On Tuesday, May 27, 2025, Governor of Texas Greg Abbot signed Texas Senate Bill 2420 into law. The bill, known as the App Store Accountability Act, is effective beginning January 1, 2026.
This bill applies to two primary entities: app store owners and software application developers who make their products available to users in Texas (S.B. 2420 (Tx. 2025) ("ASAA")).
Both app store owners and app developers are subject to new requirements regarding age verification, parental consent, data handling, and transparency in app ratings and content disclosures. To comply, businesses that develop and maintain mobile applications may need to implement robust age verification systems, update their user account management processes to accommodate parental affiliations for minors, revise their data collection and retention policies, and ensure clear communication of age ratings and content information. Additionally, they may need to develop procedures for obtaining and tracking parental consent, as well as mechanisms for responding to consent revocation and significant app changes.
For App Store Owners:
An “app store owner” is defined as a publicly available website, software application or other electronic service that distributes software applications to the user of a mobile device. This broad definition requires most businesses in the US to pay attention. The requirements for app store owners are as follows:
- Most notably, the ASAA requires app store owners to use a commercially reasonable method (undefined) to verify the age of any individual in Texas who creates an account (ASAA § 121.021(a)). Each user must be assigned to one of four statutory age categories: "child" (under 13), "younger teenager" (13–15), "older teenager" (16–17), or "adult" (18+). (ASAA § 121.021(b)).
- If a user is a minor (under 18), the app store is required to ensure that the minor’s account is affiliated with a verified parent or guardian account. (ASAA § 121.022(a)). The app store must use a commercially reasonable method to verify that the parent or guardian is an adult with legal authority over the minor.
- Parental consent must be obtained for each individual download or purchase by the minor, and the app store must notify developers if consent is revoked. If there are significant changes to the app, renewed consent must be obtained (ASAA § 121.022(b)).
- To obtain consent, the app store owner may use any commercially reasonable means to verify the minor account is affiliated with a parent account and that the owner of the parent account has the legal decision making authority over the minor account’s owner (ASAA § 121.022(b)).[
- If the app store displays ratings or content notices in Texas, it is obligated to clearly, accurately, and conspicuously display the age rating and the specific content or elements that led to the rating for each app (ASAA § 121.023(a)-(b)).
- App stores must also provide app developers with current information on the age category assigned to each user and whether parental consent has been obtained for minors (ASAA § 121.024).
- App stores must limit the collection and processing of Personal Data (defined next) to what is necessary for age verification, obtaining consent, and maintaining compliance records. “Personal Data” means any information, including sensitive or pseudonymous data, that is linked or reasonably linkable to an identified or identifiable individual, but does not include deidentified or publicly available information (ASAA § 121.002(5)).
- App stores are prohibited from enforcing contracts or terms of service against minors who entered into agreements without proper parental consent, knowingly misrepresenting information disclosed to parents, obtaining blanket consents for multiple purchases, or sharing personal data except as required by law or the ASAA (ASAA § 121.026).
For Application Developers:
An “application developer” is any person or entity that makes a software application available to users in Texas through an app store (ASAA § 121.051). Again, this broad definition will encompass most US businesses with customers in Texas. The requirements for app developers are as follows:
- Developers are required to assign an age rating to each software application and each in-app purchase, based on the statutory age categories, and must provide both the rating and the reasons for it to each app store through which the application is made available (ASAA § 121.052).
- Developers must use information received from app stores to verify each user's age category and, for minors, whether parental consent has been obtained (ASAA § 121.054).
- Before making any significant changes to the terms of service, privacy policy, data collection practices, app ratings, monetization features, or app functionality, developers must notify each app store (ASAA § 121.053).
- Personal Data received from app stores may only be used for enforcing age-related restrictions, ensuring legal compliance, and implementing safety features and default settings. This data must be deleted after the required verification is completed (ASAA § 121.055).
- Developers are prohibited from enforcing contracts or terms of service against minors without proper consent, knowingly misrepresenting age ratings or the reasons for those ratings, or sharing or disclosing user personal data acquired under the ASAA (ASAA § 121.056).
Penalties and Enforcement:
The remedies provided by the ASAA are cumulative and do not preclude other legal actions or remedies (ASAA § 121.103).
- Parents or guardians of minors may bring civil actions against app store owners or developers for violations of the ASAA (ASAA § 121.101(a)).
- If successful, they are entitled to injunctive relief, actual damages, punitive damages, reasonable attorney's fees, court costs, and any other relief the court deems appropriate (ASAA § 121.101(b)).
- A violation of the ASAA is also considered a false, misleading, or deceptive act under Texas law, making additional remedies under the Deceptive Trade Practices Act available (ASAA § 121.102).