 |
ARIZONA STATE SENATE
Fifty-Seventh Legislature, Second Regular Session
AMENDED
social
media; online content; minors
(NOW: social media; age verification; minors)
Purpose
Effective one year after the general effective date, prescribes duties for a covered company, developer or social media platform to provide for user age verification and related online content safeguards for the protection of minors. Outlines enforcement and penalties for a violation of the prescribed duties. Establishes the Technology Protection for Minors Grant Fund (Fund).
Background
In 2025, the Legislature enacted the requirement for a commercial entity that knowingly and intentionally publishes or distributes material on an internet website, including a social media platform, of which more than one-third is sexual material that is harmful to minors to use reasonable age verification methods to verify that an individual who attempts to access the material is 18 years of age or older. A commercial entity or a third-party that performs the age verification must not: 1) retain any identifying information of the individual; or 2) cause or allow any identifying information to be directly or indirectly transmitted to any government entity. A parent or guardian of a minor who accesses material harmful to minors, and a person whose identifying information was unlawfully retained or transmitted, have a right of action against the offending entity (Laws 2025, Ch. 193; A.R.S. § 18-701).
In 2025, the Legislature also enacted content restrictions on digital advertising directed towards children. Beginning January 1, 2027, a child-directed application must take appropriate measures to prevent the display of inappropriate and mature advertisements on child-directed applications. Inappropriate and mature advertisement is an advertisement that sells or promotes: 1) violence; 2) explicit language; 3) sexual content; or 4) alcohol or drug use. A child-directed application that does not comply with the content restrictions is subject to a civil penalty of up to $100,000 per violation. The Attorney General must enforce the child-directed application content restrictions (Laws 2025, Ch. 198; A.R.S. § 44-1483).
There is no anticipated fiscal impact to the state General Fund associated with this legislation.
Provisions
Duties for Covered Companies
1. Requires a covered company to:
a) provide an accessible interface for an account holder or user to set up an account that allows the account holder or user to provide a birth date or age in order to provide the account holder's or user's age signal to developers at the time of the account set up or at any time thereafter and to provide the account holder or user with the option to opt in to share the account holder's or user's age bracket data with the developer for the purposes of providing age-appropriate content;
b) obtain parental or guardian consent before allowing a child to download an application distributed or made accessible through the covered company's application store, if the covered company provides an application store;
c) facilitate parental or guardian consent for access to an application that is preloaded onto a device for the first time in response to a request from a developer;
d) make controls available that enable account holders to do both of the following:
i. restrict which applications can be downloaded by a user based on the applications' age rating within the covered company's application stare; and
ii. limit the amount of time a user can spend on downloaded applications;
e) send only the minimum amount of information that is necessary to comply with the statutory duties for covered companies; and
f) on request, provide a developer, including a developer of the preloaded application, with an age signal through a real-time application programming interface on an ongoing basis regarding whether an individual is:
i. under 13 years of age;
ii. at least 13 years of age but under 16 years of age;
iii. at least 16 years of age but under 18 years of age; or
iv. at least 18 years of age.
2. Prohibits a covered company from sharing the age signal or parent or guardian consent signal with a third party for any purpose that is not required by law.
3. States that a covered company is not required to share age signals with a third party, other than with a developer, through an application that is distributed on the covered company's application store.
Duties of Developers and Social Media Platforms
4. Requires a developer to:
a) on an individual's account creation or first access, request from a covered company an age signal and may subsequently request additional age signals; and
b) if the date is available, use the age signal from a covered company to:
i. enforce legally required minimum age restrictions;
ii. ensure compliance with all laws; and
iii. provide any age-appropriate defaults, safeguards or experiences as required by statute.
5. Requires a developer, if it operates a social media platform, to comply with the additional requirements prescribed for a social media platform.
6. Requires a social media platform, if applicable and technically feasible, to provide readily available features for a parent or guardian to oversee the use of the application by the parent's or guardian's child as appropriate to the risks that arise from the child's use of the developer's application.
7. Requires the features to include:
a) the ability to view metrics reflecting the amount of time that the child is using the application and set daily time limits on the child's use;
b) the ability to see which individuals or accounts are affirmatively linked to the child's account, including the child's friends, followers and accounts that the child is following;
c) the ability to determine whether the child has limited the public visibility of the child's account or information and content that is uploaded to the application;
d) the ability to see which individuals the child has blocked;
e) the ability to submit a report to the application concerning a potential violation of the developer's terms and policies;
a) the ability to display a notification to a user who the social media platform knows is a minor if the user has spent one cumulative hour on the application during one calendar day;
b) the ability to limit the visibility of a minor's account or profile to connected users other than the minor's name, username and primary display picture, if applicable;
c) reasonable policies that address exposure to sexually or violently explicit material on the social media platform;
d) the ability to silence notifications between 10:00 p.m. and 6:00 a.m. local time;
e) the ability to prohibit an unconnected user from sending private or direct messages to a minor user, including through video, voice, text or other messaging, if applicable; and
f) the ability to disable the automatic playing of video content without user action in a personalized recommendation system.
Age Signal Conflicts
8. Allows a developer, if it has clear and convincing evidence that a user's age is different from the age that is indicated by the age signal received from the covered company, to use its own internal data.
Enforcement and Penalties
9. Allows the Attorney General, in addition to any other remedy available under state law, to bring an action against a covered company, developer or commercial entity to:
a) recover a civil penalty of no more than $75,000 for each violation;
b) restrain or enjoin the covered company, developer or commercial entity from violating the technology content protection for minors requirements;
c) seek injunctive relief;
d) recover reasonable attorney fees; and
e) recover litigation costs and reasonable costs for investigating the violation.
10. Requires the Attorney General to deposit monies collected from an action brought by the Attorney General in the Fund.
Immunity from Liability
11. Grants a developer or covered company immunity from liability for a violation of the technology content protection for minors requirements if the developer or covered company demonstrates that the developer or covered company:
a) relied in good faith on the applicable age signal and the age signal indicates that the user is a child based on the information received through the covered company's data sharing methods; and
b) if a developer, complied with the parental control requirements.
12. States that a developer, in determining an application's age rating and content description, is not liable for a violation of the technology content protection for minors requirements if the developer uses widely adopted industry standards to determine the application's age category and content description and applies those standards consistently and in good faith.
13. States that the immunity from liability both:
a) applies only to actions brought under the technology content protection for minor statutes; and
b) does not limit a developer's or covered company's liability under any other applicable law.
14. States that the immunity from liability does not replace any other available remedy or right in state or federal law.
Compliance and Nondiscrimination
15. States that the technology content protection for minors requirements do not modify, impair or supersede the operation of any antitrust laws, unless otherwise specified.
16. Requires a covered company to comply with the technology content protection for minors requirements in a nondiscriminatory manner, by doing both of the following:
a) imposing the same restrictions and obligations on its own applications and application distribution as the covered company imposes on third-party applications and application distributors; and
b) not using data that is not publicly available and that is collected from third parties, or consent mechanisms deployed for third parties, in the course of compliance with the technology content protection for minors requirements to compete against those third parties, to give the covered company's services preference relative to those of third parties or to otherwise use this data that is not publicly available in a manner that is unavailable to those third parties.
The Fund
17. Establishes the Fund consisting of monies from civil penalties, attorney fees and litigation costs that are recovered by the Attorney General from action against a covered company, developer or commercial entity for violation of the technology content protection for minors requirements.
18. Requires the Attorney General to administer the Fund.
19. States that monies in the Fund are continuously appropriated and are exempt from lapsing.
20. Prohibits monies in the Fund from being transferred to or otherwise made available to any other state fund or account or from being used for operating expenses of the Attorney General's Office or staff salaries.
21. Requires the Attorney General to use the monies in the Fund solely to award grants to nonprofit organizations for the following:
a) outreach programs that provide education to parents, guardians and minors about online safety, digital literacy and the effects of social media on the mental health of minors;
b) programs that provide resources or services to minors who have experienced harm as a result of violations of the technology content protection for minors requirements;
c) research on the effects of social media on the mental and physical health of minors;
d) law enforcement programs that investigate violations of the technology content protection for minors requirements and technology-facilitated harm to minors;
e) programs that provide mental health counseling, treatment or support services to minors who have experienced psychological or emotional harm as a result of using social media and violations of the technology content protection for minors requirements; and
f) programs that provide prevention education, victim services or law enforcement support related to human trafficking or sexual exploitation of minors facilitated through social media platforms.
22. Requires the Attorney General to establish grant eligibility criteria, application procedures and reporting requirements for recipients of grants awarded subject to Joint Legislative Budget Committee (JLBC) approval.
23. Requires the Attorney General, by January 15, April 15, July 15 and October 15 of each year, to compile a report that includes an accounting of all the monies spent from the Fund, including:
a) receipts;
b) disbursements;
c) the current balance of the Fund;
d) the name of each grant recipient;
e) the amount awarded to each grant recipient; and
f) the purpose for each grant awarded.
24. Requires the Attorney General to submit the reports to all of the following:
a) the Governor;
b) the President of the Senate;
c) the Speaker of the House of Representatives;
d) the Minority Leader of the Senate;
e) the Minority Leader of the House of Representatives;
f) the JLBC Director; and
g) the Secretary of State.
Definitions
25. Defines application as a software application or electronic service that a user may run or direct on a computer, a mobile device or any other general purpose computing device.
26. Defines application store as a publicly available website, software application, electronic service or platform that distributes and facilitates the download of applications from third-party developers to users of a computer, a mobile device or any other general purpose computing device.
27. Defines child as an individual who is under 16 years of age.
28. Defines commercial entity as including a corporation, a limited liability company, a partnership, a limited partnership, a sole proprietorship and any other legally recognized entity.
29. Defines covered company as a person that owns, controls or operates an application store or operating system that services customers in Arizona.
30. Excludes, from the definition of covered company, a telecommunications carrier or broadband provider that solely provides internet access or transmission services without control over application distribution or operating system functionality.
31. Defines daily active users as the number of unique users in the United States who used the social media platform at least 80 percent of the days during either:
a) the previous 12-month period; or
b) the previous one-month period if the social media platform did not exist during the previous 12-month period.
32. Defines developer as a person that creates, owns or controls a public-facing website, online service, online application or mobile application.
33. Defines distribute as issuing, selling, giving, providing, delivering, transferring, transmitting, circulating or disseminating by any means.
34. Defines infinite scrolling as content that is continuously loading or content that loads as the user scrolls down the webpage without the need to open a separate webpage.
35. Defines operating system as an entity that develops, maintains or distributes an operating system on a computer, a mobile device or any other general purpose computing device.
36. Defines personalized recommendation system as a fully or partially automated system used to suggest, promote or rank a feed of user-generated content based on the user's activity on the covered social media platform, excluding a recommendation system that suggests, promotes or ranks content based solely on the user's language, city or town or age.
37. Defines publish as communicating or making information available to another person on a publicly available website or application.
38. Defines social media platform as an online forum, website or application that satisfies all of the following criteria:
a) allows a user to upload content or view the content or activity of other users;
b) has at least 10 percent of daily active users who are under 16 years of age and who on average spent at least two hours per day on the online forum, website or application during the previous 12 months or if the online forum, website or application did not exist during the previous 12 months, during the previous one-month period;
c) uses algorithms that analyze user data or information on users to select content for users;
d) has infinite scrolling or seamless content or the use of webpages with no visible or apparent end or page breaks;
e) has push notifications or alerts sent by an online forum, website or application to inform a user about specific activities or events related to the user's account;
f) displays personal interactive metrics that indicate the number of times other users have clicked a button to indicate the users' reactions to content or have shared or reposted the content;
g) has auto-play video or video that begins to play without the user first clicking on the video or on a play button for that video; and
h) has livestreaming or has a function that allows a user or advertiser to broadcast live video content in real time.
39. Excludes, from the definition of social media platform, an online service, website or application of which the exclusive function is email or direct messaging consisting of texts, photographs, pictures, images or videos that are shared only between the sender and the recipients and that are not displayed or posted publicly or to other users that are not specifically identified by the sender as the recipients.
Miscellaneous
40. Contains a severability clause.
41. Becomes effective one year after the general effective date.
Amendments Adopted by Committee
· Adopted the strike-everything amendment.
Amendments Adopted by Committee of the Whole
1. Specifies that a covered company must provide:
a) an accessible interface for an account holder or a user to set up an account that allows the account holder or user to provide a birth date or age in order to provide an age signal to developers at the time of the account set up or at any time thereafter; and
b) the option to opt in to share the account holder's or user's age bracket data with the developer for the purposes of providing age-appropriate content.
2. Specifies that a covered company must facilitate parental or guardian consent for access to an application that is preloaded onto a device for the first time in response to a request for a developer.
3. Removes the requirement for a covered company to connect the application developer with the parent or guardian of a child to provide notification of prescribed parental control features.
4. Requires a covered company to make controls available that enable account holders to:
a) restrict which applications can be downloaded by a user based on the applications' age rating within the covered company's application store; and
b) limit the amount of time a user can spend on downloaded applications.
5. Requires a covered company to send only the minimum amount of information that is necessary to comply with statute.
6. Prohibits a covered company from sharing the age signal or parent or guardian consent signal with a third party for any purpose that is not required by law.
7. States that a covered company is not required to share age signals with a third party, other than with a developer, through an application that is distributed on the covered company's application store.
8. Removes the requirement for a developer, on an account creation or first access, to request from a covered company a parental consent signal.
9. Specifies that a developer must use an age signal from a covered company if the data is available for prescribed age restriction requirements.
10. Removes the requirement for a social media platform to implement separate minor default settings.
11. Recategorizes the prescribed minor default settings as required parental control features.
12. Removes as required parental control features:
a) the ability to disable the display of personalized recommendation systems for a child; and
b) the prohibiting of a minor user from sharing the minor user's real-time precise geolocation with any other user.
13. Specifies that, if a developer has clear and convincing evidence that a user's age is different from the age signal that the developer received from the covered company, the developer may use its internal data.
14. Removes the requirement for a developer to transmit the conflicting internal age signal back to the covered company for age reverification.
15. Removes the requirement for a commercial entity that knowingly and internationally publishes or distributes a substantial portion of material that is harmful to minors on an application to provide prescribed age verification for any person attempting to access the material.
16. Removes the authorization for a minor or minor's parent to bring a civil action against a covered company, developer or commercial entity for a violation of the technology protection for minors requirements.
17. Adds that a covered company complies with the technology protection for minor requirements in a nondiscriminatory manner if it does not use data that is not publicly available for use by third parties.
18. Renames the Technology Content Protection for Minors Grant Fund as the Technology Protection for Minors Grant Fund.
19. Modifies the definition of covered company and social media platform.
20. Makes technical and conforming changes.
Senate Action
RAGE 3/25/26 DPA/SE 4-2-1
Prepared by Senate Research
June 10, 2026
JT/ci