On March 26, 2025, Utah Governor Spencer Cox signed into law SB 142, the App Store Accountability Act (the “Act”), enacting the country’s first state law that requires app store providers to verify the age of all users and places obligations on app developers. An “app store provider” is defined as “a person that owns, operates, or controls an app store that allows users in [Utah] to download apps onto a mobile device.” A “developer” is defined as “a person that owns or controls an app made available through the app store in the state.”
The law goes into effect on May 7, 2025, and the obligations on app store providers and developers are not effective until May 6, 2026. Some key provisions are outlined below.
- Age Verification and Parental Consent: The Act requires app store providers to request age information and verify the individual user’s age category at the time the individual located in the state creates an account. Additionally, the app store provider must obtain verifiable parental consent where the age verification process determines that the individual is a minor under 18 to download apps, make in-app purchases, or purchase apps.
- Parent Account Affiliation & Verifiable Parental Consent: If the app store provider determines that an individual is a minor under the Act, the app store provider must require the account to be affiliated with a parent account. Additionally, the app store provider must obtain verifiable parental consent from the holder of the affiliated parent account holder before allowing the minor to download an app, make an in-app purchase, or purchase an app.
- Significant Changes to Apps: App store providers must also notify users of a “significant change” to the app. For minor accounts, app store providers must notify the holder of the affiliated parent account and obtained renewed parental consent of a “significant change.” The Act includes examples of what constitutes a significant change, including a material modification to the app’s terms of service or privacy policy that alters the app’s age rating or content descriptions, among others.
- Requirements for Developers: Developers are subject to additional requirements. For example, developers must verify through the app store’s data sharing methods the age category of users and whether verifiable parental consent has been obtained for minor accounts. Additionally, developers must notify app store providers of a significant change to the app, among other requirements.
- Data Safeguards: The Act imposes requirements with respect to data collected and processed. For example, app store providers must transmit personal age verification data to developers only for the purposes described in the Act using industry-standard encryption protocols.
The Utah Division of Consumer Protection must promulgate rules establishing processes and means for an app store provider to age verify users. Certain violations of the Act are a deceptive trade practice under Utah law. The Act also creates a private right of action for minors and parents against app store providers and developers for some violations of the Act.