“To protect the safety of minors on the internet, and for other purposes.”
No CRS summary available for this bill.
This section designates the Act as the “Kids Online Safety Act” and sets forth the table of contents.
This section defines terms used in the Act, including "child" as an individual under the age of 13, "minor" as an individual under the age of 17, "Commission" as the Federal Trade Commission, "covered platform" as a publicly available internet-connected website, software, application, or electronic service that enables searchable usernames, predominantly facilitates sharing of user-generated content, uses design features to promote user engagement, and employs user personal information for advertising, marketing, or content recommendations, and "design feature" as any platform component encouraging increased user frequency, time spent, or activity (e.g., infinite scrolling, autoplay, notifications, rewards, badges, or appearance-altering filters). It further defines "compulsive usage" as persistent, repetitive platform use substantially limiting major life activities (per the Americans with Disabilities Act); "know" or "knows" as having actual knowledge or acting in willful disregard; "parent" as a minor's legal guardian; "user" as an individual registering an account or creating a profile on a covered platform; and cross-references other federal statutes for "personal information" and "verifiable parental consent" (from the Children's Online Privacy Protection Act of 1998), "narcotic drug" (Controlled Substances Act), "physical violence" (18 U.S.C. §16), and "sexual exploitation and abuse" (specified child sex offenses under 18 U.S.C. §§2251, 2256, 2422, and 1591).
This section requires covered platforms to establish, implement, maintain, and enforce reasonable policies, practices, and procedures to address specified harms to minors, including (1) threats of physical violence, (2) sexual exploitation and abuse, (3) distribution, sale, or use of narcotic drugs, tobacco products, cannabis products, gambling, or alcohol, and (4) financial harm caused by deceptive practices. Such policies must be appropriate to the platform's size and complexity and the technological feasibility of mitigation. It clarifies that these requirements do not restrict minors from deliberately searching for or requesting content or accessing preventive resources and prohibits enforcement based on First Amendment-protected viewpoints.
This section establishes safeguards and parental tools that covered platforms must provide to users or visitors known to be minors, including (1) default settings limiting communications from other users and compulsive usage features at the most protective privacy and safety levels offered by the platform; (2) an option to limit time spent on the platform; and (3) for known children, default activation of parental tools allowing parents to manage privacy and account settings (including safeguards), restrict purchases and financial transactions, and view or limit time spent, with notice to the child of applied settings. It further requires (1) a reporting mechanism for harms to minors, with confirmation of receipt and a substantive response within 10 days (or as promptly as needed for imminent safety threats); and (2) prohibitions on advertising narcotic drugs, cannabis products, tobacco products, gambling, or alcohol to known minors. The section specifies accessibility requirements tailored to minors' ages and capacities, application of changes upon internet reconnection, and rules of construction preserving platforms' abilities to block harmful material or use third-party providers without disclosing minors' private data or behavior.
This section requires covered platforms, before a known minor registers or makes a purchase, to provide clear, conspicuous, and easy-to-understand notice of the platform's safeguards for minors and how to access safeguards and parental tools required under section 4. For a known child, it requires providing such information to a parent and obtaining verifiable parental consent—which may be deemed satisfied through compliance with, or consolidated processes under, the Children’s Online Privacy Protection Act of 1998 (COPPA) (15 U.S.C. 6501 et seq.). It also requires platforms to provide clear, conspicuous, and easy-to-understand labels and information to minors on advertisements disclosing endorsements of products, services, or brands made for commercial consideration by other users.
This section requires each covered platform to conduct an independent third-party audit not later than one year after enactment of this Act and annually thereafter. The audit must (1) apply evidence-based best practices and frameworks for required safeguards for minors, parental tools, and mitigation of specified harms to minors (with auditor consultation of parents, public health organizations, and free expression experts); (2) assess minor access likelihood, provide specified accountings (e.g., U.S. minor user counts, median/mean time spent, tool usage rates, report volumes), and describe safeguards, report handling, minor data practices, and design processes; and (3) be facilitated by full platform cooperation on information, access, and disclosures. The platform must submit audit results to the Commission within 30 days of completion.
This section establishes Federal Trade Commission (FTC) and state enforcement authority for violations of the Act. It (1) treats such violations as violations of a rule under section 18(a)(1)(B) of the Federal Trade Commission Act (15 U.S.C. 57a(a)(1)(B)) regarding unfair or deceptive acts or practices, enforceable by the FTC using the same manner, means, jurisdiction, powers, duties, penalties, privileges, and immunities as under the Federal Trade Commission Act (15 U.S.C. 41 et seq.); and (2) authorizes state attorneys general or officials to bring parens patriae civil actions in state or federal court to enjoin violations, enforce compliance, obtain damages or restitution, or secure other relief, subject to prior or immediate post-filing notice to the FTC, FTC rights to intervene and appeal, a prohibition on state actions during any pending federal action (by the FTC or U.S. Attorney General) against the same defendant for the same violation, and preservation of state investigative powers.
This section establishes a Kids Online Safety Council (Council) in the Department of Commerce to advise Congress via reports on minors' online safety on covered platforms, including identification of risks and benefits to minors; recommendations for assessing, preventing, and mitigating harms; research themes on harms; and best practices for platform reports and audits required under the Act. The Council comprises appointed representatives from academia, researchers, parents and minors, educators, covered platforms, constitutional/privacy/free expression experts, and state attorneys general (or designees), with appointments due within 180 days of the Act's effective date (as specified in section 14), terms for the Council's life, and self-selection of chair and vice chair. Within three years of the Act's effective date, the Council must submit a final report to Congress with findings, dissenting opinions, and legislative or administrative recommendations; the Council terminates 30 days thereafter. The Federal Advisory Committee Act does not apply.
This section establishes rules of construction clarifying that nothing in the Act (1) limits or impairs the Children's Online Privacy Protection Act of 1998 (COPPA, 15 U.S.C. 6501 et seq.) or rules promulgated thereunder; (2) authorizes actions conflicting with section 18(h) of the Federal Trade Commission Act (15 U.S.C. 57a(h)); or (3) expands, limits, or alters section 230 of the Communications Act of 1934 (47 U.S.C. 230). It further states that the Act does not restrict covered platforms from (1) cooperating with law enforcement on suspected violations of law; (2) complying with government inquiries, subpoenas, or summonses; (3) investigating or defending legal claims; (4) addressing security incidents, fraud, harassment, or illegal activity; or (5) investigating or reporting perpetrators of such activity. The section also provides that the Act does not require covered platforms to affirmatively collect user age-related personal information not already collected in the normal course of business.
This section preempts state and local laws, rules, regulations, requirements, standards, or other provisions having the force of law that relate to this Act.
This section establishes a severability clause, providing that the invalidation of any provision of the Act, or its application to any person or circumstance, does not affect the remainder of the Act or its application to other persons or circumstances.