The legal landscape for digital compliance in Texas has shifted dramatically in recent months, as legislators have advanced a series of sweeping requirements for age verification and consumer protection online. These new laws have, and will have, widespread impact for on-line entities doing business with Texas residents, and those consumers that use those websites.
The Legislative Wave: App Store Accountability & Expanded Telemarketing Laws
This summer, Texas took bold steps to bolster online protections, especially for minors. Senate Bill 2420 (the Texas App Store Accountability Act – effective January 1, 2026) and Senate Bill 140 (a significant amendment to existing Texas telemarketing law – effective September 1, 2025) together create one of the most expansive digital compliance regimes in the country.
Once effective, S.B. 2420 requires app store operators to: (i) verify the ages of all users of their platforms in Texas, and (ii) prevent children from downloading or purchasing apps without parental approval. The law defines a “child” as “an individual who is younger than 13 years of age.” Developers must rate every app that will appear in an app store by age, provide clear disclosures to users and parents regarding ratings, content and data collection and notify app stores in writing of any software update, no matter how minor, such as introducing a new advertisement within the app. The new law’s reach is remarkably broad, affecting not just app stores, but nearly every digital developer with a presence in the Texas marketplace.
Additionally, Texas’ expansion of its telemarketing law stretches far beyond traditional “robo-calls,” now covering text and multimedia messages. Marketers must now register and provide detailed business information (including personal information for directors), with significant portions of such information subject to public disclosure. Importantly, S.B. 140 expands violations of the telemarketing law to constitute deceptive trade practices, granting public and private rights of action to bring claims for violations. This empowers both the state’s attorney general and individual plaintiffs to seek damages (including treble damages).
The Litigation Response: A Flood of Legal Challenges
Unsurprisingly, the scope of these mandates has triggered swift constitutional challenges. Tech trade groups, including the Computer & Communications Industry Association (whose members include Google, Apple, Meta and Amazon), and advocacy organizations argue that Texas’s age verification rules infringe on First Amendment free speech rights for both platforms and users, while also dramatically increasing privacy and data security risks by the amount of additional personal information that must be exchanged between users, developers and app stores. Texas regulators have countered that the legislation is solidly within the Texas legislature’s historic authority to shield minors from harmful content online.
Courts, for their part, remain in flux. Following the Supreme Court’s recent decision in Free Speech Coalition Inc. v. Paxton, in which the Court determined that “intermediate scrutiny” applied to test the constitutionality of state age-verification laws, there is now a clearer path for states to defend well-tailored regulation. Even though the Supreme Court decided that new laws would pass constitutional muster if they “advance important governmental interests unrelated to the suppression of free speech without burdening substantially more speech than necessary to further such interests”, the Court and lower courts have not fully resolved all questions about the privacy implications of collecting and storing sensitive identifying information as part of age verification mandates.
Practical Challenges: Privacy, Operations & Patchwork Risk for Both Companies and Consumers
Implementing Texas’s new measures is no small feat for developers or marketers. Recent laws governing age verification mean that self-attestation (the age-old “Are you over 18?” checkbox) is out and robust verification involving government IDs or personal transactional data is now required. These measures create practical challenges for providers, including intrusive collection methods, increased risk of data breach and a substantial operational burden, especially as platforms must keep app stores updated on even minor changes to their applications or risk litigation. Further, a site may choose, for simplicity purposes, to check the identity of all customers and not limit their inquiry to residents of specific states.
Further, the lack of carveouts for opt-in consumer consent in Texas’s telemarketing law (i.e., marketers must strictly comply, even if consumers specifically agree to text marketing) leaves marketers facing a rocky road to compliance, with significant ambiguity about how, when and even if enforcement will target those who would otherwise be relying on their customers’ affirmative consent to receive marketing texts.
Texas is not alone. States like Ohio have enacted separate, sometimes conflicting (with other states) digital verification requirements, creating a patchwork of legislative compliance issues much like data privacy laws. In response, companies must develop agile compliance programs that are capable of responding to rapid changes and conflicting mandates across jurisdictions, often with short lead times.
Action Points for Businesses
The message for digital platforms, app developers and marketers is clear: the regulatory landscape post-Paxton, and following the enactment of these statutes, is more complex and riskier than ever. Key recommendations to continue to maintain compliance for your business include:
- Tracking legislative and regulatory developments not just in Texas, but nationwide, as the compliance “patchwork” expands.
- Working closely with legal and technology partners to implement privacy-respecting, accurate verification tools and data minimization strategies from day one.
- Preparing for increased scrutiny, both from regulators (state attorneys general) and private citizens empowered by deceptive trade practices act provisions.
- Reviewing and updating compliance policies regularly to ensure they are operationally realistic in light of shifting technological and legal requirements.
And if you are a consumer, simply be prepared to provide your private personal information when seeking to access sites covered by state age restriction or other similar laws.
The Bottom Line
Texas has opened a new front in the battle over digital regulation, one that will shape national trends and pose ongoing challenges. The next chapter will be written in the courts (following actions from attorneys general and private citizens alike), in state legislatures, and in the ongoing push-pull between privacy, safety and freedom online.
Contact
Contact KJK Privacy attorneys Brett Krantz (BK@kjk.com) or Chris Herrel (CGH@kjk.com) to learn more about Texas’ new law and how your business can be ready for new changes in 2026.