pornography.

Mechanism of Influence: Retailers must ensure devices have 'active and operating' filters that block content by default, shifting the burden of content control to the device/retailer level.

Evidence:

  • equipped with an active and operating filter prior to sale that blocks, by default, websites that... display child pornography" (Sec. 4, Subd. 1(a))

Ambiguity Notes: The term 'retailer' is broad, including manufacturers and ISPs, potentially creating overlapping compliance duties.

Analysis 2

Why Relevant: The bill requires age verification to bypass the default content restrictions.

Mechanism of Influence: To deactivate the filter, a consumer must 'verify that the consumer is 18 years of age or older' using personal identification information.

Evidence:

  • presents personal identification information to verify that the consumer is 18 years of age or older" (Sec. 4, Subd. 2(b)(2))

Ambiguity Notes: The bill does not specify the method of verification beyond 'personal identification information,' leaving the technical implementation to retailers.

Analysis 3

Why Relevant: The bill mandates reporting of child pornography to a centralized national body (NCMEC).

Mechanism of Influence: Retailers are required to forward reports of child pornography received through their consumer reporting mechanisms to the NCMEC CyberTipline.

Evidence:

  • report child pornography received through the reporting mechanism to the National Center for Missing and Exploited Children's CyberTipline" (Sec. 4, Subd. 1(b)(3))

Ambiguity Notes: None

Analysis 4

Why Relevant: The definition of filtering technology explicitly includes monitoring of private communications like email and chat.

Mechanism of Influence: By defining a filter as something that blocks access to 'e-mail, chat, or other Internet-based communications' based on 'content,' the bill implies a need for scanning or analysis of communication data.

Evidence:

  • restricts or blocks Internet access to websites, e-mail, chat, or other Internet-based communications based on category, site, or content" (Sec. 3, Subd. 9)

Ambiguity Notes: While it doesn't explicitly mention end-to-end encryption, a filter that blocks 'chat' based on 'content' functionally necessitates client-side analysis or the ability to inspect encrypted traffic.

Analysis 5

Why Relevant: The bill establishes a compliance infrastructure including reporting mechanisms and ongoing maintenance of detection technologies.

Mechanism of Influence: Retailers must establish a 'reporting mechanism, including but not limited to a website or call center' and make 'ongoing efforts' to ensure filter functionality.

Evidence:

  • establish a reporting mechanism, including but not limited to a website or call center" (Sec. 4, Subd. 1(b)(2))
  • make reasonable and ongoing efforts to ensure that a product's filter functions properly" (Sec. 4, Subd. 1(b)(1))

Ambiguity Notes: None

senate - 978 - Sports betting provision and authorization

Legislation ID: 31033

Bill URL: View Bill

Summary

This bill introduces provisions for lawful sports betting in Minnesota, detailing definitions, licensing requirements, and the roles of various stakeholders in the sports betting ecosystem. It prohibits local restrictions on sports betting and outlines the responsibilities of the commissioner overseeing the regulation. The bill also specifies the penalties for non-compliance and mandates reporting requirements for operators.

Key Sections

  • Definitions: This provision outlines key definitions related to sports betting, including terms like athletic event, authorized participant, and mobile sports betting.
  • Powers and Duties of Commissioner: This section details the authority and responsibilities of the commissioner in regulating sports betting, including overseeing licensing and ensuring compliance with the law.
  • Scope: This section establishes the legality of mobile sports betting for individuals 21 years and older and specifies the conditions under which sports betting is unlawful.

Key Requirements

  • Engagement in sports betting is limited to conditions set forth in the bill.
  • Participants must be at least 21 years of age.
  • Wagers must be placed with licensed entities.

Sponsors

Legislative Actions

Date Action
2025-02-06 Author added Maye Quade
2025-02-03 Introduction and first reading
2025-02-03 Referred to State and Local Government

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age and identity verification for service access, a core feature of the EU CSA Act's gatekeeping requirements.

Mechanism of Influence: Operators are prohibited from allowing account creation without first utilizing an 'approved identity verification service provider' to confirm the user's age and identity.

Evidence:

  • shall verify an individuals age and identity before allowing that individual to establish a mobile sports betting account. [Sec. 15, Subd. 5(c)]
  • must utilize an approved identity verification service provider to confirm an individuals age and identity. [Sec. 15, Subd. 5(c)]

Ambiguity Notes: The specific technical standards for 'approved' verification services are left to the commissioner's future rulemaking.

Analysis 2

Why Relevant: The bill requires ongoing monitoring of user activity to detect 'unusual' patterns, mirroring the detection obligations for platforms.

Mechanism of Influence: Licensees must contract with 'independent integrity monitoring' providers to identify and report suspicious activity to the state and governing bodies.

Evidence:

  • contract with a licensed independent integrity monitoring provider in order to identify any unusual betting activity or patterns [Sec. 19, (a)]
  • shall immediately report the suspicious activity to the commissioner [Sec. 19, (b)]

Ambiguity Notes: The monitoring is strictly limited to betting patterns and financial integrity rather than communication content or media scanning.

Analysis 3

Why Relevant: The bill mandates long-term data preservation of user PII and metadata, including IP addresses.

Mechanism of Influence: Operators must maintain records of all wagers, personally identifiable information, and IP addresses for 3.5 years for state inspection.

Evidence:

  • shall maintain records of all bets and wagers placed, including personally identifiable information... location of the wager, including IP address... for 3.5 years [Sec. 20, Subd. 1(a)]

Ambiguity Notes: None

Analysis 4

Why Relevant: The bill establishes a 'duty of care' that requires providers to monitor user behavior and intervene to mitigate risks.

Mechanism of Influence: Providers must monitor for 'hazardous or addictive behavior' and take 'reasonable measures to reduce the harm,' which functions as a mandated risk-mitigation strategy.

Evidence:

  • duty to monitor an individuals behavior related to the placement of wagers and intervene when an individual shows signs of hazardous or addictive behavior [Sec. 23, Subd. 1(2)]
  • duty to take reasonable measures to reduce the harm associated with sports betting [Sec. 23, Subd. 1(3)]

Ambiguity Notes: The definition of 'hazardous' behavior and the required 'intervention' methods are not explicitly defined in the statute.

↑ Back to Table of Contents

Mississippi

Index of Bills

House - 708 - App store providers and developers; require to obtain age verification and parental consent for minors activity.

Legislation ID: 259086

Bill URL: View Bill

Summary

House Bill No. 708 mandates app store providers to verify the age of users at account creation, ensure minors accounts are linked to a parent account, and obtain verifiable parental consent for app downloads and purchases. It prohibits enforcing contracts against minors without consent and requires developers to verify age data. The bill also establishes enforcement mechanisms, including a private right of action for parents and provisions for the Attorney General to act against violators. Additionally, it outlines standards for age verification and provides safe harbor for compliant developers.

Key Sections

  • Application and limitations: This section clarifies the scope and limitations of the bill, ensuring it does not prevent reasonable measures to protect minors or require unnecessary data disclosures.
  • App store provider requirements: This section outlines the responsibilities of app store providers, including age verification, parental consent requirements for minors, and data protection measures.
  • Definitions: This section defines key terms used throughout the bill, including definitions for account holders, age categories, app store providers, and parental consent.
  • Developer requirements: This section details the obligations of developers concerning age verification and parental consent, including notification of significant changes to apps.
  • Enforcement: This section provides mechanisms for enforcement, including private rights of action for harmed minors and parents, and state enforcement actions by the Attorney General.
  • Rulemaking: This section grants the Attorney General the authority to establish rules for age verification processes.
  • Safe harbor: This section protects developers from liability if they comply with the established age verification and parental consent requirements.

Key Requirements

  • Affiliated minor accounts with parent accounts.
  • Limit data collection to necessary information for compliance.
  • Notify app store providers of significant changes.
  • Notify users of significant changes and obtain renewed parental consent.
  • Obtain verifiable parental consent for minors before allowing downloads or purchases.
  • Request and verify age category information from users at account creation.
  • Use age category data to enforce age-related restrictions.
  • Verify age category data and parental consent through app store methods.

Sponsors

Legislative Actions

Date Action
2026-01-14 (H) Referred To Judiciary A

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age verification for all users of app stores and digital services.

Mechanism of Influence: App store providers must use 'commercially available methods' or state-approved processes to verify age categories (Child, Younger Teenager, Older Teenager, Adult) for every account holder in the state.

Evidence:

  • Verify the individuals age category using: 1. Commercially available methods that are reasonably designed to ensure accuracy (Section 2(1)(a)(ii))
  • A digital service provider shall make commercially reasonable efforts to verify the age of the person creating an account (Section 12(1))

Ambiguity Notes: The bill does not specify which 'commercially available methods' are acceptable, leaving the technical implementation to the Attorney General's rulemaking.

Analysis 2

Why Relevant: It imposes specific gatekeeping and risk-management duties on app store providers.

Mechanism of Influence: App stores are required to prevent minors from downloading apps without parental consent and must share age category data with developers to enforce age-related restrictions.

Evidence:

  • Obtain verifiable parental consent... before allowing the minor to: 1. Download an app (Section 2(1)(b)(ii))
  • Share age category data with developers (Section 1(c))

Ambiguity Notes: The requirement to share 'age category data' with developers creates a standardized infrastructure for age-gating across the entire app ecosystem.

Analysis 3

Why Relevant: The bill mandates risk mitigation strategies specifically targeting child exploitation and grooming.

Mechanism of Influence: Digital service providers (including those offering chat rooms or message boards) must develop strategies to mitigate exposure to grooming, trafficking, and child pornography.

Evidence:

  • Develop and implement a strategy to prevent or mitigate the known minors exposure to... grooming, trafficking, child pornography, or other sexual exploitation or abuse (Section 14(1)(d))

Ambiguity Notes: While the bill does not explicitly command 'scanning,' the duty to 'mitigate' exposure to specific illegal content like grooming often necessitates automated detection or moderation technologies.

Analysis 4

Why Relevant: The bill provides legal cover for providers to implement detection and blocking technologies.

Mechanism of Influence: It explicitly states that nothing in the act prevents providers from taking 'reasonable measures' to 'detect' or 'block' unlawful or harmful material.

Evidence:

  • Nothing in this act shall be construed to: (a) Prevent an app store provider or developer from taking reasonable measures to: (i) Block, detect or prevent distribution to minors of: 1. Unlawful material (Section 7(a))

Ambiguity Notes: This 'limitation' functions as a safe harbor for platforms to implement scanning and filtering technologies that might otherwise conflict with privacy expectations.

Analysis 5

Why Relevant: The bill requires data preservation for compliance purposes.

Mechanism of Influence: App store providers must maintain records of age verification and parental consent for compliance purposes.

Evidence:

  • Limiting collection and processing to data necessary for... 3. Maintaining compliance records (Section 2(1)(f)(i))

Ambiguity Notes: The scope of 'compliance records' is not fully defined, potentially requiring the retention of sensitive identity verification data.

↑ Back to Table of Contents

Missouri

Index of Bills

Senate - 1346 - Creates provisions relating to age verification on adult websites

Legislation ID: 235062

Bill URL: View Bill

Summary

This bill introduces a new section to Chapter 407 of the Revised Statutes of Missouri, mandating age verification for online content that includes sexual material harmful to minors. It defines key terms related to age verification, outlines the responsibilities of commercial entities, and sets penalties for non-compliance. Additionally, it provides exemptions for news organizations and outlines the enforcement mechanisms by the attorney general.

Key Sections

  • Age Verification Requirement: Commercial entities that publish or distribute sexual material harmful to minors must implement reasonable age verification methods to ensure that users are at least eighteen years old.
  • Definitions: This provision defines key terms used in the section, including age verification, commercial entity, digital identification, minor, and sexual material harmful to minors.
  • Enforcement and Penalties: The attorney general is responsible for enforcing this section, with specified penalties for violations, including daily fines and damages.
  • Exemptions: The age verification requirements do not apply to bona fide news organizations or public interest broadcasts.
  • Liability of Internet Service Providers: Internet service providers are not liable for violations of this section if they merely provide access to content without controlling its creation.
  • Notices and Warnings: Commercial entities must display specific health and warning notices regarding the implications of pornography on their websites and advertisements.
  • Retention of Information: Entities performing age verification are prohibited from retaining any identifying information of the individual being verified.

Key Requirements

  • Establishes penalties for commercial entities that violate age verification requirements.
  • Prohibits retention of identifying information by entities performing age verification.
  • Requires commercial entities to verify the age of individuals accessing sexual material harmful to minors.
  • Requires display of health warnings about pornography on websites and advertisements.

Sponsors

Legislative Actions

Date Action
2026-01-07 S First Read
2025-12-01 Prefiled

Detailed Analysis

Analysis 1

Why Relevant: The bill establishes a mandatory age-verification framework for online platforms, which is a core pillar of the EU Chat Act's access control and mitigation strategy.

Mechanism of Influence: It compels commercial entities to 'use reasonable age verification methods' (Sec 407.3405.2) to gate access to specific content, effectively requiring the implementation of identity-checking infrastructure.

Evidence:

  • shall use reasonable age verification methods to verify that an individual attempting to access the material is eighteen years of age or older (Sec 407.3405.2)
  • verifies age using: a. Government-issued identification; or b. A commercially reasonable method that relies on public or private transactional data (Sec 407.3405.1(1))

Ambiguity Notes: The phrase 'commercially reasonable method that relies on public or private transactional data' (Sec 407.3405.1(1)(b)) is broad and could encompass various third-party data-scraping or identity-matching technologies.

Analysis 2

Why Relevant: The bill includes data-handling and compliance infrastructure requirements similar to the EU Chat Act's provisions regarding user privacy during the verification process.

Mechanism of Influence: It creates a statutory prohibition against the 'retention of identifying information' (Sec 407.3405.3) by the entity performing the verification, imposing a technical requirement on the compliance architecture.

Evidence:

  • shall not retain any identifying information of the individual (Sec 407.3405.3)
  • Ten thousand dollars per instance when a commercial entity retains identifying information (Sec 407.3405.7(2))

Ambiguity Notes: While intended as a privacy safeguard, the prohibition on retention may conflict with other legal requirements for data preservation or auditability in different jurisdictions.

Senate - 1412 - Creates provisions relating to age verification on adult websites

Legislation ID: 235128

Bill URL: View Bill

Summary

This bill amends chapter 407 of the Revised Statutes of Missouri by adding a new section that mandates age verification for access to adult websites. It defines key terms related to age verification and outlines the responsibilities of commercial entities in verifying the age of individuals accessing sexual material, as well as penalties for non-compliance. The bill aims to protect minors from exposure to harmful sexual content online.

Key Sections

  • Age Verification Requirement: Commercial entities that publish sexual material harmful to minors must use reasonable age verification methods to ensure that individuals accessing such material are at least eighteen years old.
  • Definitions: This section provides definitions for key terms used in the bill, including age verification, commercial entity, digital identification, minor, and sexual material harmful to minors.
  • Enforcement and Penalties: The Attorney General is responsible for enforcing this section, and violators may face significant civil penalties, including daily fines and additional penalties if minors accessed harmful materials.
  • Exemptions: The age verification requirements do not apply to bona fide news organizations or public interest broadcasts.
  • Liability of Service Providers: Internet service providers and similar entities are not liable for violations of this section if they merely provide access to content and are not responsible for creating the content.
  • Notice Requirements: Commercial entities must display specific health warnings and resource information on their websites regarding the potential harms of pornography and provide a helpline for mental health issues.

Key Requirements

  • Attorney General may bring actions against violators.
  • Must display health warnings in a specified font size.
  • Must provide a helpline notice on every page of the website.
  • Penalties include fines for ongoing violations and for retaining identifying information.
  • Prohibits retention of identifying information by the age verification entities.
  • Requires commercial entities to implement age verification methods.

Sponsors

Legislative Actions

Date Action
2026-01-07 S First Read
2025-12-05 Prefiled

Detailed Analysis

Analysis 1

Why Relevant: The bill explicitly mandates age verification for access to specific online services, a core pillar of the EU proposal's child protection framework.

Mechanism of Influence: Commercial entities must implement digital ID or third-party verification systems to gate access, effectively requiring a 'reliable identification' of users.

Evidence:

  • shall use reasonable age verification methods to verify that an individual attempting to access the material is eighteen years of age or older (407.3405.2)
  • A method by which a commercial entity verifies the age of an individual by requiring the individual to: (a) Provide digital identification; or (b) Comply with a commercial age verification system (407.3405.1(1))

Ambiguity Notes: The term 'commercially reasonable method' for verifying age using transactional data is not strictly defined, leaving technical implementation details to the provider's discretion.

Analysis 2

Why Relevant: The bill addresses data retention and privacy, which is a critical component of the compliance infrastructure for online safety mandates.

Mechanism of Influence: It prohibits the retention of identifying information used during the age verification process, creating a specific compliance duty for platforms and third-party verifiers.

Evidence:

  • A commercial entity that performs the age verification or a third party that performs the age verification under this section shall not retain any identifying information of the individual (407.3405.3)

Ambiguity Notes: The bill does not define 'identifying information,' which could lead to uncertainty regarding whether anonymized or hashed data can be retained for audit purposes.

Analysis 3

Why Relevant: The bill establishes a compliance and enforcement framework involving state-level oversight and significant financial penalties.

Mechanism of Influence: The Attorney General is empowered to bring civil actions, with penalties reaching $10,000 per day for non-compliance with age verification requirements.

Evidence:

  • The attorney general shall enforce provisions of this section (407.3405.7)
  • Ten thousand dollars per day that a commercial entity operates a website in violation of the age verification requirements (407.3405.7(1))

Ambiguity Notes: The threshold of 'more than one-third' of content being harmful to minors may be difficult for platforms to calculate precisely without automated scanning or manual audits.

Senate - 1455 - Creates provisions relating to artificial intelligence chatbots

Legislation ID: 235171

Bill URL: View Bill

Summary

This bill amends chapter 1 of RSMo by introducing the Guidelines for User Age-Verification and Responsible Dialogue Act of 2026 (GUARD Act). It mandates that artificial intelligence chatbots implement effective age verification processes to restrict access for minors. The bill outlines definitions, requirements for covered entities, penalties for violations, and establishes the role of the attorney general in enforcing compliance.

Key Sections

  • Data Security Measures: Covered entities must implement data security protocols to protect age verification data and limit its collection.
  • Definitions: This section provides definitions for key terms related to the bill, including AI companion, artificial intelligence chatbot, covered entity, minor, and reasonable age verification measures.
  • Disclosure Requirements: AI chatbots must disclose their nature as non-human entities and clarify that they do not provide professional services.
  • Enforcement and Penalties: The attorney general is granted authority to enforce the provisions of this act, with civil penalties for violations.
  • Prohibition of Harmful Content: It is unlawful for any entity to design or operate an AI chatbot that poses a risk of soliciting minors to engage in sexually explicit conduct or self-harm.
  • User Account Requirement: Covered entities must require users to create accounts and verify their age using established processes to access AI chatbots.

Key Requirements

  • Age verification must be conducted using reasonable measures.
  • Attorney general can enforce compliance and seek penalties for violations.
  • Chatbots must disclose they are AI and not human.
  • Civil penalties up to $100,000 for each violation.
  • Establish data security measures to protect age verification data.
  • Existing user accounts must be frozen until age verification is completed.
  • Limit collection of personal data to what is necessary for age verification.
  • Must clarify that they do not provide medical, legal, or financial advice.
  • Prohibits AI chatbots from encouraging minors to engage in sexual conduct or self-harm.
  • Users must create accounts to interact with AI chatbots.
  • Violators may face fines up to $100,000.

Sponsors

Legislative Actions

Date Action
2026-01-07 S First Read
2025-12-19 Prefiled

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates a robust age-verification and gatekeeping infrastructure for AI-driven interpersonal communication services.

Mechanism of Influence: Section 1.2058.5 requires providers to freeze all existing accounts and block new ones until age is verified via 'reasonable age verification measures,' which include government ID. This mirrors the EU CSA Act's emphasis on age-verification as a mitigation tool.

Evidence:

  • Section 1.2058.2(5): 'Reasonable age verification measure', a method that is authenticated to relate to a user... including: (a) A government-issued identification'
  • Section 1.2058.5(2)(a): 'freeze any such account... require that the user provide age data that is verifiable using a reasonable age verification process'

Ambiguity Notes: The term 'commercially reasonable method' for age verification is not strictly defined beyond the inclusion of government ID, leaving room for the Attorney General to define acceptable technologies via rulemaking.

Analysis 2

Why Relevant: The bill imposes a 'safety-by-design' obligation regarding the solicitation of minors.

Mechanism of Influence: Section 1.2058.3 creates legal liability for the 'design' or 'development' of AI that 'poses a risk' of soliciting minors. This effectively compels providers to implement internal risk assessments and mitigation features in their AI models to prevent prohibited outputs.

Evidence:

  • Section 1.2058.3(1): 'It shall be unlawful to design, develop, or make available an artificial intelligence chatbot... that poses a risk of soliciting, encouraging, or inducing minors to: (a) Engage in... sexually explicit conduct'

Ambiguity Notes: The phrase 'poses a risk of soliciting' is broad and could be interpreted to require proactive monitoring or filtering of AI-generated content to ensure compliance.

Analysis 3

Why Relevant: It establishes a compliance and enforcement framework with significant penalties for platform failures.

Mechanism of Influence: The bill grants the Attorney General investigative powers (subpoenas) and the authority to seek civil penalties of up to $100,000 per violation, creating a high-stakes compliance environment similar to the EU's proposed oversight authorities.

Evidence:

  • Section 1.2058.7(1): 'the attorney general may bring a civil action... to: (a) Enjoin the violation; (b) Enforce compliance... or (c) Obtain civil penalties'
  • Section 1.2058.7(3)(a): 'subject to a civil penalty not to exceed one hundred thousand dollars for each violation'

Ambiguity Notes: The bill does not specify if 'each violation' refers to each user account or each instance of a chatbot's output, potentially leading to massive cumulative fines.

Senate - 1506 - Establishes criminal and civil liability for altered sexual depictions of identifiable persons

Legislation ID: 250995

Bill URL: View Bill

Summary

This bill introduces a new section to Chapter 537 of the Revised Statutes of Missouri, focusing on the creation and distribution of altered sexual depictions of identifiable persons. It defines key terms, outlines offenses related to generating or promoting such depictions without consent, and establishes civil and criminal penalties for violations. Additionally, it mandates covered platforms to implement processes for reporting and removing nonconsensual altered sexual depictions.

Key Sections

  • Civil Remedies: An aggrieved person may initiate a civil action against violators to obtain injunctive relief, monetary damages, and reasonable attorneys fees.
  • Concurrent Prosecution: Prosecution under this section does not preclude prosecution for other law violations, including those with greater penalties related to sexual exploitation.
  • Definitions: This section provides definitions for key terms used in the legislation, including altered sexual depiction, communication services, covered platform, and others relevant to the enforcement of the law.
  • Exemptions: Certain entities, such as interactive computer service providers and law enforcement, are exempt from the penalties outlined in this section.
  • Jurisdiction: A violation is considered to occur within Missouri if any part of the offense or harm occurs within the state, allowing for local prosecution.
  • Liability Protection for Platforms: Covered platforms are protected from liability for good faith removal of nonconsensual altered sexual depictions, provided they act based on apparent unlawful publishing.
  • Offenses and Penalties: It establishes that generating, soliciting, or promoting an altered sexual depiction of an identifiable person without their consent is a class C felony, with each act constituting a separate offense.
  • Platform Responsibilities: Covered platforms must establish a process for individuals to report and request the removal of nonconsensual altered sexual depictions, including specific requirements for the notification process.

Key Requirements

  • Allows individuals to seek civil remedies for violations.
  • Requires consent from the identifiable person for any altered sexual depiction.
  • Requires covered platforms to implement a notification and removal process by December 31, 2026.

Sponsors

Legislative Actions

Date Action
2026-01-07 S First Read
2026-01-06 Prefiled

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates a specific removal and blocking window for reported content.

Mechanism of Influence: Section 7(4)(a) requires platforms to remove content 'not later than forty-eight hours after receiving such request,' creating a strict compliance window similar to the EU's removal order framework.

Evidence:

  • not later than forty-eight hours after receiving such request: (a) Remove the altered sexual depiction

Ambiguity Notes: The term 'as soon as practicable' alongside the 48-hour limit suggests a high priority for removal that may override standard internal review processes.

Analysis 2

Why Relevant: The bill requires platforms to detect and remove identical copies of reported material.

Mechanism of Influence: Section 7(4)(b) compels platforms to use 'reasonable efforts to identify and remove any known identical copies,' which practically necessitates the use of hash-matching or similar detection technologies.

Evidence:

  • Make reasonable efforts to identify and remove any known identical copies of such altered sexual depiction.

Ambiguity Notes: The phrase 'reasonable efforts to identify' is not defined, leaving open whether this requires proactive scanning of all user uploads against a database of reported content.

Analysis 3

Why Relevant: The bill establishes a specific reporting and notification infrastructure for users.

Mechanism of Influence: Section 7(1) requires platforms to 'establish a process' for notification and removal requests, including specific metadata and identification requirements.

Evidence:

  • a covered platform shall establish a process whereby an identifiable person... may: (a) Notify the covered platform... (b) Submit a request... to remove

Ambiguity Notes: While this is a notice-and-takedown system rather than a centralized hub, it creates a statutory compliance infrastructure for content moderation.

Senate - 901 - Creates provisions relating to age verification on adult websites

Legislation ID: 234617

Bill URL: View Bill

Summary

Senate Bill No. 901 introduces a new section to chapter 407 of the Revised Statutes of Missouri, mandating age verification for individuals accessing adult websites. The bill defines key terms related to age verification, outlines the responsibilities of commercial entities, and sets penalties for non-compliance. It emphasizes the importance of not retaining identifying information and provides specific notices that must be displayed on websites. The bill also delineates exceptions for news organizations and clarifies the role of internet service providers in relation to these regulations.

Key Sections

  • Age Verification Requirement: Commercial entities that publish sexual material harmful to minors must use reasonable age verification methods to ensure that users are at least eighteen years old.
  • Definitions: This section defines key terms related to age verification, including age verification, commercial entity, digital identification, and sexual material harmful to minors.
  • Enforcement and Penalties: The Attorney General is responsible for enforcing the provisions of this section, with specific penalties outlined for violations.
  • Exemptions: The age verification requirements do not apply to bona fide news organizations or public interest broadcasts.
  • Liability of Service Providers: Internet service providers and related entities are not liable for violations of this section as long as they do not control the content of the websites.
  • Notices to Display: Commercial entities must display specific health warnings and resources related to the potential harms of pornography on their websites and advertisements.

Key Requirements

  • Age verification must not retain any identifying information of the individual.
  • Must display warnings about the harmful effects of pornography in a specified font size.
  • Must provide a notice for mental health resources at the bottom of every webpage.
  • Penalties include $10,000 per day for non-compliance and additional penalties if minors access harmful material.
  • Requires commercial entities to verify the age of individuals accessing sexual material.

Sponsors

Legislative Actions

Date Action
2026-01-08 Second Read and Referred S General Laws Committee
2026-01-07 S First Read
2025-12-01 Prefiled

Detailed Analysis

Analysis 1

Why Relevant: The bill implements a mandatory age verification/assessment regime, which is a core pillar of the EU Chat Act's child protection framework.

Mechanism of Influence: It compels commercial entities to 'use reasonable age verification methods' (Section 407.3405.2) to gate access to specific content, potentially requiring the use of third-party verification infrastructure.

Evidence:

  • Section 407.3405.2: 'shall use reasonable age verification methods to verify that an individual attempting to access the material is eighteen years of age or older.'
  • Section 407.3405.1(1): 'a method by which a commercial entity verifies the age of an individual by requiring the individual to: (a) Provide digital identification; or (b) Comply with a commercial age verification system'

Ambiguity Notes: The term 'commercially reasonable method' (Section 407.3405.1(1)(b)b) is broad and could encompass various technologies with differing privacy implications.

Analysis 2

Why Relevant: The bill addresses data preservation and internal controls, though it takes an opposite approach to the EU Chat Act by strictly prohibiting data retention.

Mechanism of Influence: It creates a statutory duty for entities and third-party verifiers to 'not retain any identifying information of the individual' (Section 407.3405.3), backed by significant per-instance fines.

Evidence:

  • Section 407.3405.3: 'shall not retain any identifying information of the individual.'
  • Section 407.3405.7(2): 'Ten thousand dollars per instance when a commercial entity retains identifying information'

Ambiguity Notes: The bill does not define 'identifying information,' leaving it unclear if anonymized or hashed data used for verification would be permitted for retention.

Analysis 3

Why Relevant: The bill defines the scope of covered entities, including social media platforms, which overlaps with the 'hosting services' and 'interpersonal communication services' targeted by the EU Chat Act.

Mechanism of Influence: It applies to any internet website, 'including a social media platform' (Section 407.3405.2), provided the content threshold is met, while exempting infrastructure providers like ISPs and cloud services.

Evidence:

  • Section 407.3405.2: 'including a social media platform, more than one-third of which is sexual material harmful to minors'
  • Section 407.3405.6: 'An internet service provider... search engine, or a cloud service provider shall not be held to have violated provisions of this section solely for providing access or connection'

Ambiguity Notes: The 'more than one-third' content threshold (Section 407.3405.2) may require platforms to perform ongoing internal audits or risk assessments of their content distribution to determine if they fall under the mandate.

↑ Back to Table of Contents

Nebraska

Index of Bills

Senate - 1083 - Adopt the Transparency in Artificial Intelligence Risk Management Act, create a fund, and change provisions relating to records which may be withheld from the public

Legislation ID: 263260

Bill URL: View Bill

Summary

The Transparency in Artificial Intelligence Risk Management Act seeks to regulate large frontier developers and chatbot providers by mandating the creation and publication of public safety and child protection plans. These plans must detail risk assessments and mitigation strategies for catastrophic risks and child safety incidents related to AI technologies. The bill outlines specific definitions, reporting requirements, and compliance measures to ensure accountability and transparency in the deployment of AI systems.

Key Sections

  • Definitions: The act provides definitions for key terms related to artificial intelligence, including catastrophic risk, child safety incident, covered chatbot, and frontier developer.
  • Definitions: This section provides definitions for key terms used in the act, including catastrophic risk, child safety incident, and large chatbot provider.
  • Introduction and Findings: This section introduces the Transparency in Artificial Intelligence Risk Management Act and outlines the Legislatures findings regarding the potential benefits and risks associated with artificial intelligence.
  • Legislative Findings: The Legislature recognizes the potential benefits and risks of artificial intelligence, particularly in relation to its impact on minors and the need for transparency in risk management by large AI companies.
  • Public Safety and Child Protection Plan Requirements: Large frontier developers and chatbot providers are required to create and publish a public safety and child protection plan that details risk assessment and mitigation strategies for catastrophic and child safety risks.
  • Public Safety and Child Protection Plans: Large frontier developers and chatbot providers must create, implement, and publish public safety and child protection plans detailing how they assess and mitigate risks associated with their AI models.
  • Reporting Safety Incidents: The act establishes mechanisms for reporting safety incidents related to AI models, including critical safety incidents and child safety incidents, to the Attorney General.
  • Reporting Safety Incidents: This section establishes reporting requirements for safety incidents, including timelines for reporting critical and child safety incidents to the Attorney General.
  • Title of the Act: The act is officially titled the Transparency in Artificial Intelligence Risk Management Act.

Key Requirements

  • Mandates immediate disclosure of imminent risks to appropriate authorities.
  • Mandates the incorporation of national and international standards into safety plans.
  • Requires large chatbot providers to assess and mitigate child safety risks.
  • Requires large chatbot providers to assess potential child safety risks.
  • Requires large frontier developers to define and assess thresholds for catastrophic risks.
  • Requires reporting of child safety incidents within fifteen days.
  • Requires reporting of critical safety incidents within fifteen days.

Sponsors

Legislative Actions

Date Action
2026-01-15 Date of introduction

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates ongoing risk assessments and mitigation plans for providers of services likely to be accessed by minors.

Mechanism of Influence: Large chatbot providers must document how they assess potential child safety risks and apply mitigations to address those risks, mirroring the EU framework's duty to identify and mitigate risks to minors.

Evidence:

  • Section 4(1)(b)(i): 'Assesses potential for child safety risks.'
  • Section 4(1)(b)(ii): 'Applies mitigations to address the potential for child safety risks based on the results of the assessments.'

Ambiguity Notes: The definition of 'child safety risk' includes damage to mental health constituting 'severe emotional distress,' a broad standard that could be interpreted to require extensive moderation or product feature changes.

Analysis 2

Why Relevant: The act establishes a centralized reporting requirement for safety incidents involving minors.

Mechanism of Influence: Providers are legally compelled to report 'child safety incidents' to the Attorney General within fifteen days of discovery, creating a state-level clearinghouse for incident data similar to the EU's reporting obligations.

Evidence:

  • Section 5(4): 'A large chatbot provider shall report any child safety incident pertaining to one of its covered chatbots to the Attorney General within fifteen days after discovering the child safety incident.'

Ambiguity Notes: The reporting mechanism is established by the Attorney General, and while it requires a 'short and plain statement,' the specific metadata or user information required is not yet defined.

Analysis 3

Why Relevant: The bill includes data preservation and internal compliance infrastructure requirements.

Mechanism of Influence: Providers must retain unredacted versions of safety documents for five years and implement internal governance practices to ensure the safety plan is followed, including whistleblower protections.

Evidence:

  • Section 4(6)(b): 'shall retain the unredacted information for five years.'
  • Section 4(1)(c)(iv): 'Institutes internal governance practices to ensure implementation of its public safety and child protection plan.'

Ambiguity Notes: The retention requirement applies to 'unredacted information' in documents published to comply with the act, which may include sensitive internal assessments of model behavior.

Senate - 642 - Adopt the Artificial Intelligence Consumer Protection Act

Legislation ID: 122219

Bill URL: View Bill

Summary

The Artificial Intelligence Consumer Protection Act is designed to protect consumers from algorithmic discrimination by setting forth requirements for developers and deployers of high-risk artificial intelligence systems. It outlines definitions, responsibilities, and documentation requirements to ensure compliance with anti-discrimination laws. The act mandates developers to disclose known risks and implement risk management policies, while deployers must conduct impact assessments and use reasonable care in their deployment of such systems.

Key Sections

  • Compliance Standards for AI Systems: Establishes that compliance with the Artificial Intelligence Risk Management Framework or the ISO/IEC 42001 standard will be presumed as conformity with the bills requirements.
  • Definitions: This section defines key terms used throughout the act, including algorithmic discrimination, artificial intelligence system, high-risk artificial intelligence system, and consequential decisions.
  • Deployer Responsibilities: Deployers of high-risk artificial intelligence systems must implement risk management policies and conduct impact assessments to mitigate algorithmic discrimination risks.
  • Developer Responsibilities: Developers of high-risk artificial intelligence systems must use reasonable care to protect consumers from algorithmic discrimination and provide necessary documentation to deployers.
  • Documentation and Disclosure: This section outlines the documentation that developers must provide regarding the AI systems, including known risks and evaluation methods.
  • Exemptions for Federal Agencies and High-Risk Systems: Certain artificial intelligence systems used by federal agencies are exempt from the act unless they are high-risk systems that significantly impact employment or housing decisions.
  • Impact Assessments: Deployers are required to conduct impact assessments for high-risk AI systems to evaluate their effects and ensure compliance with the act.

Key Requirements

  • Assessments must analyze the deployment context and intended benefits of the AI system.
  • Deployers must complete impact assessments for each high-risk AI system deployed.
  • Deployers must use reasonable care to protect consumers from known risks.
  • Developers must disclose known risks of algorithmic discrimination.
  • Developers must disclose risks of algorithmic discrimination without unreasonable delay.
  • Developers must make documentation available to assist deployers in understanding the AI systems outputs.
  • Developers must provide documentation detailing the use and limitations of the AI system.
  • Impact assessments must be completed within 90 days of deployment or modification.
  • Requires adherence to AI Risk Management Framework or ISO/IEC 42001 for compliance.
  • Requires high-risk AI systems used by federal agencies to comply with specific provisions of the act.

Sponsors

Legislative Actions

Date Action
2026-01-07 Title printed. Carryover bill
2025-01-28 Notice of hearing for February 06, 2025
2025-01-24 Referred to Judiciary Committee
2025-01-22 Date of introduction

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates provider risk assessments and mitigation plans for high-risk systems.

Mechanism of Influence: Section 4(2) requires deployers to 'implement a risk management policy and program,' and Section 4(3) requires an 'impact assessment' for each high-risk AI system deployed. This mirrors the EU Chat Act's requirement for ongoing risk assessments.

Evidence:

  • implement a risk management policy and program to govern the deployers deployment (Sec. 4(2)(a))
  • An impact assessment shall be completed for each high-risk artificial intelligence system (Sec. 4(3)(a)(i))

Ambiguity Notes: While the administrative structure is similar, the 'risk' being assessed is 'algorithmic discrimination' rather than child safety or illegal content.

Analysis 2

Why Relevant: The bill includes data preservation and internal control requirements.

Mechanism of Influence: Section 4(3)(f) requires deployers to maintain impact assessments and related records for at least three years after the final deployment of a system.

Evidence:

  • maintain... Each record concerning each such impact assessment... For at least three years (Sec. 4(3)(f))

Ambiguity Notes: None

Analysis 3

Why Relevant: The bill establishes a compliance infrastructure and consumer redress mechanism.

Mechanism of Influence: Section 4(4)(b)(iii) requires deployers to provide consumers an 'opportunity to appeal any adverse consequential decision,' which must allow for 'human review if technically feasible.'

Evidence:

  • opportunity to appeal any adverse consequential decision... allow for human review if technically feasible (Sec. 4(4)(b)(iii))

Ambiguity Notes: None

Senate - 939 - Adopt the Saving Human Connection Act

Legislation ID: 248403

Bill URL: View Bill

Summary

The Saving Human Connection Act establishes regulations for covered platforms that operate generative artificial intelligence systems. It defines key terms, outlines responsibilities for platforms to protect users, especially minors, and mandates transparency regarding the non-human nature of chatbots. The act also provides for enforcement mechanisms and civil penalties for violations.

Key Sections

  • Definitions: Defines key terms used in the act, including adult, chatbot, covered platform, human-like feature, and others relevant to the operation of generative AI systems.
  • Definitions: This section provides definitions for key terms used in the act, including adult, chatbot, covered platform, human-like feature, and others.
  • Enforcement and Penalties: Establishes enforcement mechanisms for the act, including civil penalties for non-compliance and the right for users to take legal action.
  • Enforcement and Penalties: This section designates the Attorney General to enforce the act and outlines penalties for violations.
  • Obligations of Covered Platforms: Outlines the responsibilities of covered platforms regarding user interactions with chatbots, particularly concerning minors, user safety, emotional dependence, and data handling.
  • Requirements for Covered Platforms: This section outlines the obligations of covered platforms regarding the operation of chatbots with human-like features, particularly concerning minors and user safety.
  • Severability Clause: States that if any part of the act is found invalid or unconstitutional, the remaining provisions shall still be valid.
  • Severability Clause: This section ensures that if any part of the act is found invalid, the remaining provisions remain in effect.
  • Terms of Service Agreement: Details the requirements for the terms-of-service agreements between covered platforms and users, ensuring clarity and user consent.
  • Title of the Act: Establishes the name of the act as the Saving Human Connection Act.
  • Title of the Act: This section designates the name of the act as the Saving Human Connection Act.
  • User Agreements: This section mandates that the relationship between covered platforms and users be governed by clear terms-of-service agreements.

Key Requirements

  • Attorney General to enforce the act.
  • Avoid conflicts with user interests regarding third-party data access.
  • Civil penalties up to $10,000 for violations.
  • Clearly identify human-like features as artificial.
  • Collect only necessary data respecting user interests.
  • Detect and respond to emergency situations prioritizing user safety.
  • Ensure chatbots with human-like features are not accessible to minors.
  • Ensure chatbots with human-like features are not available to minors.
  • Implement age verification systems.
  • Include regular disclosures about the chatbots nature.
  • Include regular disclosures about the non-human nature of chatbots.
  • Limit data collection to what is necessary and in the best interest of users.
  • Maintain systems to detect and respond to emergency situations.
  • Notify users of material changes in terms.
  • Notify users of material changes to the agreement.
  • Outline obligations and rights of users.
  • Outline platform obligations and user rights.
  • Present terms in clear and understandable language.
  • Prevent emotional dependence on chatbots.
  • Provide a default service version without human-like features.
  • Provide a default version of the platform without human-like features.
  • Require affirmative consent from users.
  • Require user consent before agreement takes effect.
  • Terms of service must be clear and understandable.
  • Users can bring civil actions for damages or injunctive relief.
  • Users can sue for damages and seek injunctive relief.
  • Violators may face injunctions and civil penalties up to $10,000 per violation.

Sponsors

Legislative Actions

Date Action
2026-01-13 Referred to Banking, Commerce and Insurance Committee
2026-01-09 Date of introduction
2026-01-09 KauthFA563filed
2026-01-09 MurmanFA564filed
2026-01-09 MurmanFA565filed

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates the implementation of age verification systems for access to specific platform features.

Mechanism of Influence: Covered platforms must gate 'human-like features' behind 'reasonable age verification systems' (Sec. 3(2)(b)) to ensure they are 'not made available to minors.'

Evidence:

  • Implement reasonable age verification systems that preserve privacy and ensure that a chatbot with human-like features is not made available to minors (Sec. 3(2)(b))

Ambiguity Notes: The term 'reasonable age verification' is not defined, leaving open whether this requires government ID, biometrics, or third-party verification services.

Analysis 2

Why Relevant: The bill compels platforms to operate automated detection and monitoring technologies to scan user interactions for specific content.

Mechanism of Influence: Platforms are legally required to 'detect' and 'report' emergency situations (Sec. 3(2)(e)) and 'detect and prevent emotional dependence' (Sec. 3(2)(f)). This necessitates continuous monitoring of the text, audio, or visual medium of the chatbot interaction.

Evidence:

  • Implement and maintain reasonably effective systems to detect, promptly respond to, report, and mitigate emergency situations (Sec. 3(2)(e))
  • Implement and maintain reasonably effective systems to detect and prevent emotional dependence (Sec. 3(2)(f))

Ambiguity Notes: While the target is 'emergency situations' rather than CSAM, the mechanism—mandated automated detection within private or semi-private AI interactions—parallels the EU's detection order framework.

Analysis 3

Why Relevant: The bill establishes a mandatory reporting and mitigation framework for detected content.

Mechanism of Influence: Once an 'emergency situation' is detected, the platform has a statutory duty to 'report' and 'mitigate' the situation (Sec. 3(2)(e)), prioritizing safety over other interests.

Evidence:

  • detect, promptly respond to, report, and mitigate emergency situations (Sec. 3(2)(e))

Ambiguity Notes: The bill does not specify the recipient of the 'report,' though Sec. 4(1) grants the Attorney General enforcement power, suggesting a state-level reporting nexus.

Analysis 4

Why Relevant: The bill mandates specific product design changes and 'mitigation' plans to address perceived risks of the technology.

Mechanism of Influence: Platforms must provide a 'default version' without human-like features (Sec. 3(2)(c)) and 'mitigate' risks of emotional dependence (Sec. 3(2)(f)), effectively requiring safety-by-design modifications.

Evidence:

  • Provide, as the default service, a version of the platform that does not include a chatbot with human-like features (Sec. 3(2)(c))
  • mitigate emergency situations in a manner that prioritizes the safety and well-being of users (Sec. 3(2)(e))

Ambiguity Notes: The requirement to 'prevent emotional dependence' may require platforms to throttle usage or alter AI personality traits based on individual user monitoring.

↑ Back to Table of Contents

New Hampshire

Index of Bills

House - 1650 - relative to an age-appropriate design code.

Legislation ID: 235925

Bill URL: View Bill

Summary

This bill introduces the Age-Appropriate Design Code Act, which sets forth definitions, exclusions, duties of care, and privacy settings specifically aimed at protecting minors personal data. It outlines the responsibilities of covered businesses regarding the processing of minors data and establishes stringent requirements for privacy settings to safeguard minors online experiences.

Key Sections

  • Definitions: This section provides definitions for key terms used throughout the bill, including covered business, personal data, minor, and others related to data privacy and protection.
  • Duty of Care: Covered businesses are required to uphold a minimum duty of care to minors, ensuring their data usage does not lead to emotional distress, compulsive use, or discrimination.
  • Exclusions: Certain entities and types of information are excluded from the provisions of this bill, including government entities and protected health information under HIPAA.
  • Privacy Settings: This section mandates that covered businesses configure privacy settings for minors to the highest level of protection, preventing unauthorized access and interactions.

Key Requirements

  • Businesses must not cause emotional distress to minors.
  • Businesses must not discriminate against minors based on various identities.
  • Businesses must prevent compulsive use of their services by minors.
  • Businesses must provide a tool for minors to delete their accounts easily.
  • Default privacy settings must restrict visibility and interactions with known adults.

Sponsors

Legislative Actions

Date Action
2026-01-07 To Be Introduced 01/07/2026 and referred to Commerce and Consumer Affairs

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age verification/assurance mechanisms for online services likely to be accessed by minors.

Mechanism of Influence: It requires the Attorney General to identify 'commercially reasonable and technically feasible methods' for businesses to determine a user's age, creating a statutory mandate for age-gating technologies.

Evidence:

  • “Age assurance” encompasses a range of methods used to determine, estimate, or communicate the age (359-C:22, III)
  • identify commercially reasonable and technically feasible methods for covered businesses and processors to determine if a user is a covered minor (359-C:29, II)

Ambiguity Notes: The term 'technically feasible methods' is not defined, potentially allowing for invasive identity verification or biometric analysis to satisfy the requirement.

Analysis 2

Why Relevant: The bill imposes risk-mitigation duties regarding product design and algorithmic recommendation systems.

Mechanism of Influence: Businesses must ensure their design does not result in 'foreseeable emotional distress' or 'compulsive use,' effectively mandating changes to moderation and product features to protect minors.

Evidence:

  • A covered business... owes a minimum duty of care to the covered minor (359-C:24, I)
  • design of an online service... will not result in: (a) Reasonably foreseeable emotional distress... (b) Reasonably foreseeable compulsive use (359-C:24, II)

Ambiguity Notes: The 'duty of care' is broad; 'emotional distress' and 'compulsive use' are subjective standards that may compel platforms to implement aggressive content filtering or feature removal to avoid liability.

Analysis 3

Why Relevant: The bill restricts interpersonal communication between adults and minors, which has implications for encrypted messaging.

Mechanism of Influence: By prohibiting direct messaging between minors and 'known adults' by default, platforms may be forced to verify the age and identity of all participants in a conversation, potentially requiring metadata analysis or client-side checks in E2EE environments.

Evidence:

  • Not permitting direct messaging on a social media platform between the covered minor and any known adult user (359-C:25, I(d))

Ambiguity Notes: The requirement to 'not permit direct messaging' unless expressly allowed requires the platform to know the age status of both parties, which is difficult to achieve without undermining anonymity or encryption.

House - 1658 - relative to parental consent and age verification for digital application platforms.

Legislation ID: 235933

Bill URL: View Bill

Summary

This bill introduces new provisions under a chapter titled App Store Accountability to govern how app store providers must handle age verification and parental consent. It defines various age categories and outlines the responsibilities of app store providers and developers to ensure compliance with age-related restrictions and to protect the personal data of minors. The bill also establishes enforcement mechanisms and potential penalties for violations.

Key Sections

  • Application and Limitations: This section clarifies that the chapter does not prevent reasonable measures to block harmful material or require unnecessary parental consent for certain apps.
  • App Store Provider Requirements: This section outlines the specific obligations of app store providers, including age verification at account creation, obtaining parental consent for minor accounts, and notifying users of significant changes.
  • Definitions: This section provides definitions for key terms used throughout the bill, including age categories, app store provider, parental consent, and more.
  • Developer Requirements: This section details the responsibilities of app developers, including verifying user age, notifying app store providers of significant changes, and ensuring compliance with age-related restrictions.
  • Division Rulemaking: This section allows the division to create rules for verifying whether an account holder is a minor, ensuring compliance with the chapter.
  • Enforcement: This section establishes that violations of the chapter are considered deceptive acts and outlines the enforcement powers of the attorney general, including penalties for non-compliance.
  • Safe Harbor: This section provides a safe harbor for developers against liability if they can demonstrate good faith reliance on age verification data and compliance with the chapters requirements.
  • Severability: This section states that if any provision of the chapter is found invalid, the rest of the chapter remains effective.

Key Requirements

  • Allows for injunctive relief and recovery of legal costs.
  • Attorney general can impose civil penalties up to $7,500 for violations.
  • Developers must notify providers of significant app changes.
  • Developers must request parental consent when necessary.
  • Developers must verify user age through app store data.
  • Requires app store providers to verify age at account creation.
  • Requires notification of significant changes to app terms for minor accounts.
  • Requires parental consent for minors to download or purchase apps.

Sponsors

Legislative Actions

Date Action
2026-01-07 To Be Introduced 01/07/2026 and referred to Commerce and Consumer AffairsHJ 1

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age verification and age assessment for all users of digital application platforms.

Mechanism of Influence: It requires app store providers to 'Verify the individuals age category' at the time of account creation using 'commercially available methods' (359-V:2, I(a)).

Evidence:

  • Verify the individuals age category using: (A) Commercially available methods that are reasonably designed to ensure accuracy (359-V:2, I(a)(2))

Ambiguity Notes: The term 'commercially available methods' is not defined, potentially encompassing high-friction identity verification or biometric age estimation.

Analysis 2

Why Relevant: The bill imposes significant gatekeeping obligations on app store providers to control minor access.

Mechanism of Influence: App stores must 'Obtain verifiable parental consent' before allowing a minor to 'Download an app' or 'Purchase an app' (359-V:2, I(b)(2)).

Evidence:

  • Obtain verifiable parental consent... before allowing the minor to: (A) Download an app; (B) Purchase an app (359-V:2, I(b)(2))

Ambiguity Notes: This creates a centralized enforcement point where the app store is responsible for the compliance of all third-party apps.

Analysis 3

Why Relevant: The bill establishes compliance infrastructure and data-sharing requirements between platforms and developers.

Mechanism of Influence: App store providers must provide 'Age category data' and 'status of verified parental consent' to developers upon request (359-V:2, I(d)).

Evidence:

  • Provide to a developer... Age category data for a user located in the state (359-V:2, I(d)(1))
  • Transmitting personal age verification data using industry-standard encryption protocols (359-V:2, I(f)(2))

Ambiguity Notes: While the bill requires 'industry-standard encryption' for this data, it mandates the creation and transmission of age-related metadata across the app ecosystem.

House - 293 - preventing minors from accessing obscenity on certain electronic devices with internet access.

Legislation ID: 113555

Bill URL: View Bill

Summary

This bill mandates that manufacturers of electronic tablets and smartphones install filters that restrict minors from accessing obscene content online. It establishes civil and criminal liabilities for manufacturers and individuals who intentionally disable these filters to allow minors access to such material. The bill also provides a private right of action for parents or guardians if a minor accesses obscene material due to a violation of these provisions.

Key Sections

  • Criminal Liability: Individuals who disable a filter on a device to allow minors to access obscene material may face criminal charges.
  • Definitions: This section defines key terms used throughout the bill, including device, filter, manufacturer, obscene material, and minor.
  • Filter Required: All electronic devices must contain a filter that prevents access to obscene material and must automatically enable this filter for users identified as minors.
  • Liability; Consumer Protection Act: Manufacturers who fail to comply with the filter requirements may face legal action from the attorney general under consumer protection laws.
  • Private Right of Action: Parents or guardians can sue individuals or manufacturers who disable filters, allowing minors to access obscene material, with specified damages.

Key Requirements

  • Devices must contain a filter upon activation.
  • Disabling a filter with intent to allow access to obscene material is a class B felony.
  • Filters must automatically enable for minors based on the age provided.
  • Manufacturers can be sued for violations that enable minors to access such material.
  • Manufacturers must comply with filter requirements to avoid legal action.
  • Non-minor users with the password can deactivate and reactivate the filter.
  • Parents can sue if a filter is disabled with intent to allow minors access to obscene material.
  • Users must be able to set a password for the filter.
  • Users must be notified when a filter blocks access to a website.
  • Users must provide their age during activation.

Sponsors

Legislative Actions

Date Action
2026-01-07 Refer for Interim Study: MA VV 01/07/2026HJ 1
2025-11-12 Committee Report: Refer for Interim Study 11/12/2025 (Vote 17-0; CC)HC 51P. 14
2025-11-12 Executive Session: 11/12/2025 10:00 am GP 230
2025-10-27 ==CANCELLED== Subcommittee Work Session: 10/27/2025 11:00 am GP 230
2025-09-15 Subcommittee Work Session: 09/15/2025 10:00 am GP 230
2025-09-10 Full Committee Work Session: 09/10/2025 10:00 am GP 230
2025-03-03 Executive Session: 03/03/2025 10:00 am LOB 206-208
2025-03-03 Retained in Committee

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age verification/assessment at the device activation level.

Mechanism of Influence: Manufacturers must 'Ask the user to provide the user’s age during activation' and 'Automatically enable the filter when the user is a minor' (RSA 507-I:2, II-III).

Evidence:

  • Ask the user to provide the user’s age during activation and account set-up (RSA 507-I:2, II)
  • Automatically enable the filter when the user is a minor based on the age provided (RSA 507-I:2, III)

Ambiguity Notes: The bill does not specify the method of verification, only that the age is 'provided by the user,' which may lead to self-certification or more intrusive verification requirements to ensure accuracy.

Analysis 2

Why Relevant: The bill compels the installation of detection and blocking technologies on devices.

Mechanism of Influence: Devices must contain a 'filter' defined as software 'capable of preventing the device from accessing or displaying obscene material' (RSA 507-I:1, III).

Evidence:

  • software used on a device that is capable of preventing the device from accessing or displaying obscene material (RSA 507-I:1, III)
  • blocking known websites linked to obscene content via mobile data networks, wired Internet networks, and wireless Internet networks (RSA 507-I:1, III)

Ambiguity Notes: The term 'displaying' could be interpreted to require client-side scanning of content before it is rendered on the screen, potentially affecting encrypted content if accessed via manufacturer-controlled browsers.

Analysis 3

Why Relevant: The bill establishes a compliance and liability infrastructure for manufacturers.

Mechanism of Influence: Manufacturers are subject to the Consumer Protection Act and private lawsuits for failure to comply with filtering mandates (RSA 507-I:3, RSA 507-I:4).

Evidence:

  • A manufacturer of a device that does not comply with RSA 507-I:2 shall be subject to an action by the attorney general under RSA 358-A:2 (RSA 507-I:4)
  • A parent or legal guardian may bring a civil action against... A manufacturer who violates RSA 507-I:2 (RSA 507-I:3, II)

Ambiguity Notes: None

Senate - 648 - requiring age verification to allow access to certain material harmful to minors.

Legislation ID: 251380

Bill URL: View Bill

Summary

SB 648 mandates that websites and applications that distribute material harmful to minors must verify the age of users before allowing access to such content. It establishes clear definitions of harmful material, outlines the responsibilities of commercial entities regarding age verification, and creates enforcement mechanisms including a private right of action for parents and oversight by the attorney general.

Key Sections

  • Age Verification Requirement: This section outlines the specific requirements for commercial entities regarding age verification for users seeking access to harmful material.
  • Data Privacy: This section ensures that no personal information used for age verification is retained or sold by commercial entities or third-party providers.
  • Definitions: This section defines key terms used in the bill, including what constitutes material harmful to minors and the types of entities that must comply with the age verification requirements.
  • Effective Date: This section states when the provisions of the bill will take effect.
  • Exemptions: This section lists entities that are exempt from the age verification requirements under this bill.
  • Liability and Enforcement: This section establishes the legal recourse available to parents if a commercial entity fails to verify age, including potential damages and liability.
  • State Enforcement: This section empowers the attorney general to enforce the age verification requirements and impose civil penalties on violators.

Key Requirements

  • Allows parents or guardians to sue for damages if their minor accesses harmful material due to noncompliance.
  • Allows the attorney general to seek injunctive relief and impose civil penalties of up to $25,000 per violation.
  • Defines commercial entity as any business that controls a website or app that distributes harmful material.
  • Defines material harmful to minors based on community standards.
  • Defines reasonable age verification method including government ID checks.
  • Defines substantial portion of content as over one-third being harmful to minors.
  • Establishes penalties for knowingly violating this provision.
  • Exempts news organizations, libraries, museums, and educational institutions distributing material for legitimate purposes.
  • Mandates posting a clear warning message about age verification on the landing page.
  • Prohibits claiming immunity under Section 230 of the Communications Decency Act for violations.
  • Prohibits retention of personal identifying information used during verification.
  • Prohibits retention, storage, or sale of personal information used in age verification.
  • Requires users to verify their age using a reasonable age verification method.
  • The act will take effect on January 1, 2027.

Sponsors

Legislative Actions

Date Action
2026-01-08 Hearing: 01/08/2026, Room 100, SH, 01:30 pm;SC 47
2026-01-07 Introduced 01/07/2026 and Referred to Judiciary;SJ 1

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age verification for access to specific categories of online content.

Mechanism of Influence: It requires commercial entities to 'Require all users attempting to access such material to verify their age using a reasonable age verification method' (507-J:2, I, a).

Evidence:

  • Require all users attempting to access such material to verify their age using a reasonable age verification method (507-J:2, I, a)
  • A government-issued identification card check conducted by a third-party verification service (507-J:1, IV, a)

Ambiguity Notes: The term 'reasonable age verification method' includes 'industry best practices' (507-J:1, IV, b), which may evolve to include more intrusive technologies over time.

Analysis 2

Why Relevant: The bill contains strong data privacy protections that contrast with the data preservation requirements of the EU CSA Regulation.

Mechanism of Influence: It explicitly prohibits the retention of verification data, which prevents the creation of the types of databases or audit trails often required for compliance in more comprehensive safety regimes.

Evidence:

  • Not retain any personal identifying information used during the verification process (507-J:2, I, b)
  • No commercial entity or third-party age verification provider shall retain, store, or sell any personal information (507-J:5, I)

Ambiguity Notes: The prohibition on data retention (507-J:5) acts as a safeguard against the surveillance-heavy aspects of the EU model.

↑ Back to Table of Contents

New Jersey

Index of Bills

Senate - 1826 - Requires age verification to prohibit minors from accessing sexually explicit material online.

Legislation ID: 256969

Bill URL: View Bill

Summary

This legislation amends New Jerseys obscenity laws to require sexually oriented online entities to verify the age of individuals attempting to access obscene material, ensuring that only those 18 years or older can view such content. It outlines definitions of obscene material, establishes penalties for violations, and provides methods for age verification, including using third-party services or state motor vehicle identification systems.

Key Sections

  • Admitting to exhibition of obscene film: This section outlines penalties for admitting minors to view obscene films or materials.
  • Defenses: This section outlines defenses available to individuals accused of violating the obscenity law.
  • Definitions for purposes of this section: This section defines terms related to obscenity and age verification, including what constitutes obscene material and activities related to it.
  • Online age verification: This provision mandates age verification for online entities displaying obscene material.
  • Presumption of knowledge and age: This provision presumes knowledge of the character of the material and the age of the viewer for those who fail to verify age.
  • Promoting obscene material: This provision establishes penalties for individuals who knowingly sell or exhibit obscene material to minors.

Key Requirements

  • Allows age verification through state systems or third-party services.
  • Assumes knowledge if reasonable age verification measures are not taken.
  • Defendants can prove that a minor misrepresented their age or appeared older.
  • Establishes that such actions are crimes of the third degree.
  • Establishes that violators are guilty of a crime of the third degree.
  • Prohibits admitting individuals under 18 to theaters showing obscene films.
  • Prohibits selling or showing obscene material to individuals under 18 years of age.
  • Requires online entities to verify that users are at least 18 years old before granting access.

Sponsors

Legislative Actions

Date Action
2026-01-13 Introduced in the Senate, Referred to Senate Judiciary Committee

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age verification for online entities, a core component of the EU Chat Act's framework for protecting minors.

Mechanism of Influence: It requires platforms to 'verify that each individual that attempts to access or view the obscene material is at least 18 years of age' (Section 1.f.1), potentially requiring the integration of third-party ID services or state databases.

Evidence:

  • Section 1.f.1: 'shall verify that each individual that attempts to access or view the obscene material is at least 18 years of age'
  • Section 1.a.9: 'includes the owner or operator of an interactive computer service, including but not limited to, a website, social media platform, file sharing platform... the primary purpose or substantial portion of which is to exhibit or show obscene material'

Ambiguity Notes: The definition of 'substantial portion' (Section 1.a.10) as one-third of revenue or content creates a specific threshold that may exclude general-purpose platforms while capturing niche social media or file-sharing sites.

Analysis 2

Why Relevant: The bill includes requirements for user redress and contact points, similar to the compliance infrastructure in the EU proposal.

Mechanism of Influence: Entities must provide a 'means by which an individual at least 18 years of age who is wrongly denied access may contact the entity to correct the individual’s access restriction' (Section 1.f.3).

Evidence:

  • Section 1.f.3: 'provide a means by which an individual... who is wrongly denied access may contact the entity'

Ambiguity Notes: While it requires a contact point for access issues, it does not mandate the broader 'legal representative' or 'compliance officer' roles seen in more comprehensive regulations.

Senate - 352 - "Human Trafficking and Child Exploitation Prevention Act"; requires Internet-connected devices to have blocking capability in certain circumstances.

Legislation ID: 254680

Bill URL: View Bill

Summary

The Human Trafficking and Child Exploitation Prevention Act establishes regulations for products that provide internet access, mandating them to include digital blocking features that prevent minors from accessing obscene materials. The bill outlines the responsibilities of manufacturers and sellers, including maintaining the functionality of these blocking features and providing a reporting mechanism for users. It also details the process for deactivating these features, penalties for non-compliance, and the allocation of fees collected for supporting anti-trafficking initiatives.

Key Sections

  • Deactivation of Digital Blocking Capability: Consumers can request the deactivation of digital blocking features under specific conditions, including age verification and payment of a fee.
  • Penalties for Non-Compliance: Violations of this act can lead to monetary penalties and civil suits for damages.
  • Reporting and Legal Recourse: The bill provides a process for unblocking mistakenly filtered content and allows legal action for unresponsive manufacturers.
  • Responsibilities of Manufacturers and Sellers: Manufacturers and sellers must ensure the digital blocking capabilities function properly, provide a reporting mechanism, and restrict access to certain harmful content.
  • Unlawful Practices Regarding Internet-Connected Products: It is illegal to manufacture or distribute internet-accessible products without digital blocking capabilities to restrict obscene material, especially for minors.

Key Requirements

  • Acknowledgment of risks associated with deactivation.
  • Consumers can seek judicial relief to unblock filtered content.
  • Ensure child pornography and revenge pornography are inaccessible.
  • Establish a reporting mechanism for consumers to report unblocked obscene material.
  • Identification to verify age (18+).
  • Legal action can be taken against manufacturers for unresponsive reports of obscene material.
  • Material blocked in error must be unblocked within five business days after reporting.
  • Monetary penalties up to $10,000 for first offenses and $20,000 for subsequent offenses.
  • Ongoing efforts to ensure digital blocking capability functions properly.
  • Payment of a one-time $20 digital access fee.
  • Potential for cease and desist orders and punitive damages.
  • Products cannot be sold to minors unless the blocking capability is active and functioning.
  • Products must contain digital blocking capability to make obscene material inaccessible.
  • Prohibit access to hubs that facilitate prostitution.
  • Render websites known for human trafficking inaccessible.
  • Written request for deactivation.

Sponsors

Legislative Actions

Date Action
2026-01-13 Introduced in the Senate, Referred to Senate Law and Public Safety Committee

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates the installation and operation of filtering technologies to detect and block specific categories of content.

Mechanism of Influence: By requiring products to 'render any obscene material... inaccessible' and 'ensure that all child pornography... is inaccessible,' the law compels the use of scanning or filtering software at the device or application level.

Evidence:

  • Section 2.a.(1): 'unless the product contains digital blocking capability that renders any obscene material... inaccessible'
  • Section 2.b.(3): 'ensure that all child pornography and revenge pornography is inaccessible on the product'

Ambiguity Notes: The term 'digital blocking capability' is not technically defined, leaving open whether this must occur via DNS filtering, client-side scanning, or OS-level content analysis.

Analysis 2

Why Relevant: The bill imposes a strict age-verification requirement for users wishing to bypass the content filters.

Mechanism of Influence: Users must 'present identification to verify that the consumer is 18 years of age or older' to deactivate the blocking features, creating a state-mandated identity-linked access control for unfiltered internet.

Evidence:

  • Section 3.a.(2): 'presents identification to verify that the consumer is 18 years of age or older'

Ambiguity Notes: The bill does not specify the standards for 'identification,' potentially requiring government-issued IDs for internet de-filtering.

Analysis 3

Why Relevant: The bill requires ongoing maintenance and mitigation efforts to ensure the effectiveness of the blocking technology.

Mechanism of Influence: Manufacturers are legally obligated to perform 'ongoing efforts' to ensure the filter 'functions properly,' which mirrors the EU's requirement for ongoing risk mitigation and technology updates.

Evidence:

  • Section 2.b.(1): 'make reasonable and ongoing efforts to ensure that the digital content blocking capability functions properly'

Ambiguity Notes: The phrase 'reasonable and ongoing efforts' is broad and could be interpreted as a mandate for continuous updates to hash databases or AI-based detection models.

Analysis 4

Why Relevant: The mandate functionally compels client-side scanning, which undermines end-to-end encryption (E2EE).

Mechanism of Influence: Because the 'product' (which can include software or devices) must ensure content is 'inaccessible,' it necessitates analyzing content before or after decryption on the device, effectively bypassing E2EE protections for private communications.

Evidence:

  • Section 2.a: 'unlawful practice... to manufacture, sell... a product that makes content accessible on the Internet... unless the product contains digital blocking capability'

Ambiguity Notes: While encryption is not named, the requirement to block content 'on the product' makes it impossible to honor E2EE if the product is a communication device or app.

Senate - 4153 - Prohibits social media platforms from promoting certain practices or features of eating disorders to child users.

Legislation ID: 49633

Bill URL: View Bill

Summary

This bill prohibits social media platforms from promoting behaviors that could lead to eating disorders among users under 18 years old. It defines key terms related to social media and eating disorders and establishes requirements for platforms to audit their practices. Violations can result in substantial civil penalties.

Key Sections

  • Definitions: Defines key terms used in the bill, including child user, content, eating disorder, and social media platform.
  • Effective Date: Indicates that the act will take effect six months after its enactment.
  • Liability Limitations: Specifies conditions under which social media platforms are not liable for content shared by users or third parties.
  • Penalties: Outlines civil penalties for social media platforms that violate the prohibitions, with a maximum fine of $250,000 per violation.
  • Prohibitions on Social Media Platforms: Prohibits social media platforms from using designs or features that could lead to eating disorders in child users, including promoting diet products.

Key Requirements

  • Mandates corrective action within 30 days of identifying harmful practices.
  • No liability for content solely created by third parties.
  • Platforms are not liable for user-generated content unless they paid for it.
  • Protection under existing laws like 47 U.S.C. s.230.
  • Requires annual independent audits of practices related to eating disorders.
  • Requires social media platforms to conduct internal audits of their practices quarterly.
  • Violators face civil penalties collected under the Penalty Enforcement Law of 1999.

Sponsors

Legislative Actions

Date Action
2026-01-12 Substituted by A4664 (1R)
2026-01-08 Reported from Senate Committee, 2nd Reading
2026-01-06 Transferred to Senate Budget and Appropriations Committee
2025-02-25 Introduced in the Senate, Referred to Senate Health, Human Services and Senior Citizens Committee

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates a systematic risk-assessment and mitigation regime for social media platforms regarding child safety.

Mechanism of Influence: It requires platforms to conduct 'quarterly audits' and 'annual audit[s]' of their 'practices, algorithms, designs, features, and affordances' to identify potential harms (Section 2(b)(1)(a)).

Evidence:

  • conducts quarterly audits of its practices, algorithms, designs, features, and affordances (Section 2(b)(1)(a)(i))
  • hires an independent third party to conduct an annual audit (Section 2(b)(1)(a)(ii))

Ambiguity Notes: The term 'action to correct' is not defined, leaving it to the platform's discretion or future regulatory interpretation as to whether this requires changing recommendation engines or removing specific content types.

Analysis 2

Why Relevant: The bill compels platforms to implement mitigation plans based on audit findings, mirroring the EU's mandated mitigation measures.

Mechanism of Influence: If an audit identifies a risk, the platform must 'take action to correct the practice, algorithm, design, feature, or affordance within 30 calendar days' (Section 2(b)(1)(b)).

Evidence:

  • the platform has taken action to correct the practice... within 30 calendar days of the completion of the audit (Section 2(b)(1)(b))

Ambiguity Notes: The 30-day window is a strict compliance timeline similar to the EU's rapid response requirements for identified risks.

Analysis 3

Why Relevant: The bill establishes a compliance infrastructure and auditing requirement to avoid significant civil penalties.

Mechanism of Influence: It creates a legal defense for platforms that maintain an 'internal audit program,' effectively making these assessments a mandatory part of platform governance (Section 2(b)(1)).

Evidence:

  • instituted and maintained an internal audit program (Section 2(b)(1)(a))
  • liable for a civil penalty, not to exceed $250,000 per violation (Section 2(d))

Ambiguity Notes: While the bill includes a Section 230 and First Amendment savings clause, the requirement to audit and 'correct' algorithms may create friction with existing federal protections for platform editorial discretion.

↑ Back to Table of Contents

New York

Index of Bills

Assembly - 222 - Relates to liability for misleading, incorrect, contradictory or harmful information provided to a user by a chatbot

Legislation ID: 53999

Bill URL: View Bill

Summary

This bill amends the General Business Law to introduce regulations concerning the liability of chatbot proprietors for misleading or harmful information provided by their systems. It defines key terms related to artificial intelligence and chatbots, outlines the responsibilities of chatbot proprietors, and establishes requirements for the protection of users, particularly minors and those at risk of self-harm. The bill mandates clear disclosures to users regarding their interactions with chatbots and sets forth penalties for non-compliance.

Key Sections

  • Attorney General Regulations: The attorney general is tasked with establishing regulations for compliance methods related to chatbot liability and user safety.
  • Companion Chatbot Responsibilities: Proprietors of companion chatbots must take reasonable measures to prevent self-harm and provide resources for users expressing such thoughts.
  • Data Usage Restrictions: Information collected for age verification or parental consent must be used solely for those purposes and deleted afterward.
  • Definitions: This section provides definitions for key terms used throughout the bill, including artificial intelligence, chatbot, companion chatbot, covered user, and others.
  • Liability for Bodily Harm: Proprietors are liable for any bodily harm caused by misleading information from their chatbots, including self-harm, with no liability waiver allowed.
  • Liability for Misleading Information: Proprietors of chatbots cannot disclaim liability for providing misleading or harmful information to users that results in financial or demonstrable harm.
  • Minor User Protections: Proprietors must verify the age of users and obtain parental consent for minors, prohibiting access until consent is secured.
  • Ongoing Vulnerability Assessments: Proprietors are required to implement methods to identify vulnerabilities in their chatbot systems.
  • Parental Consent Limitations: The bill clarifies that granting parental consent does not grant parents additional access to their childs data.
  • User Notification: Proprietors must notify users when they are interacting with a chatbot in a clear and conspicuous manner.

Key Requirements

  • Liability cannot be waived by merely informing users they are interacting with a chatbot.
  • Must cease use until parental consent is obtained.
  • Must display contact information for suicide crisis organizations.
  • Must prohibit use for 24 hours if self-harm is detected.
  • Must prohibit use for 3 days if self-harm is detected in minor users.
  • Notification must be in the same language and font size as other text on the platform.
  • Proprietors must correct misleading information within 30 days of notice.

Sponsors

Legislative Actions

Date Action
2026-01-07 referred to consumer affairs and protection
2025-02-28 amend and recommit to consumer affairs and protection
2025-02-28 print number 222a
2025-01-08 referred to consumer affairs and protection

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age verification for users of companion chatbots.

Mechanism of Influence: Proprietors must use 'commercially reasonable and technically feasible methods' to determine if a user is a minor and obtain parental consent before allowing access.

Evidence:

  • use commercially reasonable and technically feasible methods to determine whether a covered user is a minor (§ 390-f(6)(a))
  • appropriate levels of accuracy that would be commercially reasonable... in determining (i) whether a user is a minor (§ 390-f(8)(c))

Ambiguity Notes: The bill leaves the specific 'methods' and 'appropriate levels of accuracy' to be defined by Attorney General regulations, similar to the EU's reliance on 'reliable technologies.'

Analysis 2

Why Relevant: The bill compels the detection of specific user content (self-harm) within interpersonal-style communications.

Mechanism of Influence: Proprietors are legally required to 'determine whether a covered user is expressing thoughts of self-harm,' necessitating the scanning of user inputs to identify prohibited indicators.

Evidence:

  • determine whether a covered user is expressing thoughts of self-harm (§ 390-f(5)(a)(ii))
  • techniques to determine whether a user is expressing thoughts of self-harm (§ 390-f(8)(b)(iii))

Ambiguity Notes: While focused on self-harm rather than CSAM, the mechanism of mandated content detection in 'interpersonal' simulations mirrors the EU Chat Act's scanning requirements.

Analysis 3

Why Relevant: The bill requires ongoing risk and vulnerability assessments.

Mechanism of Influence: Proprietors must implement methods to discover system vulnerabilities, including those related to age determination and content detection, creating a continuous compliance and mitigation loop.

Evidence:

  • engage in the ongoing implementation of commercially reasonable and technically feasible methods to discover vulnerabilities in the proprietors system (§ 390-f(7))

Ambiguity Notes: The term 'vulnerabilities' is broad and could encompass both security flaws and failures in the mandated moderation/detection systems.

Analysis 4

Why Relevant: The bill mandates access-blocking/removal orders based on detected content.

Mechanism of Influence: If self-harm thoughts are detected, the proprietor is statutorily required to prohibit the user's continued use of the service for a set period (24 hours to 3 days).

Evidence:

  • prohibits continued use of the companion chatbot for a period of at least twenty-four hours (§ 390-f(5)(a)(ii))
  • prohibit such covered users continued use... for a period of at least three days (§ 390-f(6)(b)(ii))

Ambiguity Notes: This functions as a mandatory temporary 'blocking order' triggered by automated or human-reviewed detection.

Assembly - 3265 - Enacts the New York artificial intelligence bill of rights

Legislation ID: 57911

Bill URL: View Bill

Summary

This legislation, known as the New York artificial intelligence bill of rights, is designed to protect New York residents from the potential harms of automated decision-making systems. It outlines specific rights related to safety, discrimination, data privacy, and the ability to opt for human alternatives in interactions with automated systems. The bill emphasizes the importance of oversight and accountability in the development and deployment of such technologies.

Key Sections

  • Algorithmic discrimination practices: Prohibits discrimination against New York residents by algorithms and mandates equitable design and use of automated systems.
  • Application: Establishes that the rights outlined in the article apply to New York residents in relation to automated systems that impact their civil rights, opportunities, and access to resources.
  • Construction: Clarifies that the rights in this article should be interpreted as harmonious and mutually supportive.
  • Data privacy: Ensures residents are protected from abusive data practices and maintain control over their personal data.
  • Definitions: This section defines key terms used in the article, including rights, algorithmic discrimination, automated systems, and underserved communities.
  • Safe and effective systems: Outlines the rights of residents to be protected from unsafe automated systems, requiring pre-deployment testing, ongoing monitoring, and removal of ineffective systems.

Key Requirements

  • Automated systems must undergo equity assessments and disparity testing.
  • Automated systems must undergo pre-deployment testing and ongoing monitoring.
  • Consent for data collection must be clear and understandable.
  • Data collection must conform to reasonable expectations and only necessary data should be collected.
  • Designers must ensure accessibility for residents with disabilities.
  • Systems failing to meet safety standards must not be deployed or must be removed.

Sponsors

Legislative Actions

Date Action
2026-01-07 referred to science and technology
2025-01-27 referred to science and technology

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates risk assessments and mitigation plans for automated systems, a core structural feature of the EU Chat Act.

Mechanism of Influence: Developers must perform 'pre-deployment testing, risk identification and mitigation' and 'ongoing monitoring' to ensure systems are safe and effective (§ 504(2)).

Evidence:

  • Automated systems shall undergo pre-deployment testing, risk identification and mitigation" (§ 504(2))
  • ongoing monitoring that demonstrates they are safe and effective" (§ 504(2))

Ambiguity Notes: While the mechanism is similar, the scope is limited to 'civil rights, civil liberties, and privacy' and 'access to critical resources' (§ 502) rather than content-specific scanning.

Assembly - 3323 - Relates to internet dating service verification standards

Legislation ID: 58033

Bill URL: View Bill

Summary

This bill amends the general business law to create standards for internet dating services regarding the verification of users identities, locations, and ages. It mandates that services verify members identities and locations before allowing them to register, particularly focusing on preventing minors from accessing such services. The bill also outlines penalties for non-compliance and the responsibilities of internet dating services to implement security measures.

Key Sections

  • Definitions: This section defines key terms related to internet dating services, including identity verification, license verification, location verification, and what constitutes a New York member.
  • Enforcement and Penalties: The Attorney General can enforce compliance with these verification standards and seek damages for violations, with provisions for increased penalties for repeated offenses.
  • Liability Protections: Internet service providers are not liable for violations solely based on their role as intermediaries in message transmission between members.
  • Security Features: Services are required to implement security measures that limit usage during significant periods of inactivity to enhance user safety.
  • Verification Requirements: Internet dating services must verify the location and identity of New York members before registration, and prohibit minors from using the service if identified during verification.

Key Requirements

  • Allows the Attorney General to bring actions against non-compliant services.
  • Permits recovery of damages up to $500 per unverified member registered.
  • Requires identity verification for New York members.
  • Requires internet dating services to implement security features against inactive use.
  • Requires license verification for New York members, prohibiting minors from use.
  • Requires location verification to confirm a members location in New York.

Sponsors

Legislative Actions

Date Action
2026-01-07 referred to consumer affairs and protection
2025-01-27 referred to consumer affairs and protection

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates strict age verification to exclude minors from the service, a core element of the EU CSA Act's safety framework.

Mechanism of Influence: It creates a statutory duty to use technology to verify government IDs ('license verification') to identify and block minors, effectively gatekeeping the service based on age.

Evidence:

  • § 394-cccc. 2. (b) require all New York members to use license verification
  • Where it is determined from the license verification that the New York member is a minor, such member shall be prohibited from using the online dating service

Ambiguity Notes: The term 'license verification' is defined broadly as 'the use of technology,' which could encompass various automated third-party ID verification systems with varying privacy implications.

Analysis 2

Why Relevant: The bill requires identity verification that links digital accounts to physical, government-verified identities.

Mechanism of Influence: By requiring 'on-demand self-photographs' matched to government IDs, the bill establishes a 'know your user' compliance infrastructure that mirrors the identity-linked safety requirements often bundled with online safety regulations.

Evidence:

  • § 394-cccc. 1. (a) 'identity verification' shall mean the use of an on-demand self-photograph to verify the ownership of a persons government-issued identification

Ambiguity Notes: The requirement for 'on-demand self-photographs' suggests a biometric or liveness-check component, though the bill does not explicitly define the technical standards for this verification.

Analysis 3

Why Relevant: The bill includes enforcement mechanisms and penalties for failing to verify users, creating a high-stakes compliance environment.

Mechanism of Influence: The Attorney General is empowered to seek damages per unverified member, compelling platforms to adopt verification technologies to avoid significant financial liability.

Evidence:

  • § 394-cccc. 5. (a) (ii) To recover up to five hundred dollars for each New York member registered... but was not subjected to the verification processes
  • a court may increase the damages up to three times... where the defendant has been found to have engaged in a pattern and practice of violating

Ambiguity Notes: The 'pattern and practice' clause allows for tripled damages, which may lead platforms to over-verify or exclude users to minimize legal risk.

Assembly - 3335 - Prevents interactive computer service providers from knowingly or negligently promoting developed content that is dangerous or otherwise injurious to minors

Legislation ID: 58060

Bill URL: View Bill

Summary

This legislation seeks to amend the general business law by establishing regulations for interactive computer service providers in New York. It defines key terms related to content promotion and outlines the responsibilities and liabilities of these providers when targeting minors with potentially harmful content. The bill emphasizes the need for service providers to avoid knowingly or negligently promoting content that could cause physical or emotional harm to minors.

Key Sections

  • Defenses and Limitations: This section clarifies defenses available to service providers and limitations on their liability regarding content promotion.
  • Definitions: This section provides definitions for key terms used in the bill, including interactive computer service providers, content, promote, minor, and others.
  • Enforcement Authority: The Attorney General is authorized to investigate violations of this section and issue subpoenas to gather evidence.
  • Liability for Promoting Dangerous Content: Interactive computer service providers are prohibited from knowingly or negligently promoting content that is harmful to minors. They can be held liable for any resulting harm and face penalties.

Key Requirements

  • Clarifies that incorrect determination of a minors data is not a valid defense.
  • Establishes civil liability for interactive computer service providers for harm caused to targeted minors.
  • Excludes liability for promoting content that is not sufficiently developed.
  • Prohibits interactive computer service providers from knowingly or negligently promoting harmful content to minors.
  • Specifies that liability does not extend to non-targeted minors based solely on location or time data.

Sponsors

Legislative Actions

Date Action
2026-01-07 referred to consumer affairs and protection
2025-01-27 referred to consumer affairs and protection

Detailed Analysis

Analysis 1

Why Relevant: The bill creates a de facto age verification mandate by removing legal defenses for misidentifying a user's age or data.

Mechanism of Influence: Section 3 creates a strict liability environment where providers cannot claim they didn't know a user was a minor. This compels the implementation of 'reliable' age verification technologies to avoid the $100,000 civil penalty per offense.

Evidence:

  • § 394-cccc(3): It is not a defense to this section that the interactive computer service provider incorrectly determined the targeted minors data.

Ambiguity Notes: The bill does not specify which 'technologies' are acceptable for data determination, leaving providers to choose potentially intrusive methods to ensure 100% accuracy.

Analysis 2

Why Relevant: The bill mandates a form of risk mitigation regarding algorithmic 'promotion' and 'targeting' of content.

Mechanism of Influence: By holding providers liable for 'negligently' promoting injurious content, the law forces providers to modify their recommender systems and moderation features to prevent 'dangerous' content from reaching minors, similar to the EU's mitigation requirements.

Evidence:

  • § 394-cccc(2): An interactive computer service provider... shall not knowingly or negligently injure a targeted minor with promoted content that the interactive computer service provider developed.

Ambiguity Notes: The term 'negligently' implies a duty of care that is not fully defined, likely requiring providers to perform internal risk assessments to prove they were not negligent.

Analysis 3

Why Relevant: The bill's definition of 'targeting' involves extensive processing of sensitive personal data, impacting user privacy.

Mechanism of Influence: To comply with the prohibition on targeting minors based on 'psychological profile' or 'medical condition,' providers must effectively scan or analyze user data to categorize them, mirroring the data-heavy compliance infrastructure of the EU Chat Act.

Evidence:

  • § 394-cccc(1)(g): 'target, targets, targeted, or targeting' shall mean conveying content... on the basis of their personal data which includes... (v) psychological profile... (vii) medical condition or status... (iii) relationship status

Ambiguity Notes: The broad list of personal data (including 'engaging in an affair' or 'mental state') suggests that providers must have deep insight into private user characteristics to ensure they are not 'targeting' based on these factors.

Assembly - 3356 - Relates to enacting the "advanced artificial intelligence licensing act"

Legislation ID: 58101

Bill URL: View Bill

Summary

This bill establishes a framework for the oversight of high-risk advanced artificial intelligence systems by empowering a secretary to review, recommend, and enforce compliance measures. It outlines the responsibilities of operators regarding system modifications, incident reporting, and compliance with ethical standards, as well as the penalties for non-compliance. The bill also addresses issues related to source code management, third-party integrations, and security risks associated with AI systems.

Key Sections

  • Information and Source Code Sharing: Licensees can share information and source code with third parties, with specific provisions regarding biometric data liability.
  • Internal Controls; Ceasing Operation: Licensees must implement internal controls to safely cease system operations within a reasonable timeframe.
  • Investigations and Examinations: The secretary has the authority to conduct investigations to ensure compliance with the bills provisions and can compel the production of relevant documents.
  • Logging Requirements: Every operation of a licensees system must generate a log, subject to specific standards set by the secretary.
  • Malfunction and Incident Reporting: Licensees are required to notify relevant authorities of significant malfunctions in their AI systems that could harm individuals.
  • Review and Recommendations: The secretary reviews the AI systems for potential risks and compliance with ethical standards and can issue binding recommendations to the operators to ensure alignment with established guidelines.
  • Source Code Modifications and Upgrades: Licensees must notify the secretary of any intended modifications or upgrades to their AI systems source code and cannot implement changes without approval.
  • State and National Security Risks: The secretary can designate additional requirements for AI systems that pose risks to state or national security, assessed on a case-by-case basis.
  • Third-Party Systems; Certificates of Compliance: Non-licensee third-party systems can integrate with licensees under certain conditions and must obtain a certificate of compliance.
  • Uncontainment of High-Risk Source Code: This section prohibits the willful or negligent uncontainment of high-risk AI source code, establishing penalties for violations based on the severity of the offense.

Key Requirements

  • AI systems that could disrupt critical infrastructure or cause significant harm are categorized as high-risk.
  • Internal controls must allow for indefinite cessation of system operations.
  • Licensees must not uncontain high-risk source code without written authorization from the secretary.
  • Licensees must provide access to relevant information during investigations.
  • Licensees must report significant malfunctions promptly to the department and applicable law enforcement agencies.
  • Licensees must submit a written notice detailing the purpose and risks of modifications or upgrades to the secretary.
  • Logs must be preserved for ten years and are subject to inspection.
  • Modifications require the secretarys approval within 30 business days, or they are deemed approved if no response is received.
  • Operators must provide a detailed plan for addressing recommendations, which is binding unless unexpected occurrences arise.
  • Requires operators to consult with the secretary on the feasibility and timeline for implementing recommendations.
  • Specific standards for log management must be followed, including access and encryption protocols.
  • The department will assess compliance with cybersecurity standards before issuing the certificate.
  • The secretary may designate specific reporting requirements based on system interactions with law enforcement.
  • The secretary may examine books, records, and logs of licensees to enforce compliance.
  • The secretary may prohibit access to information or source code with written justification.
  • The secretary will determine unique requirements for such systems.
  • Third-party parties sharing biometric information are jointly liable for violations.
  • Third-party systems must apply for a certificate of compliance before integration.
  • Violators may face class E felony or class A misdemeanor charges depending on the nature of the violation.

Sponsors

Legislative Actions

Date Action
2026-01-07 referred to science and technology
2025-01-27 referred to science and technology

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates ongoing risk assessments and binding mitigation plans for high-risk systems.

Mechanism of Influence: The Secretary reviews systems for potential risk and issues binding recommendations that operators must implement via a detailed plan.

Evidence:

  • § 517. 2. Upon completion of the review, the secretary is empowered to make binding recommendations to the operator
  • § 517. 3. The detailed plan shall be binding on the operator

Ambiguity Notes: While similar in structure to the EU Chat Act's risk mitigation, the focus here is on AI safety and ethical conduct rather than child sexual abuse prevention.

Analysis 2

Why Relevant: The bill requires mandatory reporting of system incidents to the state and law enforcement.

Mechanism of Influence: Licensees must report malfunctions that harm individuals, creating a centralized reporting pipeline for system failures.

Evidence:

  • § 520. 1. A licensee shall have the duty to notify the department and, if applicable, a relevant law enforcement agency... where the licensees system fails to operate as intended

Ambiguity Notes: This reporting is triggered by 'malfunctions' and 'harm' generally, not specifically by the detection of illegal content like CSAM.

Analysis 3

Why Relevant: The bill imposes significant data preservation and logging requirements.

Mechanism of Influence: Every operation must generate a log, which must be preserved for ten years and made available for state inspection.

Evidence:

  • § 524. Every time a licensees system operates it shall automatically generate a log.
  • § 524. Such logs shall be preserved for a period of ten years

Ambiguity Notes: The scope of 'every operation' is broad and could include metadata or transaction details, though it is framed as system auditing rather than content monitoring.

Analysis 4

Why Relevant: The bill provides for the compelled cessation of services for prohibited systems.

Mechanism of Influence: The Secretary can demand that an operator cease development or operation of an AI system deemed 'prohibited' or high-risk to national security.

Evidence:

  • § 530. 2. the secretary may, in writing, demand that the person who is developing or operating such system cease development or operation

Ambiguity Notes: This functions as a 'kill switch' or blocking order for the software itself rather than specific user-generated content.

Assembly - 3946 - Requires age verification for internet pornography websites

Legislation ID: 59276

Bill URL: View Bill

Summary

This legislation introduces new regulations under the general business law, specifically requiring commercial entities that publish or distribute sexual material harmful to minors to implement reasonable age verification methods. It outlines definitions, procedures for verification, and penalties for noncompliance, while providing exceptions for bona fide news organizations and internet service providers.

Key Sections

  • Applicability: Clarifies that the requirements do not apply to bona fide news organizations or internet service providers.
  • Definitions: Defines key terms related to the bill, including commercial entity, digital identification, minor, and sexual material harmful to minors.
  • Publication of material harmful to minors: Mandates that commercial entities using IP addresses to verify user locations must implement age verification methods for users attempting to access sexual material harmful to minors.
  • Reasonable age verification methods: Describes acceptable methods for age verification, including digital identification and credit card transactions, as well as password-protected accounts.

Key Requirements

  • Entities may allow access through a password-protected account verified monthly.
  • Entities must require users to provide digital identification or pay via credit card.
  • Entities must use reasonable age verification methods for users located in New York.
  • Exempts bona fide news organizations from compliance.
  • Exempts internet service providers from liability for content they do not create.
  • Requires commercial entities to verify user age at least once per day.

Sponsors

Legislative Actions

Date Action
2026-01-07 referred to consumer affairs and protection
2025-05-19 held for consideration in consumer affairs and protection
2025-01-30 referred to consumer affairs and protection

Detailed Analysis

Analysis 1

Why Relevant: The bill establishes a mandatory age-verification regime for access to specific categories of online content.

Mechanism of Influence: It compels commercial entities to 'use reasonable age verification methods' (§ 390-f(2)(a)) and 'perform age verification for each internet protocol address... at least once per day' (§ 390-f(2)(b)).

Evidence:

  • shall use reasonable age verification methods... to verify that an individual attempting to access the material is eighteen years of age or older (§ 390-f(2)(a))
  • perform age verification for each internet protocol address attempting to access such website at least once per day (§ 390-f(2)(b))

Ambiguity Notes: The term 'reasonable age verification method' includes 'commercially reasonable method that relies on public or private transactional data' (§ 390-f(3)(a)(iii)(2)), which is not strictly defined and could encompass various third-party data-scraping or identity-matching services.

Analysis 2

Why Relevant: The bill specifies the types of identity and financial data that must be processed to gate access, mirroring the EU's focus on reliable identification.

Mechanism of Influence: It lists acceptable verification methods including 'digital identification,' 'credit card transaction,' or 'government-issued identification' (§ 390-f(3)(a)).

Evidence:

  • provide digital identification (§ 390-f(3)(a)(i))
  • pay for access via credit card transaction (§ 390-f(3)(a)(ii))
  • comply with a commercial age verification system that verifies age using: (1) government-issued identification (§ 390-f(3)(a)(iii))

Ambiguity Notes: The requirement for 'digital identification' (§ 390-f(1)(b)) as 'information stored on a digital network' that serves as 'proof of the identity' could imply a move toward centralized digital ID systems.

Analysis 3

Why Relevant: The bill excludes infrastructure providers, focusing the compliance burden on content publishers.

Mechanism of Influence: It explicitly protects ISPs, search engines, and cloud providers from liability if they are not responsible for the 'creation of such content' (§ 390-f(4)(b)).

Evidence:

  • An internet service provider... shall not be determined to have violated this section solely for providing access or connection (§ 390-f(4)(b))
  • to the extent such provider or search engine is not responsible for the creation of such content (§ 390-f(4)(b))

Ambiguity Notes: While it protects ISPs, the definition of 'commercial entity' is broad enough to cover any business entity that 'distributes' material, potentially creating friction for platforms that host user-generated content if they are deemed to 'distribute' it.

Assembly - 5827 - Relates to data privacy protection; establishes the privacy and security victims relief fund

Legislation ID: 62966

Bill URL: View Bill

Summary

This legislation introduces comprehensive measures to safeguard consumer data rights, promoting transparency, individual control over personal information, and the establishment of privacy policies that align with federal regulations. It mandates that covered entities implement reasonable practices to mitigate privacy risks, especially concerning minors, and provides individuals with rights to access and manage their data.

Key Sections

  • Consumer Awareness: The division must publish a webpage detailing the provisions, rights, obligations, and protections under the bill, ensuring accessibility in multiple languages.
  • Individual Data Ownership and Control: Individuals have the right to access their covered data and request its deletion, ensuring control over personal information.
  • Loyalty to Individuals with Respect to Pricing: Entities cannot retaliate against individuals exercising their rights under the law, including pricing discrimination based on data rights.
  • Privacy by Design: Covered entities and service providers must implement reasonable policies and procedures for handling covered data, considering federal laws and mitigating privacy risks, particularly for minors.
  • Transparency: Entities must provide a clear and accessible privacy policy that details their data practices and individual rights.

Key Requirements

  • Allows different pricing structures only under certain conditions.
  • Mandates quarterly updates to the information published.
  • Mandates that individuals can download their data in a human-readable format.
  • Mandates the inclusion of specific information in privacy policies, such as data categories and processing purposes.
  • Mandates training and safeguards to ensure compliance with privacy laws.
  • Prohibits denial of goods or services based on the exercise of data rights.
  • Requires a public webpage to be created within 90 days of the bills enactment.
  • Requires entities to assess and mitigate privacy risks related to covered minors.
  • Requires entities to provide access to covered data upon verified request.
  • Requires notification of material changes to privacy policies.

Sponsors

Legislative Actions

Date Action
2026-01-07 referred to science and technology
2025-02-20 referred to science and technology

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates that covered entities perform risk assessments and implement mitigation plans specifically for minors.

Mechanism of Influence: Entities must 'identify, assess, and mitigate privacy risks related to covered minors' and ensure that residual risks are 'proportionate.'

Evidence:

  • § 1612. Privacy by design. 1. ... (b) identify, assess, and mitigate privacy risks related to covered minors

Ambiguity Notes: The term 'privacy risks' is broad and, while primarily focused on data protection, could be interpreted by regulators to include risks related to the exposure of minors to harmful content or solicitation.

Analysis 2

Why Relevant: The bill requires large data holders to conduct ongoing impact assessments for algorithms that pose a risk of harm to individuals, including minors.

Mechanism of Influence: Large data holders must submit annual impact assessments to the state division, detailing design methodologies and mitigation steps for potential harms to 'covered minors.'

Evidence:

  • § 1626. Civil rights and algorithms. 3. (a)(i) ... a large data holder that uses a covered algorithm in a manner that poses a consequential risk of harm ... shall conduct an impact assessment
  • (F) A detailed description of steps the large data holder has taken or will take to mitigate potential harms ... including related to: (I) covered minors

Ambiguity Notes: The 'consequential risk of harm' trigger for these assessments is not strictly defined, potentially allowing for oversight of recommender systems or moderation algorithms.

Analysis 3

Why Relevant: The bill establishes a specific office to oversee youth-related data practices and requires the designation of points of contact for privacy inquiries.

Mechanism of Influence: Creates a 'Youth Privacy and Marketing Office' and mandates that privacy policies include 'points of contact' for inquiries.

Evidence:

  • § 1624. 3. (a) There is established ... an office to be known as the 'Youth Privacy and Marketing Office'
  • § 1621. 2. (a) (i) the covered entitys or service providers points of contact

Ambiguity Notes: This creates the administrative infrastructure for compliance and oversight, though its mandate is focused on privacy rather than content detection.

Assembly - 6549 - Establishes the New York childrens online safety act

Legislation ID: 64455

Bill URL: View Bill

Summary

This bill amends the general business law to introduce the New York Childrens Online Safety Act, which includes provisions for privacy by default, parental approvals, and protections against manipulative design practices (dark patterns) on online platforms used by minors. It mandates age verification for users, default privacy settings for minors, and parental oversight for connections and financial transactions involving minors. The bill also outlines the authority of the attorney general to enforce these regulations and provides remedies for violations.

Key Sections

  • Definitions: Defines key terms used in the act, including covered minor, operator, covered platform, and others to clarify the scope and application of the law.
  • Nondiscrimination: Ensures that operators cannot discriminate against users or alter service quality based on compliance with this act.
  • Parental approvals: Requires operators to obtain parental approval for new connections and financial transactions involving minors under thirteen years of age.
  • Privacy by default: Mandates that operators of covered platforms implement age verification and establish default privacy settings that protect minors from unwanted communications and interactions.
  • Prohibition on dark patterns: Prohibits the use of design mechanisms that mislead users or make it difficult for them to exercise their rights under this act.
  • Remedies: Outlines the enforcement mechanisms available to the attorney general for violations of the act, including penalties and restitution.
  • Rulemaking authority: Grants the attorney general the authority to create rules and regulations necessary for enforcing the provisions of this act.
  • Scope: Defines the geographical applicability of the act and clarifies that it does not impose liability inconsistent with federal laws.

Key Requirements

  • Default settings must prevent unconnected users from communicating with minors.
  • Operators cannot use designs that inhibit user choice or autonomy.
  • Operators must conduct commercially reasonable age verification.
  • Operators must not degrade services or increase prices due to compliance with the act.
  • Operators must provide parents with access to view connected users and transaction histories.
  • Operators must require parental approval for connections with minors.
  • Parents can override default privacy settings.

Sponsors

Legislative Actions

Date Action
2026-01-12 amend (t) and recommit to codes
2026-01-12 print number 6549a
2026-01-07 referred to codes
2025-05-27 reported referred to codes
2025-03-06 referred to consumer affairs and protection

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age verification for all users to identify minors.

Mechanism of Influence: Section 1510(1) states that no operator shall offer a platform 'without conducting commercially reasonable age verification to determine whether a user is a covered minor.' This aligns with the EU Chat Act's emphasis on age-gating and identifying child users.

Evidence:

  • § 1510. 1. No operator shall offer a covered platform in this state without conducting commercially reasonable age verification

Ambiguity Notes: The term 'commercially reasonable' is not defined in the text, leaving the specific technology (e.g., ID upload, facial analysis) to be determined by Attorney General rulemaking.

Analysis 2

Why Relevant: The bill targets platforms where private messaging is a core feature.

Mechanism of Influence: The definition of a 'covered platform' in Section 1509(6)(d) specifically includes services that allow users to 'privately message each other as a significant part' of the service. This brings interpersonal messaging services—a primary target of the EU Chat Act—under the scope of the law.

Evidence:

  • § 1509. 6. (d) allows users to privately message each other as a significant part of the provision of such website, service, or application.

Ambiguity Notes: What constitutes a 'significant part' of a service is subjective and could lead to broad application across various social and communication apps.

Analysis 3

Why Relevant: The bill imposes 'Privacy by Default' requirements that restrict private communication.

Mechanism of Influence: Section 1510(2)(a) requires that, by default, no user who is not 'connected' to a minor may 'communicate directly and privately with such minor.' This creates a statutory barrier to private messaging that platforms must enforce through technical means.

Evidence:

  • § 1510. 2. ...such operator shall utilize the following settings by default for covered minors... (a) communicate directly and privately with such minor

Ambiguity Notes: While the bill does not explicitly mandate scanning content, enforcing 'connections' and blocking 'unconnected' messages may require platforms to identify the status of all participants in a private chat, potentially impacting the anonymity of encrypted services.

Assembly - 8884 - Relates to the development and use of certain artificial intelligence systems

Legislation ID: 166829

Bill URL: View Bill

Summary

The New York Artificial Intelligence Act aims to regulate AI systems that significantly impact individuals rights and opportunities. It addresses algorithmic discrimination, mandates developer and deployer responsibilities, and introduces auditing and reporting requirements for high-risk AI systems. The Act emphasizes the need for transparency, oversight, and the protection of vulnerable populations from potential harms associated with AI technologies.

Key Sections

  • Definitions: This section provides definitions for key terms used in the Act, including algorithmic discrimination, AI systems, developers, deployers, and consequential decisions.
  • Deployer and developer obligations: This provision outlines the obligations of deployers and developers when using high-risk AI systems for consequential decisions, including notifying end users and allowing them to opt-out of automated decision-making.
  • Unlawful discriminatory practices: It establishes that developers and deployers of AI systems must take reasonable care to prevent algorithmic discrimination, especially when using high-risk AI systems.

Key Requirements

  • Allow end users to opt-out of AI decision-making processes without facing adverse consequences.
  • Developers and deployers must conduct independent audits of high-risk AI systems to ensure they do not cause algorithmic discrimination.
  • Developers and deployers must prevent foreseeable risks associated with high-risk AI systems.
  • Notify end users at least five business days before using an AI system for consequential decisions.

Sponsors

Legislative Actions

Date Action
2026-01-12 reference changed to science and technology
2026-01-07 referred to ways and means
2025-06-11 reference changed to ways and means
2025-06-09 referred to science and technology

Detailed Analysis

Analysis 1

Why Relevant: Provider risk assessments & mitigation plans

Mechanism of Influence: Mandates that developers and deployers implement a 'risk management policy and program' to identify and mitigate foreseeable risks.

Evidence:

  • § 89. Risk management policy and program. 1. Each developer or deployer of high-risk AI systems shall plan, document, and implement a risk management policy and program... to identify, document, and mitigate known or reasonably foreseeable risks of algorithmic discrimination

Ambiguity Notes: The definition of 'high-risk' is broad, covering any system that is a 'substantial factor' in a consequential decision or has a 'material impact' on rights.

Analysis 2

Why Relevant: Reporting and compliance infrastructure

Mechanism of Influence: Requires annual or biennial third-party audits and the filing of detailed impact assessment reports with the Attorney General.

Evidence:

  • § 87. Audits. 1. Developers of high-risk AI systems shall cause to be conducted third-party audits
  • § 88. High-risk AI system reporting requirements. 1. Every developer and deployer... shall comply with the reporting requirements

Ambiguity Notes: Reporting focuses on training data and system architecture rather than user content or metadata.

Analysis 3

Why Relevant: Internal controls and redress

Mechanism of Influence: Establishes a mandatory appeal process for automated decisions, requiring human intervention and review.

Evidence:

  • § 86-a. 2. (a) ...provide and explain a process for the end user to appeal the decision, which shall at minimum allow the end user to... (iii) obtain meaningful human review of the decision.

Ambiguity Notes: None

Assembly - 8893 - Relates to requiring manufacturers of internet-enabled devices to conduct commercially reasonable age assurance to determine whether a user is a covered minor

Legislation ID: 167224

Bill URL: View Bill

Summary

This bill amends the general business law by introducing a new article that mandates covered manufacturers of internet-enabled devices to implement age assurance measures. It defines key terms related to age assurance, establishes requirements for determining whether a user is a minor, and outlines the nondiscrimination obligations of manufacturers. Additionally, it grants the attorney general rulemaking authority and sets forth enforcement mechanisms.

Key Sections

  • Age assurance required: Covered manufacturers must conduct commercially reasonable age assurance to determine if a user is a covered minor upon activation of an internet-enabled device.
  • Definitions: This section provides definitions for key terms used in the article, including covered manufacturer, covered minor, and internet-enabled device.
  • Enforcement: The attorney general can take action against violations of this article, seeking penalties and restitution.
  • Nondiscrimination: Manufacturers must treat their own services equally to those of third parties in terms of restrictions related to age assurance.
  • Rulemaking authority: The attorney general is empowered to create regulations to enforce the provisions of this article.
  • Scope: This article applies to conduct occurring in New York, including actions taken by users located outside the state.

Key Requirements

  • Allows the attorney general to bring actions for violations.
  • Establishes penalties of up to $10,000 per violation.
  • Imposes the same restrictions on their own platforms as on third-party platforms.
  • Mandates deletion of age verification data after use.
  • Prohibits degrading service quality or increasing prices due to age assurance compliance.
  • Prohibits self-reporting of age as the sole method of assurance.
  • Requires age assurance methods to be commercially reasonable and technically feasible.

Sponsors

Legislative Actions

Date Action
2026-01-07 referred to consumer affairs and protection
2025-06-10 referred to consumer affairs and protection

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates systemic age verification/assessment at the hardware and OS level.

Mechanism of Influence: It shifts the burden of age identification from individual service providers to the device and OS infrastructure, requiring 'commercially reasonable' and 'technically feasible' methods to 'reliably identify child users.'

Evidence:

  • § 1510.1: ...conduct commercially reasonable age assurance to determine whether a user is a covered minor.
  • § 1510.1: ...user self-reporting of age... shall not be an acceptable method of age assurance.

Ambiguity Notes: The bill leaves the specific 'methods' and 'appropriate levels of accuracy' to the Attorney General's rulemaking, which could potentially include biometric or identity-document-based verification.

Analysis 2

Why Relevant: The bill imposes specific compliance and gatekeeping obligations on application stores and OS providers.

Mechanism of Influence: App stores and OS providers are categorized as 'covered manufacturers' and must integrate age-signaling features into their updates 'by default,' creating a centralized compliance infrastructure.

Evidence:

  • § 1509.3: 'Covered manufacturer' shall mean a manufacturer of an internet-enabled device, an operating system provider, or an application store.
  • § 1510.3: ...requirements of this section are included in any operating system and application store updates by default.

Ambiguity Notes: By requiring the signal to be provided to 'all websites, online services, online applications,' it creates a universal tracking signal for minor status across all software.

Analysis 3

Why Relevant: The bill mandates a technical 'signal' or API for age status, which functions as a form of centralized reporting/routing of user status.

Mechanism of Influence: The requirement for a 'real-time application programming interface (API)' to signal minor status to third parties replicates the EU's focus on technical interoperability for age-gating.

Evidence:

  • § 1510.2: ...provide all websites, online services... on such users internet-enabled device... with a digital signal that such user is a covered minor via a real-time application programming interface (API).

Ambiguity Notes: While the bill mandates data deletion after the initial check, the persistent 'digital signal' effectively labels the user across all internet activity on that device.

Assembly - 9415 - Protects minors online from social media and harmful content

Legislation ID: 242277

Bill URL: View Bill

Summary

This bill amends the General Business Law by adding a new article focused on protecting minors online. It defines key terms, outlines the responsibilities of social media platforms regarding minor account holders, establishes requirements for age verification, and sets penalties for non-compliance. The legislation seeks to ensure that minors are not exposed to harmful content and that their personal information is adequately protected.

Key Sections

  • Age verification: This provision outlines the responsibilities of entities conducting age verification, including privacy protections for personal identifying information.
  • Content harmful to minors: This section prohibits the publication or distribution of material harmful to minors without age verification, ensuring that only individuals eighteen or older can access such content.
  • Definitions: This section provides definitions for key terms used throughout the article, including account holder, social media platform, and material harmful to minors.
  • Enforcement: This section details the enforcement mechanisms available to the attorney general and minors for violations of the article, including civil penalties and the ability to seek damages.
  • Minors as social media platform account holders: This provision establishes rules for social media platforms regarding minors under sixteen. It prohibits minors under fourteen from having accounts and requires parental consent for those aged fourteen and fifteen.

Key Requirements

  • Allows the attorney general to bring actions against violators.
  • Exempts bona fide news organizations from this requirement.
  • Permits minors to file civil actions for violations.
  • Prohibits minors under fourteen from opening accounts.
  • Prohibits retention of personal identifying information after age verification.
  • Requires age verification for access to harmful content.
  • Requires parental consent for minors aged fourteen and fifteen to hold accounts.
  • Requires platforms to terminate accounts of minors under fourteen.
  • Requires protection of personal identifying information from unauthorized access.

Sponsors

Legislative Actions

Date Action
2026-01-07 referred to consumer affairs and protection
2025-12-19 referred to consumer affairs and protection

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age verification for social media access and harmful content.

Mechanism of Influence: Entities must use 'anonymous age verification' or 'standard age verification' to gate access to platforms and content.

Evidence:

  •  1512. Content harmful to minors... without using either anonymous age verification or standard age verification
  •  1511. Minors as social media platform account holders.

Ambiguity Notes: 'Standard age verification' is broadly defined as any 'commercially reasonable method,' leaving implementation details to the platforms.

Assembly - 9446 - Relates to warning labels on certain feature platforms; repealer

Legislation ID: 252533

Bill URL: View Bill

Summary

This legislation amends existing laws to mandate warning labels on social media platforms identified as having addictive features. It reflects findings from health authorities regarding the detrimental effects of excessive social media use on mental health, particularly among adolescents. The bill seeks to inform users about potential mental health risks associated with prolonged use of these platforms.

Key Sections

  • Definitions: This section provides definitions for terms such as addictive feed, addictive feature, and covered user relevant to the warning label requirements.
  • Display Requirements and Restrictions: Operators are mandated to show the warning label prominently and for a specified duration when users access addictive features.
  • Effective Date: The act will take effect on January 1, 2027, with provisions for immediate implementation of necessary rules and regulations.
  • Legislative Intent: The intent behind the legislation is to highlight the significant mental health risks posed by social media to young users, as emphasized by the US Surgeon General.
  • Nondiscrimination Clause: Operators cannot penalize users for the display of warning labels by degrading service quality or increasing prices.
  • Prohibitions on Operators: Operators are prohibited from including warning labels only in terms of service, obscuring them, or using design features that undermine their visibility.
  • Remedies for Violations: The attorney general can enforce compliance and seek restitution, damages, and civil penalties for violations of this article.
  • Requirement for Warning Labels: Operators of addictive feature platforms must display a warning label when users access their services, informing them of potential mental health harms.
  • Rulemaking Authority: The attorney general is authorized to create rules necessary for enforcing the provisions of this article.
  • Scope of Application: The article applies to conduct occurring in New York and clarifies liability limitations regarding certain federal regulations.
  • Severability Clause: If any part of this act is found invalid, the remainder will still be in effect.
  • Warning Label Requirements: Covered operators must display a warning label after three hours of cumulative active use and then at least once per hour, ensuring it is prominent and cannot be bypassed.

Key Requirements

  • Defines key terms related to addictive features on social media platforms.
  • Prohibits displaying warning labels in a manner or duration other than specified.
  • Prohibits exclusive display of warning labels in terms of service.
  • Prohibits obscuring warning labels with extraneous text or changes in font size.
  • Prohibits withholding or degrading services due to warning label compliance.
  • Requires operators to display a specific warning label about mental health risks.
  • Requires warning labels to be displayed after three hours of use and at least once every hour thereafter.
  • Requires warning labels to occupy at least 75% of the screen for at least 30 seconds without the ability to bypass.
  • Warning label must be displayed clearly for at least ten seconds upon initial access.
  • Warning label must be shown after three hours of use and at least once per hour thereafter.

Sponsors

Legislative Actions

Date Action
2026-01-12 reported referred to codes
2026-01-07 referred to consumer affairs and protection
2026-01-06 referred to consumer affairs and protection

Detailed Analysis

Analysis 1

Why Relevant: The bill contains an age-verification or assessment component.

Mechanism of Influence: Section 1525(5) provides an exemption for operators who have 'reasonably determined' a user is over seventeen, which functionally necessitates the implementation of age-verification or assessment technologies to distinguish covered users from adults.

Evidence:

  • A covered operator shall not be required to display the warning label required by this article to a covered user if it has reasonably determined that the user is over seventeen years of age. (§ 1525(5))

Ambiguity Notes: The term 'reasonably determined' is not defined, leaving the specific technology or method of age verification to the discretion of the operator or future rulemaking by the attorney general.

Analysis 2

Why Relevant: The bill targets specific platform design features and recommender systems for regulatory intervention.

Mechanism of Influence: Like the EU Chat Act's focus on recommender systems as risk factors, this bill identifies 'addictive feeds' and 'autoplay' as triggers for mandatory 'mitigation' in the form of warning labels.

Evidence:

  • “Addictive feature” shall mean an addictive feed, autoplay, and/or infinite scroll. (§ 1520(2))
  • It shall be unlawful for a covered operator to provide an addictive feature to a covered user unless such operator displays a warning label. (§ 1521)

Ambiguity Notes: While it targets the same features, the 'mitigation' is limited to a disclosure (warning label) rather than a requirement to alter the underlying algorithm or conduct a formal risk assessment of content.

↑ Back to Table of Contents

North Carolina

Index of Bills

Senate - 805 - Prevent Sexual Exploitation/Women and Minors.

Legislation ID: 162997

Bill URL: View Bill

Summary

House Bill 805 establishes definitions for biological sex, limits state funding for gender transition procedures, and aims to prevent sexual exploitation through strict regulations on online pornography. The bill mandates that all state laws reflect a binary understanding of sex and introduces measures to protect minors and women from exploitation, including consent requirements for publishing pornographic images. Additionally, it allows students to be excused from discussions that conflict with their religious beliefs and ensures parental oversight of educational materials.

Key Sections

  • Age verification obligations: This section mandates online entity operators to verify the age and consent of individuals depicted in pornographic images before allowing their publication.
  • Age verification obligations: This section mandates that online entity operators must verify the age and consent of individuals appearing in pornographic images before publication.
  • Age verification obligations.: Operators of online entities must verify that individuals in pornographic images are at least 18 years old and have provided explicit consent for both the sexual activity and distribution of the images.
  • Amendment of Birth and Death Certificates: Outlines the process for amending birth certificates when a persons sex is changed, ensuring both the original and amended records are preserved.
  • Amendment of Birth and Death Certificates: This provision outlines the process for changing the sex on birth certificates and maintaining records.
  • Amendment of Birth and Death Certificates: This section outlines the procedures for amending birth certificates when a persons sex is changed, ensuring that both the original and amended certificates are preserved together.
  • Civil Actions for Pornographic Image Violations: This provision allows any eligible person to bring a civil action against users of online entities that violate regulations concerning pornographic images, with damages set at $10,000 per day per image or actual damages, whichever is greater.
  • Civil Penalties and Misdemeanor Classification: Violations of the new regulations will incur civil penalties and will be classified as a Class 1 misdemeanor, alongside any other legal sanctions.
  • Civil Remedies for Gender Transition Procedures on Non-Minors: Establishes a cause of action for malpractice related to gender transition procedures, with a ten-year statute of limitations.
  • Civil Remedies for Gender Transition Procedures on Non-Minors: This provision allows for civil action against medical professionals for malpractice related to gender transition procedures, with specific time limits for filing claims and prohibitions on liability waivers.
  • Civil Remedies for Gender Transition Procedures on Non-Minors: This provision establishes civil remedies for malpractice claims related to gender transition procedures performed on non-minors.
  • Constitutionality and Effectiveness of the Act: This section states that if any part of the act is declared unconstitutional, the rest of the act remains valid and enforceable.
  • Damages for Pornographic Image Violations: Individuals can bring civil actions against users for damages related to the presence of pornographic images online, with specified monetary penalties for each day of violation.
  • Enforcement: This provision details the enforcement mechanisms for violations of the Article, including civil penalties and the ability for eligible persons to bring civil actions against violators.
  • Enforcement: This section outlines the enforcement mechanisms for violations of the Article, including civil penalties and the ability for eligible persons to bring civil actions.
  • Enforcement.: This section outlines the civil penalties for violations of the Article, including amounts and conditions under which penalties can be imposed.
  • Excusal from Classroom Activities for Religious Reasons: Local boards of education must allow students to be excused from activities that conflict with their religious beliefs.
  • Excuse Students with Religious Objections: Local education boards must allow students to be excused from discussions or readings that conflict with their religious beliefs.
  • General Validity of Act: Affirms that if any part of the act is declared unconstitutional, the remainder of the act remains valid.
  • Limitation on State Funds for Gender Transition Procedures: State funds cannot be used for gender transition procedures, puberty-blocking drugs, or cross-sex hormones for minors or prisoners.
  • Limitation on State Funds for Gender Transition Procedures: This section prohibits the use of state funds for surgical gender transition procedures and hormonal treatments for minors and prisoners, with exceptions for emergency medical complications.
  • Limitation on use of State funds: This provision prohibits the use of state funds for gender transition procedures, emphasizing restrictions on surgical and hormonal treatments for minors.
  • Limitation on use of State funds for gender transition procedures: This provision prohibits the use of state funds for surgical gender transition procedures and related treatments for minors and prisoners.
  • Limitation on use of State funds for gender transition procedures: This section limits the use of state funds for gender transition procedures, particularly for minors.
  • New Article on Preventing Sexual Exploitation: This provision establishes a new article in the General Statutes aimed at preventing the sexual exploitation of women and minors by regulating the publication of pornographic content online.
  • Obligations of users: This section prohibits users from distributing or publishing pornographic images without the consent of the individuals depicted.
  • Obligations of users: This section prohibits users from distributing pornographic images without the consent of the individuals depicted.
  • Obligations of users.: Users of online entities are prohibited from distributing pornographic images without consent from the individuals depicted.
  • Official recognition of two sexes: This provision establishes definitions for biological sex and related terms, asserting that North Carolina recognizes only male and female in all state policies.
  • Official recognition of two sexes: This provision establishes that North Carolina recognizes only two sexes—male and female—based on biological characteristics, and provides definitions for various terms related to sex and gender.
  • Official recognition of two sexes: This section defines biological sex and establishes that only male and female will be recognized in all administrative rules and public policies in North Carolina.
  • Parent Access to Library Books: Local boards of education are required to implement policies that provide parents access to library book lists and allow them to restrict their childs borrowing.
  • Parent Access to Library Books: Local boards of education must adopt policies that allow parents to access a searchable catalog of library books and restrict borrowing based on parental requests.
  • Parental Access to Library Books: Local boards of education are required to adopt policies that provide parents access to library book lists and allow them to restrict their childrens access to certain books.
  • Prevent Sexual Exploitation of Women and Minors: This provision creates the Prevent Sexual Exploitation of Women and Minors Act which outlines definitions and regulations to protect individuals from sexual exploitation, particularly in relation to online content.
  • Prevent Sexual Exploitation of Women and Minors Act: This article outlines definitions and regulations to prevent the sexual exploitation of women and minors, focusing on consent and the distribution of pornographic images.
  • Prevent Sexual Exploitation of Women and Minors Act: This section outlines regulations to prevent the sexual exploitation of women and minors, including definitions related to consent and obligations for online entities regarding pornographic images.
  • Prohibition of State Funds for Gender Transition Procedures: This provision prohibits the use of state funds for surgical gender transition procedures and related treatments for minors and prisoners.
  • Removal of images: This provision establishes the responsibilities of online entity operators to remove pornographic images upon request from eligible persons and outlines the procedures for such removals.
  • Removal of images: This section requires online entity operators to have procedures in place for the removal of pornographic images upon request, particularly when consent is disputed.
  • Removal of images.: This section mandates online operators to have procedures for removing pornographic images upon request from eligible persons or law enforcement, and outlines the timeline for such removals.
  • Restrictions on Sleeping Quarters: This provision requires public school units to adopt policies preventing students from sharing sleeping quarters with members of the opposite biological sex during school events.
  • Restrictions on Sleeping Quarters: This provision requires public school units to adopt policies that prevent students from sharing sleeping quarters with members of the opposite biological sex during school events, except under certain conditions.
  • Severability: This section states that if any provision of the Article is found invalid, it does not affect the validity of the remaining provisions.
  • Severability: This section states that if any provision of the Article is found to be invalid or unenforceable, the remaining provisions will still be effective.
  • Severability.: This provision states that if any part of the Article is found invalid or unenforceable, the remaining provisions will still be effective.
  • Severability Clause: If any part of this Article is deemed invalid or unenforceable, the remaining provisions will still be effective.
  • Severability Clause: This clause ensures that if any provision of the Article is invalidated, the remaining provisions will still be enforceable.
  • Short title; definitions: This provision outlines the title of the Article and provides key definitions relevant to the Act, including terms such as coerced consent, intimate visual depiction, and online entity.
  • Short title; definitions: This section establishes the title of the Article and provides definitions for key terms used throughout the bill.
  • Short title; definitions.: This section provides the short title of the Article and defines key terms such as consent, coerced consent, and pornographic image.

Key Requirements

  • Allows state funds for addressing medical complications from previously performed gender transition procedures.
  • Alternative assignments must be provided for excused students.
  • Civil penalties accrue on a per day and per image basis for violations.
  • Clarifies terms such as boy, girl, man, woman, father, and mother according to biological definitions.
  • Content must be removed immediately if consent or age verification is absent or in doubt.
  • Contractual waivers of liability for gender transition procedures are prohibited.
  • Contractual waivers of liability for gender transition services are invalid.
  • Criminal violations will be classified as Class 1 misdemeanors.
  • Defines biological sex based on reproductive capacity.
  • Defines biological sex based on reproductive capacity and physical characteristics.
  • Defines biological sex based on reproductive capacity and physical characteristics at birth.
  • Defines terms related to gender transition procedures.
  • Eligible persons can file for damages if violations occur.
  • Eligible persons can seek damages for violations.
  • Eligible persons can sue for damages.
  • Emergency medical complications are exempt from this restriction.
  • Establishes definitions for boy, girl, man, woman, father, and mother.
  • Establishes legal definitions for terms like boy, girl, man, and woman.
  • Establish procedures for removal of non-consensual pornographic images.
  • Exceptions are made for addressing medical complications.
  • Explicit consent must be obtained from individuals for actions performed and for the distribution of the content.
  • Immediate family members are exempt from this restriction.
  • Malpractice claims must be filed within 10 years of discovering the injury.
  • Malpractice claims must be filed within 10 years of discovery of injury.
  • Malpractice claims must be filed within 10 years of discovery of injury related to gender transition procedures.
  • Medical professionals cannot seek waivers of liability for gender transition procedures.
  • New birth certificates must be attached to the original and preserved as a multi-page document.
  • No state funds can be used for gender transition procedures or related drugs for minors.
  • No state funds may be used for gender transition procedures.
  • No state funds may be used for surgical gender transition procedures, puberty-blocking drugs, or cross-sex hormones for minors.
  • No state funds may be used for these procedures or treatments for prisoners in the state prison system.
  • Online entities must verify age and consent before publishing pornographic images.
  • Online entities must verify the age and consent of individuals in pornographic images before publication.
  • Online entities must verify the age of individuals featured in pornographic content.
  • Operators must block removed images from being redistributed.
  • Operators must establish procedures for removing unauthorized images within 72 hours of a request.
  • Operators must have a procedure for removing non-consensual images.
  • Operators must have a procedure in place for handling removal requests.
  • Operators must obtain explicit written consent for both the act of sexual activity and the distribution of the image.
  • Operators must obtain written consent from individuals appearing in pornographic images.
  • Operators must remove images within 72 hours of receiving a valid removal request.
  • Operators must remove images within 72 hours upon receiving a valid request.
  • Operators must remove images within 72 hours upon valid request.
  • Operators must temporarily remove images if consent is questioned.
  • Operators must verify that individuals are at least 18 years old.
  • Operators of online entities must verify age and consent before publishing pornographic images.
  • Parents can identify books that their child cannot borrow.
  • Parents can identify books that their children are not allowed to borrow.
  • Parents can identify books that their children cannot borrow.
  • Penalties accrue per day and per image for violations.
  • Policies must be adopted to allow student or parent requests for excusal from specific classroom activities.
  • Policies must be adopted to allow students to request excusal from specific activities.
  • Policies must prohibit mixed-sex sleeping quarters unless written permission is given by parents.
  • Prevailing parties are entitled to attorneys fees.
  • Prohibits state funding for surgical gender transition procedures for minors and prisoners.
  • Requires explicit written consent for both the sexual act and the distribution of the image.
  • Requires payment of $10,000 for each day a pornographic image remains online in violation of the law, or actual damages, whichever is greater.
  • Requires verification that individuals are at least 18 years old at the time of image creation.
  • Restricts funding for cross-sex hormones, puberty-blocking drugs, and surgical procedures for minors.
  • Schools must maintain a searchable online catalog of library books.
  • Schools must maintain a searchable web-based catalog of library books.
  • Schools must provide alternative assignments for excused students.
  • Separate consent is required for sexual activity and for distribution of the image.
  • State funds cannot be used for gender transition procedures or related hormonal treatments for minors and prisoners.
  • Students cannot share sleeping quarters with the opposite biological sex unless parental consent is provided.
  • The Attorney General can impose fines based on the degree of harm caused.
  • The State Registrar must preserve both original and amended birth certificates as a multi-page document.
  • The State Registrar must preserve both the original and amended birth certificates as a multi-page document.
  • Users must ensure they have consent before publishing pornographic images.
  • Users must obtain consent before publishing any pornographic images.
  • Users of online entities must remove pornographic images that violate this Article.
  • Violations can incur civil penalties up to $10,000 per day for online entity operators.
  • Violations may incur civil penalties on a per day and per image basis.

Sponsors

Legislative Actions

Date Action
2025-07-29 Placed on Todays Calendar
2025-07-29 Veto Overridden
2025-07-29 Veto Received From House
2025-07-03 Placed On Cal For 07/29/2025
2025-07-03 Received from the Governor
2025-07-03 Vetoed 07/03/2025
2025-06-27 Pres. To Gov. 6/27/2025
2025-06-26 Ratified

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates a form of compelled detection and filtering to prevent the re-dissemination of prohibited content.

Mechanism of Influence: By requiring operators to block 'any altered or edited version' of a removed image, the law functionally compels the use of hashing or perceptual scanning technologies to identify and prevent re-uploads that are not exact matches.

Evidence:

  • the online entity operator shall block the pornographic image, and any altered or edited version of the pornographic image, from being distributed on or published to the online entity again. (§ 66-507(g))

Ambiguity Notes: The term 'altered or edited version' is not technically defined, leaving platforms to determine the threshold of similarity required for blocking, which typically necessitates 'state of the art' detection tools.

Analysis 2

Why Relevant: The bill imposes strict removal and blocking orders with short compliance windows.

Mechanism of Influence: Operators must remove content within 72 hours of a request from an 'eligible person' or law enforcement, mirroring the rapid takedown requirements seen in the EU Child Act.

Evidence:

  • the operator shall remove the pornographic image as quickly as possible, and in any event not later than 72 hours after receiving the request. (§ 66-507(c))
  • The Attorney General may impose a civil penalty... in an amount of not more than ten thousand dollars ($10,000) for each day... (§ 66-509(b))

Ambiguity Notes: The 72-hour window is a hard limit, which may pressure platforms to automate removals to avoid the $10,000 per day penalties.

Analysis 3

Why Relevant: The bill mandates age verification and identity documentation for content uploaded to platforms.

Mechanism of Influence: Operators must verify that every individual in a 'pornographic image' is at least 18 years old by obtaining valid government identification and written consent from the user or entity seeking to publish.

Evidence:

  • An online entity operator may not publish or allow a user to publish a pornographic image... unless the operator has verified... The individual was not less than 18 years of age... (§ 66-506(a))
  • Not less than one form of valid identification for each individual appearing in the pornographic image... (§ 66-506(c)(2))

Ambiguity Notes: While focused on the age of performers, the burden of 'verifying' these details falls on the 'online entity operator' for any user-submitted content.

Analysis 4

Why Relevant: The bill requires the creation of internal compliance infrastructure and designated points of contact.

Mechanism of Influence: Platforms must establish formal procedures for content removal and designate specific employees to manage these requests, creating a mandatory administrative layer for content moderation.

Evidence:

  • An online entity operator shall establish a procedure for removing a pornographic image... and designate one or more employees of the operator to be responsible for handling requests... (§ 66-507(a))

Ambiguity Notes: None

Senate - 860 - Social Media Control in IT Act.

Legislation ID: 163099

Bill URL: View Bill

Summary

This bill establishes the Social Media Control in Information Technology Act, which mandates that social media platforms provide clear disclosures regarding data collection and usage, particularly for minors. It requires platforms to implement user-friendly mechanisms for privacy rights, prohibits the use of minors data in algorithmic recommendations, and sets default privacy settings to protect young users. Additionally, it holds operators accountable for non-compliance and creates a registry for privacy policies.

Key Sections

  • Correction and Deletion of Personal Information: Covered platforms must provide users with mechanisms to request corrections to inaccurate personal information and deletions of their personal information, considering the necessity of the information for various functions.
  • Data Privacy Task Force: A task force is created to monitor data privacy issues related to minors, composed of various stakeholders, and is tasked with reporting findings and recommendations annually.
  • Default Settings for Minors: This section mandates that certain features on platforms be disabled by default to protect minors, including visibility of user-related data, geolocation sharing, and features that encourage prolonged use.
  • Design features and digital rights of users: This section mandates that social media platforms implement protective default settings for minors and establishes digital rights for all users, focusing on the protection of minors from manipulative design.
  • Design features and digital rights of users: This section mandates that social media platforms implement protective default settings for minors and provides users with rights to change or delete their personal information.
  • Design Features and Digital Rights of Users: This provision establishes requirements for social media platforms to ensure privacy settings are defaulted to the highest level for minors and grants users rights to change or delete their personal data. It also emphasizes protecting minors from manipulative design techniques that could lead to addiction.
  • Digital Rights of Minors: Minors have specific rights regarding their digital experiences, including protection from manipulative design, the right to transparency, and protection from personalized recommendation systems.
  • Digital Rights of Minors: The bill outlines specific rights for minors using covered platforms, including protection from manipulative design, the right to transparency about their digital experiences, and protection from personalized recommendation systems.
  • Digital Rights of the User: This section grants minors specific rights regarding their digital experiences, including protection from manipulative designs, a right to transparency about platform features, and protection from personalized recommendation systems.
  • Enforcement and Investigations: The bill establishes enforcement mechanisms for violations, allowing the Attorney General to investigate and users to file complaints, with provisions for civil action by minors.
  • Investigation and Enforcement: The bill establishes enforcement mechanisms for violations of the outlined provisions, including the ability for the Attorney General to monitor compliance and for minors to file lawsuits.
  • Investigation; Enforcement; Private Right of Action: This section outlines the enforcement mechanisms for violations of the bill, including the Attorney Generals authority to monitor compliance and the ability for minors to file private lawsuits for violations.
  • North Carolina Data Privacy Task Force: The bill creates a task force to address data privacy issues, focusing on the impact of social media on mental health, composed of various stakeholders, including state officials and representatives from advocacy groups.
  • North Carolina Data Privacy Task Force: This section establishes a task force within the Department of Justice to oversee data privacy issues related to minors and social media, ensuring diverse representation and annual reporting to the General Assembly.
  • Rights to Change and Delete Data: This section states that covered platforms must provide mechanisms for users to request the correction or deletion of their personal information, with specific conditions under which these requests may be denied.
  • Title; definitions: This section defines key terms used in the bill, including accessible mechanism, algorithmic recommendation system, personal information, and social media platform.
  • Title; definitions: This section provides the title of the Act and defines key terms used throughout the legislation.
  • User data privacy; targeting minors prohibited; registry: This section outlines the privacy requirements for social media platforms, emphasizing the need for clear disclosures and consent from users, particularly minors, regarding the collection and use of their personal information.
  • User data privacy; targeting minors prohibited; registry: This section outlines the privacy requirements for social media platforms, particularly concerning minors, and establishes a registry for compliance verification.
  • User Data Privacy; Targeting Minors Prohibited; Registry: This provision outlines the privacy requirements for social media platforms regarding user data, particularly for minors. It mandates clear disclosures about data collection practices, requires user consent for data usage in algorithmic recommendations, and prohibits the use of minors personal information in such systems.
  • User Rights Regarding Personal Information: Users have the right to request corrections of inaccurate personal information and deletion of their personal data, with certain exceptions for platforms.

Key Requirements

  • Allows the Attorney General to monitor compliance and investigate complaints.
  • Allows the Attorney General to monitor compliance and investigate complaints regarding social media platforms.
  • Creates a task force with diverse representation to address data privacy for minors.
  • Default privacy settings for minors must offer the highest level of privacy.
  • Default privacy settings for minors must prioritize user privacy.
  • Defines key terms related to user data privacy and social media operations.
  • Defines terms such as accessible mechanism, algorithmic recommendation system, personal information, and minor.
  • Enables minors to file civil suits against platforms that violate their rights.
  • Establishes a task force within the Department of Justice to address data privacy issues for minors.
  • Establishes rights for minors to be shielded from manipulative design and personalized recommendations.
  • Gives minors the right to sue for violations of their rights under this bill.
  • Mandates annual reporting on findings and recommendations related to mental health and social media.
  • Mandates platforms to act on verifiable requests for data correction or deletion unless certain conditions apply.
  • Mandates transparency in how platforms affect minors well-being.
  • Minors can file civil suits for violations affecting them.
  • Minors data must not be used in algorithmic recommendations.
  • Minors have rights against manipulative design practices.
  • Personal information can only be used in algorithmic recommendations if the user is not a minor and has consented.
  • Platforms are not required to delete information if it is necessary for transaction completion, security, debugging, compliance with regulations, research, or internal uses.
  • Platforms must allow users to manage their data preferences in algorithmic recommendations.
  • Platforms must inform users about data collection practices and obtain consent.
  • Platforms must inform users about data collection practices and obtain consent before collecting data.
  • Platforms must protect minors from manipulative design techniques.
  • Platforms must provide a registry of their privacy policies to the Consumer Protection Division.
  • Platforms must provide clear disclosures about data collection and usage to users upon first use or after six months of inactivity.
  • Privacy settings for minors must be configured to the highest level of privacy by default.
  • Requires annual reporting to the General Assembly on the task forces findings and recommendations.
  • Requires covered platforms to maintain records of requests for correction and deletion of personal information.
  • Requires platforms to correct inaccurate personal information upon verifiable user request.
  • Requires platforms to maintain records of data correction and deletion requests.
  • Requires platforms to make reasonable efforts to correct inaccurate information as directed by the user.
  • Requires platforms to protect minors from algorithmic recommendation systems.
  • Requires platforms to protect minors from manipulative designs that exploit psychological vulnerabilities.
  • Requires platforms to protect minors from manipulative design techniques that exploit psychological vulnerabilities.
  • Requires platforms to provide a mechanism for users to request deletion of their personal information.
  • Requires platforms to provide clear explanations of features and potential negative impacts on well-being.
  • Requires platforms to provide clear explanations of their features and potential negative impacts on minors.
  • Requires protection for minors from algorithmic recommendation systems.
  • Requires settings to be disabled by default for minors to prevent data exposure and manipulation.
  • The Attorney General is tasked with monitoring compliance and can bring civil actions for noncompliance.
  • The task force is composed of 21 members with specific representation requirements.
  • The task force must report annually to the General Assembly on its findings and recommendations regarding social media and mental health.
  • User consent is required before collecting personal data.
  • Users must have accessible mechanisms to request correction or deletion of personal information.
  • Users must have accessible mechanisms to request corrections and deletions of their personal data.
  • Users must have mechanisms to request corrections and deletions of their personal information.
  • Users must have the ability to modify their personal information used in recommendations.
  • Violations of the bill are considered unfair or deceptive acts under existing law.

Sponsors

Legislative Actions

Date Action
2025-06-17 Reptd Fav Com Substitute
2025-06-17 Re-ref Com On Appropriations
2025-04-10 Passed 1st Reading
2025-04-10 Ref to the Com on Commerce and Economic Development, if favorable, Appropriations, if favorable, Rules, Calendar, and Operations of the House
2025-04-09 Filed

Detailed Analysis

Analysis 1

Why Relevant: The bill requires platforms to determine the age of users to restrict algorithmic targeting.

Mechanism of Influence: Operators must 'reasonably determine' if a user is a minor before using personal information in recommendations, though it explicitly allows for 'self-attestation' as a defense against liability.

Evidence:

  • The platform reasonably determines the user is not a minor from personal information collected (§ 75-71(a)(2)(a))
  • The operator of a social media platform that has made an estimation of a users age based upon the users self-attestation is not liable if the user was a minor who falsely attested to not being a minor. (§ 75-71(d))

Ambiguity Notes: While it requires age determination, the standard is lower than the 'reliable' verification often seen in EU-style mandates, as it protects operators from liability if a minor falsely attests to their age.

Analysis 2

Why Relevant: The bill mandates specific design changes and 'controls' to mitigate risks associated with social media use for minors.

Mechanism of Influence: Platforms must implement 'comprehensive and effective controls' to prevent minors' data from entering recommendation systems and must disable features like autoplay and geolocation by default.

Evidence:

  • A covered platform must establish comprehensive and effective controls to ensure that a minors personal information is not used in any algorithmic recommendation system. (§ 75-71(b))
  • Features that increase, sustain, or extend the use of the covered platform by a minor... must be disabled by default. (§ 75-72(a)(6))

Ambiguity Notes: The 'controls' are focused on data privacy and 'addiction' (e.g., autoplay) rather than the detection or mitigation of illegal content or solicitation.

Analysis 3

Why Relevant: The bill establishes a compliance and oversight body, though its focus is distinct from the EU's coordinating authorities.

Mechanism of Influence: It creates the North Carolina Data Privacy Task Force to report on mental health and social media issues and requires platforms to provide a registry of privacy policies.

Evidence:

  • There is created the North Carolina Data Privacy Task Force... with a special focus on mental health issues related to social media. (§ 75-74(a)-(d))
  • Platforms must provide a registry of their privacy policies to the Consumer Protection Division. (Abstract/Summary)

Ambiguity Notes: The task force is advisory and focused on mental health and privacy, not on overseeing detection orders or CSAM reporting pipelines.

↑ Back to Table of Contents

Ohio

Index of Bills

House - 628 - License artificial intelligence risk mitigation organizations

Legislation ID: 232842

Bill URL: View Bill

Summary

House Bill No. 628 establishes a regulatory framework for independent verification organizations in Ohio, specifically targeting the verification of artificial intelligence applications and models. The bill defines key terms, outlines the licensing process, and sets forth the responsibilities and requirements for both the verification organizations and the developers or deployers of AI technologies. It also includes provisions for the establishment of an advisory council to oversee the implementation and effectiveness of the verification process.

Key Sections

  • Advisory Council: Establishes the artificial intelligence safety advisory council, which will assist the attorney general in overseeing the licensing and operation of independent verification organizations.
  • Annual Reporting Requirements: Independent verification organizations must submit an annual report detailing AI capabilities, societal risks, verification results, compliance with remedial measures, and any changes affecting their independence.
  • Application for License: Outlines the application process for obtaining a license as an independent verification organization, including the information and plans that must be submitted to the attorney general.
  • Definitions: This section provides definitions for key terms used throughout the bill, including artificial intelligence application, deployer, developer, and independent verification organization.
  • Liability Presumption in Civil Actions: This provision establishes a rebuttable presumption against liability for verified AI models in civil actions, provided certain conditions are met regarding verification and compliance.
  • Licensing Criteria: Describes the criteria that the attorney general will use to license independent verification organizations, focusing on their independence and the adequacy of their verification plans.
  • Modification of Verification Plans: Allows independent verification organizations to update their verification plans to incorporate new technologies and address previously identified issues.
  • Revocation of License: Details the circumstances under which the attorney general may revoke the license of an independent verification organization.
  • Revocation of Verification: Specifies the conditions under which an independent verification organization must revoke the verification of an AI model or application.
  • Rule Adoption by Attorney General: The attorney general is tasked with adopting rules to implement the provisions of this bill, focusing on conflict of interest, risk mitigation, and verification organization licensing.
  • Verification Responsibilities: Mandates that licensed independent verification organizations implement their verification plans to ensure ongoing risk mitigation for AI applications.

Key Requirements

  • Allows for rebuttal of this presumption under specific circumstances of misconduct.
  • Council must include members representing civil society.
  • Demonstrates independence from the AI industry.
  • Establishes conditions under which a presumption against liability applies.
  • Includes requirements for aggregating information on AI capabilities and risks.
  • License may be revoked if the plan is misleading or if the organization fails to adhere to its own plan.
  • Mandates consideration of stakeholder input in rule adoption.
  • Mandates retention of documentation for ten years.
  • Members must remain free from conflicts of interest.
  • Must include measurable outcome metrics and evaluation protocols.
  • Organizations must monitor AI models for compliance with their verification plans.
  • Organizations must notify the attorney general of any material changes to their plans.
  • Plan must adequately ensure acceptable risk mitigation.
  • Requires a detailed plan for verifying AI risk mitigation.
  • Requires annual reporting to the general assembly, attorney general, and auditor of state.
  • Requires establishment of conflict of interest rules for verification organizations.
  • Specifies conditions for corrective action and loss of licensure.
  • Verification must be revoked if the developer fails to meet the organizations requirements.

Sponsors

Legislative Actions

Date Action
2025-12-11 Introduced

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates a framework for ongoing risk assessment and mitigation plans for AI technologies, which mirrors the structural requirements of the EU CSA Act.

Mechanism of Influence: IVOs must evaluate 'technical and operational requirements' and 'ongoing monitoring of risks' for AI models to ensure 'acceptable levels of risk mitigation.'

Evidence:

  • Sec. 3755.02(B)(1) 'Ongoing monitoring of risks'
  • Sec. 3755.02(B)(2) 'Ongoing assessment of the efficacy of mitigation measures'

Ambiguity Notes: While the structure is similar, the 'risks' defined in this bill pertain to 'personal injury and property damage' rather than child safety or content-related harms.

Analysis 2

Why Relevant: The bill establishes a compliance infrastructure including an advisory council and reporting requirements to the Attorney General.

Mechanism of Influence: Creates an 'artificial intelligence safety advisory council' to oversee the licensing of IVOs and requires annual reports on AI capabilities and societal risks.

Evidence:

  • Sec. 3755.06 'The artificial intelligence safety advisory council is established'
  • Sec. 3755.10(A) 'An independent verification organization shall submit an annual report'

Ambiguity Notes: None

↑ Back to Table of Contents

Oklahoma

Index of Bills

House - 3544 - Technology; artificial intelligence; chatbots; companions; minors; safety; civil penalties; effective date.

Legislation ID: 266871

Bill URL: View Bill

Summary

This bill establishes regulations for deployers of artificial intelligence (AI) chatbots, specifically those with human-like features. It mandates that such chatbots not be made available to minors, requires age verification systems, and allows for alternative versions of chatbots for younger users. Additionally, it outlines the responsibilities of deployers to prioritize user safety and well-being, as well as the penalties for non-compliance.

Key Sections

  • Definitions: This section defines key terms related to the bill, including chatbot, deployer, human-like feature, and minor.
  • Emergency Situations and Data Collection: Deployers must have systems to respond to emergencies and collect user information responsibly, prioritizing user safety.
  • Exemptions for Therapy Chatbots: Therapy chatbots may be available to minors if they meet specific criteria, including disclaimers and professional oversight.
  • Penalties for Violations: This section outlines civil penalties for violations of the act, including fines and the potential for civil action by minors.
  • Restrictions on AI Chatbots for Minors: Deployers are required to ensure that AI chatbots with human-like features are not available to minors and must implement age certification systems.

Key Requirements

  • Allows minors or their guardians to pursue civil action for damages related to non-compliance.
  • Establishes civil penalties of up to $2,500 for violations and $7,500 for intentional violations.
  • Mandates age verification systems to prevent minors from accessing these chatbots.
  • Mandates assessment and monitoring by licensed mental health professionals for therapy chatbots.
  • Mandates that information collected must be adequate, relevant, and necessary for legitimate purposes.
  • Requires clinical trial data demonstrating safety and efficacy of therapy chatbots.
  • Requires deployers to ensure chatbots with human-like features are not accessible to minors.
  • Requires deployers to implement systems for detecting and responding to emergency situations.
  • Requires therapy chatbots to provide clear disclaimers regarding their nature as AI.

Sponsors

Legislative Actions

Date Action
2026-02-02 Authored by Representative Maynard
2026-02-02 First Reading

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age verification and age certification systems for AI services.

Mechanism of Influence: Deployers are legally required to gate access to specific AI features using 'reasonable age certification systems' and 'age verification systems' to ensure minors cannot interact with prohibited chatbot types.

Evidence:

  • Shall implement reasonable age certification systems to ensure that AI chatbots with human-like features are not provisioned to minors (Section 2, A, 2)
  • Implement reasonable age verification systems to ensure that such chatbots are not provisioned to minors (Section 2, B, 2)

Ambiguity Notes: The term 'reasonable' is not defined, leaving open whether this requires high-assurance identity verification or simpler methods.

Analysis 2

Why Relevant: The bill compels the detection and reporting of specific user-generated content/interactions.

Mechanism of Influence: Deployers must 'detect' and 'report' emergency situations (defined as intent to harm self or others). This functionally requires the operation of monitoring or scanning technologies within the chatbot interface to identify these indicators.

Evidence:

  • Deployers shall implement and maintain reasonably effective systems to detect, promptly respond to, report, and mitigate emergency situations (Section 3, A)
  • Emergency situation means a situation where a user engaging with a chatbot indicates that they intend to either commit harm to themselves or commit harm to others (Section 1, 4)

Ambiguity Notes: The requirement to 'detect' implies a proactive monitoring duty, though the bill does not specify the technology (e.g., keyword vs. semantic AI analysis).

Analysis 3

Why Relevant: The bill mandates risk mitigation and safety prioritization over other business interests.

Mechanism of Influence: Similar to the EU Chat Act's mitigation plans, this bill requires deployers to 'mitigate' detected harms in a way that 'prioritizes the safety and well-being of users over the deployers other interests.'

Evidence:

  • mitigate emergency situations in a manner that prioritizes the safety and well-being of users over the deployers other interests (Section 3, A)

Ambiguity Notes: The prioritization of safety over 'other interests' could be interpreted as a mandate to override privacy or encryption if they interfere with detection/mitigation.

Analysis 4

Why Relevant: The bill establishes a compliance infrastructure with civil penalties and private rights of action.

Mechanism of Influence: It creates a legal framework for enforcement via the Attorney General and allows for class-action lawsuits by parents/minors for non-compliance.

Evidence:

  • Any business or person that violates this act shall be subject to an injunction... and shall be liable for a civil penalty (Section 4, A)
  • Any minor... or a parent or guardian acting on their behalf, may institute a civil action on their own, or on a class-wide basis (Section 4, B)

Ambiguity Notes: None

House - 4083 - Technology; deployers; AI chatbots; minors; age verification systems; emergency situations; effective date.

Legislation ID: 269132

Bill URL: View Bill

Summary

House Bill 4083 introduces regulations for AI chatbots in Oklahoma, focusing on preventing minors from accessing chatbots with human-like features. It mandates deployers to implement age verification systems, restricts access to social AI companions for minors, and outlines conditions under which therapeutic chatbots can be used by minors. The bill also establishes legal consequences for violations and emphasizes the need for safety measures in emergency situations.

Key Sections

  • Data Collection and Privacy: This provision restricts data collection to only what is necessary for legitimate purposes, ensuring user trust.
  • Definitions: The section provides definitions for key terms used within the bill, such as chatbot, deployers, human-like feature, and others relevant to the regulation of AI technologies.
  • Effective Date: The act shall become effective on November 1, 2026.
  • Emergency Situations: Deployers must establish systems to detect and respond to emergency situations, prioritizing user safety.
  • Enforcement and Penalties: Details the penalties for violations of the act, including civil penalties and the ability for minors or guardians to take legal action.
  • Regulations for Deployers: This section mandates that deployers of AI chatbots ensure that human-like features are not accessible to minors and implement age verification systems. It allows for alternative chatbot versions without human-like features for minors.
  • Social AI Companions: This provision prohibits the availability of social AI companions to minors and requires similar age verification systems to ensure compliance.
  • Therapeutic Chatbots: This section outlines the conditions under which therapeutic chatbots can be made available to minors, including disclaimers and oversight by licensed professionals.

Key Requirements

  • Allows for alternative chatbot versions for minors without human-like features.
  • Allows minors or their guardians to sue for damages related to violations.
  • Ensures transparency regarding the chatbots functions and data privacy policies.
  • Establishes civil penalties for violations of the act, up to $2,500 for each violation and $7,500 for intentional violations.
  • Mandates assessment and monitoring by licensed mental health professionals.
  • Mandates prioritization of user safety in emergency responses.
  • Mandates the implementation of age verification systems for chatbots with human-like features.
  • Prohibits deployers from allowing minors to use social AI companions.
  • Prohibits marketing therapeutic chatbots as substitutes for human professionals.
  • Requires a clear disclaimer that the chatbot is AI and not a licensed professional.
  • Requires clinical trial data demonstrating safety and efficacy of the tool.
  • Requires collection of only adequate, relevant, and necessary information for legitimate purposes.
  • Requires deployers to implement age verification systems for social AI companions.
  • Requires deployers to prevent minors from accessing chatbots with human-like features.
  • Requires effective systems to detect and respond to emergency situations.

Sponsors

Legislative Actions

Date Action
2026-02-02 Authored by Representative Alonso-Sandoval
2026-02-02 First Reading

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age-verification systems to gate access to specific AI functionalities.

Mechanism of Influence: Deployers are required to 'implement reasonable age verification systems' to ensure minors do not access chatbots with human-like features or social AI companions.

Evidence:

  • implement reasonable age verification systems to ensure that generative AI chatbots with human-like features are not provisioned to minors (Section 2.A.2)
  • Implement reasonable age verification systems to ensure that such chatbots are not provisioned to minors (Section 2.B.2)

Ambiguity Notes: The term 'reasonable age verification' is not defined, leaving open whether this requires government ID, biometric analysis, or third-party verification services.

Analysis 2

Why Relevant: The bill compels the detection and reporting of specific content within user-chatbot interactions.

Mechanism of Influence: Deployers must 'detect, promptly respond to, report, and mitigate emergency situations,' which are defined as users indicating intent to harm themselves or others. This necessitates active monitoring of conversation content.

Evidence:

  • implement and maintain reasonably effective systems to detect, promptly respond to, report, and mitigate emergency situations (Section 3.A)
  • "Emergency situation" means a situation when a user engaging with a chatbot indicates that they intend to either commit harm to themselves or commit harm to others (Section 1.4)

Ambiguity Notes: While focused on 'emergency situations' rather than CSAM, the statutory duty to 'detect' and 'report' creates a monitoring infrastructure similar to the EU's detection orders.

Analysis 3

Why Relevant: The bill imposes data collection and minimization standards linked to the deployer's 'legitimate purpose.'

Mechanism of Influence: It restricts data collection to what is 'adequate,' 'relevant,' and 'necessary' for a legitimate purpose, while also requiring the storage of information needed to fulfill the detection/reporting mandate.

Evidence:

  • collect and store only that information that does not conflict with a trusting partys best interests (Section 3.B)
  • Necessary, in the sense that it is the minimum amount of information which is needed for that legitimate purpose (Section 3.B.3)

Ambiguity Notes: The tension between 'data minimization' and the mandate to 'detect' and 'report' emergency situations may force providers to retain more interaction metadata than otherwise necessary for privacy.

Senate - 1521 - Artificial intelligence; prohibiting the creation of certain artificial intelligence chatbots; requiring certain age verification measures and protections for user data. Effective date.

Legislation ID: 269135

Bill URL: View Bill

Summary

Senate Bill 1521 establishes regulations for artificial intelligence chatbots, defining key terms and prohibiting the creation of chatbots that could harm minors. It mandates user account creation, age verification processes, and data protection measures for covered entities. The bill also grants enforcement authority to the Attorney General, allowing for civil penalties for violations.

Key Sections

  • Data Protection and Security: This section outlines the data protection responsibilities of covered entities, including the handling of age verification data and user information.
  • Definitions: This section provides definitions for key terms used in the bill, including artificial intelligence companion, artificial intelligence chatbot, covered entity, minor, and reasonable age verification measures.
  • Disclosure Requirements: This section mandates that AI chatbots disclose their non-human status and clarify that they do not provide professional advice.
  • Enforcement and Penalties: This section grants the Attorney General authority to enforce the provisions of the act and outlines the penalties for violations.
  • Prohibitions on AI Chatbots: This section prohibits the design or availability of AI chatbots that could solicit minors to engage in harmful activities, including sexually explicit conduct or self-harm.
  • User Account Creation and Age Verification: This section requires covered entities to mandate user account creation for those accessing AI chatbots and to implement age verification measures to protect minors.

Key Requirements

  • Allows the Attorney General to bring civil actions for violations.
  • Chatbots must disclose they are AI and not human at the start of conversations and periodically during use.
  • Defines artificial intelligence companion as a chatbot designed for emotional interaction.
  • Defines covered entity as any person or organization that operates an AI chatbot.
  • Establishes that a minor is anyone under 18 years of age.
  • Limits data retention to what is necessary for compliance.
  • Mandates the use of reasonable age verification processes to classify users as minors or adults.
  • Must clarify that they do not provide medical, legal, or financial advice.
  • Prohibits AI chatbots that encourage minors to engage in sexually explicit conduct or violence.
  • Prohibits minors from accessing certain AI companions.
  • Prohibits sharing or selling age verification data.
  • Requires reasonable data security measures to protect personal data.
  • Requires that chatbots do not promote suicide or self-injury.
  • Requires users to create an account to access AI chatbots.
  • Sets penalties for violations at up to $100,000 per incident.

Sponsors

Legislative Actions

Date Action
2026-02-02 Authored by Senator Hamilton
2026-02-02 First Reading

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates a highly intrusive age-verification infrastructure similar to the EU Chat Act's requirements for identifying child users.

Mechanism of Influence: Section 3 requires covered entities to verify the age of every user by requiring the 'upload of a valid state-issued form of identification' (Section 1, 5) before allowing access to AI chatbot services.

Evidence:

  • Section 1, 5: 'upload of a valid state-issued form of identification'
  • Section 3, C, 2: 'Verify the individual’s age using a reasonable age verification process'

Ambiguity Notes: The definition of 'reasonable age verification' is strictly tied to government ID, leaving no room for less intrusive technical assessments or privacy-preserving methods.

Analysis 2

Why Relevant: The bill imposes a liability standard based on the 'risk' of solicitation, functionally compelling providers to implement mitigation and filtering features.

Mechanism of Influence: Section 2 makes it unlawful to provide a chatbot that 'poses a risk of soliciting, encouraging, or inducing minors' to engage in sexually explicit conduct. This creates a statutory duty for providers to assess and mitigate the output of their models to prevent such interactions.

Evidence:

  • Section 2, A: 'knowing or with reckless disregard for the fact that the artificial intelligence chatbot poses a risk of soliciting, encouraging, or inducing minors'

Ambiguity Notes: The term 'poses a risk' is broad and may lead to proactive scanning or restrictive filtering of all AI-generated content to avoid 'reckless disregard' liability.

Analysis 3

Why Relevant: The bill includes data preservation and internal compliance requirements related to the age-verification process.

Mechanism of Influence: Section 3(F) requires entities to maintain data security and 'retain age verification data' for as long as necessary to 'maintain compliance with this act,' creating a mandate for storing sensitive user identity metadata.

Evidence:

  • Section 3, F, 3: 'Retain age verification data for no longer than is reasonably necessary to verify a user’s age or maintain compliance'

Ambiguity Notes: While it limits retention to what is 'reasonably necessary,' the requirement to maintain compliance with the act may lead to long-term storage of ID-linked data for audit purposes.

Senate - 1727 - Social media; authorizing certain cause of action against social media companies; establishing criteria to recover certain damages; authorizing certain rebuttable presumption. Effective date.

Legislation ID: 268177

Bill URL: View Bill

Summary

This legislation defines terms related to social media usage, particularly concerning minors. It allows minors or their guardians to sue social media companies for mental health issues stemming from excessive use of their platforms. The bill outlines the criteria for recovering damages and establishes a rebuttable presumption regarding the causation of mental health outcomes. It also sets forth requirements for social media companies to limit minor users engagement and specifies the rights and protections that cannot be waived or limited.

Key Sections

  • Cause of Action: This provision allows a minor or their guardian to file a lawsuit against a social media company for adverse mental health outcomes due to excessive use of algorithmically curated services.
  • Definitions: This section provides definitions for key terms used in the bill, including algorithmically curated, excessive use, and social media company.
  • Liability and Damages: Details the liability of social media companies and the damages that can be recovered by plaintiffs if they succeed in their claims.
  • Rebuttable Presumptions: Establishes rebuttable presumptions for both plaintiffs and social media companies regarding the causation of mental health outcomes due to excessive use of curated platforms.
  • Social Media Company Compliance: Outlines the conditions under which social media companies can avoid liability and establish a rebuttable presumption of non-causation.
  • Waiver and Limitation: States that any waiver or limitation of rights provided by this section is void and unenforceable.

Key Requirements

  • Allows plaintiffs to presume causation if certain conditions are met.
  • Disables engagement driven design elements for minor accounts.
  • Entitles plaintiffs to reasonable attorney fees and court costs.
  • Limits minor users access to three hours per day.
  • Provides social media companies a presumption of non-causation if they meet specific criteria.
  • Requires demonstration that the adverse mental health outcome was caused by excessive use of the platform.
  • Requires diagnosis by a licensed mental health care provider.
  • Requires parental consent for minor users.
  • Restricts access during specified hours.
  • Specifies damages as either a fixed amount or actual damages, whichever is greater.

Sponsors

Legislative Actions

Date Action
2026-02-02 Authored by Senator Jech
2026-02-02 First Reading

Detailed Analysis

Analysis 1

Why Relevant: Mandated mitigation of product features and algorithms.

Mechanism of Influence: The bill incentivizes platforms to modify their 'curation algorithm' and 'engagement driven design elements' to avoid a rebuttable presumption of liability for mental health harms. This mirrors the EU Act's focus on mandated mitigation changes to recommender systems and product features.

Evidence:

  • Section 1.C.1.d: disables engagement driven design elements for a minor user’s account.
  • Section 1.A.3: 'Engagement driven design elements' means autoplay features... scroll or pagination that loads additional content... or push notifications.

Ambiguity Notes: While the EU Act focuses on mitigating CSAM risks, this bill focuses on 'excessive use' and mental health, yet uses the same mechanism of compelling product design changes.

Analysis 2

Why Relevant: Implicit requirement for age verification and parental consent.

Mechanism of Influence: To qualify for the safe harbor protections, platforms must identify 'minor users' and obtain 'parental consent,' effectively requiring the implementation of age-verification or age-estimation infrastructure.

Evidence:

  • Section 1.C.1.c: requires the parent or legal guardian of the minor... to consent to a minor user’s use
  • Section 1.C.1.a: limits a minor user... to no more than three (3) hours

Ambiguity Notes: None

Senate - 1871 - Social media; requiring certain age verification; requiring certain parental consent. Emergency.

Legislation ID: 268190

Bill URL: View Bill

Summary

This bill introduces a framework for social media companies operating in Oklahoma to implement measures aimed at protecting minors. It defines key terms related to social media use and sets requirements for age verification, data segregation, and parental consent. The bill mandates that social media platforms take specific actions to safeguard minors personal information and limit their access to services, while also providing mechanisms for parental supervision and control.

Key Sections

  • Consent and Confidentiality: The bill establishes requirements for obtaining parental consent for changes to privacy settings and presumes confidentiality for minors personal information.
  • Data Segregation and Privacy Settings: Social media platforms must segregate personal information collected for age verification and implement privacy settings that protect minors.
  • Definitions: This section provides definitions for key terms used throughout the bill, including account, connected account, minor, personal information, and others.
  • Emergency Clause: This section states that an emergency exists, allowing the bill to take effect immediately upon passage.
  • Enforcement and Penalties: The Attorney General is given authority to enforce compliance with the bill and impose civil penalties for violations.
  • Parental Controls and Supervision Tools: Platforms must offer tools for parents to supervise their minor childrens usage, including time limits and usage reports.
  • User Account Requirements: Social media companies must require users to create accounts, verify their age, and classify users as minors or adults based on this verification.

Key Requirements

  • Establishes civil penalties for social media companies that violate the act.
  • Mandates that new users provide age data and undergo verification upon account creation.
  • Mandates that parents be informed about available supervisory features.
  • Mandates that platforms disable certain features that prolong engagement for minors.
  • Requires platforms to limit minor users access to one hour per day.
  • Requires platforms to set default privacy settings for minor users to maximize privacy.
  • Requires social media companies to freeze existing accounts until age verification is completed.
  • Requires verifiable written consent from a parent for any changes to a minors data privacy settings.

Sponsors

Legislative Actions

Date Action
2026-02-02 Authored by Senator Jech
2026-02-02 First Reading

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates a highly intrusive form of age verification, a core pillar of the EU proposal's infrastructure for identifying child users.

Mechanism of Influence: Social media companies are required to 'freeze all accounts' and only restore functionality after a user provides 'age data that is verifiable' via the 'upload of a valid state-issued form of identification.'

Evidence:

  • Section 1(8): 'upload of a valid state-issued form of identification'
  • Section 2(B)(1): 'freeze all accounts'
  • Section 2(C)(2): 'Verify the individual’s age using a reasonable age verification process'

Ambiguity Notes: The definition of 'reasonable age verification process' is prescriptive, explicitly rejecting self-declaration or simple birthdate entry.

Analysis 2

Why Relevant: The bill compels specific product-level 'mitigation' measures to protect minors, similar to the EU Act's risk-mitigation requirements.

Mechanism of Influence: Platforms must disable features that 'prolong engagement,' such as autoplay and infinite scroll, and restrict direct messaging capabilities to 'connected accounts' only.

Evidence:

  • Section 2(E)(2)(a)(5): 'restrict a minor user’s direct messaging capabilities to only allow for direct messaging to connected accounts'
  • Section 2(E)(2)(d): 'disable the following features that prolong engagement... autoplay functions... scroll or pagination'

Ambiguity Notes: None

Analysis 3

Why Relevant: The bill establishes data segregation and internal control requirements for the personal information collected during the age-verification process.

Mechanism of Influence: Companies must 'segregate any personal information gathered specifically for reasonable age verification' and are prohibited from using it for other purposes, creating a specific compliance silo.

Evidence:

  • Section 2(E)(1): 'shall segregate any personal information gathered specifically for reasonable age verification purposes'

Ambiguity Notes: None

Senate - 1972 - Internet; creating the Oklahoma Childrens Internet Protection Act. Effective date.

Legislation ID: 269137

Bill URL: View Bill

Summary

This bill creates the Oklahoma Children’s Internet Protection Act, which aims to safeguard minors from potentially harmful online interactions and agreements. It prohibits interactive computer service providers from entering into contracts with minors without the express consent of their parents or legal guardians, outlines methods for obtaining such consent, and establishes penalties for violations of these provisions. Additionally, the bill provides guidelines for age verification and specifies exceptions for news organizations and certain providers.

Key Sections

  • Age Verification Methods: Details the acceptable methods for obtaining parental consent, including forms, phone calls, and other verification methods.
  • Definitions: This section defines key terms used in the act, including adult, minor, interactive computer service, and harmful to minors.
  • Effective Date: Specifies that the act will become effective on November 1, 2026.
  • Enforcement and Penalties: Outlines the enforcement mechanisms and civil penalties for violations of the act, including potential fines for continued violations after notice.
  • Liability for Violations: This section outlines the penalties for interactive computer service providers that knowingly violate the prohibition against contracts with minors or allow minors access to harmful material.
  • Prohibition on Contracts with Minors: Interactive computer service providers are prohibited from entering into contracts with minors without prior express consent from a parent or legal guardian. Any such agreements made without consent are null and void.
  • Short Title: This section establishes the official title of the act as the Oklahoma Children’s Internet Protection Act.

Key Requirements

  • Additional penalties for specific harmful actions involving minors.
  • Fines up to $10,000 per day for continued violations.
  • Liable for civil penalties if violating parental consent requirements.
  • Must adhere to age verification methods.
  • Must provide a method for obtaining parental consent before allowing minors to access services.
  • Prohibits contracts that conflict with the acts provisions.
  • Requires parental consent for contracts with minors.

Sponsors

Legislative Actions

Date Action
2026-02-02 Authored by Senator Grellner
2026-02-02 First Reading

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age verification and parental consent for interactive computer services, which is a core element of the regulatory framework for child safety online.

Mechanism of Influence: Providers must use 'reasonable age-verification methods' and obtain 'prior express consent' through specific methods like ID collection or videoconferencing.

Evidence:

  • interactive computer service that performs reasonable age-verification methods (Section 3, D)
  • prior express consent of the minor’s parent or legal guardian (Section 3, A)

Ambiguity Notes: The term 'reasonable age-verification methods' is not strictly defined, leaving the specific technology choice to the provider but subject to Attorney General oversight.

Analysis 2

Why Relevant: The bill restricts interpersonal communication by prohibiting adults from communicating with minors on the service.

Mechanism of Influence: This creates a statutory duty for platforms to monitor or gate communications to ensure no adult-to-minor interaction occurs, which has significant implications for private messaging.

Evidence:

  • Allows an adult to use the interactive computer service to communicate with a minor (Section 3, B, 4)

Ambiguity Notes: The bill does not specify how a provider should determine if a user is an adult or a minor for the purpose of communication without constant monitoring or universal age verification.

Analysis 3

Why Relevant: The bill imposes liability for allowing minors to access 'harmful' content or exposing their personal data.

Mechanism of Influence: To avoid liability, providers may be compelled to implement scanning or filtering technologies to detect 'material harmful to minors' or to prevent the display of a minor's 'persona.'

Evidence:

  • Allows a minor to access material harmful to minors (Section 3, B, 2)
  • Makes any part of the persona of a minor accessible to other persons (Section 3, B, 3)

Ambiguity Notes: The prohibition on making a minor's 'persona' accessible could be interpreted as requiring the removal of public profiles or the implementation of strict privacy defaults for all users suspected of being minors.

Senate - 1982 - Crimes and punishments; modifying provisions related to obscenity and child sexual abuse material. Effective date.

Legislation ID: 267073

Bill URL: View Bill

Summary

This legislation amends existing statutes related to obscenity and child sexual abuse material. It introduces new definitions, modifies penalties for offenses, and establishes civil remedies for individuals harmed by the production or distribution of unlawful pornography. The bill also mandates actions by internet service providers to combat such materials.

Key Sections

  • Civil Actions and Remedies: This section allows individuals to file civil lawsuits against those producing or distributing unlawful pornography.
  • Criminal Offenses and Penalties: This provision outlines the criminal penalties for buying, possessing, or distributing child sexual abuse material.
  • Definitions and Intent: This provision defines child sexual abuse material and outlines what constitutes obscenity and unlawful pornography under Oklahoma law.
  • Prohibition on Distribution of Obscene Material: This section prohibits the distribution of obscene materials and child sexual abuse material, detailing the applicable penalties.

Key Requirements

  • Allows civil actions for damages against offenders.
  • Classifies violations as Class B1 felonies with severe penalties.
  • Criminalizes the distribution of obscene and unlawful pornography.
  • Defines child sexual abuse material and obscenity.
  • Establishes misdemeanor penalties for violations involving obscene materials.
  • Establishes that each image of child pornography is treated as a separate offense.
  • Increases penalties for repeat offenders.
  • Specifies statutory damages and injunctive relief for successful plaintiffs.

Sponsors

Legislative Actions

Date Action
2026-02-02 Authored by Senator Deevers
2026-02-02 First Reading

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates the implementation of filtering technology by service providers to prevent access to specific content categories.

Mechanism of Influence: Section 4 creates a statutory duty for ISPs to operate technology that detects and blocks access to prohibited content, effectively requiring a state-wide filtering infrastructure.

Evidence:

  • Any internet service provider that provides internet access to customers in this state shall implement filtering technology that prevents any person from accessing child sexual abuse material, obscene materials, or unlawful pornography (Section 4)

Ambiguity Notes: The term 'filtering technology' is undefined, leaving open whether this requires DNS-level blocking, deep packet inspection (DPI), or other intrusive network-level scanning methods.

Analysis 2

Why Relevant: The bill includes broad definitions and civil enforcement mechanisms that incentivize proactive platform monitoring.

Mechanism of Influence: By allowing 'any person' to bring civil actions for statutory damages against those who 'aid or abet' the distribution of 'unlawful pornography,' the bill creates significant legal pressure for platforms and intermediaries to implement aggressive detection and removal systems.

Evidence:

  • Any person... may bring a civil action against any person who... Knowingly engages in conduct that aids or abets the production or distribution of unlawful pornography (Section 1, G)
  • Statutory damages not less than Ten Thousand Dollars ($10,000.00) for each image or depiction (Section 1, H)

Ambiguity Notes: The definition of 'unlawful pornography' includes broad categories of 'lewd exhibition' and 'sexual conduct' that may overlap with protected speech, potentially leading to over-blocking by providers seeking to avoid liability.

Senate - 2085 - Artificial intelligence; establishing certain rights; prohibiting certain actions by certain entities; requiring certain actions by certain entities. Effective date.

Legislation ID: 269139

Bill URL: View Bill

Summary

Senate Bill 2085 introduces comprehensive regulations regarding artificial intelligence technology in Oklahoma. It defines key terms, prohibits state entities from contracting with foreign adversaries, and establishes rights for individuals concerning AI use. The bill also includes specific provisions to protect minors from inappropriate interactions with AI chatbots and mandates transparency from AI companies regarding data use and user interactions.

Key Sections

  • Contracting Restrictions: State governmental entities are prohibited from entering into contracts with AI technology companies owned or controlled by foreign adversaries without proper affidavits.
  • Definitions: This section defines key terms related to artificial intelligence, including account holder, artificial intelligence, and companion chatbot.
  • Enforcement: The Attorney General is designated to enforce the provisions of the act and may create necessary rules for implementation.
  • Minor Protection: Companion chatbot platforms must ensure that minors cannot maintain accounts without parental consent and provide options for parental oversight.
  • Rights of Oklahomans: This section outlines the rights of Oklahomans regarding the use of artificial intelligence, including the right to know if they are interacting with AI and the right to protect personal information.

Key Requirements

  • Mandates platforms to notify parents about interactions and potential self-harm indications.
  • Requires an affidavit from AI companies affirming they do not meet criteria of being foreign adversaries.
  • Requires parental consent for minors to have accounts.

Sponsors

Legislative Actions

Date Action
2026-02-02 Authored by Senator Hamilton
2026-02-02 First Reading

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age-gating and parental consent for specific types of interactive platforms.

Mechanism of Influence: By requiring that a 'companion chatbot platform shall prohibit a minor from entering into a contract... unless the minor’s parent or legal guardian provides consent,' the bill effectively mandates the implementation of age verification or age assessment technologies to distinguish between adult and minor users.

Evidence:

  • SECTION 5. A. A companion chatbot platform shall prohibit a minor from entering into a contract with the platform to become an account holder... unless the minor’s parent or legal guardian provides consent

Ambiguity Notes: The bill does not specify the 'reliable' method for verifying age or parental status, leaving platforms to determine the level of data collection required to comply.

Analysis 2

Why Relevant: The bill requires platforms to implement content mitigation measures to prevent the exposure of minors to harmful material.

Mechanism of Influence: Platforms must 'institute reasonable measures' to prevent the AI from 'producing or sharing materials harmful to minors.' This creates a statutory duty for proactive content filtering and output moderation similar to the mitigation obligations in the EU proposal.

Evidence:

  • SECTION 5. C. 3. Institute reasonable measures to prevent its companion chatbot from producing or sharing materials harmful to minors or encouraging the account holder to engage in any of the conduct described

Ambiguity Notes: 'Reasonable measures' is not defined, which may lead platforms to implement aggressive automated scanning and filtering of AI outputs to avoid the $50,000 per-violation penalty.

Analysis 3

Why Relevant: The bill compels the creation of a monitoring and access infrastructure for private interactions.

Mechanism of Influence: The platform is required to provide parents with 'copies of all interactions between the minor account holder and the companion chatbot.' This necessitates the retention and accessibility of dialogue logs that might otherwise be private or ephemeral.

Evidence:

  • SECTION 5. A. 1. Receive copies of all interactions between the minor account holder and the companion chatbot

Ambiguity Notes: While this applies to AI-to-human interaction rather than human-to-human messaging, it establishes a precedent for compelled access to private digital dialogues for the purpose of child safety.

Analysis 4

Why Relevant: The bill includes data preservation and deletion requirements tied to account management.

Mechanism of Influence: Platforms must delete personal information upon account termination unless law requires otherwise, and must provide notifications for self-harm, mirroring the 'internal controls' and 'reporting' signals of the EU Act.

Evidence:

  • SECTION 5. B. 4. Permanently delete all personal information held by the companion chatbot platform relating to the terminated account
  • SECTION 5. A. 4. Receive timely notifications if the minor account holder expresses to the companion chatbot a desire or an intent to engage in self-harm

Ambiguity Notes: None

↑ Back to Table of Contents

South Carolina

Index of Bills

House - 3405 - App Store Accountability Act

Legislation ID: 195540

Bill URL: View Bill

Summary

The App Store Accountability Act seeks to regulate app stores by mandating age verification for users, requiring parental consent for minors, and ensuring that content ratings are clear and accurate. It establishes guidelines for app store providers and developers to follow, with enforcement mechanisms and potential penalties for non-compliance, while emphasizing the importance of parental involvement in minors app usage.

Key Sections

  • Advisory Committee: An advisory committee will be established to improve transparency and consistency in app age ratings.
  • Advisory Committee: An advisory committee will be established to improve transparency in age ratings of apps, consisting of various stakeholders.
  • Advisory Committee: An advisory committee will be established to improve transparency in app age ratings and provide a report to the Department of Consumer Affairs.
  • Age Ratings and Content Descriptions: Developers are required to display age ratings and content descriptions clearly and accurately, and must notify parents of any changes.
  • Age Ratings and Content Descriptions: Developers must clearly display age ratings and content descriptions for their apps and notify parents of any changes.
  • Age Verification and Parental Consent: App store providers must verify the age of users and obtain parental consent before allowing minors to download or use apps.
  • Age Verification and Parental Consent: App store providers must verify the age of users and obtain verifiable parental consent before allowing minors to download or use apps. This includes providing mechanisms for parents to block unsuitable apps.
  • Age Verification Requirements: App store providers must determine the age of users and obtain verifiable parental consent for minors before allowing access to apps.
  • Civil Actions by Parents: Parents can bring civil actions against app store providers or developers if their child is harmed due to violations of the act, with potential for damages and legal fees.
  • Civil Actions by Parents: Parents can take civil action against app store providers or developers for violations affecting their children.
  • Civil Actions by Parents: Parents may take civil action against app store providers or developers for violations affecting their children.
  • Conflict Resolution: In cases where signals from app store providers and developers conflict, compliance can be achieved by acting on the signal indicating the lowest age.
  • Definitions: Defines key terms used in the act, including age categories for minors, app store, developer, and parental consent.
  • Definitions: This section provides definitions for key terms used in the act, including age categories, app store, and parental consent.
  • Definitions: This section provides definitions for key terms used in the act, including age categories for users, what constitutes an app, and the roles of app store providers and developers.
  • Effectiveness: The act takes effect upon approval by the Governor.
  • Enforcement: The Attorney General is responsible for enforcing the provisions of the act, with penalties for violations.
  • Enforcement and Penalties: The Attorney General is responsible for enforcing the act, with penalties for violations including fines and civil actions.
  • Enforcement and Penalties: The Attorney General will enforce the act, with penalties for violations including fines and the possibility of civil actions by parents.
  • Findings: This section outlines the findings of the General Assembly regarding the challenges minors face when using apps, including the lack of parental consent mechanisms and the presence of harmful content.
  • Findings of the General Assembly: The General Assembly outlines the necessity for the App Store Accountability Act, highlighting the vulnerabilities of minors in accessing inappropriate content and the inadequacies of current parental controls offered by app stores.
  • Findings of the General Assembly: The General Assembly outlines the necessity for this legislation by highlighting the inability of minors to enter contracts and the inadequacy of existing parental controls and age verification methods in app stores.
  • Guidance and Compliance: The Department of Consumer Affairs will issue guidance for compliance, and app store providers must adhere to these regulations within six months after the guidance is adopted.
  • Guidance and Compliance: The Department of Consumer Affairs will issue guidance for compliance with the act, and app store providers and developers must adhere to these guidelines within six months.
  • Guidance from the Department: The Department of Consumer Affairs is tasked with issuing guidance to help app store providers and developers comply with the acts requirements.
  • Parental Controls: App store providers must offer clear access to parental controls that allow parents to filter content and set usage limits for minors.
  • Parental Controls: This section requires app store providers to provide accessible parental controls and mechanisms for parents to manage app usage by minors.
  • Parental Controls and Information Display: App store providers must offer clear mechanisms for parental controls and prominently display age ratings and content descriptors for apps.

Key Requirements

  • Age ratings and content descriptions must be prominently displayed.
  • Allows for civil actions against violators.
  • Allows parents to seek damages for violations affecting their children.
  • An advisory committee must be established by July 1, 2025.
  • App store providers must determine user age category.
  • App store providers must offer features to block unsuitable apps for minors.
  • A report must be made publicly available.
  • Civil penalties can reach up to $10,000 for each violation.
  • Clear access to parental controls must be provided.
  • Compliance is required within six months of guidance issuance.
  • Compliance with departmental guidance is required within six months.
  • Developers must notify parents of changes in app ratings.
  • Developers must obtain additional parental consent for changes in app ratings.
  • Establishes fines for violations up to $2,500.
  • Filters for sexually explicit content must be available.
  • Mandates obtaining parental consent for minors on a per-download basis.
  • Mandates obtaining verifiable parental consent on a per-download or purchase basis.
  • Mandates the provision of parental controls for monitoring app usage.
  • Mechanisms for parents to block unsuitable apps must be provided.
  • Parents can sue for violations of the act.
  • Parents may seek damages, injunctive relief, and reasonable attorneys fees.
  • Parents must have access to usage limits and content filtering options.
  • Requires app store providers to determine age categories for users.
  • Requires app store providers to verify the age of users.
  • Requires clear and prominent display of age ratings and content descriptors.
  • Requires clear display of age ratings and content descriptions.
  • Requires compliance with the Departments guidance within six months.
  • Requires the formation of an advisory committee by July 1, 2025.
  • The Attorney General is responsible for enforcement.
  • The committee must include parents, public interest groups, and developers.
  • The department must provide guidance by January 1, 2026.
  • Verifiable parental consent is required for minors.
  • Violations may incur fines of up to $2,500.
  • Violations may result in fines up to $2,500.

Sponsors

Legislative Actions

Date Action
2026-01-13 Member(s) request name added as sponsor: Oremus
2025-04-23 Member(s) request name added as sponsor: Martin
2025-01-14 Introduced and read first time ( House Journal-page 192 )
2025-01-14 Referred to Committee on Judiciary ( House Journal-page 192 )
2024-12-05 Prefiled
2024-12-05 Referred to Committee on Judiciary

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates strict age verification for all users, a core pillar of the EU proposal's access control framework.

Mechanism of Influence: Section 37-31-20(A) requires providers to 'determine the age category for every individual... and verify that user's age,' which necessitates the implementation of identity-linked or biometric age-assurance technologies.

Evidence:

  • app store providers shall determine the age category for every individual located in this State... and verify that user's age (Section 37-31-20(A))

Ambiguity Notes: The term 'commercially available methods' is undefined, leaving open whether this requires government ID upload, facial age estimation, or credit card verification.

Analysis 2

Why Relevant: The bill imposes gatekeeping obligations on app stores to regulate third-party app access and content.

Mechanism of Influence: Section 37-31-20(B) compels app stores to act as the primary enforcement point for parental consent and to provide 'mechanisms for parents to block the download of any apps... unsuitable for a particular minor's age category.'

Evidence:

  • App store providers shall obtain verifiable parental consent before allowing a minor... to download, purchase, or use apps (Section 37-31-20(B)(1))
  • provide a commercially available mechanism for parents to block the download of any apps... unsuitable (Section 37-31-20(B)(3))

Ambiguity Notes: The requirement for 'download-by-download' consent could significantly disrupt app store functionality and user experience for minors.

Analysis 3

Why Relevant: It establishes a technical compliance infrastructure for sharing age data between platforms and developers.

Mechanism of Influence: Section 37-31-20(E) requires app stores to create a 'real-time application programming interface' (API) to transmit age 'signals' to developers, creating a persistent tracking mechanism for a user's age status across different apps.

Evidence:

  • provide developers the ability to determine the age category of any user... through a real-time application programming interface (Section 37-31-20(E))
  • signal means age bracketed data sent by a real-time secure application programming interface (Section 37-31-10(11))

Ambiguity Notes: The 'signal' (defined in Section 37-31-10(11)) creates a standardized data flow that could be used for broader profiling beyond simple age gating.

House - 3431 - Social media; provide companies may not permit certain minors to be account holders; provide requirements, enforcement, restrictions, reporting and other provisions

Legislation ID: 196757

Bill URL: View Bill

Summary

Bill 3431 aims to amend the South Carolina Code of Laws by introducing new regulations for social media companies that cater to minors. It establishes definitions, outlines requirements for protecting minors personal data, restricts access during certain hours, and mandates parental controls. The bill also addresses consumer complaints and provides for enforcement mechanisms, ensuring that social media platforms prioritize the safety and well-being of minor users.

Key Sections

  • Additional Legal Protections: Clarifies that this act does not limit other legal protections for minors and establishes the supremacy of more protective laws.
  • Advertising Restrictions: Covered online services are prohibited from facilitating advertisements directed at minors for products that are illegal for them, such as drugs and alcohol.
  • Age Verification and Consent: Beginning March 1, 2026, social media companies must verify the age of South Carolina account holders and cannot allow minors to have accounts without parental consent.
  • Age Verification and Consent: Social media companies must verify the age of South Carolina account holders and cannot allow minors to open accounts without parental consent.
  • Age Verification Measures: Beginning March 1, 2026, social media companies must implement measures to prevent minors from bypassing age restrictions through technologies like VPNs.
  • Annual Reporting: Social media companies are required to submit an annual report detailing their compliance with the act and the measures taken to protect minors.
  • Annual Reporting: The Attorney General must compile and publish an annual report on fines and penalties related to the enforcement of this chapter.
  • Annual Reporting: The Attorney Generals Office must compile and publish an annual report detailing fines and penalties assessed under this chapter.
  • Annual Reporting and Auditing: Covered online services must issue annual reports audited by independent third parties detailing their practices related to minors.
  • Annual Reporting Requirements: Covered online services must submit an annual public report detailing their practices concerning minors, including data usage and safety measures.
  • Annual Reporting Requirements: Mandates annual public reports on the online services practices concerning minors, prepared by independent auditors.
  • Cause of Action: This provision allows individuals to pursue legal action against social media companies for violations of the act, establishing a cause of action.
  • Collection and Use of Personal Data: This section outlines restrictions on the collection and use of minors personal data, ensuring it is minimized and only used for necessary purposes.
  • Complaint Handling and Enforcement: The Office of the Attorney General is designated to handle complaints regarding violations of this chapter and has the authority to enforce its provisions.
  • Complaint Procedures: The Office of the Attorney General is authorized to receive and investigate complaints regarding violations of this chapter.
  • Consumer Complaints and Enforcement: This section grants the Consumer Services Division authority to administer and enforce the requirements set forth in the act, allowing for consumer complaints regarding violations.
  • Data Collection and Advertising Restrictions: This section restricts how covered online services can collect, use, and share minors personal data. It prohibits targeted advertising to minors and sets limits on data collection practices to ensure privacy and safety.
  • Data Collection and Usage: This provision restricts the collection of minors personal data, prohibiting targeted advertising and requiring minimal data collection necessary for service provision.
  • Data Collection and Usage Restrictions: Limits the collection and use of minors personal data to what is necessary for the services they engage with, and mandates deletion of data after use.
  • Data Collection and Usage Restrictions: This provision requires covered online services to limit the collection, use, and sharing of minors personal data to only what is necessary for the specific services they engage with.
  • Data Collection and Use Restrictions: This provision outlines restrictions on the collection and use of minors personal data, including prohibiting targeted advertising and requiring minimum data collection necessary for service provision.
  • Data Collection and Use Restrictions: This provision restricts the collection and use of minors personal data, prohibiting targeted advertising and ensuring data is only used for its intended purpose.
  • Default Protection Settings: Mandates that protection settings for minors are set to the highest level by default.
  • Default Protection Settings: This provision mandates that all protective settings for minors be set to the highest level by default to ensure maximum safety.
  • Definitions: This provision defines key terms relevant to the bill, including child, covered online service, personal data, and targeted advertising.
  • Definitions: This provision defines key terms used throughout the bill, such as child, covered online service, compulsive usage, and personal data.
  • Definitions: This provision defines key terms used within the act, including compulsive usage, covered online service, and minor.
  • Definitions: This section defines key terms used throughout the article, such as account holder, minor, social media company, and South Carolina resident.
  • Definitions: This section provides definitions for key terms used in the bill, including compulsive usage, covered online service, dark pattern, and sensitive personal data.
  • Definitions: This section provides definitions for key terms used throughout the bill, including child, covered online service, personal data, and sensitive personal data.
  • Definitions: This section provides definitions for terms relevant to the bill, including online service, covered online service, personal data, and minor.
  • Definitions: This section provides definitions for terms used in the bill, including child, covered online service, and personal data. It establishes the criteria for what constitutes a minor and outlines the responsibilities of online services regarding minors.
  • Definitions: This section provides definitions for terms used in the bill, such as account holder, minor, and social media company.
  • Definitions: This section provides definitions for various terms used in the bill, including child, minor, covered online service, and personal data.
  • Definitions: This section provides key definitions used throughout the chapter, including terms related to minors, online services, personal data, and various harmful effects associated with online usage.
  • Duties of Covered Online Services: Covered online services must exercise reasonable care in the use of minors personal data and design features to prevent various harms, including compulsive usage and severe psychological harm.
  • Duties of Covered Online Services: Covered online services must take reasonable care in handling minors personal data and designing their platforms to prevent various harms, including compulsive usage and identity theft.
  • Duty of Care: Covered online services are required to exercise reasonable care in the design and operation of their platforms to prevent various harms to minors, including compulsive usage and severe psychological harm.
  • Educational Programs: The Department of Education is tasked with developing educational programs on online safety for students, focusing on the impact of social media.
  • Educational Programs: The Department of Education must develop model programs to educate students about online safety and the effects of social media.
  • Effective Date: Specifies that the act takes effect upon the Governors approval.
  • Effective Date: Specifies that the act will take effect upon approval by the Governor.
  • Effective Date: The act takes effect upon approval by the Governor.
  • Effective Date: This provision indicates that the act will take effect immediately upon receiving the Governors approval.
  • Enforcement and Liability: Outlines enforcement mechanisms and liabilities for violations of the bill.
  • Enforcement and Liability: Outlines enforcement mechanisms by the Attorney General and specifies penalties for violations.
  • Enforcement and Liability: The Attorney General is responsible for enforcing the provisions of this chapter, with covered online services liable for damages incurred from violations.
  • Enforcement and Liability: The Attorney General is tasked with enforcing the provisions of the bill, and covered online services may face treble damages for violations.
  • Enforcement and Reporting: This section establishes the authority of the Consumer Services Division to enforce the requirements of the bill and mandates annual reporting on compliance and impacts of the regulations.
  • Exclusivity of Provisions: The acts requirements are supplementary to existing laws, prioritizing the greatest protection for minors in case of conflicts.
  • Exemptions: Certain entities and types of data are exempt from the provisions of this chapter, including government entities and data required for compliance with specific federal laws.
  • General Provisions: Clarifies that this act does not limit other laws and ensures the validity of the remaining provisions if any part is held unconstitutional.
  • General Provisions: This section clarifies that the bills provisions are supplementary to existing laws, ensuring that the highest protections for minors prevail in case of conflicts.
  • Geolocation and Notifications: Restrictions on the collection of minors precise geolocation information and limitations on notifications sent to minors during specific hours.
  • Geolocation Data Collection: This provision restricts the collection of precise geolocation information from minors unless it is essential for providing the online service, and mandates clear notifications to minors when such data is collected.
  • Liability and Harm Prevention: This section outlines the responsibilities of online services to prevent harm to minors, including psychological harm and compulsive usage.
  • Limitations on Liability: This section clarifies that certain harms are limited to those for which liability is permitted under existing federal law, specifically referencing Section 230.
  • Notification Restrictions: This section prohibits covered online services from sending notifications or push alerts to minors during specified hours to protect their well-being.
  • Notification Restrictions for Minors: Prohibits notifications and push alerts to minors during specified hours to protect their wellbeing.
  • Opt-Out of Personalized Recommendations: Covered online services must allow users to opt out of personalized recommendation systems, with additional protections for minors.
  • Parental Controls: Covered online services must provide tools for parents to help manage their childrens accounts and protect their privacy.
  • Parental Controls: This section mandates that social media companies must provide parents or guardians with certain information and tools to control their childrens access to the platform.
  • Parental Controls and Notifications: Mandates that online services provide parental tools to manage minors accounts and restrict usage during certain hours.
  • Parental Control Tools: Covered online services are required to provide parents with tools to manage and monitor their minors accounts and activities on the platform.
  • Parental Monitoring Notifications: If parental monitoring is enabled, minors must be notified when they are being monitored by their parents.
  • Parental Monitoring Tools: Requires online services to provide tools for parents to monitor and control their childs online activity.
  • Parental Supervision: Social media companies must provide means for parents to supervise their minor childrens accounts, including viewing privacy settings and setting time limits.
  • Parental Supervision: Social media companies must provide mechanisms for parents to supervise their minor childrens accounts, including viewing privacy settings and setting time limits.
  • Parental Tools: Covered online services are required to offer tools for parents to manage their childs account, privacy settings, and financial transactions.
  • Parental Tools: Covered online services must provide parents with tools to help manage their childrens accounts and usage of the service, ensuring these tools are enabled by default for users identified as minors.
  • Parental Tools: Covered online services must provide tools for parents to manage their childs account settings and restrict purchases, with these tools enabled by default for child users.
  • Parental Tools: Online services must provide parents with tools to manage their childrens accounts and monitor their online activity, ensuring these tools are enabled by default for child users.
  • Personalized Recommendations Disclosure: Services using personalized recommendation systems must clearly explain how these systems operate and how minors can control them.
  • Private Right of Action: Individuals may bring a lawsuit against those who violate the provisions of this chapter, with potential for damages and attorney fees.
  • Private Right of Action: Individuals may bring lawsuits against those who violate the provisions of this chapter, with specific remedies available.
  • Profiling Restrictions: Covered online services are restricted from profiling minors unless they can prove adequate safeguards are in place or if profiling is essential for the service.
  • Profiling Restrictions: Limits profiling of minors unless safeguards are in place or necessary for service provision.
  • Prohibitions on Advertising and Data Collection: Social media companies are prohibited from displaying targeted advertising to minors based on their personal information and from collecting sensitive personal data without proper consent.
  • Reporting Mechanisms: This section establishes mechanisms for reporting harms to minors on covered online services, especially those that pose imminent threats.
  • Reporting Mechanisms and Advertising Restrictions: This provision mandates that covered online services establish mechanisms for reporting harm to minors and prohibits ads for products illegal for minors.
  • Reporting Mechanisms for Harm: Establishes mechanisms for reporting harm to minors and prohibits ads for harmful products directed at minors.
  • Reporting Mechanisms for Harms: Establishes mechanisms for reporting harms to minors and prohibits harmful advertising.
  • Requirements for Social Media Companies: Social media companies must exercise reasonable care in handling minors personal data and design features to prevent harm such as compulsive usage and severe psychological distress.
  • Responsibilities of Covered Online Services: Covered online services must exercise reasonable care in the design and operation of their platforms to prevent various harms to minors, including compulsive usage and severe psychological harm.
  • Responsibilities of Covered Online Services: Covered online services must exercise reasonable care in the use of minors personal data and design features to prevent harms such as compulsive usage and psychological distress.
  • Responsibilities of Covered Online Services: This section mandates that covered online services must exercise reasonable care in using minors personal data and design features to prevent harm, including compulsive usage and severe psychological harm.
  • Responsibilities of Covered Online Services: This section outlines the responsibilities of covered online services to protect minors from various harms, including compulsive usage and psychological distress. It mandates that these services implement reasonable care in their operations and design to prevent such harms.
  • Restrictions for Minor Account Holders: This provision outlines restrictions on interactions and data collection for minor account holders, including prohibiting adults from direct messaging minors and restricting targeted advertising.
  • Restrictions on Minor Accounts: Social media companies must implement specific restrictions for accounts held by minors, including limiting direct messaging from adults and prohibiting targeted advertising based on personal information.
  • Severability Clause: Ensures that if any part of the act is found unconstitutional, the remaining provisions remain valid.
  • Severability Clause: If any part of the act is found unconstitutional or invalid, the remaining sections will still be enforceable.
  • Severability Clause: If any part of the act is found unconstitutional, the remaining provisions will still be valid.
  • Severability Clause: This provision states that if any part of the act is declared unconstitutional or invalid, the remaining sections will still be valid and enforceable.
  • Targeted Advertising and Data Collection: Prohibits targeted advertising to minors and restricts the collection of precise geolocation data without clear notice to the minor.
  • Targeted Advertising Restrictions: Prohibits covered online services from facilitating targeted advertising to minors and restricts the collection of precise geolocation data.
  • Transparency and Reporting Requirements: Requires covered online services to provide clear information about data practices and undergo annual audits.
  • Transparency in Advertising Practices: Requires clear disclosure of how personalized recommendation systems work and how minors can opt out.
  • User Autonomy Protections: Covered online services must not use deceptive practices to undermine user autonomy regarding parental controls and safeguards.
  • User Control and Parental Tools: This section requires covered online services to provide minors and their parents with tools to control privacy settings, limit interactions, and manage time spent on the platform. It emphasizes the need for user-friendly options and default settings that prioritize safety.
  • User Controls: This section mandates that covered online services provide users with tools to control their interactions and privacy settings, including communication restrictions and content recommendations.
  • User Controls: This section mandates that online services provide minors with tools to control their interactions and privacy settings, including options to limit communication, control design features, and manage time spent on the service.
  • User Tools: This section requires covered online services to provide tools for users to manage their engagement with the service, including options to disable certain features and limit usage time.
  • User Tools and Controls: This section mandates that covered online services provide tools to minors for controlling their interactions on the platform, including communication limits and privacy settings.
  • User Tools and Parental Controls: This provision mandates that online services provide tools for users, especially minors, to control their interactions and the amount of time spent on the service, as well as tools for parents to monitor and manage their childrens usage.
  • User Tools and Protections: Covered online services must provide users with tools to limit their engagement, such as disabling certain design features and controlling visibility of their information.
  • Validity of Waivers: Any waivers or limitations of rights provided in this chapter are considered void and unenforceable.
  • Waivers and Limitations: Any waivers or limitations of rights provided under this chapter are considered void and unenforceable.
  • Waivers and Limitations: Certain waivers and limitations that may undermine the protections offered by this act are deemed void.

Key Requirements

  • Allow parents to view and limit the time minors spend on the service.
  • Allows individuals to file lawsuits for violations.
  • Allows individuals to sue for violations of the chapter.
  • Attorney General enforces the bills provisions.
  • Bans targeted advertising directed at minors.
  • Collect only the minimum amount of personal data necessary for the service.
  • Consumer Services Division has enforcement authority.
  • Covered online services are liable for treble damages for violations.
  • Covered online services must submit annual reports on compliance.
  • Declares any waivers of rights under this chapter as void.
  • Default settings must provide maximum safety for minors.
  • Defines a child as under 13 years old and a minor as under 18.
  • Defines harm and limits liability according to federal law.
  • Delete personal data collected for age verification after use.
  • Do not facilitate targeted advertising to minors.
  • Do not use dark patterns in service design.
  • Do not use minors personal data for purposes other than those for which it was collected.
  • Empowers the Attorney General to enforce the chapter.
  • Enable parents to restrict minors purchases and transactions.
  • Ensure independent auditors have full access to necessary information.
  • Ensures that the act remains valid even if parts are struck down.
  • Establishes a mechanism for consumer complaints related to social media companies practices.
  • Establishes criteria for covered online services based on revenue and data practices.
  • Establishes default opt-out settings for minors.
  • Establishes exclusive enforcement rights for the Attorney General.
  • Establishes liability for financial damages due to violations.
  • Establishes that this act does not limit other laws and prioritizes those that protect minors.
  • Establish reporting mechanisms for parents, minors, and schools to report harm.
  • Grants the Attorney Generals Office the authority to investigate complaints.
  • If any section is held unconstitutional, it does not affect the validity of the remaining provisions.
  • If any section is held unconstitutional, remaining sections remain effective.
  • In case of conflict, the law offering greater protection prevails.
  • In case of conflict, the law providing the greatest protection to minors prevails.
  • Include details on data collection, privacy protections, and design safety for minors in the report.
  • Includes definitions related to online functionalities that may affect minors.
  • Liability for treble damages for violations.
  • Mandates a duty of care in the design and operation of online services used by minors.
  • Mandates protection against identity theft and discrimination based on personal characteristics.
  • Mandates reasonable care in the design and operation of services used by minors.
  • Mandates that companies provide specific information to parents or guardians.
  • Mandates that parental tools be enabled by default for child accounts.
  • Mandates the development of online safety education programs for students.
  • Mandates the use of technology to enforce age restrictions.
  • May not facilitate targeted advertising to minors.
  • Must allow minors to opt-out of certain design features.
  • Must allow minors to opt-out of certain features and set time limits on usage.
  • Must allow parents to manage child account settings and restrict financial transactions.
  • Must allow parents to manage childs account settings.
  • Must allow parents to view time spent on the service and set usage limits.
  • Must allow users to disable design features that encourage compulsive use.
  • Must allow users to limit their time spent on the service.
  • Must collect only the minimum amount of personal data necessary.
  • Must describe personalized recommendation systems in clear and understandable terms.
  • Must enable parents to restrict the childs purchases and usage times.
  • Must ensure privacy expectations are respected.
  • Must ensure reasonable privacy expectations are maintained.
  • Must establish mechanisms for reporting harms to minors.
  • Must inform parents about their childs data usage.
  • Must issue an annual public report detailing practices related to minors.
  • Must limit data collection to the minimum necessary.
  • Must not collect precise geolocation information by default.
  • Must not facilitate targeted advertising to minors.
  • Must notify minors when they are being monitored by parents.
  • Must only collect the minimum necessary personal data from minors.
  • Must prevent compulsive usage and severe psychological harm to minors.
  • Must prevent compulsive usage of the service.
  • Must protect minors from severe psychological harm.
  • Must protect minors privacy and prevent identity theft.
  • Must provide clear information on privacy protections and parental tools.
  • Must provide information on how minors and parents can control these systems.
  • Must provide notice when geolocation data is being collected.
  • Must provide notice when precise geolocation information is collected.
  • Must provide options to manage time spent on the platform.
  • Must provide parents with tools to manage their childs account.
  • Must provide parents with tools to manage their childs account and restrict transactions.
  • Must provide tools for minors to limit communication and view personal data.
  • Must provide tools for minors to limit communication and visibility of their personal data.
  • Must provide tools for parents to manage childs account settings and restrict purchases.
  • Must provide tools to disable non-essential design features.
  • Must provide tools to limit communication with minors.
  • Notify minors when parental controls are in effect.
  • Obtain obvious notice when collecting precise geolocation information of minors.
  • Obvious notice must be provided when geolocation data is collected.
  • Officers and employees can be personally liable for willful violations.
  • Only collects minimum necessary personal data from minors.
  • Only collect the minimum necessary personal data from minors.
  • Only minimal personal data necessary for service provision can be collected.
  • Parental tools must enable monitoring of time spent on the service and limit usage.
  • Parents must have tools to manage their childs account and restrict transactions.
  • Precise geolocation data collection is restricted and requires user notification.
  • Precise geolocation information cannot be collected by default unless necessary for service provision.
  • Profiling of minors is prohibited unless appropriate safeguards are demonstrated or necessary for service engagement.
  • Prohibit ads directed to minors for prohibited products like tobacco and alcohol.
  • Prohibits ads directed at minors for prohibited products.
  • Prohibits ads for products like drugs and alcohol to minors.
  • Prohibits adults from direct messaging minor account holders unless already connected.
  • Prohibits adults from messaging minors unless already connected.
  • Prohibits advertising to minors for products like drugs, tobacco, gambling, and alcohol.
  • Prohibits collection of personal data beyond what is necessary.
  • Prohibits minors from being account holders without parental consent.
  • Prohibits minors from having accounts without parental consent.
  • Prohibits notifications and push alerts to minors between 10 PM and 6 AM.
  • Prohibits notifications during school hours (8 AM to 3 PM) from August to May.
  • Prohibits notifications to minors between 10 PM and 6 AM and during school hours from August to May.
  • Prohibits profiling of minors without appropriate safeguards or necessity for service provision.
  • Prohibits targeted advertising based on minors personal information.
  • Prohibits targeted advertising directed at minors.
  • Prohibits the use of dark patterns that obscure user choices.
  • Prohibits the use of minors data for purposes other than originally collected.
  • Prohibit targeted advertising to minors.
  • Provide accessible tools for parents to manage minors account settings.
  • Provides parents tools to manage minors account settings and restrict purchases.
  • Report must include data on minor users and compliance with safety measures.
  • Requirements of this act are in addition to other laws protecting minors.
  • Requires an annual public report on practices related to minors, submitted to the Attorney General.
  • Requires annual compliance reports from social media companies.
  • Requires annual public reports by independent auditors.
  • Requires clear disclosure of personalized recommendation systems.
  • Requires companies to ensure minors cannot bypass age verification.
  • Requires consent for the collection of sensitive personal data.
  • Requires covered online services to provide an opt-out option for personalized recommendations for all users.
  • Requires default high-level protection settings for minors.
  • Requires deletion of age verification data after use.
  • Requires filtering of harmful content for minors.
  • Requires mechanisms for reporting harms to minors.
  • Requires notification to minors when parental controls are in effect.
  • Requires notification to minors when parental monitoring is in effect.
  • Requires obvious notice to minors when precise geolocation information is collected or used.
  • Requires obvious notice when collecting precise geolocation data.
  • Requires online services to prevent compulsive usage and severe psychological harm to minors.
  • Requires online services to provide parental management tools.
  • Requires options to control design features and manage time spent on the service.
  • Requires reasonable care in the design and operation of services to protect minors.
  • Requires reporting mechanisms for harm to minors.
  • Requires services to limit compulsive usage and prevent psychological harm to minors.
  • Requires social media companies to allow parental supervision features.
  • Requires social media companies to enable parental supervision features for minor accounts.
  • Requires social media companies to prevent compulsive usage and psychological harm to minors.
  • Requires social media companies to restrict access to minors during certain hours.
  • Requires social media companies to verify the age of account holders.
  • Requires the Attorney General to maintain and publish an annual report.
  • Requires the Attorney General to maintain and publish an annual report on enforcement actions.
  • Requires the development of educational programs regarding online safety.
  • Requires tools for parents to manage child account settings and restrict transactions.
  • Restricts personalized advertising for minor accounts.
  • Restricts targeted advertising and data collection from minor account holders.
  • Retain minors personal data only as long as necessary for service provision.
  • Services must allow minors to limit communications and view settings.
  • Settings must be set at the highest level of protection by default.
  • Specifies damages and attorney fees for successful claims.
  • Specifies that liability is limited under existing federal laws.
  • Specifies the definitions of personal data and sensitive personal data.
  • Submit a public report by July 1st each year to the Attorney General.
  • The act does not limit or restrict other applicable laws.
  • The Attorney General shall enforce the provisions of this chapter.
  • The Attorney Generals office must investigate complaints.
  • This act supplements existing laws and provides greater protection for minors.
  • This act takes effect upon approval by the Governor.
  • Tools must allow minors to limit communications and control personal data visibility.
  • Users should be able to limit their time and financial transactions on the service.

Sponsors

Legislative Actions

Date Action
2026-01-14 Returned to Senate with amendments
2026-01-14 Roll call Yeas-112 Nays-0
2026-01-14 Senate amendment amended
2025-05-12 Scriveners error corrected
2025-05-06 Amended ( Senate Journal-page 36 )
2025-05-06 Read third time and returned to House with amendments ( Senate Journal-page 36 )
2025-05-06 Roll call Ayes-45 Nays-0 ( Senate Journal-page 36 )
2025-05-05 Scriveners error corrected

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates provider risk mitigation through a statutory duty of care and independent audits.

Mechanism of Influence: Section 39-80-20(A) requires services to 'exercise reasonable care' to prevent harms such as 'compulsive usage' and 'severe psychological harm.' This is reinforced by Section 39-80-70, which requires an annual 'public report prepared by an independent third-party auditor' evaluating 'covered design features' and 'algorithms.'

Evidence:

  • Section 39-80-20(A): 'A covered online service shall exercise reasonable care... to prevent the following harms to minors: (1) compulsive usage... (2) severe psychological harm'
  • Section 39-80-70(A): 'the covered online service must issue a public report prepared by an independent third-party auditor that contains a detailed description of the covered online service as it pertains to minors'

Ambiguity Notes: The term 'reasonable care' is broad and may be interpreted by regulators to require proactive monitoring or modification of core service features to mitigate vaguely defined psychological harms.

Analysis 2

Why Relevant: The bill incorporates age verification and assessment frameworks.

Mechanism of Influence: While not mandating a specific technology, the bill regulates the data used for 'age verification or estimation' and requires services to report their methods to the Attorney General.

Evidence:

  • Section 39-80-40(A): 'Minors personal data collected for age verification or estimation cannot be used for other purposes and must be deleted after use.'
  • Section 39-80-70(A)(9): 'Each report must include... age verification or estimation methods used'

Ambiguity Notes: By requiring services to report 'age verification or estimation methods used,' the bill effectively compels the adoption of such systems to comply with the 'duty of care' for known minors.

Analysis 3

Why Relevant: The bill requires centralized reporting mechanisms for harms to minors.

Mechanism of Influence: Services must establish systems for parents, minors, and schools to report 'harms,' and these reports must be accounted for in the annual audit submitted to the state.

Evidence:

  • Section 39-80-60(A): 'Covered online services shall establish mechanisms for parents, minors, and schools to report harms to minors on covered online services'
  • Section 39-80-70(A)(4): 'Each report must include... an accounting of the total number and types of reports generated pursuant to Section 39-80-60(A)'

Ambiguity Notes: The requirement to report 'harms that pose an imminent threat' could overlap with criminal reporting duties, though the bill focuses on civil design safety.

Analysis 4

Why Relevant: The bill includes provisions that touch upon the privacy of communications, potentially impacting encrypted services.

Mechanism of Influence: The definition of 'sensitive personal data' includes the 'contents of an individuals mail, email, and text messages.' The duty to prevent 'harms' in these communications could create pressure to scan content.

Evidence:

  • Section 39-80-10(17)(d): 'Sensitive personal data means... the contents of an individuals mail, email, and text messages unless the business is the intended recipient'
  • Section 39-80-20(A)(4): 'prevent... highly offensive intrusions on the minors reasonable privacy expectations'

Ambiguity Notes: Section 39-80-10(17)(d) excludes messages where the 'business is the intended recipient,' but the general duty to prevent 'severe psychological harm' or 'physical injury' (39-80-20) may conflict with end-to-end encryption if harms occur within private messages.

House - 4591 - Stop Harm from Addictive Social Media (SHASM) Act

Legislation ID: 244736

Bill URL: View Bill

Summary

The Stop Harm from Addictive Social Media (SHASM) Act establishes regulations for covered social media platforms to protect minors from addictive features and harmful content. It mandates age verification, parental consent, and the implementation of privacy settings to ensure the safety of children using these platforms.

Key Sections

  • Account Creation and Parental Consent: Platforms must require birth dates during account creation and obtain verifiable parental consent before creating or modifying accounts for children.
  • Account Creation and Parental Consent: Social media platforms must obtain verifiable parental consent before creating accounts for children and must set privacy settings at the most private levels by default.
  • Account Creation and Parental Consent: Social media platforms must require birth dates for account creation and cannot maintain accounts for children without verifiable parental consent.
  • Age Estimation Requirements: Covered social media platforms are required to estimate the age of account holders within specified time frames and based on established confidence levels.
  • Age Estimation Requirements: Covered social media platforms must estimate the age of account holders within specific timeframes and confidence levels, treating those under seventeen as children unless proven otherwise.
  • Age Estimation Requirements: Covered social media platforms must estimate the age of account holders within specified timeframes and confidence levels, treating those under 17 as children unless proven otherwise.
  • Definitions: This section defines key terms used in the SHASM Act, including account holder, addictive features, covered social media platform, and others.
  • Definitions: This section defines key terms used throughout the Act, including account holder, child, covered social media platform, and various addictive features.
  • Definitions: This section provides definitions for key terms used in the bill, including account holder, addictive features, covered social media platform, and others.
  • General Provisions: The act clarifies that it does not limit parental control over content or search engine results and invalidates contracts formed without proper parental consent.
  • General Provisions: This section clarifies that the Act does not limit parental rights to control content or search results for children.
  • Liability and Compliance: Platforms can avoid liability if they demonstrate reasonable efforts to comply with the acts requirements.
  • Liability and Enforcement: The Act outlines the liability of platforms for violations and the rights of parents and children to seek damages.
  • Notification and Dispute Process: If a platform classifies an account holder as a child, they must notify the account holder and allow time to dispute this classification.
  • Notification and Dispute Process: Platforms must notify account holders of account terminations due to age classification and allow a period for dispute and age verification.
  • Notification and Dispute Resolution: Platforms must notify account holders of account termination due to age classification and provide a period for disputing the classification.
  • Private Right of Action: Children or parents may take legal action for violations of the act, including seeking damages for emotional distress and mental health harm.
  • Rights and Remedies: The SHASM Act provides minors and parents with a private right of action for violations, including potential damages for emotional distress and mental health harm.
  • Termination of Accounts: Platforms must terminate accounts of minors if parental consent is not obtained and must provide means for parents to request account termination.
  • Termination of Accounts: Platforms must terminate accounts of minors under certain conditions and provide a clear process for account termination requests.
  • Termination of Accounts: Platforms must terminate accounts of users classified as children if parental consent is not obtained, and must also provide clear means for parents to request account termination.

Key Requirements

  • Account for children must have privacy settings at the most private levels.
  • Claims must be brought within three years of the alleged violation.
  • Estimate age within 14 days of the first trigger date with 80% confidence.
  • Estimate age within fourteen days of the first trigger date.
  • Limits liability if platforms have made reasonable efforts to comply.
  • Notify account holders within seven days of a determination to terminate.
  • Notify account holder within 7 days of termination decision.
  • Obtain verifiable parental consent for accounts of children.
  • Parental consent must be obtained for any changes to a childs account settings.
  • Provide 30 days for dispute resolution regarding age classification.
  • Provides a private right of action for damages resulting from violations.
  • Provide thirty days for account holders to dispute the age classification.
  • Require birth dates during account application.
  • Requires a 30-day period for dispute resolution.
  • Requires all privacy settings for child accounts to be set at the most private levels by default.
  • Requires notification within seven days of determining an account holder is a child.
  • Requires platforms to estimate age within 14 days of the first trigger date with 80% confidence.
  • Requires platforms to revise age estimates within 14 days of the second trigger date with 90% confidence.
  • Requires platforms to verify parental identity before terminating accounts.
  • Requires termination of accounts of minors within specified timeframes after receiving termination requests.
  • Requires verifiable parental consent for accounts of children.
  • Revise age estimate by the second trigger date.
  • Revise age estimate within 14 days of the second trigger date with 90% confidence.
  • Terminate accounts of minors within 7 days of a termination request from the account holder.
  • Terminate accounts within 14 days of a termination request from a parent.
  • Terminate accounts within fourteen days of a request from a parent.
  • Terminate accounts within seven days of a request from the account holder.
  • Update age estimates after every additional one hundred hours spent on the platform.

Sponsors

Legislative Actions

Date Action
2026-01-13 Introduced and read first time
2026-01-13 Referred to Committee on Judiciary
2025-12-16 Prefiled
2025-12-16 Referred to Committee on Judiciary

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates sophisticated age estimation and verification, a core pillar of the EU Chat Act's infrastructure for protecting minors.

Mechanism of Influence: Platforms must estimate ages with 80% to 90% confidence based on usage 'triggers' (25 and 50 hours of use) and require birth dates and parental consent for account creation.

Evidence:

  • use reasonable means and reasonable efforts... to estimate the age of the account holder (39-5-920(A))
  • conclude with ninety percent confidence that the account holder is over seventeen years of age (39-5-920(B))
  • require applicants for an account to provide their birth dates (39-5-930(A)(1))

Ambiguity Notes: The term 'reasonable means' for age estimation is not strictly defined, potentially allowing for biometric or behavioral analysis to meet the 90% confidence threshold.

Analysis 2

Why Relevant: The bill compels 'mitigation' through product design changes, similar to the EU Act's focus on recommender systems.

Mechanism of Influence: It bans specific 'addictive features' like infinite scrolling and auto-play videos for minors, effectively forcing a different UI/UX for a specific class of users.

Evidence:

  • social media platform may not present addictive interface features in the display or feed of any child (39-5-930(C))
  • infinite scrolling... push notifications... auto-play video (39-5-910(2))

Ambiguity Notes: The definition of 'addictive features' is specific but includes broad categories like 'personal metrics' and 'push notifications' that may affect core platform functionality.

Analysis 3

Why Relevant: The bill establishes a compliance infrastructure including parental controls and account termination protocols.

Mechanism of Influence: Platforms must provide parents with tools to monitor time, set limits, and request account termination within 14 days.

Evidence:

  • provide and explain an option for the parent... to monitor the amount of time the child spends (39-5-930(B)(2))
  • terminate the account of a minor within no more than fourteen days after receipt of a request for termination from a parent (39-5-940(C))

Ambiguity Notes: The verification of 'legal guardianship' for parental requests is left to the platform's own internal processes.

House - 4665 - Internet providers; require to filter adult content unless a consumer requests the filter be deactivated

Legislation ID: 244789

Bill URL: View Bill

Summary

Bill 4665 amends the South Carolina Code of Laws by adding a new section that mandates internet service providers to implement filtering measures against adult content. It outlines the definitions, requirements for filtering, procedures for deactivation of filters by consumers, and penalties for non-compliance with the provisions.

Key Sections

  • Creation of Deactivation Form: The administrator must create and publish a form for consumers to request the deactivation of the adult content filter.
  • Deactivation of Adult Content Filter: This provision outlines the process for consumers to deactivate the adult content filter, including the necessary documentation and verification.
  • Deactivation of Filter: Consumers can request the deactivation of the adult content filter by submitting a specific form and providing age verification.
  • Deactivation of Filters: Consumers can request to deactivate the adult content filter by providing verification of age and submitting a request form along with any applicable fees.
  • Definition and Requirements for Filtering Adult Content: This section establishes the requirement for internet service providers to filter adult content and defines what constitutes adult content based on existing law.
  • Definition of Adult Content: This provision defines adult content as material harmful to minors, referencing existing state law.
  • Enforcement and Rulemaking: This section provides for the enforcement of the filtering requirement and the authority of the Commission on Consumer Affairs to create regulations.
  • Filtering Requirement: Internet service providers must filter adult content using commercially reasonable methods to prevent access by consumers.
  • Filtering Requirements for Internet Service Providers: Internet service providers are required to use commercially reasonable methods to filter adult content to prevent its access by consumers.
  • Implementation Rules: The Commission on Consumer Affairs may adopt rules to implement this section.
  • Regulatory Authority: The Commission on Consumer Affairs is authorized to create rules and regulations for implementing the filtering requirements.
  • Violation Penalty: Violations of this section by internet service providers are considered violations of the South Carolina Unfair Trade Practices Act.
  • Violations and Penalties: Violations of the filtering requirement will be treated as violations of the South Carolina Unfair Trade Practices Act.

Key Requirements

  • Consumers can request to deactivate the filter by submitting a form, verifying their age, and paying any fees.
  • Consumers may need to pay a deactivation fee.
  • Consumers must provide verification of being 18 years or older.
  • Consumers must submit a Request for Deactivation form.
  • Consumers must submit a Request for Deactivation of Adult Content Filter form.
  • Filtering methods must be commercially reasonable and generally accepted.
  • Internet service providers must comply with the filtering requirements to avoid penalties.
  • Internet service providers must filter adult content unless requested otherwise by the consumer.
  • Internet service providers must use reasonable commercially available means to filter adult content.
  • Must either provide in-network filtering or refer to a third-party filtering service.
  • Must use reasonable commercially available means to filter adult content.
  • Pay any applicable deactivation fee.
  • Payment of any applicable deactivation fee may be required.
  • Provide reasonable verification of being eighteen years or older.
  • Providers may charge a fee for filtering services.
  • Providers must apply a generally accepted method of filtering, either in-network or through a third-party service.
  • Submit a Request for Deactivation of Adult Content Filter form.
  • The Commission must create and publish a Request for Deactivation form.
  • The Commission on Consumer Affairs may adopt rules to implement this section.
  • Verification of age (18 years or older) is required.
  • Violations by internet service providers are considered violations of the South Carolina Unfair Trade Practices Act.

Sponsors

Legislative Actions

Date Action
2026-01-13 Introduced and read first time
2026-01-13 Referred to Committee on Judiciary
2025-12-16 Prefiled
2025-12-16 Referred to Committee on Judiciary

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates a state-wide age verification regime for internet access.

Mechanism of Influence: Section 37-1-320(E)(2) requires 'reasonable verification' that a user is 18 or older before an ISP can deactivate the mandatory filter, effectively requiring age-gating for unfiltered internet access.

Evidence:

  • reasonable verification that the individual making the request is eighteen years of age or older

Ambiguity Notes: The term 'reasonable verification' is not defined, leaving the specific technical requirements for identity or age proofing to the discretion of the ISP or future administrative rules.

Analysis 2

Why Relevant: The bill compels providers to implement content filtering and blocking technologies.

Mechanism of Influence: ISPs must use 'reasonable commercially available means' to filter content, including 'in-network filtering' to 'prevent the display of or access to adult content.'

Evidence:

  • An internet service provider must use reasonable commercially available means to filter adult content
  • providing in-network filtering to prevent the display of or access to adult content

Ambiguity Notes: While 'adult content' is tied to existing legal definitions of 'harmful to minors,' the requirement for 'in-network filtering' could involve various levels of network-level inspection or DNS-based blocking.

Senate - 736 - Online companies; provide certain online companies must provide parents an option to opt out of certain content on their platforms

Legislation ID: 244777

Bill URL: View Bill

Summary

Bill 736 seeks to amend the South Carolina Code by adding a new section that mandates online companies with minor users to offer parental control options. This includes the ability for parents to opt out of content that is sexual in nature or features transgender individuals. Noncompliance would result in penalties for the companies, and individuals would have the right to pursue civil actions for violations.

Key Sections

  • Civil Action Provision: Individuals can bring civil actions against companies that violate the parental control requirements.
  • Civil Action Provision: Individuals may sue online companies for violations of the parental control requirements.
  • Effective Date: The act will take effect upon approval by the Governor.
  • Parental Control Requirement: Online companies must provide parents the option to opt out of sexual content and content featuring transgender individuals.
  • Parental Control Requirements: Online companies must provide parents the option to opt out of certain content for minor users.
  • Parental Control Requirements: Online companies must provide parents with an option to opt out of sexual content and content featuring transgender individuals for their minor users.
  • Penalties for Non-Compliance: Online companies that fail to comply with the parental control requirements face misdemeanor charges and fines.
  • Penalties for Non-Compliance: Violating the parental control requirement results in misdemeanor charges and fines.

Key Requirements

  • Content that is sexual in nature and features transgender individuals must be able to be opted out of.
  • Fines of two hundred dollars per day for each non-compliant account.
  • Individuals can bring a civil action against non-compliant companies.
  • Individuals may seek actual damages, injunctive relief, declaratory relief, and reasonable attorneys fees.
  • Mandates compliance from specific online platforms like Facebook, Instagram, TikTok, Netflix, Disney+, Roblox, and Hulu.
  • Online companies that fail to comply face a fine of two hundred dollars per day for each noncompliant account.
  • Parents can opt out of all content that is sexual in nature and content featuring transgender individuals.
  • Plaintiffs may receive actual damages, injunctive relief, declaratory relief, and attorney fees.
  • Requires online companies to have a parental control option for parents of minor users.
  • Requires online companies to offer parental control options for content related to sexual nature and transgender individuals.
  • Requires online companies to provide parental control options for minors.
  • Violating companies are guilty of a misdemeanor.

Sponsors

Legislative Actions

Date Action
2026-01-13 Introduced and read first time
2026-01-13 Referred to Committee on Labor, Commerce and Industry
2025-12-10 Prefiled
2025-12-10 Referred to Committee on Labor, Commerce and Industry

Detailed Analysis

Analysis 1

Why Relevant: The bill implicitly requires age verification or assessment to identify 'minor users' and verify parental relationships.

Mechanism of Influence: To comply with the mandate for 'minor users,' platforms must implement systems to reliably distinguish children from adults and link them to a verified parent, a core component of the EU Chat Act's infrastructure.

Evidence:

  • Section 39-1-100. (A) ...that have minor users must provide a parental control option for a parent of a minor

Ambiguity Notes: The bill does not specify the 'reliable technology' or method for age verification, leaving platforms to determine how to identify minors and parents.

Analysis 2

Why Relevant: The bill mandates a form of exposure-limiting or content-filtering mitigation.

Mechanism of Influence: Platforms must develop or modify recommender systems and content delivery algorithms to enable an 'opt out' for specific categories of content, effectively requiring a classification system for all content available to minors.

Evidence:

  • opt out of all content that is sexual in nature and content that features transgender individuals

Ambiguity Notes: The phrase 'sexual in nature' and 'content that features transgender individuals' is broad and lacks statutory definitions, potentially requiring aggressive automated scanning or human review to ensure compliance.

↑ Back to Table of Contents

Tennessee

Index of Bills

Senate - 1700 - Attorney General and Reporter - As introduced, enacts the "Curbing Harmful AI Technology (CHAT) Act." - Amends TCA Title 29; Title 37 and Title 47.

Legislation ID: 260262

Bill URL: View Bill

Summary

Senate Bill 1700, known as the Curbing Harmful AI Technology (CHAT) Act, amends Tennessee Code to introduce regulations governing artificial intelligence systems and companion chatbots. It defines key terms, outlines safety and design requirements, mandates transparency and data privacy protections, and establishes enforcement mechanisms to hold developers and deployers accountable for violations. The bill seeks to ensure that AI technologies do not harm minors and provides a framework for addressing issues related to mental health and user safety.

Key Sections

  • Data privacy requirements: Developers cannot use minors inputs to train AI models without parental consent.
  • Design requirements: Deployers must include disclaimers that the chatbot is not a human and notify users at specific intervals.
  • Effective date: The act takes effect on January 1, 2027.
  • Liability and enforcement: Establishes penalties and enforcement mechanisms for violations of the act.
  • Mental health redirect: Generative AI chatbots must have protocols to detect and address suicidal ideation or self-harm.
  • Part definitions: This section provides definitions for key terms used in the bill, including artificial intelligence system, companion chatbot, covered product, deployer, developer, and minor.
  • Safety requirements: Operators must not provide companion chatbots to minors if they can encourage harmful behaviors or interactions.
  • Severability: Ensures that if any provision of the act is invalidated, the remaining provisions remain effective.
  • Short title: This provision establishes the official name of the part as the Curbing Harmful AI Technology (CHAT) Act.
  • Transparency requirements: Developers must provide mechanisms for users to report issues and publish safety test findings.

Key Requirements

  • Attorney General can impose civil penalties for violations.
  • Establish a reporting mechanism for adverse incidents.
  • Must include detection mechanisms for suicidal expressions.
  • Must refer users to crisis services upon detection.
  • Notification upon login, every 30 minutes, when prompted, and when giving regulated advice.
  • Prevents chatbots from offering unsupervised mental health therapy to minors.
  • Prohibits chatbots from encouraging self-harm, violence, or illegal activities.
  • Publish safety test findings for public access.
  • Regular reporting of chatbot interactions related to mental health.
  • Requires persistent disclosure that the product is not human.
  • Requires written consent from a parent or guardian to use a minors information for training.
  • Users can seek damages and relief for violations.

Sponsors

Legislative Actions

Date Action
2026-01-15 Filed for introduction

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates content detection protocols for specific user expressions.

Mechanism of Influence: Section 47-18-5905 requires developers to implement a 'protocol to take reasonable efforts for detecting and addressing suicidal ideation or expressions of self-harm.' This necessitates active monitoring or scanning of user-to-AI interactions.

Evidence:

  • protocol to take reasonable efforts for detecting and addressing suicidal ideation or expressions of self-harm (§ 47-18-5905)

Ambiguity Notes: While focused on mental health, the requirement to 'detect' specific expressions in a natural language interface mirrors the technical requirements of scanning for prohibited content.

Analysis 2

Why Relevant: The bill includes safety testing and transparency requirements that function as a form of risk assessment and mitigation.

Mechanism of Influence: Section 47-18-5907(b) requires developers to 'publish safety test findings' conducted to ensure the AI does not encourage illegal activity or CSAM creation, effectively mandating public disclosure of risk mitigation efficacy.

Evidence:

  • developers and deployers shall publish safety test findings in a manner accessible for free by the general public (§ 47-18-5907(b))
  • Encouraging or manipulating the minor user to... participate in illegal activity, including the creation of child sexual abuse materials (§ 47-18-5903(3))

Ambiguity Notes: The bill does not define the specific methodology for 'safety testing,' leaving the depth of the assessment to the developer or future regulation.

Analysis 3

Why Relevant: The bill establishes a centralized reporting structure for harmful or illegal AI interactions.

Mechanism of Influence: Section 47-18-5907(c) mandates quarterly reports to the Attorney General regarding the frequency of AI outputs related to 'suicide, self-harm, suicidal ideation, harming others, or illegal activity.'

Evidence:

  • report to the attorney general and reporter... The number of times the generative artificial intelligence chatbot provided information about... illegal activity (§ 47-18-5907(c)(1))

Ambiguity Notes: The reporting is currently aggregate (number of times) rather than individual user data, but it establishes the Attorney General as the central oversight body for these harms.

Analysis 4

Why Relevant: The bill creates a functional requirement for age verification or assessment.

Mechanism of Influence: Because Section 47-18-5903 prohibits providing specific chatbot features to 'minors' and Section 47-18-5906 requires parental consent for training on minor data, operators must 'reliably identify child users' to remain compliant.

Evidence:

  • An operator shall not make a companion chatbot available to a minor if... (§ 47-18-5903)
  • minors parent or legal guardian has affirmatively provided written consent (§ 47-18-5906)

Ambiguity Notes: The bill does not prescribe a specific technology for age verification, but the liability structure (civil penalties and private right of action) necessitates a robust identification mechanism.

↑ Back to Table of Contents

Utah

Index of Bills

House - 149 - Sexual Material Modifications

Legislation ID: 247599

Bill URL: View Bill

Summary

This legislation updates provisions related to sexual exploitation and liability for obscenity and child sexual abuse material. It establishes definitions for key terms, outlines exemptions for legal representation, and specifies the rights of individuals to seek legal recourse against those who depict or distribute harmful material. Additionally, it clarifies the responsibilities of internet service providers and other entities regarding content they do not create.

Key Sections

  • Definitions and Exemptions: This section defines key terms related to child sexual abuse material and outlines exemptions for individuals acting in a legal capacity, such as attorneys and law enforcement officers.
  • Liability for Obscenity and Child Sexual Abuse Material: This provision grants individuals the right to take legal action against those who publish or distribute obscenity or child sexual abuse material that depicts them or is accessible to them.
  • Limitations on Liability for Internet Service Providers: This section specifies that internet service providers and similar entities are generally not liable for content they did not create, unless they fail to take reasonable precautions against harmful material.

Key Requirements

  • A cause of action can be brought against cloud service providers if they fail to prevent harmful content.
  • Defines terms related to child sexual abuse material and child sex dolls.
  • Exempts individuals acting in a legal capacity from liability for viewing such materials.
  • Individuals must be residents of Utah or the conduct must occur in Utah.
  • Internet service providers are not liable if they did not create the content.
  • Legal actions can be taken regardless of criminal convictions.

Sponsors

Legislative Actions

Date Action
2026-01-14 House/ received bill from Legislative Research
2026-01-06 Bill Numbered but not Distributed
2026-01-06 Numbered Bill Publicly Distributed

Detailed Analysis

Analysis 1

Why Relevant: The bill incentivizes the implementation of detection and scanning technologies through civil liability frameworks.

Mechanism of Influence: Section 78B-3-1004(3)(b) allows lawsuits against cloud service providers if they 'did not take reasonable precautions to prevent' CSAM or obscenity from appearing. This creates a functional mandate for automated scanning and filtering to mitigate legal risk.

Evidence:

  • 78B-3-1004(3)(b)(ii): 'the individual shows the cloud service provider did not take reasonable precautions to prevent the obscenity or child sexual abuse material from appearing'

Ambiguity Notes: The term 'reasonable precautions' is not defined, leaving it to courts to determine if failing to use 'state of the art' scanning or client-side analysis constitutes a lack of precaution.

Analysis 2

Why Relevant: The bill provides immunity for entities that engage in proactive detection and reporting, mirroring the 'voluntary' but incentivized scanning regimes of the EU framework.

Mechanism of Influence: Section 76-5b-201(6)(a)(ii) protects entities from liability if they are 'implementing a policy of attempting to prevent the presence of child sexual abuse material... or of detecting and reporting' it.

Evidence:

  • 76-5b-201(6)(a)(ii): 'implementing a policy of attempting to prevent the presence of child sexual abuse material on tangible or intangible property, or of detecting and reporting the presence'

Ambiguity Notes: The scope of 'detecting' is broad and could encompass various forms of intrusive monitoring of 'intangible property' (digital data).

Analysis 3

Why Relevant: The bill defines 'reasonable age verification methods' and 'transactional data' for identity verification.

Mechanism of Influence: Section 78B-3-1001(14) outlines specific methods for verifying a user is 18 or older, including 'digitized information cards' and 'third-party age verification services.'

Evidence:

  • 78B-3-1001(14): '"Reasonable age verification methods" means verifying that the person seeking to access the material is 18 years old or older'
  • 78B-3-1001(14)(b): 'verification through an independent, third-party age verification service'

Ambiguity Notes: While defined, the bill primarily links these to 'material harmful to minors' rather than a universal mandate for all messaging, though the definitions align with the EU's focus on reliable age assessment.

Analysis 4

Why Relevant: The bill includes data preservation and reporting elements.

Mechanism of Influence: Section 76-5b-201(6)(a)(i) grants immunity for the performance of 'reporting or data preservation duties required under federal or state law.'

Evidence:

  • 76-5b-201(6)(a)(i): 'reporting or data preservation duties required under federal or state law'

Ambiguity Notes: None

House - 197 - School Materials Amendments

Legislation ID: 247900

Bill URL: View Bill

Summary

This bill amends and enacts provisions regarding the accessibility of sensitive material through digital instructional material in a school setting. It mandates local education agencies to provide information to parents, utilize tools to identify sensitive materials, and manage access to such materials effectively. The bill also establishes a private right of action for individuals affected by the misuse of sensitive materials.

Key Sections

  • Academic Rigor in School Libraries: LEAs are mandated to prioritize the acquisition of academically rigorous materials in school libraries and curricula.
  • Compliance and Reporting: The state board is tasked with providing guidance and training on identifying sensitive materials and must report on compliance annually.
  • Definitions and Parent Portal Information: This provision defines key terms and outlines the information that the state board must provide through a parent portal, including resources regarding sensitive materials.
  • Effective Date: The bill will come into effect on July 1, 2026.
  • Local Education Agency Responsibilities: This provision outlines the responsibilities of local education agencies (LEAs) to inform parents about sensitive materials during student registration and to maintain transparency regarding such materials.
  • Parental Rights and Legal Actions: Parents have the right to take legal action against LEAs or vendors if their child is exposed to sensitive materials.
  • Private Right of Action: This provision creates a private right of action for individuals who may be affected by the presence of sensitive materials in educational settings.
  • Removal of Sensitive Instructional Materials: LEAs are required to remove instructional materials from student access if a specified threshold of determinations classifies it as sensitive material.
  • State Board Responsibilities: The state board must aggregate allegations and determinations regarding sensitive materials and may hold meetings to vote on the removal requirement.
  • Technical Changes: This provision makes necessary technical and conforming changes to existing laws to align with the new regulations regarding sensitive materials.
  • Vendor Contract Management: This provision establishes protocols for the state board and LEAs to manage contracts with vendors providing digital instructional materials, particularly concerning sensitive content.

Key Requirements

  • Defines terms related to sensitive instructional materials.
  • LEAs must maintain a reporting mechanism for sensitive material compliance.
  • LEAs must prioritize access to primary sources and scholarly works in history.
  • Mandates LEAs to prioritize certain books in school libraries and maintain a section on their websites for sensitive material reporting.
  • Mandates that any database or school-provided device filters access to sensitive materials.
  • No civil action can be taken against individual employees of LEAs.
  • Parents may seek damages and attorney fees if they prevail in court against LEAs or vendors.
  • Policies must be adopted to procure academically rigorous materials.
  • Requires at least three school districts or two school districts and five charter schools to determine that material is sensitive for removal.
  • Requires LEAs to provide information to parents at the time of student registration.
  • Requires rescinding contracts if vendors do not remove access to digital sensitive materials after multiple violations.
  • Requires the state board to provide specific information on a parent portal.
  • State board can vote to overturn removal requirements after communication with LEAs.
  • State board may place materials on the agenda for public meetings to discuss removal.
  • State board must communicate removal requirements to LEAs within 10 school days of threshold being met.
  • State board to provide annual reports to the Education Interim Committee.

Sponsors

Legislative Actions

Date Action
2026-01-14 House/ received bill from Legislative Research
2026-01-08 Bill Numbered but not Distributed
2026-01-08 Numbered Bill Publicly Distributed

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates the use of automated technology to detect and screen content for prohibited material, mirroring the EU CSA Act's detection obligations.

Mechanism of Influence: The state board is required to contract with a reviewer that 'uses technology, including artificial intelligence assisted analysis, to screen the instructional materials' for violations. (Section 53G-10-103(8)(e)(ii))

Evidence:

  • uses technology, including artificial intelligence assisted analysis, to screen the instructional materials

Ambiguity Notes: While 'instructional materials' is defined, the use of AI for screening is a broad mandate that could involve scanning vast amounts of digital content.

Analysis 2

Why Relevant: The bill contains an explicit mandate to bypass encryption to facilitate content filtering and detection.

Mechanism of Influence: Local Education Agencies (LEAs) must ensure that filtering software is effective by requiring personnel to 'decrypt websites to ensure the efficacy of the filtering, including any online school library and other encrypted websites.' (Section 53G-10-103(11)(h)(iii))

Evidence:

  • LEA personnel decrypt websites to ensure the efficacy of the filtering, including any online school library and other encrypted websites

Ambiguity Notes: The phrase 'other encrypted websites' is broad and could encompass any HTTPS traffic or encrypted communication platforms accessed on school devices.

Analysis 3

Why Relevant: It establishes a centralized removal and blocking mechanism where a determination by a few local entities triggers a mandatory statewide takedown.

Mechanism of Influence: If a specific threshold of LEAs (three districts or two districts and five charters) determines a material is 'objective sensitive material,' every LEA in the state must remove it. (Section 53G-10-103(7))

Evidence:

  • if the threshold described in Subsection (7)(b) is met, each LEA statewide shall remove the relevant instructional material

Ambiguity Notes: None

Analysis 4

Why Relevant: The bill imposes direct compliance and removal obligations on third-party digital vendors, similar to service provider duties in the EU Act.

Mechanism of Influence: Vendors must remove access to sensitive segments of digital material upon determination by an LEA; failure to comply after three instances results in mandatory contract rescission. (Section 53G-10-103(12)(b))

Evidence:

  • the vendor shall eliminate the segment of the digital instructional material containing the objective sensitive material or otherwise remove access

Ambiguity Notes: None

Senate - 73 - Online Age Verification Amendments

Legislation ID: 248648

Bill URL: View Bill

Summary

The Online Age Verification Amendments bill establishes a tax on gross receipts from sales and distributions of material harmful to minors in Utah. It mandates compliance notifications by commercial entities, creates a Teen Mental Health Restricted Account funded by the tax revenue, and outlines administrative procedures for monitoring and enforcing age verification requirements.

Key Sections

  • Administration -- Collection -- Reporting: This section details the administration and collection of the tax, including the requirement for taxpayers to report their gross receipts and the commissions authority to make rules regarding tax collection.
  • Definitions: This section provides definitions for key terms used in the chapter, including gross receipts, material harmful to minors, minor, and teen.
  • Notification requirement -- Fee -- Division of Consumer Protection administration -- Monitoring and auditing: This section requires commercial entities distributing material harmful to minors to notify the Division of Consumer Protection and pay an annual fee for compliance monitoring.
  • Tax levy -- Rate -- Scope: This provision outlines the 7% tax levied on gross receipts from sales and distributions of material harmful to minors that are produced, sold, filmed, or generated in Utah.
  • Teen Mental Health Restricted Account: This provision establishes the Teen Mental Health Restricted Account, which will receive funds from the tax and be used for mental health services for teens.

Key Requirements

  • Commercial entities must notify the Division of Consumer Protection and pay a $500 annual fee.
  • Entities must certify compliance with age verification requirements.
  • Funds from the tax must be deposited into the Teen Mental Health Restricted Account.
  • Imposes a 7% tax on gross receipts from relevant transactions.
  • Taxpayers must report gross receipts to the commission.
  • The commission has rulemaking authority for tax administration.

Sponsors

Legislative Actions

Date Action
2026-01-07 Senate/ received bill from Legislative Research
2026-01-05 Bill Numbered but not Distributed
2026-01-05 Numbered Bill Publicly Distributed

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age verification compliance and state-level auditing of those mechanisms.

Mechanism of Influence: It requires commercial entities to 'certify that the entity... complies with the age verification requirements' and 'has implemented reasonable age verification methods' (Sec 78B-3-1004(4)).

Evidence:

  • certify that the entity... complies with the age verification requirements (Sec 78B-3-1004(4))
  • implemented reasonable age verification methods (Sec 78B-3-1004(4))

Ambiguity Notes: The bill references Section 78B-3-1002 for specific age verification standards, which are not fully detailed in this text, leaving the technical 'reasonableness' of the methods to be defined by the division or existing law.

Analysis 2

Why Relevant: The bill establishes a compliance and oversight infrastructure similar to the EU's coordinating authorities.

Mechanism of Influence: It authorizes the Division of Consumer Protection to 'monitor and audit compliance' (Sec 78B-3-1004(2)) and 'conduct audits of commercial entities to verify compliance' (Sec 78B-3-1004(5)).

Evidence:

  • monitor and audit compliance with the age verification requirements (Sec 78B-3-1004(2))
  • conduct audits of commercial entities to verify compliance (Sec 78B-3-1004(5))

Ambiguity Notes: The 'standards for monitoring and auditing' are left to future rulemaking by the division (Sec 78B-3-1004(6)).

Analysis 3

Why Relevant: The bill creates a financial and administrative burden for platforms to operate, tied to their ability to gate access.

Mechanism of Influence: Entities must pay an 'annual notification fee of $500' (Sec 78B-3-1004(2)) and face 'administrative penalty of $1,000 for each day' of non-notification (Sec 78B-3-1004(7)).

Evidence:

  • annual notification fee of $500 (Sec 78B-3-1004(2))
  • administrative penalty of $1,000 for each day (Sec 78B-3-1004(7))

Ambiguity Notes: The definition of 'substantial portion' of material harmful to minors (Sec 78B-3-1004(1)) determines which platforms are captured, which may be subject to broad interpretation.

↑ Back to Table of Contents

Virginia

Index of Bills

House - 635 - A BILL to amend and reenact § 59.1-200 of the Code of Virginia and to amend the Code of Virginia by adding in Title 59.1 a chapter numbered 60, consisting of sections numbered 59.1-614 through 59.1-620, relating to Artificial Intelligence Chatbots Act established; prohibited practices; penalties.

Legislation ID: 258707

Bill URL: View Bill

Summary

This bill amends existing consumer protection laws and introduces a new chapter specifically addressing the use of artificial intelligence chatbots in consumer transactions. It outlines prohibited practices, such as misrepresentation and failure to disclose necessary information, that companies must adhere to when utilizing AI chatbots. Penalties for violations are also specified to ensure compliance and protect consumers.

Key Sections

  • Prohibited Practices: This provision outlines various fraudulent acts or practices that are declared unlawful in consumer transactions, particularly those involving suppliers.

Key Requirements

  • Suppliers must clearly indicate if goods are used or defective.
  • Suppliers must not advertise goods or services they do not intend to sell.
  • Suppliers must not misrepresent goods or services.
  • Suppliers must provide disclosures regarding returns, layaway agreements, and any existing credit balances.

Sponsors

Legislative Actions

Date Action
2026-01-13 Committee Referral Pending
2026-01-13 Prefiled and ordered printed; Offered 01-14-2026 26105121D

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age verification or assessment for users of companion chatbots.

Mechanism of Influence: Operators are legally required to 'reasonably determine' that a user is not a minor before providing access to chatbots with certain capabilities.

Evidence:

  • beginning on January 1, 2027, the operator has reasonably determined that the user is not a minor (§ 59.1-615(B))

Ambiguity Notes: The term 'reasonably determined' is not defined, leaving open the possibility of high-friction or privacy-invasive age-assurance technologies.

Analysis 2

Why Relevant: The bill compels the detection of specific user content within private, personal dialogues.

Mechanism of Influence: Operators must implement a protocol that includes the 'detection of user expressions' related to self-harm or suicidal ideation.

Evidence:

  • protocol shall include detection of user expressions of suicidal ideation or self-harm (§ 59.1-617)

Ambiguity Notes: While the detection mandate is currently limited to self-harm, it establishes a statutory requirement for automated scanning of user-to-AI communications.

Analysis 3

Why Relevant: The bill mandates risk mitigation specifically targeting the creation of child sexual abuse materials (CSAM).

Mechanism of Influence: It prohibits providing chatbots to minors if the system is 'capable' of encouraging the creation of CSAM, effectively requiring developers to implement safety guardrails and content filtering.

Evidence:

  • participate in an illegal activity, including the creation of child sexual abuse materials (§ 59.1-615(A)(3))
  • Engaging in erotic or sexually explicit interactions with the minor user (§ 59.1-615(A)(4))

Ambiguity Notes: The requirement that a chatbot not be 'capable' of such actions may imply a duty for ongoing monitoring and proactive technical restrictions.

Analysis 4

Why Relevant: The bill establishes reporting and transparency obligations for safety-related incidents.

Mechanism of Influence: Operators must provide public quarterly reports on the frequency of harmful content generation and the use of mental health redirects.

Evidence:

  • publish a quarterly report... on the number of times (i) the chatbot provided information about suicide, self-harm, suicidal ideation, harming others, or illegal activity (§ 59.1-619(C))

Ambiguity Notes: None

House - 757 - A BILL to amend the Code of Virginia by adding in Title 59.1 a chapter numbered 60, consisting of sections numbered 59.1-614 through 59.1-619, relating to App Store Accountability Act; civil penalties; civil action.

Legislation ID: 258830

Bill URL: View Bill

Summary

This bill introduces a new chapter in the Code of Virginia that outlines the responsibilities of app store providers and developers regarding the handling of minors accounts and data. It mandates parental consent for minors, requires age verification, and sets penalties for non-compliance, thereby aiming to enhance the accountability of app stores in protecting young users.

Key Sections

  • App store providers; duties; prohibitions: This section outlines the duties of app store providers, including the requirement to obtain parental consent for minor accounts, provide clear disclosures, and notify users of significant changes.
  • Definitions: This section provides definitions for key terms used throughout the App Store Accountability Act, including account holder, age category, app, app store, and others.
  • Developers; duties; prohibitions: This section details the responsibilities of app developers, including assigning age ratings to apps, verifying the age of account holders, and notifying app stores of significant changes.
  • Limitations: This section clarifies the limitations regarding the implementation of the act, ensuring that it does not prevent certain necessary actions by app store providers and developers.

Key Requirements

  • Allows app providers to block distribution of harmful materials to minors.
  • Does not require disclosure of account holder information beyond age category data.
  • Requires age verification for new and existing accounts by July 1, 2028.
  • Requires app store providers to provide parental consent disclosures for each app.
  • Requires developers to assign age ratings and provide content descriptions for apps.
  • Requires developers to notify app store providers of significant app changes.
  • Requires developers to verify age categories of account holders.
  • Requires notification of significant changes to apps to users and parents of minor accounts.
  • Requires verifiable parental consent for minors to download apps or make in-app purchases.

Sponsors

Legislative Actions

Date Action
2026-01-13 Committee Referral Pending
2026-01-13 Prefiled and ordered printed; Offered 01-14-2026 26103955D

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age verification for all account holders, a core component of the EU's child protection framework.

Mechanism of Influence: Providers must use 'commercially available methods' to verify the age category of every individual creating or holding an account, effectively ending anonymous access to app stores.

Evidence:

  • § 59.1-615(A)(2): Verify such individuals age category using a commercially available method that is reasonably designed to ensure accuracy.

Ambiguity Notes: The term 'commercially available method' is not defined, potentially allowing for intrusive biometric or government ID-based checks.

Analysis 2

Why Relevant: The bill imposes significant gatekeeping duties on app stores to regulate access for minors.

Mechanism of Influence: App store providers are required to block downloads and in-app purchases for minors unless 'verifiable parental consent' is obtained, shifting the burden of child safety enforcement to the platform level.

Evidence:

  • § 59.1-615(A)(3)(b): Obtain verifiable parental consent... before allowing such minor to download or purchase an app or make an in-app purchase.
  • § 59.1-615(A)(4)(b)(ii): obtain renewed verifiable parental consent before providing access to the significantly changed version of the app.

Ambiguity Notes: The requirement for 'renewed verifiable parental consent' after 'significant changes' to an app could lead to frequent access interruptions and continuous monitoring of app updates.

Analysis 3

Why Relevant: The bill requires developers to categorize and label content, similar to the risk-mitigation and transparency features of the EU Act.

Mechanism of Influence: Developers must assign age ratings and provide 'content descriptions' that inform the app store's parental consent disclosures, creating a standardized suitability assessment for all software.

Evidence:

  • § 59.1-616(A)(1): For each of its apps and in-app purchases, assign an age rating and provide a content description.

Ambiguity Notes: While the bill provides a safe harbor for developers using 'widely adopted industry standards,' it does not specify which standards are acceptable.

Analysis 4

Why Relevant: The bill includes provisions for data preservation and internal controls regarding age-related data.

Mechanism of Influence: It mandates the protection of age verification data and limits its use to compliance purposes, while requiring the use of encryption for data transmission.

Evidence:

  • § 59.1-615(A)(7)(a): Limiting data collection and processing only to data necessary for verifying an account holders age category... or maintaining compliance records.
  • § 59.1-615(A)(7)(b): Transmitting age category data using industry-standard encryption protocols.

Ambiguity Notes: The requirement to maintain 'compliance records' implies a data retention obligation for sensitive age-verification information.

Analysis 5

Why Relevant: The bill explicitly allows for the detection and blocking of 'harmful material,' though it does not mandate specific scanning technologies.

Mechanism of Influence: It provides a legal shield for providers who take measures to 'block, detect, or prevent' the distribution of harmful or unlawful material to minors.

Evidence:

  • § 59.1-617(1): Nothing in this chapter shall be construed to... Prevent an app store provider or developer from taking reasonable measures to (i) block, detect, or prevent distribution to minors of unlawful, obscene, or harmful material.

Ambiguity Notes: While not a 'detection order,' this language encourages the implementation of filtering and detection systems to avoid liability.

House - 758 - A BILL to amend and reenact § 59.1-200 of the Code of Virginia and to amend the Code of Virginia by adding in Title 59.1 a chapter numbered 60, consisting of sections numbered 59.1-614, 59.1-615, and 59.1-616, relating to Artificial Intelligence Chatbots and Minors Act established; prohibited practices; penalties.

Legislation ID: 258831

Bill URL: View Bill

Summary

House Bill No. 758 seeks to amend the existing consumer protection laws in Virginia by adding provisions specifically addressing the use of artificial intelligence chatbots when interacting with minors. The bill outlines prohibited practices for suppliers of such technology and establishes penalties for violations. It aims to ensure that minors are not subjected to deceptive practices and are provided with appropriate disclosures when engaging with AI chatbots.

Key Sections

  • Penalties for Violations: This section specifies the penalties that suppliers may face for violating the provisions related to AI chatbots and minors.
  • Prohibited Practices: This section outlines specific fraudulent acts or practices by suppliers in consumer transactions that are deemed unlawful.
  • Specific Violations Related to AI Chatbots: This provision specifically addresses the misuse of AI chatbots in interactions with minors and outlines the responsibilities of suppliers in these contexts.

Key Requirements

  • AI chatbots must not engage in deceptive practices with minors.
  • Suppliers must adhere to advertising regulations and not mislead consumers.
  • Suppliers must clearly disclose the nature and condition of goods being sold.
  • Suppliers must not misrepresent goods or services.
  • Suppliers must provide clear disclosures regarding the use of AI chatbots.
  • Violators may face fines or other penalties as determined by the court.

Sponsors

Legislative Actions

Date Action
2026-01-13 Committee Referral Pending
2026-01-13 Prefiled and ordered printed; Offered 01-14-2026 26103964D

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age verification for AI messaging and interaction services.

Mechanism of Influence: Section 59.1-615 requires deployers to 'implement reasonable age verification systems' to ensure that chatbots with human-like features or social companion functions are not accessible to minors.

Evidence:

  • Shall implement reasonable age verification systems to ensure that chatbots with human-like features are not made available to minors; (§ 59.1-615(A)(2))
  • Implement reasonable age verification systems to ensure that such chatbots are not made available to minors. (§ 59.1-615(B)(2))

Ambiguity Notes: The term 'reasonable age verification systems' is not defined, leaving the specific technical requirements (e.g., ID upload, biometric estimation) to the discretion of the deployer or future regulatory interpretation.

Senate - 201 - A BILL to amend and reenact §§ 59.1-575 and 59.1-576 of the Code of Virginia and to amend the Code of Virginia by adding a section numbered 59.1-577.2, relating to Consumer Data Protection Act; protections for children; definition of "child."

Legislation ID: 253030

Bill URL: View Bill

Summary

This bill amends existing sections of the Code of Virginia related to consumer data protection, particularly addressing the handling of personal data for children. It introduces new definitions and clarifies the requirements for obtaining consent from parents or guardians before processing personal data of children. Additionally, it outlines the scope of the bill and the exemptions applicable under certain circumstances.

Key Sections

  • Definitions: This section provides a comprehensive list of definitions relevant to the Consumer Data Protection Act, including terms like child, personal data, consent, and processing.
  • Methods for Obtaining Consent: The bill specifies acceptable methods for obtaining verifiable parental consent, taking into account available technology.
  • Scope; exemptions: This section outlines the applicability of the Consumer Data Protection Act, specifying which entities are subject to its provisions and detailing the exemptions for certain organizations and types of data.
  • Verifiable Parental Consent Requirements: Controllers and processors must obtain verifiable parental consent before collecting or using personal data from children under 18 years of age.

Key Requirements

  • Consent can be obtained through a signed consent form, a payment method that notifies the account holder, or valid government-issued ID.
  • Exempts certain entities such as financial institutions, HIPAA-covered entities, and nonprofit organizations from the Act.
  • Parents must be given an option to consent to data collection without consenting to third-party disclosures.
  • Requires businesses that control or process data of a significant number of consumers to comply with the Act.
  • Requires controllers and processors to obtain parental consent prior to data collection from children.

Sponsors

Legislative Actions

Date Action
2026-01-09 Prefiled and ordered printed; Offered 01-14-2026 26100496D
2026-01-09 Referred to Committee on General Laws and Technology

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates a robust age-verification and parental-consent framework for all users under 18 years of age.

Mechanism of Influence: It requires controllers to gate service registration and data processing behind a verification wall, explicitly suggesting the use of government-issued IDs or payment system notifications to confirm a parent's identity.

Evidence:

  • A controller or processor shall obtain verifiable parental consent prior to registering any child (§ 59.1-577.2)
  • Providing any valid government-issued identification to the controller or processor (§ 59.1-577.2)

Ambiguity Notes: The phrase 'reasonable efforts... taking into consideration available technology' is undefined, potentially allowing for the implementation of intrusive biometric or third-party identity-verification systems.

Analysis 2

Why Relevant: The bill establishes a specific scope for 'Social media platforms' that facilitate user interaction and content creation.

Mechanism of Influence: By defining social media platforms based on their ability to 'interact socially' and 'create or post content,' the bill targets the same interpersonal communication services that are the focus of the EU Chat Act's safety obligations.

Evidence:

  • 'Social media platform' means a public or semipublic Internet-based service or application... Connects users in order to allow users to interact socially (§ 59.1-575)

Ambiguity Notes: None

↑ Back to Table of Contents

Washington

Index of Bills

House - 2112 - Adult content/age minimum

Legislation ID: 237594

Bill URL: View Bill

Summary

House Bill 2112 seeks to protect minors from accessing sexual material harmful to them by requiring commercial entities to implement reasonable age verification methods. The bill defines relevant terms, stipulates penalties for violations, and clarifies that news-gathering organizations are exempt from its provisions. It also mandates notices regarding youth health risks associated with adult content and ensures that no identifying information is retained during the age verification process.

Key Sections

  • Age Verification Requirement: Commercial entities that publish or distribute sexual material harmful to minors must verify that users are 18 years or older using reasonable age verification methods.
  • Definitions: This section provides definitions for key terms used throughout the chapter, including commercial entity, digital identification, minor, and sexual material harmful to minors.
  • Enforcement and Penalties: The Attorney General can enforce this chapter by bringing actions against violators, with specified civil penalties for non-compliance.
  • Exemptions: This chapter does not apply to bona fide news organizations and clarifies that internet service providers are not liable for violations unless they control the content.
  • Methods of Age Verification: This section outlines acceptable methods for age verification, including the use of digital identification or government-issued identification.
  • Notice Requirements: Commercial entities must display notices on their websites regarding the risks of adult content to youth and provide updated contact information for mental health services.
  • Severability: If any provision of this act is held invalid, the remainder of the act remains in effect.
  • Short Title: This act shall be known as the Keep Our Children Safe Act.

Key Requirements

  • Establishes civil penalties for violations, including daily fines and additional penalties if minors access harmful material.
  • Prohibits retention of identifying information during age verification.
  • Requires commercial entities to verify user age for access to adult content.
  • Requires display of health risk notices in 14-point font or larger on relevant web pages and advertisements.
  • Requires individuals to provide digital identification or comply with a commercial age verification system.

Sponsors

Legislative Actions

Date Action
2025-12-08 Prefiled for introduction.

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age verification for access to specific online content, which is a core component of the EU's approach to online safety and child protection.

Mechanism of Influence: Section 2 and Section 3 require commercial entities to implement 'reasonable age verification methods' such as digital ID or government-issued identification to gate access to adult content.

Evidence:

  • Sec. 2(1) ... shall use reasonable age verification methods
  • Sec. 3. ... require an individual who must verify their age to: (1) Provide digital identification; or (2) Comply with a commercial age verification system

Ambiguity Notes: The term 'commercially reasonable method that relies on public or private transactional data' is broad and could encompass various third-party data-matching services.

Senate - 5870 - AI systems/suicide liability

Legislation ID: 237887

Bill URL: View Bill

Summary

This bill introduces regulations for operators of companion chatbots, requiring them to notify users about the nature of the interaction, implement protocols to prevent suicidal content, and provide referrals to crisis services. It also establishes civil liability for operators if their systems contribute to user harm, particularly in cases of suicide. The bill mandates annual reporting to the Department of Health on related incidents and protocols, and it outlines the responsibilities of operators regarding minors and the content generated by their systems.

Key Sections

  • Civil Liability: Individuals harmed due to violations of this chapter can bring civil actions against operators for damages.
  • Cumulative Duties: The obligations imposed by this chapter are in addition to other legal obligations and do not replace them.
  • Definitions: This section defines key terms used in the bill, including artificial intelligence, companion chatbot, and operator.
  • Disclosure to Users: Operators must inform users that companion chatbots may not be suitable for minors.
  • New Chapter in Title 19 RCW: Sections 1 through 6 of this act will form a new chapter in the Revised Code of Washington.
  • Prima Facie Evidence: Establishes that a suicide linked to an AI system can be considered evidence of wrongful act by the systems owner under certain conditions.
  • Reporting Requirements: Operators are required to report annually to the Department of Health on their protocols for handling suicidal ideation and the number of crisis referrals made.
  • Severability: If any part of the act is found invalid, the remaining provisions remain in effect.
  • User Notification and Protocols: Operators must notify users when interacting with a companion chatbot and implement protocols to prevent the generation of suicidal content.

Key Requirements

  • Operators can be held liable if their AI systems contribute to a users suicide.
  • Operators must prevent chatbots from engaging in discussions that may lead to suicidal ideation and provide crisis service referrals.
  • Operators must provide clear notification that the chatbot is not human.
  • Operators must report the number of crisis service notifications issued.
  • Reports must include details on protocols for detecting and responding to suicidal ideation.

Sponsors

Legislative Actions

Date Action
2025-12-11 Prefiled for introduction.

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates content detection and mitigation protocols for specific categories of harmful content.

Mechanism of Influence: Operators must maintain a 'protocol for preventing the production of suicidal ideation' (Sec. 2(2)(a)) and report on protocols used to 'detect, remove, and respond to instances of suicidal ideation' (Sec. 3(1)(b)).

Evidence:

  • protocol for preventing the production of suicidal ideation (Sec. 2(2)(a))
  • detect, remove, and respond to instances of suicidal ideation (Sec. 3(1)(b))

Ambiguity Notes: While focused on suicide, the requirement to 'detect' user inputs mirrors the EU's compelled detection orders, potentially requiring scanning of natural language interactions.

Analysis 2

Why Relevant: The bill includes specific protections for minors against sexually explicit content, a core pillar of the EU Chat Act.

Mechanism of Influence: Operators must 'institute reasonable measures to prevent its companion chatbot from producing visual material of sexually explicit conduct' (Sec. 2(3)(c)) for users known to be minors.

Evidence:

  • reasonable measures to prevent its companion chatbot from producing visual material of sexually explicit conduct (Sec. 2(3)(c))

Ambiguity Notes: The term 'reasonable measures' is not defined, leaving open whether this requires proactive filtering or client-side analysis.

Analysis 3

Why Relevant: It establishes a centralized reporting and oversight infrastructure.

Mechanism of Influence: Operators are required to 'annually report to the department' (Sec. 3(1)) of health regarding their detection protocols and the frequency of crisis referrals.

Evidence:

  • annually report to the department (Sec. 3(1))
  • Protocols put in place to detect, remove, and respond (Sec. 3(1)(b))

Ambiguity Notes: The Department of Health acts as a state-level coordinating body for AI safety reporting, similar to the EU's proposed Coordinating Authorities.

Analysis 4

Why Relevant: The bill includes age-based gatekeeping and disclosure requirements.

Mechanism of Influence: Operators must disclose to users that chatbots 'may not be suitable for some minors' (Sec. 4) and provide specific notifications for users 'the operator knows is a minor' (Sec. 2(3)).

Evidence:

  • disclose to a user... that companion chatbots may not be suitable for some minors (Sec. 4)
  • for a user that the operator knows is a minor (Sec. 2(3))

Ambiguity Notes: The bill relies on the operator 'knowing' a user is a minor but does not explicitly mandate a specific age-verification technology, though Sec. 4 implies a general duty of care regarding age suitability.

↑ Back to Table of Contents

Wisconsin

Index of Bills

Assembly - 105 - Relating to: the distribution of certain material on the Internet.

Legislation ID: 112488

Bill URL: View Bill

Summary

This bill introduces regulations concerning the publication and distribution of materials harmful to minors on the Internet. It mandates that business entities implement reasonable age verification methods before allowing access to such materials. The bill defines material harmful to minors and obscene material, and establishes penalties for violations, including civil liability. It also includes exemptions for bona fide news organizations and protects Internet service providers from liability under certain conditions.

Key Sections

  • Definitions: This section provides definitions for key terms used in the bill, including business entity, material harmful to minors, obscene material, and reasonable age verification method.

Key Requirements

  • Defines business entity as various types of business organizations.
  • Defines material harmful to minors and obscene material with specific criteria.
  • Defines reasonable age verification method for age verification processes.

Sponsors

Legislative Actions

Date Action
2026-01-07 Senate Amendment 2 offered by Senator Wanggaard
2025-12-03 Senate Amendment 1 offered by Senator Wanggaard
2025-11-12 Available for scheduling
2025-11-12 Executive action taken
2025-11-12 Report concurrence recommended by Committee on Mental Health, Substance Abuse Prevention, Children and Families, Ayes 3, Noes 2
2025-10-08 Public hearing held
2025-03-21 Read first time and referred to committee on Mental Health, Substance Abuse Prevention, Children and Families
2025-03-20 Assembly Amendment 1 adopted

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age verification for specific online platforms, a core component of the EU Chat Act's safety framework.

Mechanism of Influence: It requires business entities to use government IDs or transactional data to 'reliably identify child users' and gate access to content deemed harmful.

Evidence:

  • unless the business entity performs reasonable age verification methods to verify the age of individuals attempting to access the website (100.76(2)(a))
  • verifies age using the individual’s government-issued identification card or by using any commercially reasonable method that uses public or private transactional data (100.76(1)(i)1)

Ambiguity Notes: The definition of 'commercially reasonable method' for transactional data is not strictly defined, potentially allowing for various third-party verification technologies.

Analysis 2

Why Relevant: The bill includes a specific enforcement mechanism to prevent the bypass of age-verification controls.

Mechanism of Influence: It compels platforms to implement technical blocking of VPN IP addresses, which acts as a form of access control and infrastructure mandate.

Evidence:

  • shall prevent persons from accessing the website from an internet protocol address... known to be a virtual private network system or virtual private network provider (100.76(2)(c))

Ambiguity Notes: None

Analysis 3

Why Relevant: The bill addresses data preservation and privacy by limiting the retention of identity data used for verification.

Mechanism of Influence: It creates a statutory duty to delete identifying information immediately after the access decision, impacting how compliance infrastructure is built.

Evidence:

  • may not knowingly retain identifying information of the individual attempting to access the website after the individual’s access has been granted or denied (100.76(2)(b))

Ambiguity Notes: None

Senate - 758 - Relating to: social media platforms’ treatment of minors and providing a penalty. (FE)

Legislation ID: 231487

Bill URL: View Bill

Summary

This bill introduces regulations concerning social media platforms treatment of minors, defining a minor as anyone under 18 years of age. It prohibits platforms from collecting or using data related to minors, restricts targeted advertising, and mandates age verification methods. Additionally, it establishes enforcement mechanisms through the Department of Justice, including penalties for violations and a platform for public complaints.

Key Sections

  • Age verification: Platforms must implement reliable methods to verify whether a user is a minor, as approved by the Department of Justice.
  • Data-based recommendation, selection, or prioritization: Platforms cannot select or recommend content for minors based on data gathered about them or their devices.
  • Data privacy: Social media platforms are prohibited from gathering, using, selling, or retaining data related to a minors usage or interaction with the platform.
  • Definitions: This section defines key terms used in the bill, including minor, social media platform, targeted advertising, and unique persistent identifier.
  • Effective date: The act will take effect on the first day of the third month following its publication.
  • Enforcement and penalties: The Department of Justice is tasked with investigating violations of this bill and may impose civil penalties for non-compliance.
  • Exceptions: Certain exceptions allow platforms to gather minimal data necessary for account maintenance and to respond to specific requests from minors.
  • Legislative findings: The legislature outlines findings regarding the impact of social media on youth mental health and the importance of regulation.
  • Targeted advertising to minors: Social media platforms must prevent targeted advertising from being shown to minor users.

Key Requirements

  • Allows data collection for account creation and maintenance.
  • DOJ to create a complaint system for violations.
  • Establishes penalties up to $5,000 per violation.
  • Permits content recommendations based on direct requests from minors.
  • Prohibits content recommendations based on minors data.
  • Prohibits data collection on minors interactions with social media platforms.
  • Prohibits targeted advertising directed at minors.
  • Requires age verification methods for users.

Sponsors

Legislative Actions

Date Action
2025-12-12 Introduced by Senators Roys, Wall, Pfaff, L. Johnson, Keyeski, Wanggaard, Wirch and Dassler-Alfheim; cosponsored by Representatives McGuire, Fitzgerald, McCarville, Miresse, Palmeri, Prado, Sinicki, Snodgrass, Stroud, Stubbs, Tenorio and Udell
2025-12-12 Read first time and referred to Committee on Utilities, Technology and Tourism

Detailed Analysis

Analysis 1

Why Relevant: The bill mandates age verification for all users to identify minors, a core component of the EU Chat Act's compliance infrastructure.

Mechanism of Influence: Platforms must implement a 'reliable, industry-accepted method approved by the department of justice' to determine user age, effectively requiring identity or age-gating for access.

Evidence:

  • A social media platform shall employ a reliable, industry-accepted method approved by the department of justice that determines whether a user of the social media platform is a minor. (Section 5)

Ambiguity Notes: The term 'reliable, industry-accepted method' is not defined, leaving the specific technology (e.g., biometric estimation, ID upload) to DOJ discretion.

Analysis 2

Why Relevant: The bill mandates mitigation changes to recommender systems and product features.

Mechanism of Influence: It prohibits platforms from using personal data to 'select, prioritize, or deprioritize' content for minors, forcing a move away from engagement-based algorithms to chronological or search-based feeds.

Evidence:

  • no social media platform may select, prioritize, or deprioritize for a minor, or recommend to a minor, information, content, or a feature... based on data gathered about the minor (Section 3)

Ambiguity Notes: While aimed at mental health, this mirrors the EU Act's 'mitigation' requirements regarding how algorithms surface content to children.

Analysis 3

Why Relevant: The bill's scope explicitly includes private messaging services.

Mechanism of Influence: By defining social media platforms to include those where private messaging is a 'significant part,' the bill's data and age-verification mandates apply to interpersonal communication services.

Evidence:

  • allows users to privately message each other as a significant part of the provision of the website, service, or application. (Section 1(b)4)

Ambiguity Notes: The phrase 'significant part' is subjective and could capture a wide range of encrypted and unencrypted messaging apps.

↑ Back to Table of Contents

4. Conclusion