Age verification online is regrettably becoming the norm. Platforms are increasingly asking users to prove their age before accessing certain content or services. That usually means handing over personal data, sometimes even biometric data, to a third-party provider, then hoping they do not sell it, suffer a breach, or both.
Now, the U.S. state of Colorado is mulling over a bill to implement age reporting for installing apps on computers and mobile devices.
Age Attestation, What?
Senator Matt Ball and Representative Amy Paschal presented this bill, Age Attestation on Computing Devices (SB26-051), to the Colorado Senate, where it was assigned to the Business, Labor, and Technology Committee.
Currently only a proposal, the bill calls for operating system providers like Microsoft, Google, Apple, and Canonical to present an interface during device account setup that asks the account holder (a person in Colorado) to specify the birth date/age of the device's user.
That age data is then translated into an "age signal," which apps can call on via an API when a user downloads or launches them. The bill claims that this refers to non-personally identifiable data taken from a user's birth date or age.
The age signal does not hand over a specific birthdate to developers. It works in four age ranges — under 13, 13 to under 16, 16 to under 18, and 18 and above.
The bill also explicitly states that only the minimum amount of information necessary should be shared. Neither the OS provider nor developers are allowed to pass the age signal to third parties for purposes outside of what the bill requires.
On paper, the fines for violations sound like a serious deterrent. Up to $2,500 per minor affected for a negligent violation and up to $7,500 per minor for an intentional one. For a platform with millions of minor users, those numbers could stack up fast.
But the penalty is only triggered if the state Attorney General chooses to bring a civil action, which means enforcement is entirely dependent on the political will of whoever holds that office at a given time.
Given the sad state of things currently, where minors' rights are violated routinely without any accountability or real punishment, these fines sound more like a slap on the wrist than a genuine consequence.
The Flaws
The most immediate problem with SB26-051 is that it never specifies how age is actually determined. The bill says account holders must "indicate" the birth date or age of the user.
That's it; no verification mechanism, no ID check, or anything else is mentioned. Any so-called "account holder" could just straight up lie, and the system would take it as is.
I understand the need for the moderation of what applications minors install and use. But such legislation can't be a substitute for parental oversight, and when such a thing is imposed, it usually ends up being both ineffective and overreaching.
Personally, I still think parents' or guardians' oversight (provided it is grounded) of what their children consume is the single most important thing that can prevent harmful content from influencing these young minds.
If passed, the bill would take effect on January 1, 2028. That said, if a referendum petition is filed against it within ninety days of the General Assembly adjourning, it would go to Colorado voters in November 2026 to decide its fate.
