Industry

SB2420 Explained: What Publishers Must Do Before January 1, 2026

Itamar Nadel
Itamar NadelAdv. | Account Manager, Appcharge
5 min read
Cover Image

New laws are coming to Texas, Utah, and Louisiana that impact publishers globally. Starting January 1, 2026, app stores will begin verifying user age and parental-approval status under SB2420. Both Apple and Google have now confirmed that they will provide developers with age-category signals through dedicated APIs. As a result, SB2420 will create actual knowledge of under-13 users, which directly triggers COPPA obligations.

 

Because developers will receive age-category metadata (for example: Under 13, 13–17, 18+), publishers must ensure that any collecting personal information is fully blocked for under-13 users unless verifiable parental consent exists. This applies to all publishers who operate in the affected U.S. states, regardless of where their studio is based.

What SB2420 Actually Requires

Texas SB2420 takes effect on January 1, 2026, with Utah (May 7) and Louisiana (July 1) following. The core requirement is simple:

 

  • App stores must verify user age

  • App stores must determine whether parental approval exists

  • App stores must enforce these rules and will provide age-category eligibility metadata to developers

  • Developers must block in-app and Payment Links purchases from under-18 users without verified parental consent

 

Beyond that: Until now, publishers did not receive verified age signals from app stores. SB2420 changes that. Both Apple and Google will now provide age-category signals specifically to enable compliance.

 

Does SB2420 Apply to Web Stores?

SB2420 itself regulates app stores, not off-app web-based checkout pages. It appears not to apply to Web Stores because, among others, the law presumes that age-verification data will be supplied through the app stores themselves, indicating that the statute is aimed at regulating transactions within the app-store ecosystem rather than external web-based commerce.

 

However, because digital goods purchased on a Web Store are related to the in-app ecosystem, there is theoretical ambiguity around how “in-app purchase" is defined

 

How SB2420 Triggers COPPA Obligations

COPPA applies when:

 

• A product is directed to children under 13, or
• The publisher has actual knowledge that a user is under 13.

 

With Apple and Google now providing age-category signals, publishers will gain actual knowledge when a user is identified as Under 13. COPPA treats any collection of personal information, including Web Stores checkouts, Payment Links, or any external checkout, as data collected on behalf of the publisher.

 

This means that if an under-13 user completes a checkout, even through a service provider, the publisher is responsible for the COPPA violation.

 

What Publishers Must Do To Stay Compliant

Under 18, without verified parental approval

  • Block in-app purchases (IAP)

  • Block Payment Links

  • Web Store purchases are not regulated by SB2420

 

Under 13 without verified parental approval (SB2420) and consent for data collection (COPPA):
 

  • IAP: do not collect any personal information and don't allow users to make a purchase.

  • Payment Links: do not offer Payment Links to these users.

  • Web Stores: do not allow users to purchase on web stores.

 

Additionally:

 

  • Don’t collect personal information from under-13 across any surface without parental consent.

  • Ensure that any service providers do not collect or store this data.

 

Implementation Notes

  • Apply geo-based rules using affected U.S. states.

  • Apply age-based rules using age-category metadata from Apple and Google.

  • Coordinate product, monetization, engineering, and privacy teams early.

  • Fully test blocking logic before enforcement dates.

 

How Appcharge Supports Compliance

Appcharge helps publishers with best practices implementing age and geo-based restrictions across Web Stores and Payment Links, and provides guidance on complying with COPPA, SB2420, GDPR, and other global regulations.


Our MoR infrastructure supports compliant payment operations, tax, chargeback handling, and fraud prevention - we handle all the heavy lifting. However, age-verification and age-category processing remain the responsibility of developers and app stores.

 

We continue to monitor regulatory developments and support partners through upcoming enforcement milestones.

 

Disclaimer

 

This post is not legal advice. Each publisher should consult legal counsel for regulatory analysis. Appcharge continuously monitors evolving regulations and is available to support publishers with implementation guidance.

FacebookLinkedInX (Twitter)

Monetization Unlocked!Monetization Unlocked!

Join dozens of leading publishers getting industry-insider resources, tips, and useful insights every month.

Other articles that fit your play

From Fragmented Stores to a Unified DTC Ecosystem: How Huuuge Reached 35% DTC Share with Appcharge

Case study

From Fragmented Stores to a Unified DTC Ecosystem: How Huuuge Reached 35% DTC Share with Appcharge

Read the growth story
The Google-Epic Settlement: Beyond The Headlines

The Google-Epic Settlement: Beyond The Headlines

Appcharge Team
Appcharge Team
Appcharge Reaches $1 Billion in Annualized DTC Transaction Volume

Appcharge Reaches $1 Billion in Annualized DTC Transaction Volume

Appcharge Team
Appcharge Team
Introducing Template Studio: A Faster Way to Build and Grow Your Web Store

Introducing Template Studio: A Faster Way to Build and Grow Your Web Store

Fanny Beili
Fanny BeiliVP of Product, Appcharge