In 2026 the FTC issued a COPPA Policy Statement that encourages the use of age verification technologies where they help protect children, while setting conditions under which the agency will exercise enforcement discretion. For operators who collect personal information solely or primarily for age verification, the statement offers a measure of clarity, provided certain conditions are met.
What the FTC expects from age verification tools
The FTC expects age verification tools to be accurate, secure, and compliant with applicable law. Operators should give clear notice to parents and children (as relevant), limit retention of verification data, and ensure that any third parties with access to the data are bound by appropriate safeguards. The statement does not greenlight all age verification; it signals that well-designed, privacy-conscious implementations that meet these conditions are less likely to be targeted for COPPA enforcement when the sole or primary purpose is verifying age.
What US-facing platforms should do
Choose age verification that is demonstrably accurate (e.g. validated algorithms or audited processes), that minimises data collection and retention, and that aligns with your privacy policy and COPPA obligations. Document how you meet the FTC’s conditions so you can show good faith if asked. Regulators generally want effective age assurance without unnecessary data hoarding.
