Texas App Store Law Now Enforceable Following SCOTUS Ruling: What App Developers Should Do

After months of uncertainty over whether and when Texas’s App Store Accountability Act (“Texas’s App Store Law”) would take effect, on the Supreme Court has ruled that it will not stand in the way of its enforcement while the Fifth Circuit considers constitutional challenges. The law which in part requires app stores to verify users’ ages and obtain parental consent to allow minors to download or purchase apps or to make in-app purchases and requires app developers to ingest those age signals is now in effect and enforceable.

Organizations subject to the law should be prepared to immediately comply or risk an enforcement action. Our analysis and recommendations are below.

As similar age-assurance laws in Alabama, California, Louisiana, and Utah now seem more likely to survive similar injunctive relief efforts and constitutional challenges, organizations should start preparing to comply with these laws as well. Look for our upcoming post comparing and contrasting the requirements under these other laws.

What did the SCOTUS decide and what happens next?

Texas’s App Store Accountability Act-- was set to take effect on January 1, 2026. The law was preliminarily enjoined from enforcement by a lower court on the basis that it likely violated the First Amendment under strict scrutiny. On June 1, 2026, the Fifth Circuit stayed the injunction pending its review, concluding that the law would likely survive intermediate scrutiny and that “The balance of equities and public interest are clearcut in Texas’s favor.” A trade group submitted an emergency request to the Supreme Court to vacate the stay. On Monday, July 6, 2026, the Supreme Court ruled, in a one sentence order, denying the request with the effect of making the law immediately enforceable.

While the law is still pending review by the Fifth Circuit for constitutionality challenges, those challenges seem less likely to prevail given the Fifth Circuit’s strong statements in favor of Texas in its prior ruling staying the injunction and the SCOTUS ruling supporting that stay. In the meantime, while the Texas State AG has not stated whether it will enforce the law immediately or wait for the Fifth Circuit to decide the constitutional issues, the AG may be emboldened to act more immediately given the Fifth Circuit’s supportive statements.

What are the requirements of Texas App Store Law?

The following summarizes requirements under the Texas App Store Law. While there are numerous requirements for app stores, we focus primarily on requirements for app developers.

Age and consent information ingestion and verification. The Texas app store law and similar state age-verification laws will require app stores to collect age information from account holders and for app developers to ingest age category data and status of parental consent from the app store and use it to verify age. Ingestion of age information that includes ages of children and minors triggers a complex set of obligations under other laws, including COPPA and state laws that apply if you have actual knowledge that someone is a child or a minor. The Texas Data Privacy and Security Act (TDPSA), in particular, is triggered if you gain actual knowledge of a child under 13 using your services. Under the TDPSA, data about a child is considered sensitive data and subject to requirements beyond those under COPPA, including requirements to conduct a data protection assessment.

Safe-harbor. The Texas App Store Law does not address what happens if an app developer has inconsistent information about age that it may have collected through its own age-gating process as compared to what it receives from an app store. But under the law, a software application has incentive to rely on the age of the app store as it is not liable for requirements to verify age if it has relied on the age category and consent information from the app store (and otherwise complies with the law). Relying on more robust means to determine age than the current self-declaration method used by many app stores (i.e., when a user simply states their age without confirming evidence) can create interesting issues for app developers. Further, many more app developers are relying on more robust means of age verification because UK regulators have recently advised against relying on self-declaration for age gating.

Age rating designation. App developers will need to assign age ratings to their apps, document the elements that led to that rating, and provide the rating and such elements to the app store.

Notice of significant changes. App developers will need to notify app stores about any significant changes to the terms of service or privacy policy of their application. App stores will in turn need to provide new notice and obtain new parental consent for any significant changes. A change is significant if it (1) changes the type or category of personal data collected, stored, or shared by the developer; (2) affects or changes the rating of the software application or the content or elements that led to that rating; (3) adds new monetization features to the software application, including: (A) new opportunities to make a purchase in or using the software application; or (B) new advertisements in the software application; or (4) materially changes the functionality or user experience of the software application.

Limits on use of age and consent information. App developers may only use age and consent information obtained from app stores to 1) enforce age-based restrictions in their application, 2) ensure compliance with laws and regulations, and 3) implement safety features and default settings. App developers may not share or disclose personal data of users obtained from the app stores in connection with the law.

What should app developers do?

·       Comply with Texas’s law. If you have not already, review the obligations under the app law to assess if and how it applies to your organization. Develop a strategy to quickly come into compliance.

·       Understand app store rules. Review (and have your engineers review) Apple (here and here) and Google’s (here) developer pages for information about how to ingest age information and how to provide age rating and related documentation. Both platforms have indicated they will only send signals in each state as they go into effect. Google has stated that they have begun rolling out their Play Age Signals API "for new users in Texas who created their accounts after May 28, 2026," while Apple describes its Declared Age Range API as available "in certain regions, where legally required."

·       Determine your strategy for ingesting age signals. Decide on whether you will ingest age signals for all states or just states with laws currently in effect (Google currently only makes Texas available where Apple appears to allow ingestion of age range for all states). In making this decision review and assess COPPA and Texas’ and other state laws that have obligations triggered by knowledge that a user is a child or a teen.

·       Formalize how you handle receiving age signals. Formalize processes for when you gain knowledge of users’ ages through these age signals or other means. Determine your strategy for compliance with laws triggered by knowledge of age and whether blocking, deletion, or obtaining parental or teen consent is appropriate under these laws.  

·       Consider your strategy for responding to conflicting age signals. If you currently age gate, you may receive conflicting information about age from app stores. Decide what approach you will use to resolve conflicting age signals. Evaluate the relative risks of your approach taking into consideration other state laws with clearer guidelines.

·       Get ready for additional laws set to take effect early next year. Although Texas  is the only state app store law currently in effect and enforceable, get ready for Alabama (January 1, 2027 - for new accounts after October 2, 2026; October 1, 2027, for accounts in existence on October 2, 2026) California (January 1, 2027), and Louisiana (July 1, 2027), and Utah (May 6, 2027).

Susan Hintze is the founder and co-managing partner of Hintze Law. Recognized by Chambers, Legal 500, & Best Lawyers, Susan serves on the International Association of Privacy Professionals (IAPP) Board of Directors and is an IAPP Westin Emeritus Fellow. She is also co-chair of the firm’s Regulatory Defense Group.

Emily Litka Sanford is a Senior Associate at Hintze Law. Emily focuses her practice on global privacy and emerging AI laws and regulations.


Hansy Piou is an Associate at Hintze Law. Hansy has experience with global data protection issues, including kids’ global privacy laws, AADC, privacy impact assessments, GDPR, and privacy statements.



Hintze Law PLLC is a Chambers-ranked and Legal 500-recognized, boutique law firm that provides counseling exclusively on privacy, data security, and AI law. Its attorneys and data consultants support technology, ecommerce, advertising, media, retail, healthcare, and mobile companies, organizations, and industry associations in all aspects of privacy, data security, and AI law.