13-76 - App Store Accountability Act
Title 13 > 13-76
Sections (8)
General Provisions
13-76-101 - Definitions.
(1) “Age category” means one of the following categories of individuals based on age:“child” which means an individual who is under 13 years old;“younger teenager” which means an individual who is at least 13 years old and under 16 years old;“older teenager” which means an individual who is at least 16 years old and under 18 years old; or”adult” which means an individual who is at least 18 years old.
(2) “Age category data” means information about a user’s age category that is:collected by an app store provider; andshared with a developer.
(3) “Age rating” means a classification that provides an assessment of the suitability of an app’s content for different age groups.
(4) “App” means a software application or electronic service that a user may run or direct on a mobile device.
(5) “App store” means a publicly available website, software application, or electronic service that allows users to download apps from third-party developers onto a mobile device.
(6) “App store provider” means a person that owns, operates, or controls an app store that allows users in the state to download apps onto a mobile device.
(7) “Content description” means a description of the specific content elements that informed an app’s age rating.
(8) “Developer” means a person that owns or controls an app made available through an app store in the state.
(9) “Division” means the Division of Consumer Protection, established in Section 13-2-1.
(10) “Knowingly” means to act with actual knowledge or to act with knowledge fairly inferred based on objective circumstances.
(11) “Minor” means an individual under 18 years old.
(12) “Minor account” means an account with an app store provider that:is established by an individual who the app store provider has determined is under 18 years old through the app store provider’s age verification methods; andrequires affiliation with a parent account.
(13) “Mobile device” means a phone or general purpose tablet that:provides cellular or wireless connectivity;is capable of connecting to the Internet;runs a mobile operating system; andis capable of running apps through the mobile operating system.
(14) “Mobile operating system” means software that:manages mobile device hardware resources;provides common services for mobile device programs;controls memory allocation; andprovides interfaces for applications to access device functionality.
(15) “Parent” means, with respect to a minor, any of the following individuals who have legal authority to make decisions on behalf of the minor:an individual with a parent-child relationship under Section 78B-15-201;a legal guardian; oran individual with legal custody.
(16) “Parent account” means an account with an app store provider that:is verified to be established by an individual who the app store provider has determined is at least 18 years old through the app store provider’s age verification methods; andmay be affiliated with one or more minor accounts.
(17) “Parental consent disclosure” means the following information that an app store provider is required to provide to a parent before obtaining parental consent:if the app store provider has an age rating for the app or in-app purchase, the app’s or in-app purchase’s age rating;if the app store provider has a content description for the app or in-app purchase, the app’s or in-app purchase’s content description;a description of:the personal data collected by the app from a user; andthe personal data shared by the app with a third party; andif personal data is collected by the app, the methods implemented by the developer to protect the personal data.
(18) “Significant change” means a material modification to an app’s terms of service or privacy policy that:changes the categories of data collected, stored, or shared;alters the app’s age rating or content descriptions;adds new monetization features, including:in-app purchases; oradvertisements; ormaterially changes the app’s:functionality; oruser experience.
(19) “Verifiable parental consent” means authorization that:is provided by an individual who the app store provider has verified is an adult;is given after the app store provider has clearly and conspicuously provided the parental consent disclosure to the individual; andrequires the parent to make an affirmative choice to:grant consent; ordecline consent.
Enacted by Chapter 446, 2025 General Session
App Store Provider and Developer Requirements
13-76-201 - App store provider requirements.
5/6/2026
(1) An app store provider shall:at the time an individual who is located in the state creates an account with the app store provider:request age information from the individual; andverify the individual’s age category using:commercially available methods that are reasonably designed to ensure accuracy; oran age verification method or process that complies with rules made by the division under Section 13-76-301;if the age verification method or process described in Subsection 13-Ch13_75|(1)] determines the individual is a minor:require the account to be affiliated with a parent account; andobtain verifiable parental consent from the holder of the affiliated parent account before allowing the minor to:download an app;purchase an app; ormake an in-app purchase;after receiving notice of a significant change from a developer:notify the user of the significant change; andfor a minor account:notify the holder of the affiliated parent account; andobtain renewed verifiable parental consent;provide to a developer, in response to a request authorized under Section 13-76-202:age category data for a user located in the state; andthe status of verified parental consent for a minor located in the state;notify a developer when a parent revokes parental consent; andprotect personal age verification data by:limiting collection and processing to data necessary for:verifying a user’s age;obtaining parental consent; ormaintaining compliance records; andtransmitting personal age verification data using industry-standard encryption protocols that ensure:data integrity; anddata confidentiality.
(2) An app store provider may not:enforce a contract or terms of service against a minor unless the app store provider has obtained verifiable parental consent;knowingly misrepresent the information in the parental consent disclosure; orshare personal age verification data except:between an app store provider and a developer as required by this chapter; oras required by law.
Enacted by Chapter 446, 2025 General Session
13-76-202 - Developer requirements.
5/6/2026
(1) A developer shall:verify through the app store’s data sharing methods:the age category of users located in the state; andfor a minor account, whether verifiable parental consent has been obtained;notify app store providers of a significant change to the app;use age category data received from an app store provider to:enforce any developer-created age-related restrictions;ensure compliance with applicable laws and regulations; andimplement any developer-created safety-related features or defaults;request personal age verification data or parental consent:at the time a user:downloads an app; orpurchases an app;when implementing a significant change to the app; orto comply with applicable laws or regulations.
(2) A developer may request personal age verification data or parental consent:no more than once during each 12-month period to verify:accuracy of user age verification data; orcontinued account use within the verified age category;when there is reasonable suspicion of:account transfer; ormisuse outside the verified age category; orat the time a user creates a new account with the developer.
(3) When implementing any developer-created safety-related features or defaults, a developer shall use the lowest age category indicated by:age verification data provided by an app store provider; orage data independently collected by the developer.
(4) A developer may not:enforce a contract or terms of service against a minor unless the developer has verified through the app store provider that verifiable parental consent has been obtained;knowingly misrepresent any information in the parental consent disclosure; orshare age category data with any person.
Enacted by Chapter 446, 2025 General Session
Division Rulemaking
13-76-301 - Division rulemaking.
Enacted by Chapter 446, 2025 General Session
Enforcement and Safe Harbor
13-76-401 - Enforcement.
12/31/2026
(1) A violation of Subsection 13-75-201(2)(b) or Subsection 13-75-202(4)(b) constitutes a deceptive trade practice under Section 13-11a-3.
(2) Only a minor, or the parent of that minor, who has been harmed by a violation of Subsection 13-75-201(2) may bring a civil action against an app store provider.Only a minor, or the parent of that minor, who has been harmed by a violation of Subsection 13-75-202(4) may bring a civil action against a developer.
(3) In an action described in Subsection (2), the court shall award a prevailing parent:the greater of:actual damages; or$1,000 for each violation;reasonable attorney fees; andlitigation costs.
Enacted by Chapter 446, 2025 General Session
13-76-402 - Safe harbor.
(1) A developer is not liable for a violation of this chapter if the developer demonstrates that the developer:relied in good faith on:personal age verification data provided by an app store provider; andnotification from an app store provider that verifiable parental consent was obtained if the personal age verification data indicates that the user is a minor; andcomplied with the requirements described in Section 13-76-202.
(2) For purposes of setting the age category of an app and providing content description disclosures to an app store provider, a developer complies with Subsection 13-75-202(4)(b) if the developer:uses widely adopted industry standards to determine:the app’s age category; andthe content description disclosures; andapplies those standards consistently and in good faith.
(3) The safe harbor described in this section:applies only to actions brought under this chapter; anddoes not limit a developer or app store provider’s liability under any other applicable law.
(4) Nothing in this chapter shall displace any other available remedies or rights authorized under the laws of this state or the United States.
Enacted by Chapter 446, 2025 General Session
13-76-403 - Severability.
(1) If any provision of this chapter or the application of any provision to any person or circumstance is held invalid by a final decision of a court of competent jurisdiction, the remainder of this chapter shall be given effect without the invalid provision or application.
(2) The provisions of this chapter are severable.
Enacted by Chapter 446, 2025 General Session
13-76-404 - Application and limitations.
(1) prevent an app store provider or developer from taking reasonable measures to:block, detect, or prevent distribution to minors of:unlawful material;obscene material; orother harmful material;block or filter spam;prevent criminal activity; orprotect app store or app security;
(2) require an app store provider to disclose user information to a developer beyond:age category; orverification of parental consent status;
(3) allow an app store provider or developer to implement measures required by this chapter in a manner that is:arbitrary;capricious;anticompetitive; orunlawful;
(4) require an app store provider or developer to obtain parental consent for an app that:provides direct access to emergency services, including:911;crisis hotlines; oremergency assistance services legally available to minors;limits data collection to information necessary to provide emergency services in compliance with 15 U.S.C. Sec. 6501 et seq., Children’s Online Privacy Protection Act;provides access without requiring:account creation; orcollection of unnecessary personal information; andis operated by or in partnership with:a government entity;a nonprofit organization; oran authorized emergency service provider; or
(5) require a developer to collect, retain, reidentify, or link any information beyond what is:necessary to verify age categories and parental consent status as required by this chapter; andcollected, retained, reidentified, or linked in the developer’s ordinary course of business.
Enacted by Chapter 446, 2025 General Session