March 2, 2026 California will require operating system providers to collect users’ age information at account setup and share that data with app developers through a real-time API under the Digital Age Assurance Act (AB 1043), signed into law in October 2025. The measure, which takes effect Jan. 1, 2027, shifts age-awareness and potential liability from platforms to developers that receive the signal.
The law defines an “operating system provider” broadly as any entity that “develops, licenses, or controls the operating system software on a computer, mobile device, or any other general purpose computing device.” That scope includes major platforms such as Windows, macOS, Android and iOS, as well as Linux distributions and Valve’s SteamOS.
Under AB 1043, OS providers must maintain a “reasonably consistent real-time application programming interface” that categorizes users into four brackets: under 13, 13 to under 16, 16 to under 18, and 18 or older. When an app is downloaded or launched, developers can request the signal. Once they receive it, they are “deemed to have actual knowledge” of the user’s age range.
That designation carries legal weight. Developers that fail to comply with age-related obligations face penalties of up to $2,500 per affected child for negligent violations and $7,500 for intentional violations, enforced by the California Attorney General.
The statute does not mandate photo identification or facial recognition. Users self-report their age at account setup, distinguishing the law from measures in Texas and Utah that require “commercially reasonable” age verification methods, including government-issued ID checks. Assemblymember Buffy Wicks, who authored the bill, said in a press release that the approach “avoids constitutional concerns by focusing strictly on age assurance, not content moderation.” The bill passed unanimously in both chambers of the state legislature.
Governor Gavin Newsom signed the law but urged lawmakers to revisit it before implementation. In a signing statement, he cited concerns raised by streaming services and game developers about “complexities such as multi-user accounts shared by a family member and user profiles utilized across multiple devices.”
For technology providers, the law introduces a new architectural requirement at the operating system layer and formalizes a data handoff that directly affects developer liability. With enforcement set for 2027, platform operators and app developers will need to assess technical feasibility, account structures and compliance exposure well before the effective date.
