A Bipartisan Deal With a Steep Trade-Off
After years of legislative gridlock, House Energy and Commerce Committee Chairman Brett Guthrie (R-KY) and Ranking Member Frank Pallone (D-NJ) announced a bipartisan agreement on June 23, 2026, consolidating 12 child-safety measures into a single Kids Internet and Digital Safety (KIDS) Act, targeting a full House floor vote under suspension rules that would require a two-thirds majority.
The package has genuine substance. It incorporates KOSA, COPPA 2.0, a data-broker registry, the SAFE BOTS Act, and the SCREEN Act, among others. It extends the Children's Online Privacy Protection Act's protections — limited since 1998 to children under 13 — up to age 17. Covered platforms must activate maximum default privacy settings for minors, disable algorithmic amplification by default, bar AI chatbots from impersonating humans, and respond to harm reports within 10 days. A new FTC-administered data-broker registry carries a minimum $22,500 annual registration fee. These are real, enforceable improvements.
The strongest case for action is plain: adolescent mental health data is alarming, platforms knowingly deployed addictive design features targeting teenagers, and COPPA's under-13 threshold left an entire generation legally unprotected while social media companies actively courted them. Inaction on the 13-to-17 gap has persisted for nearly three decades.
What the Deal Surrendered
Here is the problem: the provision that made tech companies most uncomfortable never made it into the final text.
The Senate version of KOSA included a legally enforceable duty of care — a standard requiring platforms to actively prioritize children's wellbeing, not merely avoid an enumerated checklist of prohibited behaviors. It would have created accountability for novel harms the statute itself couldn't anticipate. That catch-all mechanism was the bill's most powerful provision.
The House stripped it entirely. Within hours of the June 23 announcement, Senate KOSA authors declared the House package dead on arrival. Their objection is substantive: without a duty of care, a platform can satisfy every specific prohibition in the KIDS Act while continuing to develop harmful features that fall outside the enumerated list. The bill becomes a ceiling, not a floor. A compliance-demonstration regime replaces outcome accountability.
The Age-Verification Problem in the Fine Print
What the deal substituted reveals the true trade. The KIDS Act does not explicitly mandate age verification — but it creates a negligence liability standard that makes blanket verification of all users the rational legal response for any platform seeking to minimize exposure.
The trigger is a "know or should have known" standard: platforms face liability whenever circumstances would give a reasonable operator cause to believe a user is under 17. As the Electronic Frontier Foundation observed in its June 24, 2026 analysis, this structure means the bill effectively "would require age checks to get online" — not by statutory command, but as the only credible legal defense. Center for Democracy and Technology senior counsel Kate Ruane framed the consequence directly: "The bill will incentivize age verification to access online services, putting the privacy of all internet users — kids and adults alike — at risk."
The privacy cost is concrete. Age verification requires collecting and retaining government ID or biometric data for every user, creating a significant breach target. The underlying technology also fails unevenly: EFF's analysis notes that age-estimation systems perform worse for people of color, people with disabilities, and trans and nonbinary users — embedding demographic error rates into a gatekeeping mechanism for the open internet.
The Paxton Ruling Does Not Settle This
Supporters of the approach point to the Supreme Court's June 27, 2025 decision in Free Speech Coalition v. Paxton, in which a 6-3 majority upheld Texas's age-verification mandate for websites whose content is at least one-third sexually explicit. If the Court permitted age-gating for adult sites, the argument goes, the KIDS Act's negligence standard should survive too.
The analogy is legally tenuous. The Paxton reasoning rested on the specific constitutional status of obscenity — material classified as "harmful to minors" under a well-established legal test — and the Court applied intermediate rather than strict scrutiny specifically because of that classification. General-purpose social media platforms carry constitutionally protected political speech, health information, journalism, and minority community organizing. The scrutiny standard for age-gating that content is not the same one the Court applied to pornography sites. CDT has argued that Paxton is "not carte blanche for age verification," and challenges from civil liberties organizations are certain to follow if the bill passes. Twenty-four states have enacted age-verification laws since 2022, and the litigation map is already active.
The Road Ahead Is Steep
The KIDS Act faces a harder path than its bipartisan framing suggests. Senate KOSA authors oppose it outright. A bipartisan coalition of state attorneys general has challenged its preemption clause, which overrides stronger state-level protections — a concern Ranking Member Pallone himself raised during earlier committee consideration. The two-thirds threshold under suspension rules leaves minimal margin for defections from either side.
The bill's deeper flaw is structural. Trading a legally enforceable duty of care — which places accountability on platforms for outcomes — for a negligence standard that incentivizes identity verification of all users inverts where the compliance burden falls. The large platforms best positioned to absorb verification infrastructure costs are the same incumbents who lobbied hardest against the duty of care provision. Smaller services and ordinary users pay the price.
A proportionate path forward would restore a well-scoped duty of care, confine age-verification requirements to contexts where existing case law has actually upheld them, and invest in privacy-preserving architectures that confirm age without retaining raw identity data. Children deserve real protection from harmful platform design. Adults deserve an open internet they do not have to show papers to enter.