Back to Utah

HB0498 • 2026

Utah App Store Accountability Act Amendments

Utah App Store Accountability Act Amendments

Enacted

This bill passed the Legislature and reached final enactment based on the latest official action.

Sponsor
Rep. Dunnigan, James A.
Last action
2026-03-18
Official status
Governor Signed
Effective date
Not listed

Plain English Breakdown

Using official source text because the generated explanation was unavailable or could not be confirmed against the official bill text.

Utah App Store Accountability Act Amendments

This bill amends the App Store Accountability Act.

What This Bill Does

  • This bill amends the App Store Accountability Act.

Limits and Unknowns

  • This entry is temporarily using official source text because the generated explanation could not be confirmed against the official bill text during the last sync.

Bill History

  1. 2026-03-18 Lieutenant Governor's office for filing

    Governor Signed

  2. 2026-03-16 Clerk of the House

    House/ received enrolled bill from Printing

  3. 2026-03-16 Executive Branch - Governor

    House/ to Governor

  4. 2026-03-12 Clerk of the House

    Enrolled Bill Returned to House or Senate

  5. 2026-03-12 Clerk of the House

    House/ enrolled bill to Printing

  6. 2026-03-07 Legislative Research and General Counsel / Enrolling

    Bill Received from House for Enrolling

  7. 2026-03-07 Legislative Research and General Counsel / Enrolling

    Draft of Enrolled Bill Prepared

  8. 2026-03-06 Senate President

    House/ concurs with Senate amendment

  9. 2026-03-06 House Speaker

    House/ received from Senate

  10. 2026-03-06 Legislative Research and General Counsel / Enrolling

    House/ signed by Speaker/ sent for enrolling

  11. 2026-03-06 Senate President

    House/ to Senate

  12. 2026-03-06 Senate President

    Senate/ received from House

  13. 2026-03-06 House Speaker

    Senate/ signed by President/ returned to House

  14. 2026-03-06 House Speaker

    Senate/ to House

  15. 2026-03-05 House Concurrence Calendar

    House/ placed on Concurrence Calendar

  16. 2026-03-05 Clerk of the House

    House/ received from Senate

  17. 2026-03-05 Senate 2nd Reading Calendar

    Senate/ 2nd & 3rd readings/ suspension

  18. 2026-03-05 Senate 2nd Reading Calendar

    Senate/ Rules to 2nd Reading Calendar

  19. 2026-03-05 Senate 2nd Reading Calendar

    Senate/ circled

  20. 2026-03-05 Clerk of the House

    Senate/ passed 2nd & 3rd readings/ suspension

  21. 2026-03-05 Senate 2nd Reading Calendar

    Senate/ placed on 2nd Reading Calendar

  22. 2026-03-05 Clerk of the House

    Senate/ to House with amendments

  23. 2026-03-05 Senate 2nd Reading Calendar

    Senate/ uncircled

  24. 2026-03-04 Senate Rules Committee

    Senate/ returned to Rules

  25. 2026-03-02 Senate Transportation, Public Utilities, Energy, and Technology Committee

    Senate/ comm rpt/ substituted

  26. 2026-03-02 Senate 2nd Reading Calendar

    Senate/ placed on 2nd Reading Calendar

  27. 2026-02-27 Released

    LFA/ fiscal note publicly available for HB0498S02

  28. 2026-02-27 Version Sponsor

    LFA/ fiscal note sent to sponsor for HB0498S02

  29. 2026-02-27 Senate Transportation, Public Utilities, Energy, and Technology Committee

    Senate Comm - Favorable Recommendation

  30. 2026-02-27 Senate Transportation, Public Utilities, Energy, and Technology Committee

    Senate Comm - Substitute Recommendation

  31. 2026-02-26 Legislative Fiscal Analyst

    LFA/ bill assigned to staff for fiscal analysis for HB0498S02

  32. 2026-02-26 Legislative Fiscal Agency

    LFA/ bill sent to agencies for fiscal input for HB0498S02

  33. 2026-02-26 Senate Transportation, Public Utilities, Energy, and Technology Committee

    Senate/ to standing committee

  34. 2026-02-25 Senate Rules Committee

    Senate/ 1st reading (Introduced)

  35. 2026-02-24 House 3rd Reading Calendar for House bills

    House/ 3rd reading

  36. 2026-02-24 House 3rd Reading Calendar for House bills

    House/ circled

  37. 2026-02-24 Senate Secretary

    House/ passed 3rd reading

  38. 2026-02-24 Senate Secretary

    House/ to Senate

  39. 2026-02-24 House 3rd Reading Calendar for House bills

    House/ uncircled

  40. 2026-02-24 Waiting for Introduction in the Senate

    Senate/ received from House

  41. 2026-02-19 House 3rd Reading Calendar for House bills

    House/ 2nd reading

  42. 2026-02-19 House Economic Development and Workforce Services Committee

    House/ comm rpt/ substituted

  43. 2026-02-18 House Economic Development and Workforce Services Committee

    House Comm - Favorable Recommendation

  44. 2026-02-18 House Economic Development and Workforce Services Committee

    House Comm - Substitute Recommendation

  45. 2026-02-17 Legislative Fiscal Analyst

    LFA/ bill assigned to staff for fiscal analysis for HB0498S01

  46. 2026-02-17 Legislative Fiscal Agency

    LFA/ bill sent to agencies for fiscal input for HB0498S01

  47. 2026-02-17 Released

    LFA/ fiscal note publicly available for HB0498S01

  48. 2026-02-17 Version Sponsor

    LFA/ fiscal note sent to sponsor for HB0498S01

  49. 2026-02-12 House Economic Development and Workforce Services Committee

    House/ to standing committee

  50. 2026-02-11 House Rules Committee

    House/ received fiscal note from Fiscal Analyst

  51. 2026-02-11 Released

    LFA/ fiscal note publicly available for HB0498

  52. 2026-02-06 Version Sponsor

    LFA/ fiscal note sent to sponsor for HB0498

  53. 2026-02-05 Legislative Research and General Counsel

    Bill Numbered but not Distributed

  54. 2026-02-05 House Rules Committee

    House/ 1st reading (Introduced)

  55. 2026-02-05 Clerk of the House

    House/ received bill from Legislative Research

  56. 2026-02-05 Legislative Fiscal Analyst

    LFA/ bill assigned to staff for fiscal analysis for HB0498

  57. 2026-02-05 Legislative Fiscal Agency

    LFA/ bill sent to agencies for fiscal input for HB0498

  58. 2026-02-05 Legislative Research and General Counsel

    Numbered Bill Publicly Distributed

Official Summary Text

This bill amends the App Store Accountability Act.

Current Bill Text

Read the full stored bill text
30
13-76-101
13-76-201
13-76-202
13-76-301
13-76-401
13-76-402
13-76-404
37
37
Utah App Store Accountability Act Amendments
2026 GENERAL SESSION
STATE OF UTAH
Chief Sponsor: James A. Dunnigan
Senate Sponsor: Todd Weiler
LONG TITLE
General Description:
This bill amends the App Store Accountability Act.
Highlighted Provisions:
This bill:
defines terms;
adds requirements for pre-installed applications;
modifies app store provider and developer requirements;
modifies provisions relating to age-related restrictions and defaults;
modifies enforcement and safe harbor provisions; and
makes technical and conforming changes.
Money Appropriated in this Bill:
None
Other Special Clauses:
This bill provides a special effective date.
Utah Code Sections Affected:
AMENDS:
13-76-101
Effective
upon governor's approval
, as enacted by Laws of Utah 2025,
Chapter 446
13-76-201
Effective
upon governor's approval
, as enacted by Laws of Utah 2025,
Chapter 446
13-76-202
Effective
upon governor's approval
, as enacted by Laws of Utah 2025,
Chapter 446
13-76-401
Effective
upon governor's approval
, as enacted by Laws of Utah 2025,
Chapter 446
13-76-402
Effective
upon governor's approval
, as enacted by Laws of Utah 2025,
Chapter 446
13-76-404
Effective
upon governor's approval
, as enacted by Laws of Utah 2025,
Chapter 446
REPEALS:
13-76-301
Effective
upon governor's approval
, as enacted by Laws of Utah 2025,
Chapter 446
Be it enacted by the Legislature of the state of Utah:
Section 1. Section
13-76-101
is amended to read:
13-76-101
Effective
upon governor's approval
. Definitions.
As used in this chapter:
(1)
"Account holder" means an individual who is associated with a mobile device.
(2)
"Age category" means one of the following categories of individuals based on age:
(a)
"child" which means an individual who is under 13 years old;
(b)
"younger teenager" which means an individual who is at least 13 years old and under
16 years old;
(c)
"older teenager" which means an individual who is at least 16 years old and under 18
years old; or
(d)
"adult" which means an individual who is at least 18 years old.
(2)
(3)
"Age category data" means information about a user's age category that is:
(a)
collected by an app store provider; and
(b)
shared with a developer.
(3)
(4)
"Age rating" means a classification that provides an assessment of the suitability of
an app's content for different age groups.
(4)
(5)
"App" means a software application or electronic service that a user may run or
direct on a mobile device.
(5)
(6)
"App store" means a publicly available website, software application, or electronic
service that allows users to download apps from third-party developers onto a mobile
device.
(6)
(7)
"App store provider" means a person that owns, operates, or controls an app store
that allows users in the state to download apps onto a mobile device.
(7)
(8)
"Content description" means a description of the specific content elements that
informed an app's age rating.
(8)
(9)
"Developer" means a person that owns or controls an app made available through
an app store in the state.
(9)
"Division" means the Division of Consumer Protection, established in Section
13-2-1
.
(10)
"In-app purchase" means a charge associated with any user conduct within an app and
billed by an app store for the acquisition of virtual currency, digital goods, digital
services, or other apps.
(10)
(11)
"Knowingly" means to act with actual knowledge or to act with knowledge fairly
inferred based on objective circumstances.
(11)
(12)
"Minor" means an individual under 18 years old.
"Minor" means an individual
under 18 years old that:
(a)
has not been emancipated as that term is defined in Section
80-7-102
; or
(b)
has not been married.
(12)
(13)
"Minor account" means an account with an app store provider that:
(a)
is established by an individual who the app store provider has determined is under 18
years old through the app store provider's age verification methods; and
(b)
requires affiliation with a parent account.
(13)
(14)
"Mobile device" means a phone or general purpose tablet that:
(a)
provides cellular or wireless connectivity;
(b)
is capable of connecting to the
Internet
internet
;
(c)
runs a mobile operating system; and
(d)
is capable of running apps through the mobile operating system.
(14)
(15)
"Mobile operating system" means software that:
(a)
manages mobile device hardware resources;
(b)
provides common services for mobile device programs;
(c)
controls memory allocation; and
(d)
provides interfaces for applications to access device functionality.
(15)
(16)
"Parent" means, with respect to a minor,
any of the following individuals who
have legal authority to make decisions on behalf of the minor
an individual who is
reasonably believed to be
:
(a)
an individual with a parent-child relationship under Section
78B-15-201
81-5-201
;
(b)
a legal guardian;
or
(c)
an individual with legal custody
.
; or
(d)
any other individual who has legal authority to make decisions on behalf of a minor.
(16)
(17)
"Parent account" means an account with an app store provider that:
(a)
is verified to be established by an individual who the app store provider has
determined is
at least 18 years old
not a minor
through the app store provider's age
verification methods; and
(b)
may be affiliated with one or more minor accounts.
(17)
(18)
"Parental consent disclosure" means the following information that an app store
provider is required to provide to a parent before obtaining
verifiable
parental consent:
(a)
if the app store provider has an age rating for the app
or in-app purchase
, the app's
or in-app purchase's
age rating;
(b)
if the app store provider has a content description for the app
or in-app purchase
,
the app's
or in-app purchase's
content description;
(c)
a description of:
(i)
the personal data collected by the app from a user; and
(ii)
the personal data shared by the app with a third party; and
(d)
if personal data is collected by the app, the methods implemented by the developer to
protect the personal data.
(19)
(a)
"Pre-installed application" means an app, or portion of an app, that is present on
a mobile device at the time of:
(i)
purchase;
(ii)
initial activation; or
(iii)
first use by a consumer.
(b)
"Pre-installed application" includes:
(i)
an app, or portion of an app, installed or partially installed by:
(A)
the device manufacturer;
(B)
a wireless service provider;
(C)
a retailer; or
(D)
any other party before purchase, initial activation, or first use by the
consumer; and
(ii)
browsers, search engines, and messaging applications.
(c)
"Pre-installed application" does not include:
(i)
core operating system functions;
(ii)
essential device drivers;
(iii)
applications necessary for basic device operation, including:
(A)
phone applications;
(B)
settings applications; or
(C)
emergency services applications; or
(iv)
security or system maintenance applications essential to device functionality.
(18)
(20)
"Significant change" means a material modification to an app's terms of service
or privacy policy that:
(a)
changes the categories of data collected, stored, or shared;
(b)
alters the app's age rating or content descriptions;
(c)
introduces in-app purchases where no in-app purchases were previously present in
the app; or
(d)
introduces advertisements where no advertisements were previously present in the
app.
(c)
adds new monetization features, including:
(i)
in-app purchases; or
(ii)
advertisements; or
(d)
materially changes the app's:
(i)
functionality; or
(ii)
user experience.
(19)
(21)
"Verifiable parental consent" means authorization that:
(a)
is provided by an individual who the app store provider has verified is an adult;
(b)
is given after the app store provider has clearly and conspicuously provided the
parental consent disclosure to the individual; and
(c)
requires the parent to make an affirmative choice to:
(i)
grant consent; or
(ii)
decline consent.
Section 2. Section
13-76-201
is amended to read:
13-76-201
Effective
upon governor's approval
. App store provider
requirements.
(1)
An
Beginning May 6, 2027, an
app store provider shall:
(a)
at the time an individual who is located in the state creates an account with the app
store provider
, or for an existing account, within 12 months after the day on which
the obligations described in this section take effect
:
(i)
request age
category
information from the individual; and
(ii)
verify the individual's age category using commercially available methods that
are reasonably designed to ensure accuracy, which for a minor shall include
affirmative age attestation by a parent together with other age information
collected as part of the creation or use of an account;
(ii)
verify the individual's age category using:
(A)
commercially available methods that are reasonably designed to ensure
accuracy; or
(B)
an age verification method or process that complies with rules made by the
division under Section
13-76-301
;
(b)
if the age verification method or process described in Subsection
(1)(a)
determines
the individual is a minor:
(i)
require the account to be affiliated with a parent account; and
(ii)
obtain verifiable parental consent from the holder of the affiliated parent account
before allowing the minor to:
(A)
download an app;
(B)
purchase an app; or
(C)
make an in-app purchase;
(c)
after receiving notice of a significant change from a developer:
(i)
notify the
user
account holder
of the significant change; and
(ii)
for a minor account:
(A)
notify the holder of the affiliated parent account; and
(B)
obtain renewed verifiable parental consent;
(d)
provide to a developer, in response to a request authorized under Section
13-76-202
:
(i)
age category data for a user located in the state; and
(ii)
the status of verified parental consent for a minor located in the state;
(e)
notify a developer when a parent revokes parental consent;
and
(f)
protect
personal age verification data
age category data and any associated
verification data
by:
(i)
limiting collection and processing to data necessary for:
(A)
verifying
a user's
an account holder's
age;
(B)
obtaining
verifiable
parental consent; or
(C)
maintaining compliance records; and
(ii)
transmitting
personal age verification
age category
data using industry-standard
encryption protocols that ensure:
(A)
data integrity; and
(B)
data confidentiality
.
;
(g)
for a pre-installed application:
(i)
provide available age category information in response to a request from a
developer; and
(ii)
take reasonable measures to facilitate verifiable parental consent for use of the
app in response to a request from a developer; and
(h)
comply with a developer's request made in accordance with Subsection
13-76-202(6)

to prevent minor accounts from downloading or purchasing the developer's app.
(2)
An
Beginning May 6, 2027, an
app store provider may not:
(a)
enforce a contract or terms of service against a minor unless the app store provider
has obtained verifiable parental consent;
(b)
knowingly misrepresent the information in the parental consent disclosure; or
(c)
share
personal age verification
age category data or any associated verification
data
except:
(i)
between an app store provider and a developer as required by this chapter; or
(ii)
as required by law.
Section 3. Section
13-76-202
is amended to read:
13-76-202
Effective
upon governor's approval
. Developer requirements.
(1)
A
Beginning May 6, 2027, a
developer shall:
(a)
verify through the app store's data sharing methods:
(i)
the age category
data
of
users
account holders
located in the state; and
(ii)
for a minor account, whether verifiable parental consent has been obtained;
(b)
notify app store providers of a significant change to the app;
and
(c)
use age category data received from an app store provider to:
(i)
enforce any developer-created age-related restrictions;
(ii)
ensure compliance with applicable laws and regulations; and
(iii)
implement any developer-created safety-related features or defaults;
(d)
(c)
request
personal
age
verification
category
data or parental consent:
(i)
at the time
a user
an account holder
:
(A)
downloads an app;
or
(B)
purchases an app;
or
(C)
launches a pre-installed application for the first time;
(ii)
when implementing a significant change to the app; or
(iii)
to comply with applicable laws or regulations.
(2)
A
Beginning May 6, 2027, a
developer may request
personal age verification
age
category
data
or parental consent
:
(a)
no more than once during each 12-month period to verify:
(i)
accuracy of
user age verification data
age category data associated with an
account holder
; or
(ii)
continued account use within the verified age category;
(b)
when there is reasonable suspicion of:
(i)
account transfer; or
(ii)
misuse outside the verified age category; or
(c)
at the time
a user
an account holder
creates a new account with the developer.
(3)
(a)
When
Beginning May 6, 2027, when

initially
implementing any
developer-created safety-related features or defaults, a developer shall use the lowest
age category indicated by:
(a)
(i)
age verification data provided by an app store provider; or
(b)
(ii)
age data independently collected by the developer.
(b)
Subsection
(3)(a)
does not prohibit a developer from allowing a parent to customize
age-related restrictions, safety-related features, or content settings for individual users
within a minor account after the initial defaults described in Subsection
(3)(a)
are set.
(4)
A
Beginning May 6, 2027, a
developer may not:
(a)
enforce a contract or terms of service against a minor unless the developer has
verified through
the app store provider
the app store's data sharing methods
that
verifiable parental consent has been obtained;
(b)
knowingly misrepresent any information in the parental consent disclosure; or
(c)
share age category data with any person.
(5)
Beginning May 6, 2027, a developer may only use age category data received through
the app store's data sharing methods to:
(a)
enforce any developer-created age-related restrictions;
(b)
ensure compliance with applicable laws and regulations; or
(c)
implement any developer-created safety-related features or defaults.
(6)
Beginning May 6, 2027, a developer may request that an app store provider prevent
minor accounts from downloading or purchasing the developer's app.
Section 4. Section
13-76-401
is amended to read:
13-76-401
Effective
12/31/26
Effective
upon governor's approval
.
Enforcement.
(1)
A violation of Subsection
13-75-201(2)(b)
or Subsection
13-75-202(4)(b)
constitutes a
deceptive trade practice under Section
13-11a-3
.
(2)
(1)
(a)
Only
Beginning May 6, 2027, only
a minor, or the parent of that minor, who
has been harmed by a violation of Subsection
13-75-201(2)
13-76-201(2)
may bring
a civil action against an app store provider.
(b)
Only
Beginning May 6, 2027, only
a minor, or the parent of that minor, who has
been harmed by a violation of Subsection
13-75-202(4)
13-76-202(4)
may bring a
civil action against a developer.
(3)
(2)
In an action described in Subsection
(2)
(1)
, the court shall award a prevailing
parent:
(a)
the greater of:
(i)
actual damages; or
(ii)
$1,000 for each violation;
(b)
reasonable attorney fees; and
(c)
litigation costs.
Section 5. Section
13-76-402
is amended to read:
13-76-402
Effective
upon governor's approval
. Safe harbor.
(1)
A developer is not liable for a violation of this chapter if the developer demonstrates
that the developer:
(a)
relied in good faith on:
(i)
personal age verification
age category
data
provided by an app store provider
received through an app store's data sharing methods
; and
(ii)
notification from an app store provider that verifiable parental consent was
obtained if the
personal age verification data
age category data
indicates that the
user
account holder
is a minor; and
(b)
complied with the requirements described in Section
13-76-202
.
(2)
For purposes of setting the age category of an app and providing content description
disclosures to an app store provider, a developer complies with Subsection
13-75-202(4)(b)
if the developer:
(a)
uses widely adopted industry standards to determine:
(i)
the app's age category; and
(ii)
the content description disclosures; and
(b)
applies those standards consistently and in good faith.
(3)
(2)
The safe harbor described in this section:
(a)
applies only to actions brought under this chapter; and
(b)
does not limit a developer or app store provider's liability under any other applicable
law.
(4)
Nothing in this chapter shall displace any other available remedies or rights authorized
under the laws of this state or the United States.
Section 6. Section
13-76-404
is amended to read:
13-76-404
Effective
upon governor's approval
. Application and limitations.
Nothing in this chapter shall be construed to:
(1)
prevent an app store provider or developer from taking reasonable measures to:
(a)
block, detect, or prevent distribution to minors of:
(i)
unlawful material;
(ii)
obscene material; or
(iii)
other harmful material;
(b)
block or filter spam;
(c)
prevent criminal activity; or
(d)
protect app store or app security;
(2)
require an app store provider to disclose user information to a developer beyond:
(a)
age category
data
; or
(b)
verification of parental consent status;
(3)
allow an app store provider or developer to implement measures required by this
chapter in a manner that is:
(a)
arbitrary;
(b)
capricious;
(c)
anticompetitive; or
(d)
unlawful;
(4)
require an app store provider or developer to obtain parental consent for an app that:
(a)
provides direct access to emergency services, including:
(i)
911;
(ii)
crisis hotlines; or
(iii)
emergency assistance services legally available to minors;
(b)
limits data collection to information necessary to provide emergency services in
compliance with 15 U.S.C. Sec. 6501 et seq., Children's Online Privacy Protection
Act;
(c)
provides access without requiring:
(i)
account creation; or
(ii)
collection of unnecessary personal information; and
(d)
is operated by or in partnership with:
(i)
a government entity;
(ii)
a nonprofit organization; or
(iii)
an authorized emergency service provider; or
(5)
(4)
require a developer to collect, retain, reidentify, or link any information beyond
what is:
(a)
necessary to verify age categories and parental consent status as required by this
chapter; and
(b)
collected, retained, reidentified, or linked in the developer's ordinary course of
business
.
;
(5)
require an app store provider or developer to block access to an application that an
account holder has downloaded or installed onto a mobile device before the day on
which the obligations described in Sections
13-76-201
and
13-76-202
take effect, except
to the extent that:
(a)
a parent account revokes verifiable parental consent for an affiliated minor account;
or
(b)
a significant change to the application has occurred;
(6)
require a developer or app store provider to create, adopt, or implement an app age
rating system or content classification framework; or
(7)
displace any other available remedies or rights authorized under the laws of this state or
the United States.
Section 7.
Repealer.
Division rulemaking.
Section 8.
Effective Date.
This bill takes effect:
(1)
except as provided in Subsection (2),
May 6, 2026
; or
(2)
if approved by two-thirds of all members elected to each house:
(a)
upon approval by the governor;
(b)
without the governor's signature, the day following the constitutional time limit of
Utah Constitution, Article VII, Section 8; or
(c)
in the case of a veto, the date of veto override.
3-12-26 12:42 PM