Key Developments With State App Store Accountability Acts, as Texas Act Takes Effect

June 8, 2026

Compliance with App Store Accountability Act (ASAA) laws has returned to the forefront, with new legislative developments and a Fifth Circuit decision allowing the Texas law to take effect. As detailed in our October 2025 alert, ASAA laws are aimed at age verification and parental consent for use of online apps, and they impose some requirements directly on app developers. Following the Fifth Circuit decision, the Texas law is now in effect. Louisiana and Utah legislatures amended their laws, and Alabama adopted a new ASAA law that takes effect January 1, 2027. 

This alert summarizes the most recent developments and current ASAA landscape as of June 2026, and outlines the core obligations app developers must navigate.

Current Status of State ASAAs (June 2026 Updates)

Texas – In Effect During Appeal

While a district court entered an injunction against the Texas ASAA law days before its January 1, 2026 effective date, that injunction was administratively stayed by U.S. Court of Appeals for the Fifth Circuit on May 28, allowing the law to take immediate effect. On June 5, the Fifth Circuit further ruled that the law may remain in effect for the duration of the appeal, staying the lower court’s injunction.

As a result, the law is currently operative – meaning the ASAA age verification and parental consent requirements are now in effect. While the ultimate validity of the law remains subject to ongoing First Amendment litigation, the statute is enforceable by the Texas Attorney General throughout the current stage of the appeals process pending any further court action.

Utah – Delayed and Limited to Private Enforcement

The effective compliance deadline for Utah’s ASAA has been extended, and businesses now have until May 6, 2027 to operationalize its requirements. As detailed in our April 2026 alert, the law was amended (H.B. 498) to remove Attorney General enforcement authority as a deceptive trade practice.

However, a private right of action (PRA) is now the exclusive enforcement mechanism. Following the amendments, a constitutional challenge to the law was voluntarily dismissed due to a lack of a state enforcer to sue. Absent further challenge, developers and app stores will need to prepare for compliance by the 2027 deadline. 

Louisiana – Amended and Delayed to July 2027

Louisiana’s ASAA, originally scheduled to take effect on July 1, 2026, has been formally delayed for one year, as a recent amendment to the law (H.B. 977) pushed the effective date to July 1, 2027. The law will be enforceable by the Louisiana Attorney General. The amendment also contained two provisions that may benefit app developers: Specifically, it (i) limits an app developer’s obligation to verify age using “other sources,” generally allowing developers to use an app store age signal, and (ii) allows app developers to rely on app store signals relating to parental consent, without independently verifying that consent.

Alabama – New Law Takes Effect January 1, 2027

The newly passed Alabama law largely tracks the Louisiana ASAA law. Unlike other state ASAA laws, the Alabama law outlines a rulemaking process for the Attorney General to adopt rules on the age verification process to be used by app stores.

Core App Developer Obligations Under ASAA Laws

While these laws share common compliance themes, the laws contain nuanced differences that must be handled on a state-by-state basis. Generally, the laws impose four core responsibilities on app developers:

• Age Verification: Developers must incorporate systems to receive age category data (e.g., <13, 13-15, 16-17, 18+) from app stores and use that data to verify the user’s age bracket. Under recent amendments in Utah, the law now distinguishes between “pre-installed applications” (which require verification upon first launch) and core operating system functions.
• Parental Consent: If a user falls into a minor age bracket, the developer must receive and verify parental consent data from the app store before permitting the minor to download the app or initiate in-app purchases. Furthermore, developers must notify the app store to refresh parental consent whenever there is a "significant change" to the app. Utah’s recent amendments clarified this standard, noting that routine user interface updates do not constitute a significant change, but introducing new in-app purchases or advertisements does.
• Age Rating: Developers must assess and assign age ratings to their apps and individual in-app purchases, which must then be provided to the app stores. Texas requires these ratings to match the state’s statutory age tiers. In Utah and Louisiana, laws require these ratings to reflect an assessment of the app’s “suitability” for minors, introducing potential liability if a developer’s assigned rating is deemed inaccurate or misleading.

• Data Handling and Minimization: Information received from app stores must be heavily restricted. In Texas, the law explicitly requires that age and consent data be securely transmitted, used solely for statutory compliance, and immediately deleted after use. Utah’s recent amendments similarly restrict data usage, prohibiting developers from using app store age data for any commercial purpose other than ensuring legal compliance or enforcing safety features.

Compliance Approaches for Developers

Because the Texas law is currently operative, development and legal teams should review their compliance efforts. Key priorities include:

• Preparing to receive and process data: Engineering teams should implement secure interfaces – such as integrating with newly released app store APIs – to ingest, utilize, and discard age category and parental consent signals as required by the laws.
• Reviewing app content and features: Legal and product teams should audit existing apps and features to determine appropriate statutory age categories, including reviewing the “suitability” standard required in Louisiana and Utah, and flagging any features that should be restricted for minors.
• Considering additional compliance obligations: Developers should analyze whether receiving “under 13” age signals from an app store to satisfy state ASAAs triggers additional compliance obligations under the federal Children’s Online Privacy Protection Act (COPPA).
• Implementing a system to flag “significant changes”: Internal workflows should be updated so that material changes to privacy policies, terms of service, or the introduction of new monetization features (like ads or in-app purchases) trigger any required notice to the app stores to allow for a refresh of parental consent.
• Building out a method to track: Developers should establish robust compliance logging to demonstrate that age gates and consent checks were successfully executed, while not retaining the underlying personal data in ways that are restricted by the laws.

Conclusion

As ASAA laws continue to face constitutional challenges and undergo legislative amendments, the regulatory landscape remains highly dynamic. App developers should remain on top of these fast-changing requirements and take proactive compliance steps that can be flexibly adapted to new rules and shield against potential investigations and enforcement.

***

Wiley’s Privacy, Cyber & Data Governance team has broad experience in navigating compliance issues around cutting-edge technology and the evolving legal landscape, and handling enforcement and litigation matters. For questions about this alert, please contact the authors.