Back to Ohio

SB175 • 2026

Establish age verification, parental consent for apps, developers

Establish age verification, parental consent for apps, developers

Passed Legislature

This bill passed both chambers and reached final enrollment, even if later executive action is not shown here.

Sponsor
Thomas F. Patton
Last action
Official status
As Reported by the Senate Financial Institutions, Insurance and Technology Committee
Effective date
Not listed

Plain English Breakdown

Using official source text because the generated explanation was unavailable or could not be confirmed against the official bill text.

Establish age verification, parental consent for apps, developers

To amend section 1345.51 and to enact sections 1349.07, 1349.071, 1349.072, 1349.073, and 1349.074 of the Revised Code to establish age verification requirements for software applications.

What This Bill Does

  • To amend section 1345.51 and to enact sections 1349.07, 1349.071, 1349.072, 1349.073, and 1349.074 of the Revised Code to establish age verification requirements for software applications.

Limits and Unknowns

  • This entry is temporarily using official source text because the generated explanation could not be confirmed against the official bill text during the last sync.

Bill History

  1. Ohio Legislature

    As Introduced

  2. Ohio Legislature

    As Reported by the Senate Financial Institutions, Insurance and Technology Committee

Official Summary Text

To amend section 1345.51 and to enact sections 1349.07, 1349.071, 1349.072, 1349.073, and 1349.074 of the Revised Code to establish age verification requirements for software applications.

Current Bill Text

Read the full stored bill text
sb175_01_RS

As Reported by the Senate Financial Institutions, Insurance and Technology Committee

136th
General Assembly

Regular
Session
Sub. S. B. No. 175

2025-2026

Senator Patton

To

amend
section 1345.51 and to
enact
sections 1349.07, 1349.071, 1349.072, 1349.073,

and

1349.074 of the Revised Code
to
establish age verification requirements for software applications.

BE
IT ENACTED BY THE GENERAL ASSEMBLY OF THE STATE OF OHIO:

Section
1.
That

section
1345.51 be amended and
sections
1349.07, 1349.071, 1349.072, 1349.073,

and

1349.074 of the Revised Code be enacted to read as follows:

Sec.
1345.51.
There
is hereby created in the state treasury the consumer protection
enforcement fund. The fund shall include civil penalties ordered
pursuant to divisions (A) and (D) of section 1345.07 of the Revised
Code and paid as provided in division (G) of that section,

all civil penalties ordered pursuant to divisions (D) and (E) of
section 1349.074 of the Revised Code and paid as provided in division
(F) of that section,

all civil penalties assessed under division (A) of section 1349.192
of the Revised Code, all costs awarded to the attorney general and
all penalties imposed under section 4549.48 of the Revised Code, and
all money unclaimed under section 4549.50 of the Revised Code. The
money in the consumer protection enforcement fund shall be used for
the sole purpose of paying expenses incurred by the consumer
protection section of the office of the attorney general.

Sec.
1349.07.
As
used in sections 1349.07 to 1349.074 of the Revised Code:

(A)(1)
"Account holder" means any of the following:

(a)
An individual in this state who is at least eighteen years of age;

(b)
A parent or legal guardian of a minor user in this state;

(c)
An emancipated minor.

(2)
"Account holder" does not include any of the following:

(a)
A parent of an emancipated minor;

(b)
A parent or legal guardian who does not own or control an account
associated with a minor user's device;

(c)
A parent of a minor user to whom both of the following apply:

(i)
The court has not issued a shared parenting decree.

(ii)
The parent is not the residential parent of the minor user, and the
court has denied a motion for reasonable companionship or visitation
rights.

(3)
For the purpose of this section, a minor is considered "emancipated"
if the minor has married, entered the armed services of the United
States, become employed and self-subsisting, or has otherwise become
independent from the care and control of the minor's parent,
guardian, or custodian.

(B)
"Age bracket data" means data derived from a user's date of
birth or age, that is not personal data, for the purpose of sharing
with developers and that indicates the user's age range, including,
at a minimum, the following:

(1)
Whether a user is under thirteen years of age;

(2)
Whether the user is at least thirteen years of age and under sixteen
years of age;

(3)
Whether the user is at least sixteen years of age and under eighteen
years of age;

(4)
Whether the user is at least eighteen years of age.

(C)
"Age signal" means age bracket data sent by a secure
application programming interface or similar method to an
application.

(D)
"Application" means a software application that is designed
to be run on a computer, a mobile device, or any other general
purpose computing device and to perform, or help the user perform, a
specific task on the device and that is distributed through a covered
applicable store.

"Application"
does not include an internet web site or internet browser extension,
or software with a primary purpose of extending the functionality of
an internet browser.

(E)(1)
"Broadband internet access service" means a mass-market
retail service by wire or radio that provides the capability to
transmit data to and receive data from all or substantially all
internet endpoints, including any capabilities that are incidental to
and enable the operation of the communications service, but excluding
dial-up internet access service.

(2)
"Broadband internet access service" includes any service
that the federal communications commission finds to be providing a
functional equivalent of the service described in division (E)(1) of
this section or that is used to evade the protections set forth in
sections 1349.07 to 1349.074 of the Revised Code.

(F)
"Child" means an individual who is under eighteen years of
age.

(G)(1)
"Covered application store" means a publicly available
software application that distributes applications directly to
consumers from third-party developers to users of a computer, a
mobile device, a game console, or any other general purpose computing
device.

(2)
"Covered application store" does not mean an internet
browser or an online service or platform that distributes extensions,
plug-ins, add-ons, or other software applications that run
exclusively within a separate host application.

(H)
"Developer" means a person that owns, maintains, or
controls an application.

(I)
"Operating system" means software that manages applications
on a computer, mobile device, or any other general purpose computing
device, including those applications' access to the network,
hardware, and other device resources.

(J)
"Operating system provider" means a person or entity that
owns, operates, or controls the operating system software on a
computer, mobile device, or any other general purpose computing
device.

(K)
"Personal data" means any information that is linked or
reasonably linkable to an identified or identifiable person in this
state. "Personal data" does not include either of the
following:

(1)
Publicly available information;

(2)
Personal data that has been de-identified or aggregated using
commercially reasonable methods such that neither the associated
person, nor a device linked to that person, can be reasonably
identified.

(L)
"Minor user" means a child that is the primary operator of
the device.

Sec.
1349.071.
(A)(1)
An operating system provider shall do all of the following:

(a)
Provide an accessible interface at account setup that requires an
account holder to indicate the date of birth, age, or both, of the
user of that device for the purpose of providing an age signal
regarding the user's age bracket data to applications available in a
covered application store;

(b)
Provide to the account holder information that the collected age
bracket data may be shared with developers to enable developers to
provide age-appropriate content for minor users;

(c)
Provide the information disclosed under division (A)(1)(b) of this
section to an account holder during account setup;

(d)
Provide a developer who has requested an age signal with respect to a
particular user with a digital signal via a reasonably consistent
real-time application programming interface that contains the user's
age bracket data;

(e)
Send only the minimum amount of information necessary to comply with
sections 1349.07 to 1349.074 of the Revised Code.

(2)
An operating system provider shall not share the age signal
information with a third party for a purpose not required by sections
1349.07 to 1349.074 of the Revised Code, except where legally
required, with user or parent consent, or within reasonable user
expectations.

(B)(1)
A developer shall request an age signal with respect to a particular
user when an application is downloaded, launched, or undergoes
significant updates.

(2)(a)
A developer that receives an age signal pursuant to this section
shall consider that age across all platforms of the application
taking into account its own commercially reasonable digital signals
of age.

(b)
A developer shall not willfully disregard internal clear and
convincing information otherwise available to the developer that
indicates that a user's age is different than the age bracket data
indicated by an age signal provided by an operating system provider
or a covered application store and may primarily rely on reasonable
internal digital signals of age where those signals are commercially
reasonable.

(3)(a)
Except as provided in division (B)(3)(b) of this section, a developer
shall treat an age signal received pursuant to this section as the
primary indicator of a user's age range for purposes of determining
the user's age.

(b)
If a developer has internal clear and convincing information that a
user's age is different than the age indicated by an age signal
received pursuant to this section, the developer shall use the
internal information as the primary indicator of the user's age.

(4)
A developer that receives an age signal pursuant to this section
shall use that signal to comply with applicable law, but shall not do
either of the following:

(a)
Request more information than the minimum amount of information
necessary to comply with sections 1349.07 to 1349.074 of the Revised
Code;

(b)
Share the age signal with a third party for a purpose not required by
sections 1349.07 to 1349.074 of the Revised Code.

Sec.
1349.072.
(A)
With respect to a device for which account setup was completed before
January 1, 2028, an operating system provider shall, before July 1,
2028, provide an accessible interface that allows an account holder
to affirmatively acknowledge the statement provided under division
(A)(1)(b) of section 1349.071 of the Revised Code and to indicate the
date of birth, age, or both, of the user of that device for the
purpose of providing an age signal regarding the user's age bracket
data to developers of applications available in a covered application
store.

(B)
If an application last updated with updates on or after January 1,
2027, was downloaded to a device before January 1, 2028, and the
developer has not requested an age signal with respect to the user of
the device on which the application was downloaded, the developer
shall request an age signal with respect to that user before July 1,
2028.

Sec.
1349.073.
(A)
Nothing in sections 1349.07 to 1349.074 of the Revised Code shall be
construed to modify, impair, or supersede the operation of any
provision of Chapter 1331. of the Revised Code.

(B)
Nothing in sections 1349.07 to 1349.074 of the Revised Code requires
the collection of additional personal information from device owners
or device users other than that which is necessary to comply with
section 1349.071 of the Revised Code.

(C)
An operating system provider shall comply with sections 1349.07 to
1349.074 of the Revised Code in a nondiscriminatory manner.

(D)
An operating system provider shall impose at least the same
restrictions and obligations on its own applications and application
distribution as it does on those from third-party applications or
application distributors.

(E)
An operating system provider shall not use data collected from a
third party in the course of compliance with sections 1349.07 to
1349.074 of the Revised Code to compete against that third party or
to otherwise use this data or consent mechanism in an anticompetitive
manner.

(F)
Sections 1349.07 to 1349.074 of the Revised Code do not apply to any
of the following:

(1)
A broadband internet access service;

(2)
A telecommunications service, as defined in 47 U.S.C. 153;

(3)
The delivery or use of a physical product.

(G)
Sections 1349.07 to 1349.074 of the Revised Code do not impose
liability on an operating system provider, a covered application
store, or a developer that arises from the use of a device or
application by a person who is not the user to whom a signal
pertains.

Sec.
1349.074.
(A)
Except as provided in division (H) of this section, no person shall
fail to comply with the requirements of sections 1349.07 to 1349.074
of the Revised Code.

(B)
The office of the attorney general has sole authority to enforce the
provisions of sections 1349.07 to 1349.074 of the Revised Code. The
remedies set forth in this section are the exclusive civil remedies
for any violation of those sections.

(C)
The attorney general shall file a civil enforcement action against a
person that fails to comply with the requirements of sections 1349.07
to 1349.074 of the Revised Code in the court of common pleas of the
county in which the alleged violation occurred, if known, or in the
Franklin county court of common pleas if the location of the
violation is unknown, against that person to seek injunctive relief
and the imposition of a civil penalty pursuant to division (D) or (E)
of this section.

(D)
If a person negligently violates division (A) of this section, the
attorney general shall request, and the court shall impose, both of
the following:

(1)
Injunctive relief;

(2)
A civil penalty of up to two thousand five hundred dollars per
affected child for each violation.

(E)
If a person purposely violates division (A) of this section, the
attorney general shall request, and the court shall impose, both of
the following:

(1)
Injunctive relief;

(2)
A civil penalty of up to seven thousand five hundred dollars per
affected child for each violation.

(F)
A civil penalty collected under division (D) or (E) of this section
shall be deposited into the consumer protection enforcement fund as
described in section 1345.51 of the Revised Code.

(G)
Nothing in this section shall be construed to provide a private right
of action.

(H)
An operating system provider or a covered application store that
makes a good faith effort to comply with sections 1349.07 to 1349.074
of the Revised Code, taking into consideration available technology
and any reasonable technical limitations or outages, is not liable
for an erroneous digital signal indicating a user's age range data or
any conduct by a developer that receives a digital signal indicating
a user's age range data.

Section
2.
That
existing section 1345.51 of the Revised Code is hereby repealed.

Section
3.
Sections
1 and 2 of this act take effect January 1, 2027.