In the US there is no single federal age verification law for general online access. Instead, a growing number of states have passed or proposed laws that require age checks for social media, gaming, or adult content. The result is a patchwork: requirements and acceptable methods differ by state, and some laws have been challenged on First Amendment grounds.

Virginia’s law, for example, was at least temporarily blocked by a federal court in 2026, with the judge citing free-speech concerns. Other states are advancing similar bills. California and Colorado have moved toward requirements for app stores and OS-level age APIs (e.g. for "general purpose" devices), with implementation dates in 2027. So even if you don’t operate in a given state today, the trend is toward more obligations.

For platforms, the practical implications are: (1) track which states you serve and which laws apply; (2) choose age verification that can be configured for different thresholds and flows; (3) minimise data retention so that even if one state’s law is struck down, your handling of user data remains defensible. The FTC has also signalled that it will look favourably on certain age-verification technologies under COPPA when they meet conditions around accuracy, security, notice, and data retention.

If you have users in multiple states, consider a solution that gives you a single integration point and lets you adapt to state-specific rules (and court decisions) without rebuilding your flow each time.