Texas Targets App Stores with New Accountability Law: What App Stores and Developers Need to Know Before 2026

A new Texas law is poised to significantly reshape how app stores and developers manage users under 18. The state’s App Store Accountability Act (the “Act”) becomes effective on January 1, 2026. The Act will require app stores serving Texans to verify users’ ages and secure parental consent for minors’ downloads and purchases, and will impose related obligations on developers whose applications are offered through those stores, among other requirements.

Along with similar legislation in Utah and Louisiana, the Act signals a shift toward mobile app stores sharing responsibility with developers for minors’ online safety.

Below is a summary of the Act’s key provisions and the implications for businesses within its sweeping scope.

Scope

The Act imposes obligations on both app store owners and app developers that make applications available to Texas users.

• App Stores include any publicly available Internet website, software application, or other electronic service that distributes software applications from the owner or developer of a software application to the user of a mobile device. There are no size or revenue thresholds, so even niche or non-traditional platforms may fall within the scope of the law.
• App Developers are developers of software applications that are made available to users through an app store.

Key Requirements for App Stores

• Age Verification and Categorization: When a Texas user creates an account, app stores must use a commercially reasonable method to determine the user’s age category, classifying them as a child (under 13), younger teenager (13–15), older teenager (16–17), or adult (18 or older). The Act, however, does not clarify what qualifies as a “commercially reasonable” method.
• Transparency of Age Rating: App stores must display age ratings for every app. If the app store has not developed its own age-rating system, the store must display a developer-provided rating along with the content or features of the application that informed the rating. In all cases, the information must be clear, accurate, and conspicuous.
• Parental Account Affiliation: For users under 18, the app store must link minors’ accounts to a parent or guardian account and use a commercially reasonable method to verify that the adult has legal authority over the minor.

• Parental Consent:
• Blanket approvals are not allowed; app stores must obtain a parent’s or guardian’s consent for each download or in-app purchase by a minor. Certain apps, such as those providing emergency services, are exempt.
• In order to obtain consent, app stores must clearly disclose to parents or guardians: (i) the app or purchase at issue along with the app’s age rating, (ii) the elements that led to the age rating, (iii) personal data collected or used in connection with the app or purchase, and (iv) any measures the app developer has implemented to safeguard personal data.
• If a developer makes material changes to its app, such as conducting new personal data processing activities, adding monetization functionality, adjusting age ratings, or making significant functional updates, the app store must secure updated consent from minors’ parents or guardians.

• Transparency to Developers: App stores must allow developers to access, using a commercially available method, the age category assigned to each user and whether consent has been obtained. Additionally, app stores must notify developers if parents or guardians revoke consent. Notably, the Act contains a safe harbor for developers who rely in good faith on information received from the app store and have otherwise complied with the requirements of the Act.
• Use of Personal Data: App stores must collect only the personal data necessary for age verification, parental consent, and records of compliance, and must transmit that data using industry-standard encryption.

Key Requirements for App Developers

• App Rating Designation: Developers must assign age ratings for each app and purchase and clearly disclose the content or elements of the app or purchase that informed that rating.
• Notice of Significant Changes: If a developer makes significant changes to the app, such as changing how or what personal data is collected or used, changing the rating assigned to the software application or the content or element that led to the rating, adding monetization features, or materially altering the functionality or user experience, they must notify the app store in order to allow the app store to notify minors’ parents and guardians and renew consent.
• Developer Age Verification: Developers must implement a system to use information from the app store to verify the age category assigned to each user and confirm whether consent has been obtained for minors to download or make purchases within the app.
• Use of Personal Data: App developers may only use personal data provided by the app stores pursuant to the Act to enforce age restrictions, ensure compliance with applicable laws and regulations, and implement safety features and default settings. Developers must delete such information once verification is complete.

Enforcement

Violations of the Act constitute deceptive trade practices under Texas’s Deceptive Trade Practices-Consumer Protection Act, which permits the Texas attorney general to seek injunctive relief and impose civil penalties, and also allows for consumer remedies.

Key Impacts

• Broad and Ambiguous Application: Because the Act does not have any size or revenue thresholds for applicability, the Act’s broad definition of “app store” could capture platforms that do not consider themselves traditional app stores, including niche software distributors or download facilitators. These businesses may face operational difficulties in linking minor accounts to parents or guardians, communicating age and consent information to developers, and implementing age verification across their platforms.
• Actual Knowledge of Minor Users: By requiring app stores to provide developers with information that their apps are being used by minors, the Act creates “actual knowledge” of minor usage. For apps intended for a general audience, this could trigger obligations under COPPA if personal information is collected from children under 13, or under teen privacy laws in other states that are triggered by having actual knowledge of users under 18.
• Tension with Data Minimization Principles: The Act obligates app stores to collect and disclose, and developers to receive and confirm, personal data for age verification and parental consent requirements, information app stores and developers may not have otherwise collected. While the Act imposes a general data minimization guardrail, this mandate could still significantly expand data-processing activities, especially for functional apps such as weather or utility services and may create friction with other state privacy laws that prioritize strict data minimization and short retention periods.

Outlook

Minor privacy and online safety laws nationwide are facing mounting constitutional challenges, including around age-verification provisions, and the Act has not been immune to these challenges. In October 2025, two lawsuits were filed challenging the Act. The first, brought by the advocacy group Students Engaged in Advancing Texas (SEAT), argues that the Act’s sweeping age-verification and parental-consent requirements for all app downloads and in-app purchases unlawfully impose a content-based prior restraint on speech, in violation of the First Amendment. The complaint contends that the law substitutes the state’s judgment for that of parents, undermining their ability to decide how much privacy and autonomy to grant their children online. Similarly, the Computer & Communications Industry Association (CCIA) asserts that protecting younger internet users should not come at the expense of free expression and personal privacy, as the Act restricts access to lawful content and places onerous verification and consent burdens on both parents and minors. However, the U.S. Supreme Court recently upheld Texas’s pornography age-verification law, which may indicate that Texas’s broader framework for regulating minors’ digital access could be better positioned to survive early challenges.

In light of this, app stores—and any business offering a mobile application—should begin preparing now to operationalize the Act’s technical requirements. At the same time, companies should carefully assess their privacy compliance strategies (particularly with respect to minors’ data) to minimize exposure, especially given the increased attention given to children’s online safety nationwide.